Take a tour of 1366 Technologies, a startup near Boston that is developing a cheaper way to make solar cells, and you will see open spaces with low cubicles, engineers at their desks, a machine shop, and testing equipment running silicon wafers through their paces.
But the tour is a bluff: it’s what you don’t see that’s really interesting. In another part of the building—one with no obvious way in—sit the engineers working on the core technology, machines that could cut the cost of silicon wafers for solar cells in half. Perhaps most important, computers used for the real work are entirely cut off from the Internet.
“We are paranoid,” 1366 CEO Frank van Mierlo says. “We’ve taken our entire engineering server offline and air-gapped it, like the Department of Defense.”
There has recently been much talk in Washington about the need to guard critical infrastructure, such as power plants, against possible enemy cyberattacks. But energy companies say that their key inventions and business data are already the target of increasingly sophisticated cyber-espionage.
“[It] quietly kept getting worse and worse,” Dana Deasy, the former chief information officer of BP, said last November during a meeting of information technology executives in Barcelona, Spain. “You finally wake up one day and you’re sitting in a world where this is a serious threat to the industry as a whole.”
Attacks can go unnoticed for years, or are never reported. As a result, estimates of stolen intellectual property vary “so widely as to be meaningless,” according to a 2011 report on foreign cyberspying by the U.S. Director of National Intelligence, which cited calculations of between $2 billion and $400 billion a year.
Companies say they worry most about state-sponsored attacks, which tend to be “incredibly well organized, incredibly sophisticated,” according to BP’s Deasy.
Some of the hackers are looking for proprietary data about oil fields, painstakingly gathered using costly seismic surveys, which underpins a business worth $3 trillion a year. Adam Segal, a fellow for China studies at the Council on Foreign Relations, says stolen survey data is believed to have influenced bidding on Iraqi oil fields.
Attackers leave clues but are rarely caught. In 2011, the security firm McAfee described “operation Night Dragon,” a series of computer intrusions at oil and gas companies that they traced to China. Researchers at CrowdStrike have been tracking an “adversary group” they call Energetic Bear, based in the Russian Federation, which strikes western energy firms by installing malware that collects passwords. The United States allegedly spied on the Brazilian state oil giant Petrobras.
Few companies will admit they’ve been the victims of espionage. One that did is American Superconductor. In 2011, the Massachusetts company sued its largest customer, the Chinese wind-turbine maker Sinovel, saying it had stolen its key technology, a way of making it easier for wind turbines to integrate with the electricity grid.
In August, a federal grand jury indicted Sinovel, alleging that it had offered money and an apartment in Beijing to induce an American Semiconductor employee to e-mail the source code for the technology to China. American Superconductor says it lost $800 million in revenues and its stock cratered, falling more than 75 percent.
The case points to how intellectual-property theft often relies not only on sophisticated computer attacks but also on insiders. But it justifies the care that 1366 takes, says CEO van Mierlo: “You only have to listen to the horrible stories of American Superconductor to know how damaging this stuff can be.”
This startup wants to copy you into an embryo for organ harvesting
With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.
VR is as good as psychedelics at helping people reach transcendence
On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.
This artist is dominating AI-generated art. And he’s not happy about it.
Greg Rutkowski is a more popular prompt than Picasso.
This nanoparticle could be the key to a universal covid vaccine
Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.