"The relative threat to sensitive U.S. economic information and technologies from different countries is likely to evolve as a function of international economic and political developments," the NCIX report had noted. "China and Russia view themselves as strategic competitors of the United States and are the most aggressive collectors of U.S. economic information and technology."
But over the next few years, U.S. companies must be prepared for the eventuality that one or more fast-growing regional powers could launch aggressive cyberespionage campaigns if they felt it would benefit them economically or from a security standpoint, the report noted.
Importantly, it's not just state-sponsored entities that are launching cyberespionage campaigns.
In January, the security firm Kaspersky Labs released details of a massive cyberespionage campaign, dubbed Red October, that has been targeting companies in Western Europe and North America for at least the past five years. The attacks, which targeted companies from a total fo 69 countries were not state-sponsored, but rather the work of sophisticated hackers operating out Russia.
"Signs point to Chinese actors most often when attacks or compromises are discovered," said Dale Peterson, CEO of Digital Bond, a consulting company that specializes in control system security. That doesn't mean that other nations are not active as well, especially in the area of industrial control systems (ICS), he said.
"I'd imagine every major country in the world, including the U.S. and non-governmental entities, are learning what control systems run their potential adversaries critical infrastructure, getting detailed design information on those systems, developing offensive weapons, and in some cases pre-staging those weapons," Peterson said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.