Socio-Technical Root Cause Analysis of Cyber-enabled Theft of the U.S. Intellectual Property -- The Case of APT41

Increased connectivity has made us all more vulnerable. Cyberspace, besides all its benefits, spawned more devices to hack and more opportunities to commit cybercrime. Criminals have found it lucrative to target both individuals and businesses, by holding or stealing their assets via different types of cyber attacks. The cyber-enabled theft of Intellectual Property (IP), as one of the most important and critical intangible assets of nations, organizations and individuals, by foreign countries has been a devastating challenge of the United States (U.S.) in the past decades. In this study, we conduct a socio-technical root cause analysis to investigate one of the recent cases of IP theft by employing a holistic approach. It concludes with a list of root causes and some corrective actions to stop the impact and prevent the recurrence of the problem in the future. Building upon the findings of this study, the U.S. requires a detailed revision of IP strategies bringing the whole socio-technical regulatory system into focus and strengthen IP rights protection considering China's indigenous innovation policies. It is critical that businesses and other organizations take steps to reduce their exposure to cyber attacks. It is particularly important to train employees on how to spot potential threats, and to institute policies that encourage workers to report potential security failures so that action can be taken quickly. Finally, we discuss how cyber ranges can provide an efficient and safe platform for dealing with such challenges. The results of this study can be expanded to other countries in order to protect their IP rights and deter or prevent and respond to future incidents.