In a recent report released from the Office of the National Counterintelligence Executive, U.S. officials have singled-out Chinese and Russian hackers as the world's most prevalent perpetrators on cyber espionage.
The conclusions drawn by U.S. intelligence officials were based upon data gathered from more than a dozen federal agencies over a three-year period. The startling figures suggest that international cyberattacks are having real and lasting effects in both public and private sectors.
According to the report, Chinese and Russian hackers may have jeopardized nearly $400 billion in U.S. research and development spending through targeted attacks pursuing technological and industrial trade secrets.
"The computer networks of a broad array of U.S. government agencies, private companies, universities and other institutions – all holding large volumes of sensitive economic information – were targeted by cyber espionage," the report stated.
Report authors labeled Chinese programmers as the most frequent perpetrators of economic espionage while the Russian intelligence community was directly implicated in a range of activities targeting U.S. technology. Officials also suggested that the two governments contracted operations to independent hackers in an attempt to disguise attacks and avoid accountability.
Chinese officials were quick to address the bold accusations.
"Identifying the attackers without carrying out a comprehensive investigation and making inferences about the attackers is both unprofessional and irresponsible," said Chinese Foreign Ministry spokesman Hong Lei, according to Reuters. "I hope the international community can abandon prejudice and work hard with China to maintain online security."
Although international hackers were highlighted as the primary villains in this case, there has also been a domestic backlash of sorts after American security administrators were chastised for their lax data security attitudes and inconsistent practices.
"Only 5 percent of corporate chief financial officers are involved in network security matters, and only 13 percent of companies have a cross-functional cyber risk team that bridges the technical, financial and other elements of a company," report authors noted, citing evidence from a 2010 study.
Earlier this week, former presidential advisor Richard Clarke added fuel to the fire by suggesting U.S. cybersecurity weaknesses have left the country unprepared for the imminent possibility of full-scale cyberwarfare.
According to the Associated Press, Clarke said that he would advise the current administration to avoid engaging countries such as China, North Korea, Iran and Russia out of fear that retaliatory measures could cripple critical U.S. power grids, banking systems and transportation networks.
"I really don't know to what extent the weapon systems that have been developed over the last 10 years have been penetrated, to what extent the chips are compromised [and] to what extent the code is compromised," Clarke warned.
Realizing the gravity of the situation, the Pentagon has announced plans to bolster its cybersecurity defenses and speed development of offensive arms. According to Reuters, the Defense Advanced Research Projects Agency will spearhead the initiative.
"Malicious cyberattacks are not merely an existential threat to our bits and bytes," explained DARPA director Regina Dugan. "They are a real threat to our physical systems, including our military systems."
Officials have requested a 73 percent increase in the organization's budget for fiscal year 2012, according to Reuters, spurring cybersecurity advances with approximately $208 million in funding.
DARPA officials will also look into collaboration with third-party experts within the Internet security community. According to Reuters, these white hat hackers are being called upon to contribute their academic and technical resources toward this crucial national defense initiative. Agency spokesmen contend that everything from military hardware to computer boards used by domestic auto manufacturers could be compromised if swift and appropriate actions are not taken.
Data Security News from SimplySecurity.com by Trend Micro