The Silent Killer
The Chinese government is hardly the only perpetrator of
industrial espionage. Although the U.S. National Counterintelligence Executive
(NCIX), a federal entity that oversees and executes the president’s national
counterintelligence strategy, has consistently cited China as the most egregious
architect of corporate espionage, there are many other countries, including
Russia, Pakistan and Iran, that aggressively spy on behalf of their national
industries. The NCIX also cites U.S. allies such as Israel, France, Germany and
Japan as frequent offenders. The NCIX reports that more than 100 countries
practice corporate espionage.While governments often work in tandem with their national
industries to steal corporate secrets, they are not the only agents. Numerous
prosecutors who investigate corporate espionage crimes have told me that the
majority of the offenses they pursue involve companies targeting their domestic
rivals. For example, the process for making soft-center chocolate chip cookies
became the focus of epic industrial espionage efforts as Nabisco, Pillsbury and
others raced to bring the revolutionary new cookie to market. Motorola chief information security officer Bill Boni describes
the damage incurred by acts of
corporate spying as "death by a thousand
cuts." |
But in a global economy, does it really matter which company
brings a product to market? For investors and consumers, the answer is,
emphatically, yes. Say an American pharmaceutical company invests $800 million
into the development of a new drug. If another firm steals the formula, it will
probably manufacture the drug overseas, and the resulting product will end up on
the black market. This means that the drug will sell for a fraction of its
normal price. The developer cannot recoup its investment, and quality control
issues may damage its reputation. Even if the counterfeit drug is not sold
domestically, the overseas competition will eat into the developer’s profits.
Diverse, multinational corporations may be able to survive this
type of blow. But small and midsize companies would be devastated. In the
mid-1980s, Recon/Optical, a Barrington, Ill., manufacturer of high-quality
optical products for military applications, won a contract from the Israeli
military. Israel’s government said it wanted contract monitors on site to
observe the progress of the effort. In reality, these Israeli air force officers
were spies who stole every important aspect of Recon/Optical’s technology. An
Israeli company that used the same technology opened three months later and sold
the products for one-third of Recon/Optical’s price, effectively crippling the
company. Litigation ensued, and in 1993 the Israelis reportedly paid $3 million
in damages and fines, which was little consolation to the company, which faced
near ruin. Briefcase, Cloak and Dagger
The case of Recon/Optical is somewhat unique in that the company not only
knew its IP had been stolen, but it knew who stole it. Most companies are not
aware of either. While I often help companies investigate known espionage cases,
my main business is performing simulations of espionage attempts in which a team
of intelligence professionals targets a company technologically, physically and operationally. Over the years, I have been able
to compromise the entire product line of a pharmaceutical company and the
fund-transfer systems of major financial organizations, as well as to steal
nuclear reactor designs. We have never been caught, and our clients never know
what was stolen until we inform them. Disturbingly, in half of these
simulations, my team finds evidence of previously undetected crimes or espionage
attacks. In 1996, Congress passed the Economic Espionage Act, making the
theft or misappropriation of a trade secret a federal crime. The law directly
addresses global corporate espionage in that it has extraterritorial
jurisdiction for any crimes involving U.S. citizens (as victims or
perpetrators). While the number of prosecutions under this law has increased,
most agree that the volume of global and domestic corporate espionage has risen
at a much faster pace, and will continue to do so. Technology, particularly the
Internet, is providing more opportunities for espionage, especially against
small businesses. Companies are also making themselves vulnerable by moving
operations overseas. Those that seek the benefits of a new market, without
considering the potential costs of entering it–including losses due to
espionage–can offset any gains. Consider the global companies that are tripping
over themselves to break into the Chinese and Indian markets. They are lured by
lower manufacturing costs and the potential to sell their products to billions
of new customers. Yet I know of only a handful that have IP protection policies
in place to deal with the very real threat of espionage. At the same time, the
host countries and local competitors have continued to refine their espionage
skills. We are also seeing large companies develop their own
competitive intelligence programs to monitor the activities of their
competitors. While internal groups probably use legal methods, they will
inevitably hire outside firms to assist in gathering information, and these
firms are more likely to engage in illegal espionage efforts. Many companies will experience espionage-related losses. While
most will not be devastated by these crimes, death by a thousand cuts remains a
very real possibility. Better-prepared and managed companies can minimize these
losses and boost their chances of recovery by preventing attacks and detecting
and responding to successful attacks. Unfortunately, as corporate espionage
proliferates, we are seeing few improvements in corporate security efforts. IP
protection and security programs are still generally considered luxuries, not
necessities. Ira Winkler is president of Internet Security Advisors Group.
He is also the author of Spies Among
Us, a book on corporate
espionage.
Additional Information
 Managing Espionage Risks
|
