The nature of world-wide espionage is currently experiencing a dramatic shift. A recent analysis of trends suggests the need to redefine the problem and to develop new strategies to combat growing threats to U.S. national security from economic intelligence gathering and corporate espionage. Trade theft cost U.S. companies more than $100 billion dollars in lost revenues in 1992. If left unchecked, analysts estimate losses could grow an additional 50% by the year 2003.

A NEW NATIONAL SECURITY PERSPECTIVE
The rapid pace of change in the post-Cold War era demands a new definition of national security issues. The development of the European Community, break up of the Soviet Union, economic and political shifts within the former Warsaw Pact nations, the reunification of Germany, and the brisk economic growth of Pacific Rim countries have led to a new world of opportunity and threat.

The challenge to the intelligence community is to discern and disrupt economic espionage directed toward U.S. companies and interests. A fundamental shift in our understanding and protection of the nation's secrets will require:

• Redefining the concept of national security secrets and moving beyond protection of the defense industry to assisting the entire private sector in combating corporate espionage.
• More explicitly connecting the impact of industrial espionage on the U.S. economy to national security issues.
• Broadening the role of personnel security in nondefense industries, including a new perspective on "clearances," training, and threat awareness.
• Providing more information to the corporate community from the intelligence community regarding espionage threats, source countries, and targets and means.
• Aggressively prosecuting those involved in illegal economic and competitive intelligence.

• Fifth generation computer architecture; new computer chip designs, conductivity, and biochip research; and software development.
• Biotechnology.
• Supercomputing and superconductivity.
• Holographic and laser research, applications, and modeling.
• Optics and fiber optics technology.
• Aerospace technologies.
• Medical technologies, including pharmaceuticals.
• Advanced communications technologies and processes.
• Advances in satellite usage and space technologies and applications.
• Electromechanical products and technologies.
• Chemical process technology and research.
• Integrated circuit technologies.

• Pricing information.
• Marketing research on demand and consumer profiles.
• Products needed for compatibility and applicability.
• Production timetables and product release dates.
• Production quantities.
• Market targets and schedules and overseas marketing plans.
• Security equipment, sensors, and processes.
• Electronic banking equipment, interfaces, and protocols.
• Technology upgrade schedules, and planned changes in technology.
• Software developments, especially those enhancing new technologies, networking, and technological integration.

Computers as Targets. The unlawful accessing of computers to gain information or to damage programs or hardware. A wide array of crimes fall into this category including: theft of intellectual property or marketing information, blackmail, sabotage of files, accessing and/or changing government records, techno-vandalism (causing internal damage to computer systems) and techno-trespass (violating the privacy of computer files).

Computers as Crime Instruments. Computer processes used as instruments of crime. Examples include: ATM fraud, rounding off monetary entries, credit card fraud, fraudulent computer transactions, telecommunications fraud.

Incidental Criminal Computer Use. Computers used to increase the efficiency of traditional crimes, for example: money laundering, off-shore banking, pedophile information exchanges, organized crime record keeping, murder (through changing information in hospital records or other control systems), bookmaking.

Crimes Associated With Computer Prevalence. The advent of microcomputers has opened new crime and espionage targets. These include: software piracy/counterfeiting, copyright violations, counterfeit and black market computer equipment and programs.

Another growing target of economic/industrial espionage is intellectual property. It consists of concepts, ideas, planning documents, designs, formulae, and other materials intended for products or services which have commercial value and represent original thought or work. It may be clearly protected (with copyrights, trade marks, patents, or as trade secrets) or less well defined (in the case of nonprotected research, incomplete new concepts or ideas, and public domain information which has been individually modified or refined).

Intellectual property is increasingly sought through industrial espionage because it can reflect a valuable investment involving lengthy research and development efforts. Moreover, it is often stored on computer media which are themselves an increasing target of espionage.

METHODS OF ESPIONAGE
In addition to unlawful computer access, many of the traditional methods employed in national security and industrial espionage will continue to be prominent. Among the many means of obtaining information are:

• Open sources (Freedom of Information Act requests, published government documents and bidding specifications, opened bids, and technical journals).
• Consultants or outsourcing contractors from targeted firms who provide "inside information" to competitors.
• "Moles" working inside a particular industry or company with access to desired information.
• Computer hacking and data transmission interruption.
• Compromising employees through blackmail, set ups, corruption, and bribery.
• The use of student researchers and interns to gain access to research.
• Surveillance of corporate employees.
• Intercepting communications through faxes, telephones, etc.
• Burglary.
• Gaining access to records through janitorial or service personnel.
• New technologies and techniques adapted as detection devices or espionage countermeasures.

Employers should watch for a number of key characteristics that may indicate a security risk. Security threats may include employees who:

• Are generally unhappy on the job, or unhappy with the location of their assignment.
• Believe they have been overlooked for promotion, salary increases, or commendations and rewards.
• Feel their contributions to the company are ignored and uncompensated.
• Are facing personal financial difficulties.
• Have personal problems.

Selection. Employees should be recruited and screened on the basis of their knowledge, competence, loyalty, and psychological and social stability.

Training. Employee training should include information about security threats and procedures.

Surveillance. Maintaining control over and limiting access to sensitive information will reduce potential losses.

Supervision. Attentive supervisors can both identify security violations as well as intervene before problems occur by remaining alert to warning signals.

Accountability. Ensuring that employees follow procedures, perform efficiently, and adhere to organizational values will help maintain personnel integrity.

Target Hardening. Measures should be taken to protect crucial information and to improve security in order to reduce temptation.

Positive Work Environment. Increasing employees' sense of worth within the organization can increase their sense of obligation and loyalty, thereby decreasing the possibility of espionage.

Realistic Sanctions. Employees must have a realistic sense that security violations will be identified and severely punished.

Positive Rewards. To balance the threat of discipline, positive contributions to the organization must be reinforced and rewarded.

Reinforcement of Ethics and Values. The organization must strengthen its employees' sense of moral obligation through a statement of organizational values, reinforcement of ethical standards, and high standards of professionalism.

In addition to these safeguards, corporations should consider the following precautions:

• De-stigmatizing compromising situations (for example, homosexuality).
• Controlling and supervising the access of janitorial and temporary personnel to sensitive information.
• Accountability and access controls for temporary professional workers.
• Classification systems and model criminal and civil liability legislation for nondefense related intellectual property.
• Limits on outside employee consulting.

For more information, write or e-mail David L. Carter, Professor, School of Criminal Justice, Michigan State University, 560 Baker Hall, East Lansing, MI 48824-1118.