Mike Rothman, analyst and president of security consultancy and analyst firm Securosis, Phoenix, Ariz., dismissed the threat, calling Los Alamos' decision to take out the switches purely political. Rothman said the decision removes the agency from any negative political fallout that would happen if the agency experiences a high-profile breach.
"It's much easier to rip the gear out than it is to open yourself up for baseless political wrangling and maneuvering if there is some kind of breach," Rothman said. "In a lot of cases, it's easier to pay for someone on the inside or do some social engineering or other kinds of more traditional attacks than subverting the firmware on a network switch at the manufacturer."
Intellectual property theft has quietly become a serious issue at many companies following a spate of published reports of targeted attacks or advanced persistent threats that specifically target manufacturers and suppliers to infiltrate systems for extended periods to steal data. Cyberespionage came to light with the Google Aurora attacks in 2009 and later with the RSA SecurID data breach in 2011. Since then, Gartner's Litan and other experts say the extent of the problem is unknown because many firms do not publicly report when IP is stolen, but the issue is coming up more in conversations about how to mitigate the risks.
Corporate trade secrets, design documents and other sensitive data can give competitors a substantial advantage. It also creates an opportunity for manufacturers in China and several other countries to create and sell pirated products at much lower costs. The energy industry is especially aware of cyberespionage activity and safeguard documents outlining oil and gas exploration and partnership agreements.
"Technology companies, defense contractors and their partners up and down the supply chain are concerned about intellectual property theft," Litan said. "There are all sorts of theories out there about why these attacks are taking place, but no one really knows what the motives are."
PUBLISHED JAN. 7, 2013