Feds say China, Russia lead pack in stealing US trade secrets


China, according to the report, is the most active when it comes to stealing trade secrets from U.S. firms. The companies have reported an onslaught of cyber attacks that originate in China, but the intelligence community has been unable to determine who is responsible.

Russian intelligence officials are also conducting a range of information-collecting activities to gain access to economic information and technology from U.S. targets, according to the report.

"Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security," states the report.

The risk is only likely to increase in the next several years, as the rise of Web-enabled mobile devices has opened a slew of new opportunities for hackers to spy on U.S. citizens and organizations. According to the report, the shift to cloud computing will only increase the risk.

"The trend in both commercial and government organizations toward the pooling of information processing and storage will present even greater challenges to preserving the security and integrity of sensitive information," the report states.

The attacks have primarily targeted data on information and communications technology, military technologies and business information regarding scarce natural resources that could give foreigners an advantage in negotiations with U.S. firms or the federal government.

Malicious actors hail from a number of other nations — both allies and adversaries of the U.S. — though none approach the scale of the two countries mentioned. The government has increasingly emphasized cooperation on prosecuting cyber attacks as part of international trade agreements, but those have done little to deter what are in some cases state-sponsored attacks.

The White House and Senate leadership have both emphasized the urgent need for comprehensive cybersecurity legislation that would beef up the security requirements for sectors deemed crucial to the nation's economic and physical security, including communications providers and utilities.

Senate stakeholders on both sides of the aisle have expressed optimism in recent weeks about the possibility of a bill passing this year, though disputes remain about issues such as liability, information-sharing and the definition of critical infrastructure.

But the House has shown a preference for an incentive-based approach that would limit the rules to sectors such as nuclear power and water treatment plants that are already heavily regulated.