Kevin Coleman is a senior fellow at the Technolytics Institute and former chief strategist at Netscape. (File)
In October of this year, I wrote an article titled, “Project Documents - High Value Targets of Cyber Espionage,” that was published by Project Times, which is an online publication reporting on what’s going on in the world of project management. A month later, AutoCAD, a popular software product used in project documents in multiple industries, was found to have become the latest victim of a targeted cyber attack.
TrendMicro broke the news: Newly-discovered malware is specifically designed to compromise the computer aided design and modeling software. The malware was reportedly designed to copy AutoCAD diagrams and send them via email to an account in China.
One industry report suggests that AutoCAD has 31 percent of the CAD market, which is forecast to top $9 billion for the U.S. in 2014. Given those figures and the information contained in CAD diagrams produced by this software, you can easily see how AutoCAD would be a strategic, high-value target.
Just think for a moment how many AutoCAD diagrams and schematics there must be for the critical infrastructure of the United States and other sensitive systems. Then imagine how those documents could help design a cyber attack that targets those systems. Now consider all the facility blueprints and construction diagrams for our critical infrastructure and other sensitive facilities. These documents could be analyzed to determine just where to place an explosive device to inflict maximum damage.
There is also an espionage component to this. How much research and how many research projects and new product development efforts use this program? Theft of that research and new product designs could result in substantial economic loss as well as loss of competitive advantage for the companies sponsoring those efforts.
All indications are that we are far from assessing the value of data and documents and applying an appropriate level of security measures (cyber and physical) based on that assessment.