rmstein@ieee.org
Date: Wed, 17 Apr 2019 12:33:07 +0800
https://www.npr.org/2019/04/12/711779130/as-china-hacked-u-s-businesses-turned-a-blind-eye
"Technology theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House officials believe, and they expect that figure to grow.
"Yet an investigation by NPR and the PBS television show Frontline into why three successive administrations failed to stop cyberhacking from China found an unlikely obstacle for the government -- the victims themselves."
Why do for-profit organizations, possessing vast stores of valuable intellectual property, apparently accept and anticipate theft of this content? Because the PRC marketplace is "too big" to ignore.
US businesses display a remarkable, and convenient, myopia when it suits their primary objective: capture and realize revenue. Corporations are inured to theft and breach, exhausted by defense against the inevitable.
Businesses budget for theft losses and pay insurance premiums as an
operational expense. No longer is an eyelash of concern raised. These
expenses are considered leakage. (See the movie classic "Casino.").
Business continuity is the objective.
When pushed against the wall (if revenue capture is threatened by
'unfavorable or unfair' competition), business can prevail upon political
governance to embargo foreign-products, or savage their competitor's product
capabilities like HuaWei 5G per
http://catless.ncl.ac.uk/Risks/31/16%23subj19
A calculated brand outrage assault and reputation sabotage campaign can tip procurement scales against certain suppliers.
Given visible product defect escape and zero-day density reports (as noted in RISKS-31.16 and elsewhere), how do data breach and IP theft incidents arising from deployed gear (be they domestic or foreign), constitute a favorable outcome for dependent end-users and businesses?
Whether the PRC or the US/EU "wins the contest" for most rapacious and effective data breach and IP theft exploitation capabilities is immaterial to governments.
International economic dominance -- hegemony -- appears to motivate PRC IP theft and intrusion frequency: Become the world's largest economy and bask in the bragging rights limelight by any conceivable means. The US/EU apparently do not enlist their intelligence services for this purpose, at least as vigorously engaged or as visibly compared to the #2 global economy.
Risks: Exhausted business strategies and weak operational practices that rely on government intervention to rebalance the marketplace. Insufficient or ineffective safeguards applied to suppress IP Internet theft, intrusions, and digital data exfiltration.