Economic Espionage – Warp Speed in Crisis

Organisations need to act now and prepare for the growing prevalence of economic espionage in Australia and the damage it causes.

To understand what we mean by economic espionage, the FBI (2021) describe it as, “foreign power-sponsored or coordinated intelligence activity” while ASIO (2021) define it as, “Espionage is the theft of Australian information by someone either acting on behalf of a foreign power or intending to provide information to a foreign power which is seeking advantage.”

As evidenced by the word ‘economic’, this form of clandestine behaviour is directed towards the business sector in order to extract information and also to destabilise the market and impact productivity.

In an article by Tom Uren, “China’s cyber espionage surge in Australia”, he clearly describes how Chinese State Security carried out cyber espionage in order to steal technology so a Chinese state-owned company could benefit by building their own airliner.

The first time you become aware that you have been a victim of espionage is often when we find out someone has discovered and utilised information that you have not made public.

Espionage has come a long way since the days of the US/Soviet Cold War with its micro dots, secret cameras and advanced technologies of the mid to late 1900s. Then, as now, the key commodity was information. Espionage has continued to evolve, reaching new heights and dimensions. Although the way different countries behave towards each other has changed over time, it is clear some countries and corporations are utilising sophisticated, high tech methods, along with less glamorous techniques such as analogue human intelligence, to extract information, blueprints and product knowledge or destabilise economies.

A question most corporations often forget to ask or include as part of their risk framework, is around the prevention of economic espionage. This is understandable given the general feeling that this would not affect them and that they are safe behind their firewalls and data encryptions. Cyber espionage is often at the end of the espionage processes; (intelligence or counterintelligence cycle).

One of the most crucial parts of any economic espionage is the human link and human activities. After all, no intelligence agency or corporate sector launches activities against a company purely from seeing a solitary post on social media.

The easiest way to learn, adopt and exploit an organisation’s vulnerabilities is to read and study how an individual employee’s activities on websites and social media. Information about products, blueprints, production or simply ideas always start with humans.

We all have experienced working from home during the COVID crisis with the remoteness and distance from other colleagues, peers and managers it creates. It has become a largely unsupervised work environment to which we can add people’s uncertainty, anxiety, loss of income and so many other elements of changes to our day-to-day life.

The environment this has created plays into the hands of economic espionage perpetrators as a part of hybrid warfare and espionage as well as country, state or company destabilisation.

Without going into depth around intelligence methods, their operations and applications, organisations need to study how economic espionage is carried out. They should concentrate not only on the prevention of hacking and online surveillance by others, but on how to develop a human firewall. After all, humans are the first and last line of defence.

The weakest link in the security chain is often the human who accepts a person or scenario at face value and unwittingly becomes the source of information, from which no IT security measures will be able to protect your blueprints, ideas and products.

Economic espionage is a very real, growing threat. Prevention is the key to combat this espionage by utilising human intelligence methods and training your staff not only on IT security related issues but how to recognise when they may potentially be an unwitting ‘target’ of foreign services or competitor exploitation.

Equally important, is to develop counterintelligence processes and respond to possible threats of economic espionage. A one size fits all solution does not work when it comes to protection from economic espionage, particularly not in moment of crisis. The history of Cold War espionage can teach us valuable lessons that we can apply to today’s modern environment.

 

References:

This post was written by Mario Bekes