The threat of economic espionage — the theft of U.S. proprietary information, intellectual property (IP), or technology by foreign companies, governments, or other actors — has grown. Moreover, dependence on networked information technology (IT) systems has increased the reach and potential impact of this threat by making it possible for hostile actors to quickly steal massive amounts of information while remaining anonymous and difficult to detect.
To address this threat, federal agencies have a key role to play in law enforcement, deterrence, and information sharing. Consistent with this threat, the GAO has designated federal information security as a government-wide, high-risk area since 1997 and in 2003 expanded it to include protecting systems and assets vital to the nation (referred to as critical infrastructures).
The GAO was asked to testify on the cyber aspects of economic espionage. This statement discusses (1) cyber threats facing the nation's systems, (2) reported cyber incidents and their impacts, (3) security controls and other techniques available for reducing risk, and (4) the responsibilities of key federal entities in support of protecting IP.