From espionage to cyber espionage

 

From espionage to cyber espionage

Intelligence is the collection of information that have military, political, or economic value.

According to the Aspin–Brown Commission (that was chartered by US Congress in October 1994 to conduct a comprehensive review of American intelligence), “it is preferable to define intelligence simply and broadly as information about “things foreign”— people, places, things, and events — needed by the Government for the conduct of its functions.”

Intelligence refers to both:

- information about “things foreign” that is collected by clandestine means,

- information available through conventional means.

According to the Central Intelligence Agency, “reduced to its simplest terms, intelligence is knowledge and foreknowledge of the world around us—the prelude to decision and action by US policymakers.”

Espionage is a set of intelligence gathering methods.

The Oxford’s English Dictionary defines espionage as “the practice of spying or of using spies, typically by governments, to obtain political and military information.”

The Merriam-Webster's Dictionary has a slightly different opinion. Espionage is “the practice of spying or using spies, to obtain information about the plans and activities especially of a foreign government or a competing company.”

Cyber is a prefix used to describe new things that are now possible as a result of the spread of computers, systems, and devices, that are interconnected. It relates to data processing, data transfer, or information stored in systems. With the word cyber we also refer to anything relating to computers, systems, and devices, especially the internet.

The prefix cyber has been added to a wide range of words, to describe new flavors of existing concepts, or new approaches to existing procedures.

Intelligence gathering involves human intelligence (HUMINT - information collected and provided by human sources), signals intelligence (SIGINT - information collected by interception of signals), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), geospatial intelligence (GEOINT), open-source intelligence (OSINT), financial intelligence (FININT), etc.

HUMINT is the oldest form of intelligence gathering. Cyber-HUMINT refers to the strategies and practices used in cyberspace, in order to collect intelligence while attacking the human factor.

Cyber-HUMINT starts with traditional human intelligence processes (recruitment, training, intelligence gathering, deception etc.), combined with social engineering strategies and practices.

Cyber espionage includes:

- unauthorized access to systems or devices to obtain information,

- social engineering to the persons that have authorized access to systems or devices, to obtain information.

Cyber espionage involves cyber attacks to obtain political, commercial, and military information.

Cyber espionage and traditional espionage have similar or the same end goals. Cyber espionage exploits the anonymity, global reach, scattered nature, the interconnectedness of information networks, the deception opportunities that offer plausible deniability.

Economic and industrial espionage, including cyber espionage, represents a significant threat to a country’s prosperity, security, and competitive advantage. Cyberspace is a preferred operational domain for many threat actors, including countries, state sponsored groups, the organized crime, and individuals. Artificial Intelligence (AI) and the Internet of Things (IoT) introduce new vulnerabilities.

Cyber economic espionage is the targeting and theft of trade secrets and intellectual property. It is usually much larger in scale and scope, and it is a major drain on competitive advantage and market share.

A major challenge today is the lack of awareness and training. Many organizations and companies of the public and the private sector continue to believe that cyber security is a technical, not a strategic discipline. They believe that cyber security involves the protection of systems from threats like unauthorized access, not the awareness and training of persons that have authorized access to systems and information.


The objective of this web site: The rule of the people, by the people, and for the people, requires citizens that can make decisions in areas they do not always understand. We support the Federal Council's national strategy for the protection of Switzerland against cyber risks and its implementation plan, by embedding cyber risk awareness in organizational culture. We promote increased public awareness of disinformation activities by external actors, to improve Switzerland's capacity to anticipate and respond to such activities.

Our catalog, instructor-led training in Switzerland, Liechtenstein, and Germany: www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2018.pdf