practice
Doi: 10.1145/1859204.1859222
Article development led by
queue.acm.org
These days, cybercriminals are looking to
steal more than just banking information.
BY maChE CREEGER
The Theft
of Business
innovation
an aCm-BCS
Roundtable on
Threats to Global
Competitiveness
attractive intellectual property targets, these systems do represent a
complete knowledge set of a business’
operations. Criminals, who have come
to understand that these information
assets have very real value, have set up
mechanisms to steal and resell them,
bringing great financial harm to their
original owners.
In this new world, businesses that
may have taken five to six years of trial
and error to develop a profitable model are targeted by bad actors who drain
and distill operational knowledge
from sources not traditionally viewed
as highly important. They then resell
it to a global competitor who, without
having to invest the equivalent time
and money, can set up shop and reap
its benefits from day one.
In this CTO Roundtable, our joint
ACM and BCS-The Chartered Institute
for IT panel of security and policy experts discuss how the current threat
environment has evolved and the implications for loss in this new environment. At stake is nothing less than the
compromise of detailed operational
blueprints of the value-creation process. The implications reach far beyond individual businesses, potentially to entire industries and overall
economies.
—Mache Creeger
ValUaBle inForMation assets stretch more
broadly than just bank accounts, financial-services
transactions, or secret, patentable inventions. In many
cases, everything that defines a successful business
model (email, spreadsheets, word-processing
documents, among others) resides on one or more
directly or indirectly Internet-connected personal
computers resides in corporate databases, in software
that implements business practices, or collectively
on thousands of TCP/IP-enabled real-time plant
controllers. While not the traditional high-powered
information repositories one normally thinks of as
Participants
Louise Bennett, chair, BCS Security
Strategic Panel
David J. Bianco, incident handler,
General Electric Computer Incident
Response Team (GE-CIRT)
Scott Borg, director, chief economist, CEO, U.S. Cyber Consequences
Unit
Andy Clark, head of forensics, Detica; Fellow, BCS; Fellow of the Institution of Engineering and Technology
Jeremy Epstein, senior computer
scientist, Computer Science Laboratory, SRI International
Jim Norton, visiting professor of
electronic engineering, Sheffield University; vice president and Fellow, BCS;
chair, BCS Professionalism Board