Corporate Espionage: Exposing Weak Points
From Strategy Page comes a familiar but still disturbing tale of what awaits us if we do not rapidly and comprehensively improve our counterintelligence capabilities:
Corporate security officials have been delivering some bad news to the U.S. Department of Defense, and American intelligence agencies. It seems that the Internet criminals are putting more effort, and skill, into seeking out corporate secrets. Why should that trouble the Pentagon? Mainly because many of the corporate secrets sought are all about military technology, and the U.S. government uses the same kind of networks and software, and security tools, that corporations use. Worse, corporate security tends to be better than what's found in government organizations. So if the [intruders] are getting into corporate systems, they can burrow into the Pentagon, and other government agencies, as well.
Commercial firms doing business with the government in the defense and national security sectors are obliged to follow a number of personnel, information and industrial-security policies, but work done far from government watchdogs or in a more scientific/academic environment can get lax as a matter of course.
From a security perspective, these firms are essentially extensions of government agencies and they merit equal protection. This is unlikely in the current environment as we are hardly able to defend government secrets with the nominal resources available to us. Allow adversaries to gain access to sensitive data before we are even able to test or field it provides them with an incredible strategic advantage that renders our investment in time, money and intellectual capital moot.