Industrial Espionage

Industrial espionage has long been a proverbial thorn in the side of commercial businesses. While most people with only a limited knowledge of espionage may merely view industrial espionage as simple corporate theft, it actually has far more serious consequences than basic thievery. The act of espionage (aka spying) is quite serious as well as illegal, but new complexities are added when that act has the ability to wreak major havoc upon the economy.
Encyclopedia Britannica describes industrial espionage as the “acquisition of trade secrets from business competitors”. While that definition may not sound very glamorous, it captures the essence of the topic in terms that can be easily understood by the general populace. Based upon my knowledge in Cyber and Information Security, industrial espionage is the illegal act of some person, organization or group, knowingly and willfully engaging in the act of spying on a business, competitor, or even government, in order to gain knowledge of some form of information (such as trade secrets). The purpose of this act of spying is usually to gain a qualitative or quantitative measure of economic advantage to the spying entity. The question of why we should care about it becomes quite clear in light of the current state of the global economy. The U.S. economic engine is fueled by the concept of capitalism in which manufactured products (capital) can be produced, controlled, and openly traded on the public market. When a business such as Microsoft produces information technology products, the intent is to supply these products to persons and organizations in hopes of those products helping to solve some specific (and usually manual) IT process and create efficiencies. However, we must keep in mind that these products are made available for a price with the additional intention of yielding a profit for Microsoft and its shareholders. As a multi-billion dollar organization that goes to great lengths to protect the engineering and design artifacts of their products, illegal usage (or theft) of their products and trade secrets creates a significant impact not only on their bottom line, but it also has the potential to effect national security. While this is but one simple example, I use this example because the U.S. Department of Defense (DoD), and probably all of the federal government, use some form of Microsoft product. The Defense Technology Information Center (DTIC) maintains the Militarily Critical Technologies List (MCTL), which is a list of “existing goods and technologies that DoD assesses would permit significant advances in the development, production, and use of military capabilities of potential adversaries” (DTIC, 2009). Therefore, while we can see the obvious economic damage produced by successful acts of industrial espionage, what the average citizen may not see is the potential effect this has on our military and overall Defense Industrial base (DIB). In a 1996 Washington Post article, Frank Swoboda cited former FBI Director Louis Freeh who stated “the United States spends nearly $300 billion a year on basic research, making it “the test lab for the world” and a natural target of U.S. competitors, including some of the nation’s former Cold War allies”. In order to strengthen our resolve and prosecutorial ability, President Clinton signed the Economic Espionage Act of 1996, which details certain forms of economic espionage as well as addresses the theft of trade secrets by a non-government entity. According to the NASA Chief Information Assurance Officer, prior to 1996 “there was virtually no federal statute that outlawed the theft of trade secrets”. How has industry either contributed to, or mitigated the ability of a person, organization, or nation-state to conduct industrial espionage? While the obvious is to assign only appropriately cleared personnel to sensitive projects, it cannot be the sole factor for determining success. In carrying out its mission, the Defense Security Service (DSS) relies on the support of cleared contractor employees and the U.S. intelligence and law enforcement communities. Chapter 1, Section 3 of DoD Manual 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), dated February 28, 2006, requires cleared contractors to remain vigilant and report suspicious contacts. The Navy Yard shooting was a perfect example of failed vigilance. On Sept. 16, 2013, a defense contractor by the name of Aaron Alexis shot and killed 12 people at the Naval Sea Systems Command headquarters in Washington, D.C. According to FedScoop, the investigation later found out that Alexis was never subjected to greater scrutiny, even after multiple run-ins with law enforcement. Then there is Edward Snowden. The 29-year-old former NSA contractor, who remains on the run from U.S. authorities in Russia, is actually believed to have downloaded as many as 1.7 million documents concerning military intelligence. Defense Secretary, Chuck Hagel, recently released DOD plans to accelerate development of the Defense Manpower Data Center’s Identity Management Enterprise Services Architecture, called IMESA, allowing DOD security officers to share access control information and continuously vet individuals against U.S. government databases. Are companies that support the defense industrial base doing enough to protect the information and intellectual property of the government? The cases above highlight the need for why we must care about espionage in all its forms. We must be careful to exercise comprehensive security measures in protecting corporate information, no matter the organization. As defense contractors, we must view ourselves as partners in this massive industrial complex, and not just contractors conducting a business transaction for profit. Not only is our national security at stake, but so too is our global economy.