In Depth

Nation States' Espionage and Counterespionage

An overview of the 2007 Global Economic Espionage Landscape

By Christopher Burgess

Brenner is right with respect to the importance of acquisition risk. And governments, which are defending against the nation-state counterintelligence problem, must assign adequate resources to address this threat. But often, the question rises, Whose problem is this, really? If governments do not partner with industry in providing detailed threat data, how are industries expected to know of the threat and take appropriate steps to address the threat in a secure and economical manner? And these threats are not limited to the national security scenario; they are also used for competitive advantage and/or economic superiority.

It would not surprise anyone with a profit/loss perspective that if the cost to mitigate against unknown threats exceeds the value the government is willing to pay for this mitigation, then governments will find themselves without adequate protection, as they attempt to get by on the cheap with a low-bid, vs. most-secure mentality and methodology. But what is the corporation to do?

To his credit, Brenner admitted, "We in government can do a better job of helping [business] handle cyber vulnerabilities through a better warning system. Specifically, our rules for what we can tell you (our "cooperation model," if I may put it that way) is a function of our classification model. That is, if you're doing classified work, we can and may provide you with information about actual or potential attacks on your system that we cannot provide if you're not working on a classified contract."

It begs the question: What about the majority of U.S. businesses not involved in government work and, therefore, without access to the "classified U.S. government briefings?" Perhaps the FBI's Domain program will be the avenue by which individual U.S. companies will be provided the necessary data points to protect themselves from the nation-state's nefarious efforts. But the FBI Domain program is U.S.-centric and does not appear to be modeled in other countries. What is the multinational corporation to do? When will other nations follow the FBI's lead?

It is not enough to say to companies, "This nation or that nation is a threat to you," and "Yes, you should tighten up your intellectual property security." Nor is it sufficient to warn that the insider is a threat, especially from those who are foreign nationals.How ludicrous is this advice? What multinational company does not have a mix of nationalities?

Perhaps more appropriately, governments issuing the warnings can find a means to step forward and identify the modus operandi of the offending nations. Then and only then will companies be in a position to recognize the "tells" of the threatening nation and perhaps succeed in protecting themselves. If this should occur in 2008, perhaps we won't have such a robust list of economic espionage events to talk about at the end of the year.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Intellectual Property Protection: The Basics
• Industrial Espionage: Secrets Stolen, Fortunes Lost
• I've Got a Trade Secret
• Corporate Spying: Snooping, by Hook or by Crook
• Counterfeiting: Faked in China