Information Technology Industry Threats

Homeland Security and Intellectual Property

Cyber-physical systems encompass real-time and robust independent systems that are used in several domains such as critical infrastructures, national transportation, power grids, defense, medical, and business organizations among others (Kure, Islam, & Razzaque, 2018, p. 1). Unfortunately, cyber-physical systems have always been a target of criminals and with the increased dependence on networked information technology, an evolving array of cyber-based threats faces these systems. The threats come from multiple sources such as hackers, terrorists, organization insiders, and foreign nations specializing in crime, espionage, political activism, and information warfare among others. Notably, threats from cyberspace have been termed as the greatest threat that the Department of Homeland Security must defend against in the future. The attacks extend beyond the critical infrastructure systems to the nation’s economy. Equally and more worrying is the threat of economic espionage, which encompasses theft of proprietary information, intellectual property, or technology by foreign governments and corporations among other actors, which has significantly increased (Nelson, 2013, par. 4). The potential impact of these threats has reached new heights prompting federal agencies such as Homeland Security to intervene and mitigate the risks. In light of this and drawing upon existing literature, we identify threats that exist with the Information Technology from the perspective of Homeland Security and intellectual property. Further, we explore and present different ways in which the Supervisory Controls for Data Acquisition or Intellectual Property can help mitigate and reduce the risks. Finally, we analyze the relationship between Homeland Security and proprietary data protection.

Information technology threats to Homeland Security and intellectual property

As information technology advances, government and private entities have become increasingly dependent on information systems to execute sensitive and proprietary information, as well as, conduct business operations, transactions, and deliver services.  The Department of Homeland Security no longer has to deal with only the physical threat but also threats from the cyberspace. In this case, the first source of cyberspace threat to the Homeland Security is nations that use cyber tools to gather information about the United States (U.S. Government Accountability Office (GAO), 2012, p.4). Among these state actors, China and Russia have been identified as nations that pose a security threat to the critical infrastructure of the United States cyberspace. For instance, according to a report by Nakashima (2015), China breached the computer network of the Office of Personnel Management and stole personal records of about 4 million people (par. 1). The breach was detected in April and was identified as one of the largest breach of federal employment data. Additionally, the security intrusion was the second in less than a year as Russia compromised White House and State Department e-mail systems in cyber-espionage (par. 2). A report by the Department of Homeland Security also indicates that nations have targeted critical U.S. infrastructures such as power grids (Weed, 2017, p.9). Another source of threat to Homeland Security is terrorists who are after destroying or exploiting critical U.S. infrastructures to threaten the security of the nation, weaken the economy, or cause mass casualties among others (GAO, p. 4). Terrorists have the ability to launch cyber-attacks using several sophisticated methods such as phishing, spyware, and malware among others to collect sensitive information that threatens the security of the Homeland Security.

Ideally, the intellectual property encompasses the legal codes that protect copyrights, patents, trademarks, and trade secrets (Halbert, 2016, p. 261). In the United States, intellectual property represents one of the country’s greatest wealth. Theft of intellectual property leeches billions of dollars from the economy and grants cyber-attackers access to critical and sensitive information regarding American technologies. The underlying assumption as Halbert elaborated is that theft of intellectual property can help foreign governments develop superior products to the United States or compromise patents and copyrights (p. 261). Considering the economic loss, an attack on intellectual property does not only pose security threats to the private entities, but also to the national security. Some of the information technology threats that exist in intellectual property perspectives are in the form of hackers, criminals, and international corporate spies. In practice, hackers and cyber criminals break into cybersecurity systems for monetary gains, revenge, or to steal trade secrets and probably sell them to the highest bidder among others. International corporate spies are also likely to conduct economic and industrial espionage, by stealing intellectual property. Additionally, articulating intellectual property as a threat to national security it implies that nations are also included in the information technology threats. Russia has been considered a serious offender within the industrial espionage, while China is identified as the most aggressive in stealing trade secrets within the information technology industry (p. 258). Although some of the Chinese have been identified as acting without state sponsorship, in most cases the government deployed them to attack U.S. intellectual property (p.259).

Supervisory Controls for Data Acquisition or Intellectual Property in Mitigating or Reducing Risk

Defense of the SCADA or intellectual property systems is a critical subset of the cybersecurity challenge. Notably, risk management in cybersecurity is challenging due to the complex nature of the systems, the evolving risks, alongside human factor threats such as human errors, unintentional security breach, and lack of knowledge with infected information among others. In light of this, the Supervisory Controls for Data Acquisition or intellectual property applies a set of strategies essential to mitigate or reduce the risk of cyber-attacks. As outlined by Kure, Islam, and Razzaque (2018), the first step in mitigating the risk is generating the cyber-security scenario (p. 13). The approach takes into consideration elements such as identified assets, threats, and potential vulnerabilities. The focus is on vulnerabilities and the threat to exploit a potential risk. The second step involves determining the possibility of a cyber-security attack. In this step, the access point, the capability of the attacker, as well as, the number of vulnerabilities among others is identified (p. 13). The focus is to determine the potential of the vulnerability and the threat to exploit the potential risk. The third step is to assess the skills and location of the attacker based on the knowledge and expertise in launching a successful attack. Although this may be challenging, it is important to consider that the attack may be posed internally or from an external physical location. In this case, it is important to consider the level of the attacker such as a novice and an expert with sufficient skills and technical expertise to launch an attack. The fourth step is determining the impact of cyber-security threats and lastly identifying the risk level. After this, the next approach is avoiding the risk in two proposed methods. The first strategy is risk avoidance, which involves eliminating any possible risk that can negatively affect the organization. This can be achieved by taking effective measures to ensure the threat does not occur. The second strategy is risk prevention, which involves measures to avoid the risk of the critical intellectual property infrastructure. 

Along with that, the United States government has a responsibility to mitigate or reduce the risk of cyber security on intellectual property. Some of the methods proposed include complementary domestic and foreign initiatives (p. 32). The government should establish international norms to define contingency expectations for state cyber behavior by communicating the measures and conduct concerning cybersecurity of critical infrastructure.

Relationship between Homeland Security and Proprietary Data Protection

A threat on intellectual property threatens the U.S. business and as President Barrack Obama noted, it is the country’s greatest asset because it represents the innovation, ingenuity, and creativity of the American citizens (National Intellectual Property Rights Coordination Center, 2011, p.5). Intellectual property is significant to the economic value of the country and a threat to this valuable resource is a violation to the safety and health of the American people, as well as to the integrity of the critical infrastructure and national security. In light of this, a threat to the intellectual property is a threat to the Homeland Security and the government must strive to establish ways to mitigate or reduce the risk of cybersecurity threat.

The advancement in technology has posed increased risks to homeland security and intellectual property. Importantly, intellectual property face complex and challenging cyber threats that threaten even the security of the nation. In this paper, we identified various threats existing within the information technology industry from both Homeland Security and intellectual property perspectives. Some of the threats identified include economic espionage, theft of trade secrets, and the threat of sensitive government information by nations. Additionally, and considering the risks posed by cyber threats, it is important to mitigate or reduce the risks. We identified various ways such as avoidance and risk prevention, which are some of the methods that can be used to mitigate or reduce the risks of cybersecurity. Homeland Security also has a critical role in the security of intellectual property because a theft of the intellectual property poses a threat to the security of the nation.

References

Halbert, D. (2016). Intellectual property theft and national security: Agendas and assumptions. The Information Society, 32(4), 256-268. Available at https://www.tandfonline.com/doi/full/10.1080/01972243.2016.1177762

Kure, H. I., Islam, S., & Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences (Switzerland), 8(6), 1-29. Retrieved from https://www.mdpi.com/2076-3417/8/6/898/htm

Nakashima, E. (2015). Chinese breach data of 4 million federal workers. The Washington Post. Retrieved from https://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?utm_term=.aa86e1ae40a3

National Intellectual Property Rights Coordination Center. (2011). Intellectual property rights violations: a report on threats to United States interests at home and abroad. Retrieved from https://www.iprcenter.gov/reports/ipr-center-reports/IPR%20Center%20Threat%20Report%20and%20Survey.pdf/

Nelson, R. (2013). Homeland Security at a Crossroads: Evolving DHS to Meet the Next Generation of Threats. Center for Strategic & International Studies. Retrieved from https://www.csis.org/analysis/homeland-security-crossroads-evolving-dhs-meet-next-generation-threats

U.S. Government Accountability Office. (2012). Information security: Cyber threats facilitate ability to commit economic espionage. Retrieved from https://www.gao.gov/assets/600/592008.pdf

Weed, S. A. (2017). U.S. Policy Response to Cyber Attack on SCADA Systems Supporting Critical National Infrastructure. Homeland Security Digital Library. Retrieved from https://www.hsdl.org/?view&did=803892