Five Eyes security alliance warns of ‘unprecedented’ IP theft from Chinese spies
Intelligence chiefs from FBI, MI5 and others warn that China wants to “fast-track their own technological and military capabilities and undermine others’ competitive edge” | Security protection guidance for startups and spinouts launched | Comment from CIPA.
The heads of five key domestic intelligence agencies have warned that China is engaging in large-scale global espionage in an attempt to steal intellectual property from businesses around the world.
The Five Eyes security alliance appeared publicly for the first time yesterday, October 17, to reveal what they believe is an “unprecedented” threat.
Leaders of US, UK, Australian, Canadian and New Zealand security agencies spoke jointly at the event, “ Emerging Threats, Innovation, and Security”, hosted by US secretary of state Condoleezza Rice and FBI director Christopher Wray.
The alliance comprises the Federal Bureau of Investigations ( FBI); the British Security Service ( MI5); the Canadian Security Intelligence Service ( CSIS); the Australian Security Intelligence Organisation ( ASIO); and the New Zealand Security Intelligence Service ( NZSIS).
Competitive gains
At the event—located at the Hoover Institution at Stanford University, San Francisco, the heart of Silicon Valley—the agency heads “warned that states were seeking to steal businesses’ intellectual property in order to fast-track their own technological and military capabilities and undermine others’ competitive edge”.
MI5’s director general Ken McCallum said in a statement: “Across all five of our countries we are seeing a sharp rise in aggressive attempts by other states to steal competitive advantage.
“This contest is particularly acute on emerging technologies; states which lead the way in areas like artificial intelligence, quantum computing and synthetic biology will have the power to shape all our futures.”
He added that MI5 had now seen suspected Chinese agents approach more than 20,000 people in the UK over professional networking sites such as LinkedIn, in an attempt to elicit sensitive information—which, according to the BBC, is double the previously reported figure.
'Scale and breadth'
The FBI’s Wray said at the event that “there is no greater threat to innovation than the Chinese government”.
The challenge that China presents, he claimed, is “both scale and breadth” of the alleged espionage.
There are "tools deployed in tandem at a scale that the likes of which we've never seen," he explained.
These include “cyber intrusions” via a “bigger hacking programme than that of every other major nation combined”.
"Combine that with human intelligence operations, which include not just traditional spies engaged in stealing trade secrets from private businesses and research institutions, but also tasking all sorts of non-traditional collectors and recruiting insiders inside businesses, in other institutions," he continued.
“Layered on top of that, in the private sector, in particular, [there are] seemingly innocuous joint ventures, investments, other kinds of transactions which are designed to facilitate or enable the threat.”
Investigations
Wray revealed that there are more than 2,000 current FBI investigations linked to China and that at one point his organisation was opening a new investigation every 12 hours.
A spokesperson for China's embassy in Washington, Liu Pengyu, told Reuters that China was committed to IP protection.
“We firmly oppose the groundless allegations and smears towards China and hope the relevant parties can view China’s development objectively and fairly," said Pengyu.
Matt Dixon, vice-president of the UK’s Chartered Institute of Patent Attorneys (CIPA), told WIPR that the “warning from MI5 of the espionage risks to businesses in the UK and beyond really emphasises the value of companies’ intellectual property and the risks when that property is unprotected.
He added: “We recognise that many businesses still have not clearly identified their valuable intellectual assets and taken the steps that are needed to protect those assets.”
Five principles for businesses
At Stanford, the security alliance leaders unveiled five principles that businesses can adopt to help keep their staff and their information safe and secure.
To coincide with this, MI5 also published updated guidance in the UK, targeted at start-ups and spin-outs developing cutting-edge technology to help them protect themselves against the security threats posed by nation states.
The National Protective Security Authority (NPSA), the protective security arm of MI5, and the National Cyber Security Centre (NCSC), part of GCHQ, co-created Secure Innovation with the emerging technology sector to help protect innovative tech startups and spinouts when they are potentially at their most vulnerable.
The guidance contains information on proportionate physical, cyber and personnel security arrangements; areas covered include investments, supply chains, travel, IT networks and cloud computing.
It includes a Quick Start Guide, which has been designed to help founders and leaders to implement better security measures as quickly and as simply as possible.
The CIPA’s Dixon said that the Quick Start Guide “applies just as much to the effective management of intellectual property as it does to avoiding the risks of commercial espionage”.
“This emphasises the approach required by business leaders in a commercial world where the vast majority of any business’ value is in its intellectual assets and the opportunities for our members to help those businesses succeed,” he said.
The Five Eyes’ five principles are:
- Know the Threats: Understand the way state-backed and hostile actors could try and get hold of your technology.
- Secure your Environment: Create an effective system for security risk management, incorporating risk ownership, identification, assessment, and mitigation.
- Secure your Products: Build security into your products from the start, and actively protect and manage your intellectual assets.
- Secure your Partnerships: Manage the risks that partnerships with investors, suppliers, and collaborators can bring.
- Secure your Growth: As your company grows, manage the security risks from entering new markets and expanding your workforce.
Did you enjoy reading this story? Sign up to our free daily newsletters and get stories sent like this straight to your inbox
