High Impact Strategic Business Sense Series (6a)

Understanding The CyberThreat Landscape

○ ○ ○

○ ○ ○

○ ○ ○

When it comes to stealing ideas, you're basically talking about the shape of our [U.S.] economy 20 years from now.

The computer revolution began in the 1980s. You can carry out an entire company on a [watch with

built-in digital recorder/player or USB/SD card] now. Not only is transporting proprietary

information easier, but certain business strategies and plans can be committed

to memory. That makes it impossible for a security guard to detect

a trade secret walking out the door.

JOHN FIALKA I R. MARK HALLIGAN

INFORMATION SECURITY ESSENTIALS

(BUSINESS & OTHER RISK)

○ ○ ○

That business runs on data, most know. That the engine on which global (electronic) commerce runs, is data, most take for granted.

Many more get lost in translating the latter into actual apprehension of the implications of the everyday practicalities of that selfsame global (electronic) information asset-based economy on which such data runs, and how it affects them. Oh they know about terrorism alright, if for no better reason: because it's spectacular and scary enough when it happens.

Yet interlaced with the terrorism problem, civil liberties renegotiation gridlocks, (rightful) absence of draconian regimes as counterbalance and commensurate political will in those countries most needful of it, the foreseeable 21st-century presents the law “everywhere” with a multi-faceted security quagmire. The chosen one among them — research codename 'Lady's Finger' — is concerned with garden variety information and infrastructure based increasingly organized crimes and threats — impracticable to trace, prevent and/or successfully defend against and prosecute inter alia for lack of legal reciprocity, and due to extremely difficult technical complexities. The prime contention: whereas such malfeasances significantly or adversely tilt competitive equilibrium within national, global economic security and trade contexts, information security jurisprudence itself, necessarily shall remain fragmented because the nuances are technically, legally, politically, and geopolitically too complex to achieve idyllically, cogent supranational information security regime(s).

What has evolved due to the aforementioned fledgling nebula is therefore Information Security Law. But the natural question then, is: what do we mean by information security?

In order to understand what information security is, it is helpful to disambiguate the terms Asset, Critical Asset, Economic Intelligence ("EI"), Trade Secret (and Intellectual Property, generally), Competitive Advantage, Social Engineering, Sabotage, Economic Security, National Security, and Economic & Industrial Espionage.



What are Assets?

An asset is best defined in terms of its value to the malfeasant or adversary but crucially, it varies depending on whether one is talking about a government or private company. Its weight moreover, is what renders it critical. Using the United States as an example, “an asset to the U.S. Government is any person, facility, material, information, or activity, which has a positive value to the U.S. Government or a company...Within the Department of Defense (“DoD”), the impact of the loss of an asset might involve human lives or national interests." [1] See DSS’ (the Defense Security Service) Public Release #981210-06, What Are We Protecting? This is where classified or proprietary information emerge from obscurity and actively into the equation. Assets for most businesses generally, consist of Information; People; Activities and/or Operations; Facilities, and Equipment/Materials.


Critical Assets

Critical Assets in the Digital Age comprise the intersection of the Information dynamic with the value any given Asset specific to a nation and/or company confers given any specific objective(s) of the party with malicious intent versus owner(s). To clarify this—and it is vital to understand this concept in order to appreciate the inseparability of Trade Secrets from other EI concepts the author hereinafter connects—consider first, the following widely quoted modus operandi:

It is very important to concentrate on hitting the U.S. economy through all

possible means…look for the key pillars of the U.S. economy.

The key pillars of the enemy should be struck…

That was Osama Bin Laden (December 27, 2001), quoted by United States Senator Robert F. Bennet in his article Security in the Information Age: We’re Not in Kansas Anymore. We will return to our important discussion of Assets later. But given what Bin Laden envisioned and like it or not he achieved (which is to be analyzed subsequently) and the fact that you cannot have national security without economic security, let's peel the onion a little deeper and consider the broader wingspan that is National Security, which is intertwined with both Economic Security and Economic Intelligence.


Economic Security

Economic Security is the maintenance of those conditions necessary to encourage sustained long-term relative improvements in labour and capital productivity and thus a high and rising standard of living for a nation's citizens, including the maintenance of a fair, secure and dynamic business environment conducive to innovation, domestic and foreign investment and sustainable economic growth. This is a broad goal sought by all governments. [2]


National Security

Legally, National security "refers to the protection of a nation from attack or other danger by holding adequate armed forces and guarding state secrets. The term national security encompasses within it economic security, monetary security, energy security, environmental security, military security, political security and security of energy and natural resources. Specifically, national security means a circumstance that exists as a result of a military or defense advantage over any foreign nation or group of nations, or a friendly foreign relations position, or a defense position capable of successfully protesting hostile or destructive action." [3] See Wikipedia for broader definition as well as as Cole v. Young, 351 U.S. 536 (U.S. 1956).


Economic Intelligence

Economic Intelligence is policy or commercially relevant economic information, including technological data, financial, proprietary commercial and government information, the acquisition of which by foreign interests could, either directly or indirectly, assist the relative productivity or competitive position of the economy of the collecting organization's country. [4]


Intellectual Property

Intellectual Property comprise business methods, processes, "knowledge, creative ideas, or expressions of human mind that have commercial value and are protectable under copyright, patent, servicemark, trademark, or trade secret laws from imitation, infringement, and dilution. Intellectual property includes brand names, discoveries, formulas, inventions, knowledge, registered designs, software, and works of artistic, literary, or musical nature. It is one of the most readily tradable properties in the digital marketplace." [5]


Trade Secret

A Trade Secret is any technical or non-technical information that provides an organization or entity with a competitive advantage in the marketplace.

Broadly defined however, a Trade Secret comprises “all assets such as financial, business, scientific, technical, engineering or economic information. This includes patterns, plans, compilations, program devices, prototypes, formulas, design, procedures, methods, techniques, codes, processes, or programs—whether tangible or intangible and whether or however stored, compiled or memorialized physically, electronically, graphically, photographically, or in writing...". See both EEA and Public Release #981210-06 (ante) definitions of Trade Secret.


Moreover, both Economic Intelligence (“EI”) or Trade Secret can be said to amount to same line of reasoning and preoccupation: the race to secure information and all its dependencies whether for business profit, especially competitive advantage, or not. Although it must be added: a company or business partnership’s trade secrets and for that matter, intellectual property may be encapsulated within “the 5 Cs” [5a] without direct or indirect information owners being aware. [5b] And likewise, the National Security and/or Defense of any given nation. For example, it is significant “fact” that by 1998 say, nearly 90% of the United States critical, or “vital infrastructure networks” were “privately owned and operated.” [5c]


Competitive Advantage

Also termed Core Competence, Competitive Advantage can be accurately defined as: "superiority gained by an organization when it can provide the same value as its competitors but at a lower price, or can charge higher prices by providing greater value through differentiation. Competitive advantage results from matching core competencies to the opportunities." [6] From a strategic covert perspective however, competitive advantage can, and does involve more: simply put, the use of illicit and other surreptitious tactics.


Sabotage

Within the meaning of this exposition as well as Project 'Lady's Finger' broadly, "Sabotage" can be taken to mean any unlawful, secret and/or deliberate act that actually and/or indirectly causes (in particular, information, information-based, or computer system-related) damage by virtue of manipulation, alteration, suppression, exfiltration, deterioration, or deletion of such data. For the avoidance of confusion, Project 'Lady's Finger' is not interested in “criminology” as such, but merely lays the groundwork for the approximation of transnational, criminal and relevant laws to remedy 21st-century sensitive communications criminal acts.


Trade or all things commerce within the meaning of this thesis therefore is not literally “buying and selling” per se, but reflective of a posture, or readiness to engage in, and thereby achieve one’s economic security at the personal, national, and global level. Understanding the complex dynamic of this posture within the information security or e-security labyrinth means grasping the word “infrastructure” broadly as a a critical asset, because any sabotage thereof thwarts the essential legal “posture” (or competitive equilibrium) of the players within the (global) competitive (information) marketplace. The issue of information insecurity therefore, is first, foremost, and lastly, squarely about communications, and ultimately survival. Particularly, electronic communication and information systems networks.

Every computer-facilitated crime — whether sabotage, economic crime, or a combination of both including such composites as intellectual property, is in the final analysis, about the criminology of communication. This understanding achieved, the case and discussion, even when the concept of Social Engineering is referenced or analyzed, is more easily discernible.


Social Engineering

In his Testimony before the House Financial Services Committee on "Fighting Fraud: Improving Information Security" [April 3, 2003] Kevin Mitnick, co-author of The Art of Deception, John Wiley & Sons [2002], defined Social Engineering as "a method where the intruder deceives his target into complying with a request based on false pretenses and psychological manipulation." Social Engineering therefore, if you like, is a soft (tactical) power tactical weapon.


But we're not done.


Economic & Industrial Espionage

Lastly in this installment, we turn to Economic Espionage, which is the "illegal, clandestine, coercive or deceptive activity engaged in or facilitated by a foreign government and designed to gain unauthorized access to economic intelligence, such as proprietary information or technology, for economic advantage." By contrast, Industrial Espionage is "the use of, or facilitation of, illegal, clandestine, coercive or deceptive means by a private sector entity or its surrogates to acquire economic intelligence." [7]

○ ○ Risk Management Done Right (Follow the Dove)

HYPERLINKED

○ ○ ○

More Videos Here


PEACE

TT

F I N I S

Views: 56

Comment

You need to be a member of Brooklyn Art Project to add comments!

Join Brooklyn Art Project

bap-becomeone

Latest Activity

© 2019   Created by Brooklyn Art Project.   Powered by

Badges  |  Report an Issue  |  Terms of Service