The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

U.S. Issues Guidance to Protect Critical, Emerging Tech from Hacks

by Chris Brook on Monday November 29, 2021

Contact Us
Free Demo
Chat

The guidance applies to companies who work in semiconductors, quantum computing, the bioeconomy, and AI.

Intellectual property theft has always been top of mind for the U.S. government; the FBI said a few years ago that it had more than 1,000 IP theft cases related to China open alone.

Lately, the government has been doubling down its efforts around preventing IP theft in certain industries, specifically those in which a compromise could have an impact U.S. national security.

The National Counterintelligence and Security Center (NCSC) recently issued guidance for companies who work in sectors like artificial intelligence, the bio-economy, autonomous systems, quantum information science and technology, and semiconductors to boost awareness of the danger nation state threats and counterintelligence pose.

That these industries are being singled out shouldn't be a huge surprise, they're all booming, not to mention sources of valuable and critical technology. Experts for several years now have pointed out the potential problems associated with quantum technology as it relates to potentially decrypting security protocols - something that could be of interest to a foreign adversary. Artificial intelligence - basically a machine's ability to think and quickly respond to problems - has been long trumpeted as an aid to that, too. The semiconductor industry, which is rich in trade secrets, partly because it's so innovative, has been a favorite target of attackers for years now.

While protecting the country's best interests is paramount, let's also reiterate the obvious: IP theft isn't cheap. Per former NCSC Director William Evanina, IP theft losses have cost the country $500 billion a year over the last few years. It makes sense his former office, which falls under the Office of the Director of National Intelligence (ODNI), is trying to take whatever steps it can to curb those losses by nipping any foreign efforts to steal data in the bud.

“While the democratization of such technologies can be beneficial, it can also be economically, militarily, and socially destabilizing,” the guidance, issued in October reads, “For this reason, advances in technologies such as computing, biotechnology, artificial intelligence, and manufacturing warrant extra attention to anticipate the trajectories of emerging technologies and understand their implications for security.”

The NCSC describes further in its guidance that information from these sectors - intelligence, source code, and even information like mergers and acquisitions - has been prioritized by both Russia and China and should be protected by U.S. firms.

As part of its guidance, the NCSC is encouraging organizations in those sectors to take steps to bolster their data protection, insider threat, and cybersecurity posture.

The steps include:

  •  Identify, prioritize, and commit to protecting your organization’s crown jewels.
  • Know who you are doing business with.
    • Carefully scrutinize your suppliers, partners, and investors; understand their security practices, and set minimum standards for them.
    • Understand that all entities in the PRC, including commercial, research, and scientific, are required by law to share information with the PRC state security apparatus.
  • Institute a comprehensive, enterprise-wide security posture at your organization.
  • Include Acquisition, Procurement, and Human Resources in your security planning.
  • Strengthen cyber security and hygiene.
    • Patch regularly, use multi-factor authentication, protect your credentials, segregate your networks, continuously monitor your systems, and maintain computer logs.
    • See additional resources at CISA’s cyber essentials website.
  • Implement insider threat programs.
  • Maintain a list of unexplained events or anomalies.
  • Periodically review to detect patterns.
  • Maintain enduring connectivity to the U.S. Government on current threat information and security best practices.

Tags: Government, Critical Infrastructure

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.