Australia needs a long-term strategy to combat IP theft

In their first-ever joint speech in London last month, the heads of MI5 and the FBI warned business leaders that one of the biggest threats facing advanced economies is a ‘coordinated campaign on a grand scale’ of economic espionage, particularly over intellectual property, by the Chinese Communist Party.

This fresh warning is a reminder that the threat of IP theft to organisations remains alive and that there’s a serious need for states to prepare for it.

The state-led practice of stealing commercially valuable assets like IP has a long history dating back to antiquity. But the growing ubiquity of digital technology has made this practice more widespread.

Many states have been accused of secretly supporting IP theft for their industrial goals, but China is reportedly one of the biggest sponsors of this illegitimate practice. And the scale of China-sponsored IP theft is expansive.

A report released by the American cybersecurity firm Cybereason in May revealed that APT 41—a hacking group with alleged links to the Chinese state—siphoned off trillions of dollars’ worth of IP from 30 multinational companies across several years.

With its advanced knowledge economy, Australia is a likely target for states seeking to steal IP. While there is currently no estimate of the scale of IP theft in Australia, we do know that local businesses have been targeted. For example, mining design technology was stolen from the Adelaide-based company Codan in 2011 when an employee’s laptop was hacked while he used hotel wi-fi during a business trip to China.

And it’s not just businesses under attack. Universities are being targeted too. In 2019, the Australian National University reported that 19 years’ worth of data was compromised, possibly by China-backed hackers.

With Australian organisations under threat from state-sponsored IP theft, the government has supported international efforts to commit states to a norm to refrain from practising cyber-enabled economic espionage.

Following an agreement by the US and China to commit to this norm in September 2015, Australia supported efforts to have it reaffirmed in the G20. Australia and China also agreed to abide by the norm separately in 2017, but there has been little indication that the threat has declined since then.

While diplomacy is a necessary instrument to defend Australia against the threat of state-sponsored IP theft, it must come with effective cybersecurity and IP law enforcement. To its credit, the Australian government has approached cybersecurity more seriously in the past few years. Australia’s cybersecurity budget has increased from $230 million in 2016 to $9.9 billion in 2022. And the new government’s elevation of cybersecurity to a ministerial-level portfolio signals a commitment to take the issue very seriously.

While these investments in Australia’s cyber defence posture are promising, the government must also focus on raising awareness of IP theft. Attitudes must change, and the government must be the driver of that change through proactive efforts.

An Australian version of the US Commission on the Theft of American Intellectual Property would help establish a better understanding of the threat IP theft poses to Australia’s economic prosperity. Such a body would ideally cover several issues.

As a start, the commission should estimate the scale of the economic damage to Australia that results from IP theft. Despite growing reports of internet-based cybercrimes, there has been no detailed assessment of the scale of IP theft perpetrated against Australian organisations. Indeed, conducting such an exercise is no easy feat, especially since businesses often don’t report instances of IP theft out of fear of reputational and financial damage. Governments and organisations are left to estimate the costs of IP theft through different, sometimes inconsistent, methodologies.

In Australia, the closest thing to an assessment of this kind was a report into criminal prosecutions concerning IP theft that was released by the Australian Institute of Criminology in 2008. Since then, no other report examining the scale of IP theft in Australia has been published. The absence of an exact number of instances—along with associated information like what economic sectors are most vulnerable and what kinds of IP are most stolen—may lead organisations to feel that the threat of IP theft is much lower than it is.

Beyond reviewing the scale of stolen IP in Australia, the commission could also help create a long-term strategy to defend Australia’s economic prosperity from the threat of IP theft.

A strategy will necessarily include a comprehensive review of the factors that leave Australian organisations vulnerable to IP theft. Risk assessments can also be applied to examine the information security ecosystems of Australia’s economic partners. With digital technology enabling supply chains to evolve into interdependent material, financial and information flows, Australian organisations are also vulnerable to attacks overseas.

Such a strategy would also need to consider how the government agencies responsible for economic and information security—which may include the Department of Home Affairs; the Australian Cyber Security Centre; the Australian Federal Police; the Department of Industry, Science and Resources; and IP Australia—can work together to defend Australia against the threat of IP theft.

The strategy would also benefit from identifying areas of the economy that will define future prosperity and require assets to be secured.

While many of the tasks in enforcing cybersecurity lie in corporate boardrooms and among university administrators, the government must lead attitudinal change. Building industry and university awareness and setting clear strategic goals for managing IP risks will help protect Australia’s prosperity.