One of the problems we face in our field of information assurance is the paucity of credible data about threats to our systems. I’ve often said we suffer from problems of ascertainment and problems of data collection. Without going into details here, there is plenty of reason to believe that we do not notice many of the system intrusions that take place and that many of those that are noticed are not reported in a way that allows development of a statistical base.

You can read a paper about this on my Web site as an HTML file or as a PDF file.

The National Counterintelligence Center, which later became the Office of the National Counterintelligence Executive, has been reporting annually to Congress since 1995 about foreign economic collection and industrial espionage. Its reports are freely available as PDF files.

I think there are some valuable findings and trends in industrial espionage that will interest readers of this column and help them interfere with industrial spies.

Section 809 of the Intelligence Authorization Act for Fiscal Year 1995 defined foreign industrial espionage as "industrial espionage conducted by a foreign government or by a foreign company with direct assistance of a foreign government against a private United States company and aimed at obtaining commercial secrets.” (Page 1 of 1995 report.)

Throughout the decade of reporting, there has been little change in the list of targeted technologies; the 2004 report lists the following: Information systems are a key target, with more than 40% of the PhDs employed in the field in 2001 (the most recent year of available data) being foreign-born (compared with 10% of all PhD scientists and engineers overall in the U.S.). Sensors, aeronautics, electronics, armaments and energetic materials are other industrial targets for espionage. The 1996 report notably added biotechnology, information warfare, manufacturing processes, nuclear systems, space systems, telecommunications and weapons effects and countermeasures to the list of targets.

Industrial espionage is carried out in many ways. The 1995 report lists the following:

* Traditional methods of espionage include classic agent recruitment, U.S. volunteers (see the “One Evil” awareness poster in the free collection here), surveillance, surreptitious entry (including bribery at hotels to allow access to guest and luggage rooms), specialized technical operations (e.g., communications intelligence and signals intelligence) and economic disinformation (and psychological operations).

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.