14 August 2014

The Arms Industry Is Ripe Pickings for Hackers

Intellectual property law inadvertently gives online thieves an opening

Israel’s Iron Dome rocket-defense system may not work, but China would like to know for itself.

Recent reports indicate that Chinese hackers have attempted to steal data on the Iron Dome from Israeli contractor Rafael. Iron Dome is depicted above in the photo by the AP’s Tsafrir Abayov.

This instance of cyber-espionage is only the latest in a series of attacks targeting different defense firms around the world.

Beyond the obvious fact of the development of the Internet, trends in intellectual property law are transforming the nature of military industrial espionage.

The traditional world of technology espionage has involved a bewildering and fascinating array of ways to acquire and replicate foreign technology. A recent subplot in the FX TV series The Americans traced the efforts of a Soviet spy ring to gain access to U.S. computing technology in order to produce quieter submarines.

The scheme bore a very faint similarity to the Toshiba-Konigsberg scandal of the 1980s, where a Norwegian and a Japanese firm transferred technology to the Soviet Union that allowed it improve its sub propulsion systems.

A modern weapon system requires the interaction of a bewildering number of actors. Many systems—especially the most innovative—result from alliance between firms. These companies negotiate with subcontractors to produce specialized components.

Often, the contractor-subcontractor relationships cross borders, requiring the regularization of different systems of IP protection.

The need to protect intellectual property multiplies these problems. Military products involve several different kinds of intellectual property. Patents grant a temporary monopoly for certain inventions. Trade secrets protection gives firms the right to protect valuable commercial information and techniques from competition. Software copyright prevents the outright theft of code and technique.

The ownership of intellectual property often results in conflict between governments and corporations, and also different corporate partners. Many firms—especially those that produce dual-use technology—envision selling their wares to clients other than the government, and don’t want to give up all of their value IP to a single consumer.

For its part, the government generally seeks ownership of all intellectual property associated with a technology, including trade secrets and testing data. The government believes that it needs this data in order to hedge against the closure of a firm or production line, such that it could transfer manufacture of a critical capability to another supplier.

Moreover, the government itself is in the intellectual property business. Because the state contributes resources to the research process, it often demands a share of the IP that results.

This has created legal and financial complications since the turn of the 20th century. See Katherine Epstein’s outstanding book Torpedo for an account of intellectual property and the torpedo industry.

F-35 production line. Lockheed Martin photo


Because of the complexities import and export control regimes, all of these firms must engage in regular contact with their home governments. The difficulties of IP regulation force companies to contract with law firms in order to negotiate their interests.

Corporations and law firms that have offices in multiple countries must take particular care to monitor and protect their internal communications. And in all of these areas, the requirement that different organizations communicate with one another opens up the potential for espionage.

This creates a huge number of points of contact, all of which are susceptible to hacking. Attackers normally do not seek patent applications, which are public in most countries. Rather, they seek trade secrets, and data associated with the development and testing of relevant technologies.

The modern manufacturing and testing process produces an enormous quantity of data, and different elements of this data are stored by and shared between these different actors, almost always through electronic means.

In effect, the process of development for the modern industrial system enables the manipulation and communication of loads of critical data, while also creating various ports and windows through which hackers can appropriate that data.

Iron Dome is a useful example. The system and its missiles are produced by three Israeli firms and by Boeing, each potentially with numerous divisions and subcontractors. The U.S. and Israeli government undoubtedly own or store huge amounts of data associated with the system’s development and performance.

All of the companies involved, as well as the governments themselves, no doubt contract with various law firms both at home and abroad for management of their intellectual property assets.

All of this has produced an unstable situation, involving lots of actors with different interests and different tolerances for insecurity. In other words, it has created a paradise for hackers, especially for hacker organizations with unlimited state backing, plenty of time, and lots of personnel.

And so we see reports of data theft related to the C-17 airlifter and the F-35 fighter—and probably also any number of other systems that we don’t know about.

This information is potentially valuable not only to those would copy weapon systems, but also to those who might wish to defeat them.

Yet all is not lost. It certainly helps to know how adversary weapons function, and the trade secrets of a foreign corporation can often enhance a domestically-produced weapon system. However, even with full data, systems are hard to copy completely, because their effectiveness often depends on the vagaries of the industrial process.

Moreover, knowing everything about the F-35 doesn’t mean China can easily defeat it, or that—God forbid—the Chinese would ever want to copy it.

Sign up for a daily War is Boring email update here. Subscribe to WIB’s RSS feedhere and follow the main page here.

No comments: