|
New Competitors Although a recent management tome trumpeted “the death of competition”, in reality most organizations face more and more capable opponents bent on maximizing profitability/success. Where organizations were once concerned only with the local and indigenous competition, now they must think globally to assess the potential competitors from other nations. In many nations, the legal and ethical systems are more tolerant of aggressive business practices that in the U.S. are proscribed either by statute or custom. The most serious dangers arise from the application of clandestine means of industrial espionage to obtain critical information. An internally devised protection program that is focused on errors, accidents, and omissions and the occasional fraud by trusted staffers, as are most domestic programs, is at serious risk to even a low-cost industrial espionage operation. The most recent study by the American Society of Industrial Security documents a serious increase in reported cases of theft of proprietary information for competitive reasons3. There is also a substantial increase in the number of U.S.-based corporations reporting cases of suspected industrial espionage involving foreign nationals and foreign intelligence services.
There are unique and significant increases to an organization’s risks to both proprietary information and the associated information systems if a foreign competitor has the support (either overt or covert) of a national government. Well-documented cases of state-supported or -sponsored economic and industrial espionage are becoming increasingly common. Testimony of both the Director of Central Intelligence and the Director of the Federal Bureau of Investigation before the U.S. Congress in 1996 documented that “friendly” nations (such as France, Israel, Germany, and others) have engaged in organized efforts to steal critical U.S.-developed technologies from American companies. This testimony culminated in the signing by President Clinton in October 1996 of the Economic Espionage Act of 1996 which made theft of “trade secrets” a federal felony. What the reported incidents of economic espionage teach is that even the largest and best equipped business organizations lack the resources to compete on an equal basis with even the smallest foreign intelligence service. This is so because the foreign service commands not just the skills of trained staff and the technology of modern espionage, but can potentially call upon the loyalties of the foreign operations staff indigenous to the country or play upon the sympathies of the foreign-based expatriates for the homeland. Then there is the challenge of coproducers, joint developers, and licensees of the organization’s core technologies or products. Many of them represent conduits for loss of proprietary information. There have been cases where foreign corporate rivals have licensed some portion of a developer’s technology, then leveraged the contacts and access associated with the relationship to obtain more sensitive or critical technology or information. Thus, even a properly executed and legally binding contract can become a “Trojan horse” (in the classic sense, not the technological version) and be used to gain access to targeted technology and corporate trade secrets. Almost every organization crafted their “internal” network with the unwritten but fundamental assumption that only trusted users are inside the firewall and potential “hostile intruders” are all outside. In many cases key suppliers of essential service or parts are provided direct connection to the sponsoring organization’s internal network. Unless carefully planned and implemented, this use of interorganizational networks as a method of knitting together the highly efficient “virtual corporation”, extolled in technology publications, carries with it extreme risks to critical information. Without procedural and technical enhancements and some extension of the sponsoring organization’s baseline security measures (such as background investigations for new hires) the “virtual” corporation’s operations may provide easy access to the “crown jewels” of the enterprise, with little or no way to trace/track thieves. Hacking Tool Kits The capabilities of both disgruntled regular or temporary staff “internal to the organization” as well as “external” hackers/crackers to penetrate systems and network security has been dramatically enhanced with the advent of sophisticated “Tool Kits” such as SATAN and other public domain attack simulators. The “8lgm” list service (8 “little green men”), reportedly is a group of elite UK-based hackers, specialize in publishing scripts or programs which allow even novices to exploit methods publicized in the CERT advisories. These scripts are a fine example of how knowledge is funneled through the global Internet to interested parties for use as they see fit. Explosive Growth of the Intranet The most significant development in organization computing in the late 1990s may well be the rapid deployment of whole new applications through the use of desktop clients and Web-based servers and the impact of the global Internet. The serious issue for IPS is that many applications feature new, often untested and uncertified security methods, and may allow novel methods for gaining access to critical information. As an example, many common browsers retain in the cache a cleartext version of the pages most recently viewed, so physical access to the desktop machine can compromise information viewed by that user!
|
We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.