Printer Friendly

Who's on the line?

Proprietary information--the lifeblood of the corporate body--must be immunized against outside agents for healthy profits.

HOW SECURE ARE BUSINESS communications? Can company executives continue to rely on their integrity? Are the vulnerabilities changing, increasing, or both? Disturbing answers to these questions are suggested from industry data.

The 1991 ASIS Technology Theft Survey of 165 companies indicated an increased incidence of information theft by targeting communications systems for compromise. This is one of the leading ways foreign entities have targeted American businesses both in the United States and abroad for acquisition of proprietary and trade secret information, according to recent testimony by both government and industry officials before the House Judiciary Committee.

The FBI has increased its education efforts, briefing US corporations about the seriousness of the espionage threat, and the agency has distributed the ASIS survey as part of this effort.

Most foreign governments, including those friendly to the United States, can and do collect competitive business information from open source literature as well as from other human and electronic intelligence-gathering methods. This competitive intelligence is then passed on to local industrial interests on a regular basis.

US agencies under current laws are specifically prohibited from sharing acquired data with domestic commercial organizations. This can and often does put American companies at a distinct disadvantage.

Companies can counteract this loss of competitive advantage by securing their proprietary information. An analysis of the flow of an organization's critical information from the time it is generated to the time it is destroyed will enable a corporation to first target its vulnerabilities.

This operational review should include a company's methods and procedures for distributing and communicating information between its various divisions and offices. The analysis can reveal some not-so-obvious and potentially serious weaknesses.

A review can also help predict the method and the location in the communications network where the interception attempt may take place. It may also predict where the perpetrator hopes to maximize the chance of successfully obtaining useful intelligence concerning the targeted company while minimizing the risk of detection.

In any organization, telecommunications represent a major vulnerability to electronic intelligence gathering.

PHYSICALLY PLACED ELECTRONIC surveillance equipment is the first concern. Sophisticated devices may be attached to or placed in or near communications equipment and cables. The physical installation of these instruments requires that a perpetrator obtain access to either the area of concern or the communications cables, terminals, or switching equipment. These methods of information acquisition can be for the most part successfully dealt with by performing technical surveillance counter-measures inspections of the areas and equipment.

Wire and fiber-optic cables. Station cables, distribution cables, as well as any intermediate distribution frame locations, have long been favorite targets of attack. This also requires access to the building and, in some cases, the target floor but does not usually require access to the individual area containing the station equipment.

The use of fiber-optic cables as a transmission media for both inside and outside wiring is rapidly increasing. While not as vulnerable as copper cable to simple methods of attack, these cables are much more vulnerable than most people have been led to believe. Devices are readily available to extract usable information from cable previously billed by some as tap proof.

PASSIVE ELECTRONIC INTELLIGENCE gathering is another potential source of leaks.

Wireless phones and intercoms. Wireless phones have been subject to a great deal of misuse, especially by executives who make sensitive calls at home because of time differences between offices. A number of models are now available that operate in the 900 megahertz frequency range.

While these new models promise greater range, the security risk for accidental or deliberate interception also greatly increases. Wireless intercoms pose similar risks for intentional or unintentional misuse. That's especially true of the highly sensitive models that have been developed for use by parents as electronic baby-sitters.

Cellular phones. The risk of being accidently overheard may have been well publicized, but few people realize that the technology exists to single out an individual cellular phone for deliberate interception. An eavesdropper can follow that phone through the hand-off to neighboring cells during travel.

Most executives believe it cannot happen and that it would not happen to them, but every day in every major city substantial information is lost.

Fax- and data-monitoring systems. Fax machines have proliferated to almost every business, including their use in the homes of many senior executives. This method of communications is one of the most easily and successfully targeted.

Stand-alone and PC-based fax and data intercept equipment is available that will covertly intercept and capture fax transmissions from any make or model machine, regardless of its handshake (the signal that two machines will emit to get synchronized to send the message). It will also decipher nonstandard fax protocols and perform automatic intercept and storage.

Microwave line-of-sight transmissions. Microwave line-of-sight transmissions have long been known to be the target of interception attempts. The antenna of the listening party needs to be in the path of the radiated signal.

Satellite transmissions. Many companies rely on satellite communications, including video teleconferences, as part of their plan. Unfortunately the satellite footprint or area of signal coverage can be a thousand miles across. Anyone within this footprint with a satellite dish and some test equipment can pick up the signal.

Video transmissions are digitized like fax transmissions and are similarly vulnerable to interception and misdirection, especially in public networks.

In addition to analyzing the potential security risks of the transmission path sensitive information may take, a company should be aware of other methods of electronic intelligence gathering that may be employed.

Unintentional electromagnetic radiation. The passive interception of electromagnetic radiation from microwave, satellite, cellular, and other forms of radio transmission has been widely reported. A great deal of radiation, however, was never intended to radiate or transmit information. It is incidental to the operation of electronic equipment.

Many techniques exploiting unintentional electromagnetic radiation use were developed years ago by the British government for intelligence purposes, but these methods have now been adapted for use by corporate spies. They can be employed to compromise information in electronic systems, including encryption equipment and methods.

The strength of the electromagnetic radiation can be greatly affected by many factors, including interconnecting cables, power lines and cords, and proper grounds on both interconnecting cables and AC power supplies.

Electromagnetic radiation can be sent through the air, like an FM broadcast signal, or radiated along power lines, like a wireless intercom. Improper grounding can cause these signals to radiate along metal pipes, ducts, and conduits for a considerable distance.

Individual signal signatures. Many visual display units (VDU), as well as other types of electronic equipment, can have an easily distinguishable electronic signature due to slight differences in component manufacturer, values, and slight differences in methods of construction. These differences can help make the signals from one unit distinguishable from another unit of the same type and can make the job of selecting and separating the target signals easier.

Add-on units are now available that work on the principal of generating a masking signal in sync with the VDU. They are designed to help prevent the radiated signal from the VDU from being separated from the cloaking signal.

Wireless communications. Expansion of the requirements for telecommunications systems and services worldwide will mean the development and use of a wide variety of communications and transmission options.

The use of wireless communications will be explosive in Europe and in other areas of the world where it is the economical choice. Wireless area networks have already gained some degree of acceptance. The era of the personal communications device is here. People will soon be able to transfer incoming calls to any location.

Safeguarding proprietary information in communications has never been more important than it is now in this new age of instant communications.

Developing the security solutions required will take a thorough understanding of the communications and transmissions options. Executives must also familiarize themselves with the possible acquisition methods, both active and passive, that may be used to target the company and to intercept and acquire critical information.

Richard J. Heffernan, CPP, is president of R. J. Heffernan & Associates Inc. in Branford, CT, and chairman of the ASIS Standing Committee on Safeguarding Proprietary Information.
COPYRIGHT 1992 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1992 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:protecting proprietary information
Author:Heffernan, Richard J.
Publication:Security Management
Date:Sep 1, 1992
Previous Article:Clear the air with TSCM.
Next Article:Thrill seekers find their quarry.

Related Articles
Stretching DOS.
Who's Stealing Your Business? How to Identify and Prevent Business Espionage.
Checked your infosec lately?
Safeguarding your network: preventing network break-ins in your company.
Bio-Vascular files patent applications.
Transaction data drives direct mail industry.
Enforcing Restrictive Covenants and Protecting Trade Secrets.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters