Can You Keep A Secret

0

By Matthew Curtis, Security Consultant GHD.

Trusted insiders have been used to discover secrets in politics and business throughout recorded history.

Human intelligence attack remains by far the most effective form of espionage despite advances in technology. Espionage is a common theme in the historical record from Old Testament times. The ancient Chinese held spies, particularly double agents, in very high esteem.

The feats of Sir Francis Walsingham, Elizabeth I’s spymaster, in advancing the Crown’s interests are the stuff of fable. And then there are the victories of British and allied intelligence services during WWII, and of course the coups and counter-coups of the Cold War.

Australian UK, US, and Canadian security services confirm hostile intelligence is an increasing threat to modern business. However, technology is now a prime focus in intelligence, according to the British:

In the past, espionage activity was typically directed towards obtaining political and military intelligence. In today’s high-tech world, the intelligence requirements of a number of countries now include new communications technologies, IT, genetics, aviation, lasers, optics, electronics and many other fields. Intelligence services, therefore, are targeting commercial enterprises far more than in the past.

How does this relate to you?

Companies are a rich target with low-hanging intelligence fruit. More and more, their information and decisions are relevant to the national, and even national security interest. Businesses own critical infrastructure. They have commercial information on deals of international significance, and broad networks in strategic areas of government.

But while industrial espionage is referred to from time to time, I have rarely heard it referred to as a serious threat, publicly or privately, within the private sector. I have certainly heard little about business as a target of attack for intelligence on national security matters.

Consider how often we deal with foreign State-owned businesses, or operate in one of the many jurisdictions in which the line between commercial and State apparatuses is blurred. These enterprises can be competitors or possible targets, or searching for acquisitions overseas themselves, and they have perfectly reasonable needs for information for due diligence and competitor analysis.

If your commercial interests intersect with or are in any way relevant to the interests of a host government, another company or even organised crime, it is reasonable to conclude that you are a potential intelligence target. Behind the commercial façade there will possibly be aggressive intelligence activity.

It is only a matter of priorities as to whether intelligence operations including human and/or technical and/or cyber will be mounted against you. It is that simple.

It’s easy to discount the risk.

While there is credible evidence that intelligence activity against the private sector is increasing, businesses tend to under-estimate the threat, perhaps because of the difficulty we humans have in assessing risk.

There is a view that the more horrific a scenario – the plane crash, the Twin Towers – the more the human mind will be convinced that it could happen. Repeated airings in the media inform a false intuition of high likelihood, which, equally irrationally, we tend to perceive as risk. With human intelligence attack there is no graphic, ghastly scenario, no dead bodies, no pandemic, no ranting radical ideology.

No wonder we ignore it. And many of those who are not inclined to ignore the risk would be asking what on earth can be done about it?

While the best intelligence and security services have been penetrated – famously during the Cold War – in many cases it was good security management systems that detected agents and brought them to attention. We might be disinclined to act because of the complex and ambiguous nature of the threat and the security management measures it calls for, not least because of the tricky business case necessary to advance the matter within our organisations.

But while we delay, the risk remains.

To read the full story, make sure you subscribe now! Go to http://www.australiansecuritymagazine.com.au/subscribe/ and purchase either a 1 year or 3 year subscription today!

Share.