Spy vs Spy

Sep 15, 2011

National security is threatened where political spies operate. Threats from political espionage have plagued sovereign nations from the beginning and over time have generated a class of foreign diplomacy where luxury lifestyles are filled with missions of intrigue and paid informants. As Lt.-Col. Paul M. Thobo-Carlsen reminds us, the spy game is the second oldest profession in the world!

Karl Payeur looks at the reasons ­people may reveal secrets. Spies excel in exploiting different scenarios that are conducive to “involuntary disclosures.” Ever resourceful, the successful spy may be a cunningly manipulative woman who can gain access to powerful men through their sexuality – recent events have shown that this ‘honey trap’ tactic remains as prevalent today as it has been in the past.

Corporate Espionage represents a modern threat that will require a new set of tools and processes to combat the perpetrators – many of whom come from overseas and represent decades of experience in the murky world of political espionage.

The key strategic importance of the global military industrial community has provided fertile ground to attract investment in espionage by foreign competitors who wish to gain economic and political advantages. Easily portrayed as “corporate competition,” the spy of today practices such ­espionage in a tailored suit with a ­briefcase full of electronic listening devices. J. Michael Cole’s article, Friend or Foe, focuses on the extent of corporate espionage being practiced today by China.

Today’s governmental reactions to the threat of theft of national secrets provide well-meaning, but mostly ineffective, protection of national interests. In this issue, we explore the ­connection between corporate and national security. Advice from the world’s experts on these subjects talk about solutions and approaches that will make organizations and critical infrastructure resilient to outside – and perhaps more importantly, to inside – threats to IP and trade secrets. Most of the solutions involve cultural changes, such as developing an attitude of diligence and awareness. Others are more structural, with advice on developing an intelligence hub to drive security decisions.

When it comes to national security – including both military and public safety applications – both intelligence and education/training services are vital for success. In corporate security, effective protection of intellectual property is directly dependent upon the level of support exhibited at executive levels for in-depth technological solutions, plus the ability to access trusted intelligence.

In Document Security, Guy Chamberlain highlights the imperative of protecting physical documents from the prying eyes of even the most friendly corporate visitor, and advises that previous document drafts should be utterly destroyed.

Other than rare ‘lone wolf’ scenarios, most espionage efforts today involve a complex web of collaborations and conspiracies. To pull off the sophisticated theft of valuable, developmental IP, a thief needs to know the characteristics and proclivities of management and selected employees within the target organization. Minimal ­levels of ­protection such as locking and password systems are insufficient in the face of determined corporate spies. Smart technologies like bio-credentialing systems ­provide an additional level of security, but do they ­simply delay the inevitable – leading the sophisticated adversary to yet another challenge in the pursuit of the IP or IT booty – and adding another cost line on the North American business ledger?

Both Canada and the United States have lost billions of dollars to organizational espionage. It’s time to make security a strategic part of the business process.

Government spy agencies can provide defense against political espionage, but they are ill-equipped to help industry protect their privately-held secrets to success. Michel Juneau-Katsuya’s article provides insight on what executives should focus on and what government can do to help. One of Juneau-Katsuya’s solutions – the sharing intelligence – is also taken up by Steve Moore in his article on setting up an Intelligence Hub. Moore states that “the value of your own information can increase ­exponentially when combined with open source research and information from other entities with whom you are willing to share.” This is an idea whose time has come and FrontLine Security will be pursuing this topic further in the near future.

Corporate associations like ASIS and ISACA organize forums where security professionals can discuss the latest in threats and possible solutions to security problems. We present ISACA as a Solutions Showcase feature in the article “IT Resilience.” Chapter President Robert Venczel presents ideas that will help companies prepare for possible penetration attempts by unscrupulous intelligence raiders.

Some of the expert contributors to this ­edition will be proposing solutions at the Canadian Industrial Security Conference (CISC2011) in November. They recommend that organizations must go a step further to design a ­customized and comprehensive security program. CEOs are advised to take the best of what the security generalists have to offer and then add layers based on the ­peculiarities of their individual business – what threats are likely to come, why, and from what source. With that intelligence, a CSO can then combine shared resources with specialized investigative services to obtain a more complete understanding of the nature of the threat, and develop sound methods to defeat it. A company-wide awareness program – made mandatory from the top down – will make sure everyone in the organization is committed and on the same page. Understanding the nature of the threat and what is at stake (often the very survival of the organization) is the key to success but, make no mistake, it is only the beginning of this never-ending vigil.

Edward R Myers, Editor
© FrontLine Security 2011