Russian economic espionage
As regular readers know, we are generally much more concerned with losses to competitive intelligence than losses from economic espionage. This is not because we discount the risks involved in economic espionage, but because we know that over 90 percent of the information needed for economic espionage is acquired through open sources, that is to say through competitive intelligence. Which means that if you can foil competitive intelligence, you are going a long way toward foiling economic espionage.
Even so, the stakes are upped when dealing with espionage, as spies are willing to do bad things to get the needed information remaining after they get the first 90 percent. They are willing to use criminal means. This might include robbery, burglary, blackmail, extortion, elicitation, intimidation through threats of violence or actual violence, and a host of other things for which corporations are unprepared.
Of late we have been reading a lot of stories about espionage on the part of Russians in the United Kingdom. The International Herald Tribune noted in an article published 29 November 2006 that “As many as 60 Russian spies are operating in Britain, virtually unchallenged by a domestic intelligence service preoccupied by the threat from Islamic extremism, a lawmaker told a debate Wednesday on relations between Moscow and London.”
While you may consider yourself a capable manager well equipped to do everything you learned in business school, are you really up to the task of dealing with the KGB? Unless you have an OPSEC program, and have addressed this issue, the answer to this question is certainly NO!
If you don’t have an OPSEC program, what you have to ask yourself is not merely whether you feel lucky today, but the extent of this luck. For example, do you feel that since Russian espionage has been reported in the U.K. but not in the U.S., that this means that there is no Russian espionage effort in the U.S.? Or that your company is unlikely to be a victim? Or that any losses you might suffer will not be material?
Personally, we think that since you are now required by the SEC to be able to track losses from economic espionage, if you don’t have an OPSEC program it is time for you to implement one.
This is an issue that should be dealt with professionally before it happens to your company.