SNS: Economic Cyberwar: The New Security Mandate

In order to fully appreciate the SNS concept of “Economic Cyberwar,” one should start with the idea that the form of war preferred by mercantilist states is not militarist, but economic. Any military conflict is the result of poor planning, and reduces the economic success of the mercantilist, since exports are the prime source of revenues.

And in order to fully appreciate the importance of this subject, it may be helpful to do a quick review of the role of Intellectual Property in modern trade and economics.

Much is made of the word “innovation” in today’s world, but very few seem to know anything about it. Let’s stipulate that creativity, innovation, drives the creation of Intellectual Property, and let’s further suggest that IP is the core economic value structure in an Information Society, the civilization model most of the world enjoys today.

IP may be created and owned by individuals, nonprofits, or universities and research laboratories, but the preponderance of IP is created under, and owned by, corporations. Hundreds of billions of dollars – perhaps even trillions – are invested annually by corporations to create new IP. Shareholders demand a return on this investment.

I will note here, and come back to, a shifting level of international organization: company, country, civilization/society. We will want to pay attention to the changing role of corporate IP control vis-a-vis these other structures.

When we look at the modern mercantilist model, or what China calls the “East Asian Socialist” model, we see recent histories of strong success, and evolving models, ranging from Japan to South Korea to China. Their past histories and politics, dramatically different, matter little compared with the similarities of their economic models in the 20th and 21st centuries.

In each case, we have a relatively simple, and very successful, story: steal or appropriate IP from the countries creating it; use top-down controls to favor government-selected industries; and create an export-based economy, funded by high domestic prices and low (often WTO-illegally low) export pricing, usually supported by forex currency manipulations. Discourage or prohibit imports, particularly in targeted export industries, favor your internal “champion” companies in all deals, and ultimately create large trade imbalances with so-called trading “partners.”

In the case of China, the evolved model includes encouraging huge amounts of foreign direct investment, but generally disallowing majority ownership by foreign companies, and prioritizing market success in targeted industries (wind and solar energy, Internet search, wireless infrastructure, social networks, etc.). Government policy favors local firms, locally owned, using Chinese-owned IP (now, that’s ironic; where could it have come from?), under Chinese brands, and often – another specialty – only if the products themselves are made with Chinese equipment. In Chinese law, this is called “Indigenous Innovation.”

Can you imagine your own country (assuming it is not China) having such a publicly stated policy of preference? It is offensive to the most basic concepts of free trade.

Finally, as partner countries are gutted of jobs, targeted industry companies, and money, the mercantilist country starts moving plants inside partner borders (Japan did this with Toyota, and China has just begun with solar energy fabs) so that they are immune to tariff laws, and to the inevitable adverse World Trade Organization outcomes.

We’ll come back to this theme shortly, but first, let’s update our views on security.

» Security Until Now

In recent times, computer security has been a subject of interest by many different parties, often for similar reasons. Those reasons, stated generally, would include:

  1. Avoiding spam. This problem persists today.
  2. Avoiding viruses. Ditto.
  3. Avoiding worms, Trojans, etc. Ditto.
  4. Avoiding Personal ID Theft. Still a problem today.
  5. Avoiding ID Theft of employees and customers. More a problem now than yesterday.
  6. Avoiding your computer becoming part of a Botnet and wreaking havoc on others on the Net. Still a problem.
  7. Avoiding other forms of malware, changing daily. Lots of new problems.
  8. Experiencing Denial of Service attacks and other misbehaviors and sources for extortion and criminal behavior against corporations and groups.
  9. Avoiding privacy invasion, generally the result of legal or quasi-legal malware installed without permission on systems, often for “ad-tracking” purposes. These issues are multiplying daily.
  10. Avoiding the Unknown, dodging future hacks that will disable, publicly embarrass, or somehow compromise business operations in the short term, at least.

Although, as you can see, not one of these security motivations has been successfully removed from today’s CIO nightmares, they all now pale in comparison to something new. Whatever your reasons for investing in security up to now, you will have to create a new line item of expenditures for this new issue.

» IP-Based Trade Wars

Two weeks ago, I was visited by two people speaking for China, representing a new company whose job would be to – well, they described it, but it was a bit vague. During this description, we talked about IP and China, and they pointed to the new high-speed trains China is building everywhere.

Indeed, China has laid more high-speed rail, and plans for more of these showcase trains, than any other country in the world.

My visitors pointed to these trains as examples of how China was now developing its own IP, and not just depending on IP theft or forced disclosure from others.

Last week I learned the rest of the story: how Japan (Kawasaki Heavy Industries and others) brought this technology to China, hoping to make money, and now are watching as their IP reappears in Chinese products owned by Chinese companies, and the Japanese get little or nothing.

That’s the story of modern mercantilism, and of the so-called China Miracle. (For a more detailed description, Premium Members, see the “SNS: What Is China?” issue in the website archives, January 6, 2010).

As nations enter into predatory trade practices that lead inevitably to win/lose outcomes, the world will increasingly recognize these efforts not as free trade, but as trade wars. At the same time, those countries with the most at stake – that is, those which create the most innovation value – will be likely to show preference in trade for countries which protect IP interests.

The result is almost certainly going to be consideration of IP in the formation of future global trade alliances and policies. This is the one event that mercantilist model countries cannot tolerate or allow. Watching China implement its Indigenous Innovation national preference policies, while hounding the U.S. and Europe to maintain their open trade practices, is one case in point.

» The New Mandate: Economic Survival

This brings us to today, and to the next level of security concerns for CIOs and CEOs.

What if one country, or more, were so focused on the above model, based on IP theft, that it mounted a prolonged, concerted effort, using multiple layers of activity to obtain the “crown jewels” of all targeted companies, in all targeted industries?

These levels might include, and not be limited to: outright physical theft; industrial espionage; political, business, and trade pressures/requirements to disclose IP; espionage by state agencies; recruitment of students, grad students, tourists, and business people into the espionage effort; and cyber espionage. Levels of attack would include the Net, company networks, company employees and contractors, and the computing and storage devices (and communications) of traveling executives.

(In China, for instance, all communications contents are the property of the State. Better not call the Home Office and tell them how it’s going during a negotiations session.)

What if your industry and company were one of the targets?

Last quarter, a letter was reportedly sent from the Prime Minister’s office in the U.K., to the country’s top 300 CEOs, informing them that they should consider all of their current IP crown jewels to have been compromised.

All of them.

This brings the level of security concern to a level not yet anticipated by most executives: what if the cost of broachable security is your company’s future ability to compete and survive?

Ask Boeing, Cisco, Kawasaki, Qualcomm, 3Com, Sony, Google, General Electric, BASF, or Microsoft how they feel about all this. Most will dissemble in public, but tell you the truth offline; and many are rapidly coming clean, even in their public comments, as GE CEO Jeffrey Immelt did not long ago.

You are now CEO of a 50-year-old global corporation with, say, 60,000 employees. And the PM’s letter sits open on your desk.

You call in your CIO, close the door, show him the letter. Have we been hacked? you ask. He goes into geekspeak, describing various levels of difficulties, generally safe behavior, all seems well today, no guarantees or ways to tell.

What? You ask. There are no ways to tell if our crown jewels have been stolen by some competitor?

Here are some of the crown jewels obtained by China in the last couple of decades: the top U.S. nuclear warhead design, from Livermore Labs; wing fabrication machinery and blueprints, from Lockheed-Martin; selected Boeing airframe designs; navigation and rocket design for Intercontinental Ballistic Missiles (specifically, the Long March series), from both Boeing and Lockheed; high-speed router designs from Cisco; the source code to Windows, from Microsoft; complete car designs from Chevy and Ford; advanced chip and fab designs, from IBM; high-speed rail systems from Japan; etc.

And you think your company’s IP is somehow safe?

What we are watching, currently, is the largest theft in global history, happening in front of our own eyes. And while one group is busy exclaiming at the wonder of China (and South Korea and Japan) making all that progress and money in their turn, another group is now recognizing the mercantilist model in its third iteration.

When someone breaks into the bank and steals all the money, do you compliment him later on his brand-new car?

All of which brings us to the here and now.

Is there a way to protect your company’s crown jewels – starting now and going forward, as the British prime minister suggested at the end of his letter? I’ve been talking with people more versed in this question than I am, and I am convinced that the answer is a qualified Yes.

The first, and most important, step is to get out of denial mode. Accept that your current IP has been compromised.

Steps Two and beyond have to do with physically isolating your next generation of Intellectual Property, restricting employee access all over again by new and more stringent policies. Don’t take company laptops overseas, but instead use reserved, cleaned machines just for this purpose. Assume all communications with any office overseas is completely compromised. Do not count on encoding or encrypting.

Ultimately, you will be heading your firm toward increased spending on a brand-new level of mandated security, not much different from that of the Pentagon. The Department of Defense’s job, which they take very seriously, is to survive the thousands of cyber attacks they experience every single day. As of now, that is your job, too.

Finally, a comment is in order here regarding the hierarchy of corporations, country allegiance, and civilization and society. In past generations, “what was good for GM was good for America” – i.e., corporations were national assets. While this remains true when they are state-owned (part of GM, all of France Telecom, and most Chinese companies), it is not true of modern capitalist and socialist country companies.

These firms have been guilty of trading IP across borders, and into the hands of their competitors, making the (provably incorrect) assumption that access to sales inside China would justify this forced disclosure. (It turns out that only a small percentage of foreign firms operating in China have made a profit, perhaps in the 5%-20% range.)

Here is the real deal, after more than a decade of effort: if you lose your company’s crown jewels, you lose your shareholders’ money, too.

If the sustained ability to invest in – and get a return on – IP is the cornerstone of modern civilization, then corporations have unwittingly compromised society’s well-being.

We live today in an Information Society, whose future is driven by innovation and Intellectual Property. Those of us creating it have an obligation, to our shareholders and to the system itself, to protect that investment. If the value of IP is repeatedly degraded or destroyed, we’ll enter a world that no one – not even the mercantilists – desires.

After all, those Somali pirates drive pretty nice cars these days.

Your comments are always welcome.

Mark Anderson