Industrial espionage, Part 1: Methods

* Methods of conducting industrial espionage

One of the problems we face in our field of information assurance is the paucity of credible data about threats to our systems. I’ve often said we suffer from problems of ascertainment and problems of data collection. Without going into details here, there is plenty of reason to believe that we do not notice many of the system intrusions that take place and that many of those that are noticed are not reported in a way that allows development of a statistical base.

You can read a paper about this on my Web site as an HTML file or as a PDF file.

The National Counterintelligence Center, which later became the Office of the National Counterintelligence Executive, has been reporting annually to Congress since 1995 about foreign economic collection and industrial espionage. Its reports are freely available as PDF files.

I think there are some valuable findings and trends in industrial espionage that will interest readers of this column and help them interfere with industrial spies.

Section 809 of the Intelligence Authorization Act for Fiscal Year 1995 defined foreign industrial espionage as "industrial espionage conducted by a foreign government or by a foreign company with direct assistance of a foreign government against a private United States company and aimed at obtaining commercial secrets.” (Page 1 of 1995 report.)

Throughout the decade of reporting, there has been little change in the list of targeted technologies; the 2004 report lists the following: Information systems are a key target, with more than 40% of the PhDs employed in the field in 2001 (the most recent year of available data) being foreign-born (compared with 10% of all PhD scientists and engineers overall in the U.S.). Sensors, aeronautics, electronics, armaments and energetic materials are other industrial targets for espionage. The 1996 report notably added biotechnology, information warfare, manufacturing processes, nuclear systems, space systems, telecommunications and weapons effects and countermeasures to the list of targets.

Industrial espionage is carried out in many ways. The 1995 report lists the following:

* Traditional methods of espionage include classic agent recruitment, U.S. volunteers (see the “One Evil” awareness poster in the free collection here), surveillance, surreptitious entry (including bribery at hotels to allow access to guest and luggage rooms), specialized technical operations (e.g., communications intelligence and signals intelligence) and economic disinformation (and psychological operations).

* Additional methods include using foreign students studying in the U.S., foreign employees of U.S. firms and agencies, debriefing foreign visitors to the U.S. on their return to their home country, recruitment of émigrés, ethnic targeting (suborning or threatening Americans with foreign family ties), and elicitation during international conferences and trade fairs. Agents have also exploited private-sector firms, joint ventures, mergers or acquisitions and non-profit organizations as opportunities and fronts for espionage. Hiring competitors’ employees, signing corporate technology agreements, sponsoring research projects in the U.S. and assigning foreign liaison officers to government-to-government research and development projects are additional valuable methods for covert data gathering.

* Open source intelligence (OSINT) methods include open or covert use of public databases, hiring information brokers and assigning consultants to gather information for confidential research reports. In some cases foreign interests have paid lobbyists to influence lawmakers and to facilitate extended contacts with high-placed officials with access to valuable information. Other OSINT channels listed in the 1996 report include bid proposals, energy policies, marketing plans, price structuring, proposed legislation, tax and monetary policies, and control regulations for technology transfer and munitions.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.