VIPRE News

What is corporate espionage, or what's also known as industrial espionage?  One definition describes it as the theft of trade secrets by the removal, copying, or recording by technical surveillance, a company’s confidential or protected information for use by a competitor.  The protected information may include trade secrets, client lists, and other non-public information.[2] 

To quote former President Ronald Reagan during a November 30, 1985 radio speech “Espionage is not a game; it’s a struggle we must win if we are to protect our freedom and our way of life.”[3]  Though President Reagan was referring to foreign spies and the national security of the United States, his words are just as relevant when applied to the corporate business world.  Businesses obviously thrive or fail based on being better than their competitors.  History has shown that espionage is the world’s second oldest profession, and one only has to read or listen to the news to see that it endures today.[4]  The loss or compromise of any proprietary information can be disastrous for any company, regardless of its size or the market they are in. 

Take for example the American Semiconductor Corporation (AMSC), which prior to falling victim to industrial espionage used to be a very successful wind turbine control software company operating in China.  AMSC’s largest customer was a China-based company called Sinovel Wind Group.

According to AMSC, Sinovel was able to recruit a software engineer at AMSC who in turn provided Sinovel with the proprietary source code to AMSC’s wind turbine software. Sinovel was then able to reverse engineer the software.[5] 

The consequences of the aforementioned espionage were immediate and catastrophic for AMSC.  With an unencrypted version of the control software and the former AMSC engineer, Sinovel no longer needed AMSC.  Within a month of the software engineer’s departure, AMSC announced Sinovel was no longer a customer.  This triggered an 84% drop in AMSC’s stock value and the layoff of 600 people, about two-thirds of its workforce.[6] 

Prior to the loss AMSC had recognized how crucial the software was to the operation of its turbines, and subjected it to what AMSC considered elevated security.  In doing so AMSC had limited the development of the software to a research facility in Austria. Only a small group of people had access to the code, and then only on a network that was isolated from the Internet.  The code itself was encrypted and AMSC’s turbine controllers were set to decrypt it for operational use.  While these security measures appeared to be good, they were insufficient against an insider who had been recruited by the competition to help steal the software.  Looking back into the conditions that allowed the software theft to occur, it is apparent AMSC placed a great deal of trust in certain key employees.  Not only did this trust cost the company hundreds of millions of dollars in revenue, it crippled the company’s future.[7] 

Preventing such a loss through industrial espionage can be a never ending challenge, but one that can be achieved through a robust counter-espionage program.  Such a program would need to include not only cyber security, but also protocols to monitor the human factor which is often considered the weakest link in any security program.  It could be argued that had AMSC incorporated protocols that identified employees who would be considered prime targets for espionage, AMSC could have prevented the transfer of software to Sinovel.[8]  AMSC stands as just one example for the need to have a robust counter-espionage program.