Nation States' Espionage and Counterespionage

Should you be concerned by shrill warnings of nation-based economic espionage? 30-year CIA veteran Christopher Burgess looks at the current landscape of "the second-oldest profession" and what the corporate world needs from the government.

Note: Abridged from “Overview of the 2007 Global Economic Espionage Landscape”, which was post in April as Nation States' Economic Espionage. (A shorter excerpt was also published in CSO Magazine under the headline Spy Vs. Spy.)

Throughout 2007 we have seen numerous governments striking the alarm bells and warning all: Protect yourself! The thieves are coming! These warnings of nation-state sponsored activities in the realm of industrial espionage have truly reached critical levels within the developed world. The warnings are applicable to all nations, industrial sectors, and companies – and not just to those who have stepped forward and accepted the political risk of calling out the unsavory activities taking place in the market. These pronouncements are quickly followed by a yet another government standing up a new or improved counterintelligence or counterespionage entity within their domain in order to protect their country’s interests in both the public and in the private sector from these self-pronounced and empowered nations whose intelligence apparatus are targeting the intellectual properties of the world’s corporations.

The playing field is crowded with actors both new and old. Amazingly, the combined level of activity exceeds any level previously encountered, including the apex of the Cold War, when geopolitical and ideological battle lines truly existed – but when current level of communications infrastructure around the globe did not. It is this enhancemed communications infrastructure which has in essence leveled this playing field of industrial espionage for all the nation states.

Now, more than eight years since the climax of the Cold War, the threat of industrial and economic espionage has percolated once again to the forefront. The tools of the intelligence collector are once again being brought out and dusted off and put to use as nations make use of what is referred to as the “second-oldest profession.” They are willing to make the political decision to support their indigenous corporations and companies with the provision of competitors’ intellectual property the old fashion way – they will just take it.

In mid-November 2007, the US Department of Justice (DOJ) compiled and released a “Fact Sheet: Major U.S. Export Enforcement Actions in the Past Year” which summarized the 33 major cases (October 2006-October 2007) and prosecutions of illegal export of US technologies (including those which were acquired through espionage activities). Interestingly, the number of countries identified totaled ten, with Iran and China each responsible for approximately a third of the cases. Equally interesting is that none of the cases involving Iran were characterized as espionage. Of the four cases which were identified as “espionage,” all four cases identified China as the nation-state sponsor.  And equally remarkable is how Russia is conspicuous in their absence and does not appear in the Fact Sheet. This is especially noteworthy given Russian President Vladimir Putin’s call to the new head of Russia’s external intelligence service, Sluzhba Vneshny Razvedki (SVR), former Prime Minister Mikhail Fradkov in October 2007 to build up the SVR’s Economic Espionage capabilities.

It is clear, however, that two countries lead the list of those most invested in the illicit acquisition of advanced technologies from companies, research institutes and enterprises to both advance their own economies, as well as provide data points with respect to their own national security strategies. Those countries are China and Russia – numbers one and two. 

So how do we go about protecting ourselves as commercial entities? The US FBI’s “Domain Program” is focused on protecting those companies with US Government contracts. The National Counterintelligence Executive notes that classified briefings are provided to such entities. Their comments and focus seem to advocate that companies shoulder their own counterintelligence needs with respect to protecting themselves from the nation-state threat, albeit with the expectation that those enterprises involved in classified work with the US Government have a counterintelligence function as an integral part of their asset protection strategy and be ready and willing to work with the FBI to protect their company’s assets.   

It begs the question, what about the majority of US businesses not involved in government work? Perhaps the FBI’s Domain program will evolve to be the avenue by which individual US companies will be provided the necessary data points to protect themselves. But the FBI Domain program is a US-centric capability, which does not appear to be modeled in other countries.  What is the multinational corporation to do? Will other nations’ follow the FBI’s lead?

It is not enough to say to companies, “This nation or that nation is a threat to you,” and “Yes, you should tighten up your intellectual property security.” Nor is it sufficient to warn, that the “insider is a threat, especially from those who are foreign nationals.” How ludicrous is this advice? The insider is universally recognized as those closest to that which is valued. What multinational company does not have a mix of nationalities?

Perhaps more appropriately, governments calling out the warnings, jointly or individually find a means to step forward and identify the modus operandi of the offending nations, then and only then will companies be in a position to recognize the “tells” of the threatening nation and perhaps succeed in protecting themselves. If this should occur in 2008, perhaps we won’t have such a robust list of Economic Espionage events to talk about at the end of the year.   

#

Christopher Burgess is a 30-year veteran of the CIA’s clandestine service and currently serves as the Senior Security Advisor to a Fortune 100 company. Burgess speaks and writes on the topic of the global threat to Intellectual Property. He is the co-author of Secrets Stolen, Fortunes Lost, both the CSO series and the 2008 book (Elsevier).  Burgess can be contacted at his email cburgess@att.net.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful cybersecurity companies