Christopher Burgess worked in the clandestine service of the U.S. Central Intelligence Agency (CIA) for 30 years. In the course of his career, he served both as Chief of Station and senior operations officer. Richard Power, as editorial director for Computer Security Institute (CSI) and then as director of global security intelligence for Deloitte Touche Tohmatsu (DTT), researched cybercrime and economic espionage for more than a decade.
We have found two profound misconceptions common among CEOs. One of the great misconceptions is that the threat of economic espionage or trade secret theft is a limited concern-that it is only an issue if you are holding on to something like the formula for Coca-Cola or the design of the next Intel microprocessor. The case studies included here illustrate the fallacy of thinking that this threat is someone else's problem.
The other great misconception, held by many business leaders who do acknowledge the danger to their trade secrets and other intellectual property, is that the nature of this threat is sufficiently understood and adequately addressed. Often, on closer inspection, the information-protection programs these business leaders rely on are mired in Industrial Age thinking; they have not been adapted to the dynamic and dangerous new environment forged by globalization and the rise of the Information Age.
This article is based on open-source (i.e., not classified) intelligence. There is a compelling lesson in this fact. A decade ago, such stories rarely made it onto the news wire or into the courts. Today, they are commonplace. Unfortunately, the awareness and defenses required to thwart such damaging activities, although economical and effective, are far from commonplace. Our hope is to change that.
To provide a comprehensive overview of the diverse vectors of attack, and how to evaluate whether your enterprise has the necessary defenses in place, we will look at actual cases organized into three broad categories:
- When insiders and competitors target businesses
- When state-sponsored trade secret theft targets businesses
- When counterfeiters, pirates and organized crime target products
And in our conclusion, we have provided some analysis of the economic and geopolitical impact, and a comprehensive checklist of proactive security and intelligence measures.
Part I: When Insiders and Competitors Target Businesses
Economic espionage or intellectual property theft conducted by insiders, competitors or combinations of the two are the most tangible, most common and most destructive threats.
Such an attack can take many forms, like an employee, a member of the management team, a corporate board member, a third-party contract manufacturer or a collaborative partner in a joint venture. Here are several recent examples, ranging from the sordid to the spectacular:
The company IT director stole and sold trade secrets of the company as it was going out of business.
An AOL software engineer used a colleague's access codes to acquire information on 30 million AOL customers and sold it to spammers.
CCI alleges that a former employee stole and sold proprietary databases.
An employee found blueprints containing trade secrets within a container of material awaiting destruction. Instead of destroying them, he sold them to an Asian competitor.
A former employee of a Taiwanese competitor revealed that an Avery Dennison employee had been supplying the competitor with Avery Dennison's adhesive formulas for the preceding eight years.
Toshiba and Lexar entered into a partnership to compete in the flash memory market. Then Toshiba entered into a partnership with Lexar's main competitor.
Both firms allege that patented methodologies were misappropriated by Chinese competitors and used in products marketed in China, so that, in effect, Citroen and SigmaTel ended up competing against their own product designs.
Part II: When State Entities Target Intellectual Property
State-sponsored economic espionage and intellectual property theft are the most sophisticated and formidable threats.
Why do nation states engage in economic espionage and intellectual property theft? Primarily, to acquire technology to advance a military program, or to advance the economic competitiveness of the nation's industrial base, or simply to ensure that the major companies and contributors to the nation's GDP continue to make that contribution. How do nation states affect the acquisition of coveted intellectual property? In some instances, they engage their own law enforcement or intelligence services to surreptitiously acquire it, while in other instances, they publicly engage the owners of the intellectual property with a demand, which it believes is in the best interest of their citizens.
State-sponsored economic espionage and intellectual property theft are global issues. The threat is not unique to U.S. businesses or researchers. Many nations conduct such activities, and the interests of many nations are targeted.
When an insider is co-opted by an intelligence service, the activity becomes more sophisticated, and the ability to detect and/or defend against it is beyond the means of most corporate security mechanisms.
Ironically, sometimes the target is a company that was itself found guilty by the legal system as having instigated instances of industrial espionage, and to have stolen a competitor's intellectual property. Here are some examples.
Airbus attempted to muscle its way into the 1994 Saudi Arabian Airlines fleet modernization effort by offering bribes to individuals from both the Saudi airlines and government.
In January 2005, Russian Prime Minister Fradkov requested Russia's internal security service (FSB) to increase its efforts to assist Russian commercial enterprises. This was tantamount to a public declaration that Russian government's intelligence and security services engage in collection and reporting activities in support of Russian commercial enterprises.
In May 2001, the U.S. attorney in Ohio indicted Takashi Okamoto and Hiroaki Serizawa for the theft of intellectual property belonging to the Lerner Research Institute of the Cleveland Clinic Foundation, charging that the two then provided the stolen research to a research facility owned by the government of Japan.
In 2005, state-owned Russian space technology company TsNIIMASH-Export's director, his deputy and an aide were arrested by the FSB, and charged with embezzlement and the selling of secret Russian space technology to China.
In 1977, Coca-Cola controlled the Indian cola market, but a new industry minister told Coca-Cola officials to divest and transfer their intellectual property (the syrup formula) to their Indian partners. Coca-Cola opted to leave.
In 2005, the Brazilian Ministry of Health presented Abbot Laboratories of Chicago with an ultimatum: Reduce the price of Kaletra (an effective AIDS/HIV drug), or we will break the patent and produce the drug ourselves.
Despite requests from a number of countries to allow generic production of the anti-bird flu drug Tamiflu, Roche stands firm on not relinquishing the patent, which is protected into 2016, and demanding a licensing fee.
Where Does It End?
Attacks on intellectual property, whether covert or overt, have profound consequences and sweeping implications.
A lawless world, in which government intelligence services routinely insinuate themselves into competition between commercial enterprises in the private sector, and internationally recognized patents can be unilaterally disregarded by governments, whether motivated by the social good or geopolitical ambition, will certainly not contribute to the establishment of peace and prosperity for all nations. Nor does a lawless world, in which private-sector corporations can move freely and globally, without restraint, conscience, accountability or international oversight, lead us any closer to that lofty goal.
The United States has no program or policy to provide economic or industrial competitive intelligence to U.S. businesses. The country's economic policy precludes it.
U.S. governmental efforts are focused on the protection of intellectual property owned by U.S. persons or U.S. corporate entities, and keeping the economic pitch level as U.S. corporations compete within the global marketplace.
Discussion points have been made both for and against allowing U.S. governmental agencies and departments, such as the Department of State, Department of Commerce, the National Intelligence Director and the various agencies that make up the U.S. intelligence community, to devote resources and provide economic intelligence to U.S. persons or corporations.
The best approach is to maintain the current policy, except when U.S. corporate interests are specifically targeted by a foreign government-sponsored activity, or when the economic playing field must be leveled. The U.S. government's abilities should be dedicated to national security issues. No U.S. intelligence officer should put his or her life in jeopardy to improve shareholder value. The ultimate sacrifice should be reserved only for the nation's security.
According to a study published by USA for Innovation (www.usaforinnovation.org) in late October 2005, intellectual property in the United States alone carried the value of US$5 trillion to $5.5 trillion, equivalent to 45 percent of the gross domestic product, far larger than the GDP of any other nation. The intellectual property retained by U.S. companies is central to U.S. economic security. This study also indicates that a direct correlation exists between the level of a nation state's protection of foreign-owned intellectual property and the level of foreign investment in that same country-i.e., where the state offers increased protection of the investor's intellectual property, investors increase their investment in the nation's economy.
The United States is under economic attack, according to the National Counterintelligence Executive's report to U.S. Congress in February 2005. The report goes into some depth in identifying the types of foreign entities conducting industrial and economic espionage, the kind of information targeted by these foreign entities, and which foreign entities are attempting to acquire sensitive U.S. technology (either classified or proprietary)-be they private or governmental.
The report indicates that individuals from almost 100 separate countries attempted to acquire sensitive U.S. information. Characterizing the role of the state-supported intelligence collection effort against U.S. technology and intellectual property, it states: "It is clear, however, that some foreign countries, including the major players, also continued to employ state actors-including their intelligence services-as well as commercial enterprises, particularly when seeking the most sensitive and difficult to acquire technologies."
The report identified several dual-use areas as being targeted, including:
- Information systems
- Military production processes and communication systems
- Energy materials
The report laments the difficulty of tracking the foreign targeting of purely civilian technologies, and highlights U.S. organizations' reluctance to share information. Such reluctance, it opines, is due to their not wishing to highlight their losses, because such revelations could have a deleterious effect on "investor and consumer confidence and stock prices."
Commercial technologies identified as stolen by foreign entities included:
- Semiconductor production processes
- Computer microprocessors
- Proprietary information
- Chemical formulas
The U.S. counterintelligence community expects no decline in foreign intelligence activities, and also notes that stemming the flow of information will become even more difficult. The report specifically mentions the challenge of isolating trade secrets from foreign managers and employees and U.S. companies' increasing practice of placing their research and development centers in foreign environs.
U.S. corporations must take appropriate steps, on their own initiative, and incorporate security procedures in order to effectively protect their intellectual property against the efforts of foreign governments eager to obtain it.
Part III: When Counterfeiters, Pirates and Organized Crime Target Products
The counterfeiting and piracy of products, activities often sponsored by organized criminals, make up the most insidious intellectual property threat, and certainly the most pervasive threat to the global economy as a whole.
The U.S. Chamber of Commerce estimates that counterfeit and pirated products account for 5 percent to 7 percent of the global economy, and results in the loss of more than 750,000 jobs and approximately $250 billion in sales to the United States alone.