Infocon Magazine Issue One,
and Industrial Espionage: a Threat to Corporate America
Wanja Eric Naef
See also Economic Espionage Interview
Economic espionage is not a rare occurrence, even if it happens behind
closed doors. The media features plenty of stories on hackers defacing
web pages or disrupting services, but there is scant coverage of
economic or industrial espionage cases. Though perhaps less sensational,
these threats may be more dangerous for your company.
Billions of dollars and thousands of jobs are lost due to theft
of trade secrets. Corporate America needs to acknowledge the
reality of this risk and develop more efficient countermeasures
to safeguard survival in a competitive market.
is easy to seek comfort in the hope that this problem won’t
affect your company. Unfortunately reality looks different. Companies
need to develop proactive measures to protect their trade secrets.
There are reasonably specific, inexpensive, and intuitive steps
that can be taken to address these problems.
Economic and Industrial Espionage: a Threat to Corporate
by Wanja Eric Naef
Industrial Espionage present a series of challenges to many American
Take the example of Intel. Just in September
one man pled guilty to copying trade secrets as defined under the
Economic Espionage Act of 1996--the first case of its kind in Northern
California. The US Attorney’s office there revealed that a
certain Say Lye Ow, a 31 year old originally from Malaysia, copied
sensitive information on Intel’s first 64-bit processor when
he left the company in 1998.
In some ways
Intel was fortunate. The information, key to the operation of what
calls “the engine inside the Internet economy,” was
reportedly never sold to any of Intel’s competitors. They succeeded
to address the breach before the consequences grew beyond their control.
Other companies were not quite so lucky.
A survey conducted
by PricewaterhouseCoopers and the American Society for Industrial
Security (ASIS) revealed Fortune 1000 companies lost
more than $45 billion in 1999 due to theft of their proprietary information
alone. These losses, the survey contends, hit the manufacturing industries
particularly hard. Since the R & D expenses for manufacturing
companies are costly, some companies, foreign or domestic, are tempted
to catch up unfairly. The study finds that “although manufacturing
reported only 96 incidents, the acknowledged losses of manufacturing
companies accounted for the majority of losses reported in the survey,
and averaged almost $50 million per incident.”
What is perhaps
more alarming than these statistics is the cumbersome response
The report concludes “The majority of
companies responding to the survey have not effectively met the challenge
of providing a framework in which to safeguard proprietary information.” They
are failing to address the threat.
At the end of
the Cold War several intelligence agencies needed to develop a
d’être. These agencies often
turned their skills toward economic espionage. Dismantled intelligence
agencies in Eastern Europe left many skilled agents who were available
to offer their services to interested parties in the private sector.
Experts even believe some of the governments of America’s closest
allies actively spy on companies to gain a competitive advantage.
The alert company
must guard against threats from a variety of “info
thieves.” Foreign Intelligence Services (FIS), “mercenary” intelligence
agents, and even foreign and domestic corporations all seek to exploit
unprepared companies. Not all organizations play by the rules. Many
companies will use a variety of methods, some legal, some gray, and
some clearly in violation of the law, to obtain trade secrets. Some
businesses have whole departments devoted to this end, called “business
or competitive intelligence units.” These units may resort
to a range of collecting information so varied as to include bribery,
searching through garbage (“dumpster diving”) to scams
to trick unsuspecting workers (“social engineering”).
For example, as is well known, a large proportion of Japanese companies
have well-established units for this purpose, though American companies
tend not to have these offices. For both defensive and legitimate
information gathering purposes, there may be clear advantages to
closing this gap. As Bernard Esambert, a President of the Pasteur
Institute, once said “Today’s economic competition is
global. The conquest of markets and technologies has replaced former
territorial and colonial conquests. We are living in a state of world
economic war and this is not just a military metaphor... the companies
are training the armies and the unemployed are the casualties.'
How can your company protect against these threats?
Here are some simple steps to help prevent information leakage.
first gauge what information is sensitive and classify it as such.
information such as technological innovations
or new market strategies may be easily identified as “sensitive,” other
information, such as customer complaint data, may be as valuable
if it falls into the hands of a rival.
Secondly, a company should conduct a risk assessment to determine
the vulnerability of unwanted transmissions of information and the
likelihood rivals will seek to exploit those vulnerabilities.
Thirdly a security policy addressing those specific concerns should
be developed. Next measures, technological and procedural, should
be implemented in accordance with the security policy. Staff must
be more clearly informed on what information must be carefully guarded,
and the means by which rivals will attempt to garner that information.
In the event of a suspected leakage or suspected attempt to solicit
sensitive information, a clear line of contact should be in place
to better ensure a corporation can cope with the problem, rather
than having it lost, unreported, in a bureaucratic quagmire.
Finally, this security policy should regularly be evaluated and modified
to reflect changes in competitors and information.
Congress has attempted to aid companies to protect themselves with
the Economic Espionage Act of 1996. The Act permits legal action
regarding “financial, business, scientific, engineering, technical
and economic information,” if a company can demonstrate it
has attempted to keep this information classified and protected.
But many companies don’t take advantage of the Act, except
as a last resort. When news of the breach is known publicly, a company
can safely exploit the law in full knowledge that whatever negative
conclusions regarding the company’s reliability are already
drawn. However, if the trade secret theft is not publicly known,
a company has to closely evaluate the advantages and disadvantages
of suing another company (and thereby going public) as news of the
theft may damage the company’s reputation.
Security Precautions are a Business Enabler
are taking place and are costing companies substantial sums of
Companies, regardless of their sizes,
must address these issues. These risks are only enhanced by the looming
recession. Not only are companies more tempted to cheat, but potential
victims are less willing to fund counter measures. “User education” is
often quick to be abolished. This is a risky move, as security is
as strong as its weakest link. Therefore, security precautions should
be seen not as a dispensable budget expense. Rather it must be regarded
as a business enabler.
‘The Awareness of National Security Issues and Response (ANSIR)
Program is the FBI's National Security Awareness Program. It is the "public
voice" of the FBI for espionage, counterintelligence, counterterrorism,
economic espionage, cyber and physical infrastructure protection
and all national security issues. See http://www.fbi.gov/hq/nsd/ansir/ansir.htm
Employees' Guide to Security Responsibility. A brilliant resource
with lots of information dedicated to education of users. http://www.smdc.army.mil/SecurityGuide/Home.htm
Trends in Proprietary
Information Loss 1999. PricewaterhouseCoopers & American
Society for Industrial Security (ASIS) Survey. http://www.asisonline.org/spi.pdf
IWS welcomes suggestions
regarding site content and usability. Please use our contact
form to submit your comments.
30 December, 2007
by Wanja Eric Naef
IWS Copyright © 2000 - 2008