http://www2.csoonline.com/exclusives/column.html?CID=33542 By Christopher Burgess CSOonline.com Feb. 19, 2008 Note: Abridged from Overview of the 2007 Global Economic Espionage Landscape, which will be published in full at a later date. Throughout 2007 we have seen numerous governments striking the alarm bells and warning all: Protect yourself! The thieves are coming! These warnings of nation-state sponsored activities in the realm of industrial espionage have truly reached critical levels within the developed world. The warnings are applicable to all nations, industrial sectors, and companies and not just to those who have stepped forward and accepted the political risk of calling out the unsavory activities taking place in the market. These pronouncements are quickly followed by a yet another government standing up a new or improved counterintelligence or counterespionage entity within their domain in order to protect their countrys interests in both the public and in the private sector from these self-pronounced and empowered nations whose intelligence apparatus are targeting the intellectual properties of the worlds corporations. The playing field is crowded with actors both new and old. Amazingly, the combined level of activity exceeds any level previously encountered, including the apex of the Cold War, when geopolitical and ideological battle lines truly existed but when current level of communications infrastructure around the globe did not. It is this enhancemed communications infrastructure which has in essence leveled this playing field of industrial espionage for all the nation states. Now, more than eight years since the climax of the Cold War, the threat of industrial and economic espionage has percolated once again to the forefront. The tools of the intelligence collector are once again being brought out and dusted off and put to use as nations make use of what is referred to as the second-oldest profession. They are willing to make the political decision to support their indigenous corporations and companies with the provision of competitors intellectual property the old fashion way they will just take it. In mid-November 2007, the US Department of Justice (DOJ) compiled and released a Fact Sheet: Major U.S. Export Enforcement Actions in the Past Year which summarized the 33 major cases (October 2006-October 2007) and prosecutions of illegal export of US technologies (including those which were acquired through espionage activities). Interestingly, the number of countries identified totaled ten, with Iran and China each responsible for approximately a third of the cases. Equally interesting is that none of the cases involving Iran were characterized as espionage. Of the four cases which were identified as espionage, all four cases identified China as the nation-state sponsor. And equally remarkable is how Russia is conspicuous in their absence and does not appear in the Fact Sheet. This is especially noteworthy given Russian President Vladimir Putins call to the new head of Russias external intelligence service, Sluzhba Vneshny Razvedki (SVR), former Prime Minister Mikhail Fradkov in October 2007 to build up the SVRs Economic Espionage capabilities. It is clear, however, that two countries lead the list of those most invested in the illicit acquisition of advanced technologies from companies, research institutes and enterprises to both advance their own economies, as well as provide data points with respect to their own national security strategies. Those countries are China and Russia numbers one and two. So how do we go about protecting ourselves as commercial entities? The US FBIs Domain Program is focused on protecting those companies with US Government contracts. The National Counterintelligence Executive notes that classified briefings are provided to such entities. Their comments and focus seem to advocate that companies shoulder their own counterintelligence needs with respect to protecting themselves from the nation-state threat, albeit with the expectation that those enterprises involved in classified work with the US Government have a counterintelligence function as an integral part of their asset protection strategy and be ready and willing to work with the FBI to protect their companys assets. It begs the question, what about the majority of US businesses not involved in government work? Perhaps the FBIs Domain program will evolve to be the avenue by which individual US companies will be provided the necessary data points to protect themselves. But the FBI Domain program is a US-centric capability, which does not appear to be modeled in other countries. What is the multinational corporation to do? Will other nations follow the FBIs lead? It is not enough to say to companies, This nation or that nation is a threat to you, and Yes, you should tighten up your intellectual property security. Nor is it sufficient to warn, that the insider is a threat, especially from those who are foreign nationals. How ludicrous is this advice? The insider is universally recognized as those closest to that which is valued. What multinational company does not have a mix of nationalities? Perhaps more appropriately, governments calling out the warnings, jointly or individually find a means to step forward and identify the modus operandi of the offending nations, then and only then will companies be in a position to recognize the tells of the threatening nation and perhaps succeed in protecting themselves. If this should occur in 2008, perhaps we wont have such a robust list of Economic Espionage events to talk about at the end of the year. -=- Christopher Burgess is a 30-year veteran of the CIAs clandestine service and currently serves as the Senior Security Advisor to a Fortune 100 company. Burgess speaks and writes on the topic of the global threat to Intellectual Property. He is the co-author of Secrets Stolen, Fortunes Lost, both the CSO series and the 2008 book (Elsevier). Burgess can be contacted at his email cburgess (at) att.net. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Feb 19 2008 - 22:52:15 PST