mitigation strategies.

2.4 Industrial Spies

Industrial espionage is intelligence collection sponsored by a private business, which is intended to enhance its competitive advantage through the collection of competitor proprietary information. Industrial espionage is practiced primarily by foreign corporations operating in the United States or against U.S. corporations operating overseas. Frequently, corporations engaging in industrial espionage work with their nation's intelligence service or are conducting operations on behalf of their government. (29APR92) Industrial espionage is often directed against industries producing high technology goods in which the United States has demonstrated technological leadership. The objective is to obtain the information without investing the sizable amounts of money necessary to achieve technological breakthroughs. The company that can obtain such information can enjoy a significant competitive advantage.

2.4.1 Threat Definition. The U.S. Government has determined that several different technologies have been targeted for collection, including those related to telecommunications. To focus attention on these technologies the government has adopted two critical technologies lists: the National Critical Technologies List (NCTL) published by the Department of Commerce, and the Militarily Critical Technologies List (MCTL) published by the Department of Defense (DoD). The importance of telecommunications and information management technologies is represented in both documents. The NCTL lists 7 telecommunications-related technology areas critical to national security, and the MCTL lists 27 specific technologies in the areas of computing, telecommunications, and information management as critical to the defense of the United States. (OUD1992) These lists include such technologies as fiber optics and advanced switching systems.

The extent of economic intelligence operations that have targeted U.S. industries is difficult to ascertain. This is primarily because of the reluctance of U.S. industry to admit that they have been targeted by a foreign intelligence service or competitor intelligence organization. Much of the evidence that is in the press concerning economic espionage is anecdotal and repetitive. This does not discount that such activities occur, or that they are harmful to the interests of the United States. As a technology leader, the United States will continue to be a target for economic espionage, and collection activities directed against U.S. industries will undoubtedly increase.

Estimates of losses suffered by U.S. industry vary greatly. R. J. Heffernan Associates in a study involving 246 of the Fortune 500 companies stated that 49 percent said that they had been the victim of industrial espionage. The study estimated that the United States may be losing up to $20 billion in business per year as the result of such activities. (CORPCOMP) In a separate study, the American Society for Industrial Security's Committee on Safeguarding Proprietary Information estimates that the 32 largest U.S. companies lost data valued at more than $1.8 billion in 1992. The study observed that 70 percent of the information lost was compromised by former or current employees. (ROSENTHL) In one FBI counterintelligence investigation, the loss of two proprietary technical manuals by a major U.S. high technology firm resulted in the loss of billions of dollars of potential business for the firm and hundreds of jobs. (MAJOR93)

In 1984, Director of Central Intelligence William Casey stated that the espionage activities of certain Japanese computer companies posed a direct threat to the security of the United States. Casey stated the predatory practices of NEC, Fujitsu, and Hitachi threatened the stability of the U.S. computer industry and urged semiconductor and computer manufacturers to sever their relationships with these companies. (COMPAUST) At that time, the U.S. share of the semiconductor market was 57 percent and Japan's was 27 percent; by 1989, the Japanese portion of the global semiconductor market exceeded 50 percent. (MAJOR93) Although these examples do not highlight the targeting of telecommunications companies or systems directly, the interest of competitors in high technology industries warrants considerable attention by the NS/EP community due to the reliance of the telecommunications industry on many high technologies.

2.4.2 Effects on the Telecommunications Industry. The telecommunications industry is affected by industrial espionage in two ways. First, proprietary information concerning U.S. telecommunications technologies are sought by competitors from around the world. Second, telecommunications and computer networks are targeted for the information that they carry. Industry depends on telecommunications networks, including the Internet and other data networks, to quickly disseminate information that must be shared by geographically dispersed domestic and international activities. The telecommunications system has become a vital part of the economic infrastructure of the United States and the information that it carries has become an important factor in the production of national wealth. Unless it is protected, this information is susceptible to interception while being transmitted or while it is resident in a networked computer.

In testimony before the House Judiciary Committee, Kenneth G. Ingram, Director of Product Development at AT&T, stated that his corporation spends in excess of three billion dollars per year on research and development, and has been subject to numerous attempts to steal proprietary data. These included attempts by electronic intruders to access and obtain information from proprietary databases. He also noted that any information transmitted through international carriers especially in the areas of the Pacific Rim, Russia, Eastern Europe, the Middle East, and Japan is subject to electronic commercial interception, and that such information is likely to be compromised. He stated that there was a significant need for exportable commercial encryption systems for protection of intellectual property. (INGRAM92)

The PSN is the primary means used by most companies to transmit voice or data information. Increasingly, proprietary data is disseminated through facsimile and data transmissions, and in most cases it can be intercepted by a knowledgeable adversary. Electronic intruders have mastered PSN technology and have compromised both the voice and data portions of the PSN. Unless information is encrypted, it can be read by a competitor and used to their advantage. This information could include proprietary research and development data, customer lists, pricing proposals, and corporate market strategy.

There is growing evidence of the use of electronic intrusion techniques by industrial spies. Electronic intruders have reported being offered substantial sums of money to gather information on corporations. There is also evidence that technical intelligence officers from disbanded Eastern European foreign intelligence services, in particular the East German Stasi, are selling their talents to the highest bidder. (CSJSHERI) Scott Charney, Chief of the Computer Crime Unit, General Litigation and Legal Advice Section, U.S. Department of Justice summarized the problem in this manner:

"High-tech spying is becoming common place, and [electronic intruders]/spies are being actively recruited. When such [an electronic intruder] strikes, he or she is often weaving through the telephone network and it may be extremely difficult to tell where the [electronic intruder] is coming from, what the motives are, who he or she is working for (if any one), and what locations have been attacked...In a recent survey of 150 research and development companies involved in high technology industries 48 percent indicated they had been the target of trade secret theft. The use of computers in developing and storing trade secrets has made such secrets more susceptible to theft." (CSJCHARN)

At a recent meeting of electronic data processing auditors, every member reported repeated intrusions into corporate networks. One auditor representing a Fortune 500 company stated that corporate research and development databases had been copied and sold to a competitor, costing the corporation millions of dollars in lost sales opportunities. (ASISJL94) AT&T believes that several of its bids for large international telecommunications contracts may have been compromised and that adversaries with knowledge of AT&T's pricing arrangements underbid them. This information may have been obtained through a human source or through intrusion into computer or telecommunications networks. (BROOKS92)

The amount and sophistication of computer intrusion attacks on the PSN will likely grow as U.S. businesses increase their use of voice and data networks for the rapid dissemination of proprietary information. The effect on the security of the United States, and indirectly on NS/EP telecommunications, could become substantial over a period of time. Many of the technologies being sought can support both civilian and military applications. This is particularly true where telecommunications and information processing can be used in adversary C3I and target acquisition systems. The loss of proprietary information will also have a negative effect on the profit margins of the telecommunications industry, likely resulting in reduced research and development (R&D) budgets. Reductions in R&D could lessen the United States' capabilities to detect and repel aggression while the capabilities of our adversaries are increasing.

2.5 Foreign Intelligence Services

Foreign intelligence services are responsible for collecting and analyzing information for their nations. In many cases, they also provide an adversary with a clandestine means to engage in technology transfer or launch attacks against U.S. facilities or personnel. Every nation has some type of foreign intelligence service to provide national leaders with information required for the promotion of the nation's interests and the maintenance of its security. To gain this information, intelligence services target those activities most likely to have the information that they desire. These activities include those where the information is resident and those used to transmit information from one activity to another. Due to the information that they transmit and their importance for the coordination of commerce and government business, telecommunications assets are generally considered lucrative targets for collection activities.

The potential harm that could result from the use of computer intrusion techniques by a foreign intelligence service or other adversary could be substantial. The United States Government's concerns in this area were illustrated when President Bush issued National Security Directive (NSD) 42 in July 1990. NSD 42 directed the formation of the National Security Telecommunications and Information Systems Security Committee, and justified this decision in the following manner:

"Telecommunications and information processing systems are highly susceptible to interception, unauthorized electronic access, and related forms of technical exploitation, as well as other dimensions of the foreign intelligence threat. The technology to exploit these systems is widespread and is used extensively by foreign nations and can be employed, as well, by terrorist groups and criminal elements. A comprehensive and coordinated approach must be taken to protect the government's national security telecommunications and information systems against current and projected threats." (NATPOL)

2.5.1 Intelligence Collection Disciplines. Intelligence operations can be categorized in terms of the collection discipline used. There are two principal intelligence disciplines that are most useful for targeting telecommunications activities for intelligence collection, disruption, or destruction:

Human Intelligence (HUMINT)

Signals Intelligence (SIGINT).

HUMINT uses human beings as both the source of information and primary collection instrument. When most Americans think of espionage, they think of the human collector or spy. SIGINT involves intelligence information derived from signals intercept. Included under SIGINT are communications intelligence (COMINT), electronic intelligence (ELINT), and foreign instrumentation signals intelligence (FISINT). (OPSEC)

HUMINT exploits insiders to gain information; insiders have access to information and can be motivated by money, fear, or malice to provide that information to a foreign intelligence service. The covert action arms of most nations are also aligned with their HUMINT activities. Telecommunications activities are a high value target in most advanced industrial societies; if hostilities occur between the United States and an adversary, it is probable that telecommunications facilities would be targeted.

SIGINT allows the remote collection of information being passed through the telecommunications system; it is closely associated with electronic warfare, which can be used to disable or disrupt telecommunications traffic. Foreign intelligence service activities using electronic intrusion techniques would generally be in the adversary's SIGINT service. The primary function of these activities would be to gain information, whereas a secondary function could include the disruption of adversary telecommunications through the insertion of malicious code or the manipulation of key telecommunications functions. (AIRCAMP)

2.5.2 Foreign Intelligence Collection Against the United States. There are a significant number of foreign intelligence services that collect intelligence on the United States. According to one source, more than 90 countries may be collecting intelligence in the United States. (29APR92) In testimony before the House of Representatives, Director of Central Intelligence Robert Gates stated that 20 nations were actively collecting data within the United States, and that at least 50 additional countries had the capability to conduct sophisticated collection operations. (USGPO92) Countries that reportedly have significant intelligence operations directed at the United States include Russia, the Peoples Republic of China, Cuba, France, Taiwan, South Korea, India, Pakistan, Israel, Syria, Iran, Iraq, and Libya. (TIME0792, FOR1092, SJMN1092) The activities in which these countries are involved are summarized in Exhibit 2-4. (FINAL89, OPSEC2, CCW0593, WATSEC, SWORD, USNWR)

EXHIBIT 2-4 Countries With Foreign Intelligence Activity

All of the intelligence organizations listed in Exhibit 2-4 have the capability to target telecommunication and information systems for information or clandestine attacks. The potential for exploitation of such systems may be significantly larger. In a recent speech, Charles Washington from the Department of Energy's Office of Counterintelligence stated that more than 100 countries have the capability to use advanced computer espionage techniques. (SECTEC)

The KGB, predecessor of the Russian Foreign Intelligence Service (SVRR), did sponsor computer intrusion activities by the Hannover Hackers, documented in Cliff Stoll's book "The Cuckoo's Egg." (STOLL89, STOLL89-2, STOLL89-3) There is no reason to believe that these efforts have ceased. The Hannover Hackers were able to access at least 28 government computer systems and obtain data from them. They sold this data to the KGB. The targets for the intrusion activity were mainframe computers, not PSN network elements. However, the intruders used NS/EP telecommunications systems to gain access to these computers (i.e., ARPANET and MILNET), and the skill sets exhibited by these intruders could be directed at PSN network elements as easily as mainframe computer centers. It has also been alleged that the SVRR has been involved in similar efforts with other electronic intruder groups; these operations included the remote introduction of logic bombs and other malicious code. (WARREN)

It is unclear to what extent foreign intelligence services are using electronic intruders to obtain proprietary data or sensitive government information, or whether they have developed the capability to use electronic intrusion techniques to disrupt telecommunications activities. However, there is little doubt that foreign intelligence services could obtain these capabilities if they wished. (DISAINT) The ability of a group of Dutch computer underground members to obtain sensitive information from U.S. Army, Navy, and Air Force computer networks during Desert Shield/Desert Storm operations serves as an example of this potential for access. Between April 1990 and May 1991, this group was able to penetrate computer systems at 34 different facilities. The group obtained information on logistics operations, equipment movement schedules, and weapons development programs. Information from one of the computer systems penetrated directly supported Desert Shield/Desert Storm operations. In a review of this incident, the General Accounting Office concluded that a foreign intelligence service would have been able to derive significant understanding of U.S. operations in the Persian Gulf from the information that the Dutch intruders were able to extract from DoD information systems. (LESSON) Again, this example serves to demonstrate the skill level of electronic intruders. These skills could easily be targeted at NS/EP telecommunication systems.

2.5.3 Information Warfare. Information warfare is defined as the use of information in support of national security strategy to rapidly seize and maintain a decisive advantage by attacking an adversary's information infrastructure through exploitation, denial, and influence, while protecting friendly information systems. (DOA1193) The intent of offensive information warfare is to attack an adversary's communications and information systems through various means, and induce strategic paralysis. Defensive information warfare involves the protection of friendly information systems, and more importantly the information carried by them.

Information warfare can be divided into two interrelated categories. John Arquilla and David Ronfeldt of the Rand Corporation have named these categories "netwar" and "cyberwar." Netwar refers to information-related war at the grand level between nations or societies. Its objective is to disrupt, damage, or modify what a target population knows or thinks it knows about itself and the world around it. Netwars may include propaganda operations, deception, the manipulation of computer networks and databases, and the promotion of dissident movements through computer networking. Designing a netwar strategy will encompass using all of these elements in a seamless manner to achieve a stated goal. Netwars are distinguished from other types of warfare by their targeting of information and communications systems.

Cyberwar, or Command and Control Warfare (C2W), refers to conducting, and preparing to conduct, military operations according to information-related principles. It involves the disruption, if not destruction, of the enemy's communication and information systems. Like netwar, cyberwar may involve a variety of different techniques used to obtain an operational objective. (CYBERWAR) Critical nodes may be subject to physical attack, or to electronic blinding, jamming, deception, or intrusion. Electronic intrusion techniques would have significant operational value in cyberwar, they can be employed remotely and are very difficult to detect. Primary areas of concerns would be information systems supporting C3I, logistics, and transportation functions.

Information Criticality. Information is a strategic national resource that is as valuable and influential in the post-industrial age as capital and labor were in the industrial age. National economic security will be predicated upon the ability of a nation and its industries to protect trade secrets and proprietary information. A secure, highly efficient National Information Infrastructure will be a requirement for economic growth in the future, and a major determinant of U.S. economic security. The new National Security Strategy, issued by the White House, recognizes the criticality of economic growth to national security, the heavy dependence that industry and business place on efficient communications systems, and the vulnerability of these systems to attack. (NATSTRAT)

The ability of the United States to project military power for national defense has also become increasingly dependent on information system support. One expert on military information requirements has stated, "Virtually every aspect of warfare is now automated, requiring the ability to transmit large quantities of data in many different forms." (WARAWAR) Both classified and unclassified information systems support DoD activities. Classified systems generally support intelligence and operations functions. The unclassified systems support logistics, personnel, finance, transportation and other vital functions necessary for the attainment of national objectives. These systems carry information from which classified information could be derived, and disrupting or disabling them could cause severe damage to defense activities. According to Jim Christy, Director of the Computer Crime Unit, Air Force Office of Special Investigations, "We could not wage war without unclassified [computer] systems, we could not move people, food, or anything else without [them]." (WASHTEC)

In its report titled, Redefining Security, the Joint Security Commission reported to the Director of Central Intelligence and the Secretary of Defense that poor information security left many systems within the U.S. Government subject to tampering, disruption, or disablement. Of particular concern was the accessibility of sensitive, but unclassified information. The Commission found that access to this data could provide significant insight into U.S. capabilities, and that adulteration or disruption of information systems carrying this traffic could have severe consequences for the nation's security. The Commission concluded, "...the security of information systems and networks to be the major security challenge of this decade and possibly the next century." (JSC294) The Commission found that what was once a collection of separate information systems had been transformed into a large, multifaceted information infrastructure with a diverse subscriber population. Although portions of this infrastructure had significant protective measures in place, these countermeasures could be compromised in many cases by a knowledgeable intruder gaining access through less protected or unprotected portions of the larger information infrastructure. The Commission determined that a knowledgeable adversary could compromise the confidentiality, integrity, and availability of many U.S. Government information systems.

The Information Warfare Threat to NS/EP Telecommunications. Telecommunication and information systems can be targeted through the remote introduction of viruses, the subtle distortion of data, the activation of malicious code embedded in the system, and other types of attacks. Electronic intrusion techniques would be suitable for all of these types of actions. (NONLETH) The capability of electronic intruders to access the PSN and government telecommunication systems has been clearly demonstrated. The number of computer intrusion attacks on the Defense Information Infrastructure (DII) appear to growing both in number and sophistication. In the 12 months prior to July 1994, the DoD detected 3,600 computer intrusion attacks on military networks. DoD officials believe that those attacks detected may comprise 2 percent or less of those attacks that actually took place. Potentially, more than 182,000 intrusions actually occurred during this time period. The targeted computer systems were used for functions including logistics, ocean surveillance, and command and control. In a letter to Senator Ernest Hollings (Chairman of the Subcommittee on Commerce, Justice, State, and the Judiciary, Senate Appropriations Committee), Vice Admiral Mike McConnell (Director of the National Security Agency) said that computer intrusion was a fundamental DoD readiness issue. Admiral McConnell added that NSA believes computer intruders involved in attacks on DoD systems included foreign intelligence services, criminals, terrorists, and members of the computer underground. (WASHTEC)

According to the Defense Information Systems Agency (DISA), technical research concerning information warfare has been observed in 30 countries, and the capability to intentionally disrupt information systems as an information warfare technique has also been displayed by terrorists, anarchists, and the computer underground. (DISA1293) These same activities could be performed throughout the spectrum of emergencies, and could effect the entire realm of U.S. information systems. The potential for attacks against the entire range of NS/EP telecommunications should be considered to be significant. The Senate Armed Services Committee summarized its concerns in the following manner:

"Over the last six months, unknown intruders have repeatedly gained entry into computers and computer networks at numerous, sensitive military installations. The intruders took control of computers that directly support deployed forces and research and development, installed capabilities to ensure that they could reenter at will, read and stole data files (including software under development for future weapons systems), and, in some cases, destroyed data files... These intrusions dramatize the grave risk involved in the expanding dependence of the Department of Defense, the federal government as a whole, and the entire nation on networked computers." (SASC694)

An adversary determined to harm the United States through the use of information warfare techniques may choose to completely ignore military systems because of the higher likelihood of success with civilian systems. Major dislocations in American society could be caused by targeting sensitive, but unclassified data, such as power systems, electronic fund transfer systems, the PSN, and the national airspace management system. For a terrorist or hostile power, the virtue of targeting infrastructure industries could be significant. First, any attack on a major infrastructure industry would have an adverse effect on the ability of the U.S. Government to perform its national security and general governmental functions. The confusion resulting from the loss of major infrastructure segments and the loss of essential service capabilities could result in a paralysis of critical U.S. Government activities for a significant period of time. Second, such an attack would affect all of the normal user population, potentially causing widespread fear throughout the civilian population. (CSIS84)