Industrial espionage: a serious threat to strategic companies

Cyberspying is one of the biggest problems facing companies today. Businesses can wage economic war as much as any country could, all with the aim of extracting strategic information. These days, sensitive information needs to be securely protected, as the target of choice for hackers. And industrial espionage is a very serious threat, in particular for strategic or critical businesses.

Economic espionage has been around for decades. In December 1965, four years before Concorde first took to the air, the director of Russian airline Aeroflot’s office in Paris was arrested for possessing detailed plans of the brakes, landing gear, and frame of the supersonic airliner.

In 2014, a report by a French parliamentary delegation to the country’s intelligence service stated that economic espionage was now happening on an “industrial scale”, and almost 20% of the attacks are directed at the Paris region. The authors of the report state that many attacks were identified in 2013 “in the field of fundamental research alone where there is a poor culture of protection, although the aeronautics and health sectors were also targeted”. With digital transformation, working methods have changed, but many of the problems remain the same for businesses.

A range of espionage techniques to choose from

PwC has tried to decipher the phenomenon that is industrial espionage. According to Olivier Hassid, Director at PwC and head of its security and economic intelligence council, an economic espionage operation can come in various forms: theft of computers in hotel rooms or cars, disappearance of patents on board a train between Paris and Brussels, cyberattacks, raids on capital during a financing transaction, on-site espionage during a visit, and so on.

“An economic espionage operation may have another aim in mind: to destabilize strategic enterprises. Publishing fake news or information at the right time could weaken a company and allow a competitor to get hold of sensitive information after a successful takeover bid. So, the entire C-suite could be at risk. CFOs and CLOs have been robbed of their laptop when it was locked in the trunk of their car. That takes some planning,” adds Hassid.

On the night of 24 to 25 September 2019, a Thales engineer who was working on underwater defense projects had a work computer stolen, which contained sensitive data, including some concerning the construction of military equipment.  This is presumed to be an act of industrial espionage, carried out by a competitor or a foreign power.

Digital transformation increasing the risk of industrial espionage

The risk of being through digital tools has increased considerably in recent years. Businesses are now hyperconnected – through computers, tablets, and smartphones – and staff are in constant contact with their colleagues as well as external partners. A company doesn’t start or end at the front door anymore. And the threat to corporate data only continues to grow as more and more digital tools are rolled out. Technological developments allow businesses to be more agile, but they also call for efforts to be stepped up in terms of security.

Airbus hit by cyberspying

Strategic organizations such as Operators of Vital Importance (OVIs) are the target of choice for hackers. OVIs use or manage systems and infrastructure of such importance that if compromised in any way as a result of hacking, sabotage, or terrorism, this could seriously endanger the country’s economic potential, ability to wage war, security or survival capacity, or seriously jeopardize the health or lives of its population.

At the end of September 2019, another strategic company – Airbus – was struck by a cyberspying operation through several of its sub-contractors. Even more industrial espionage operations have occurred over the last few months according to security sources interviewed by news agency Agence France-Presse (AFP). The attack was targeted in particular at technical certification documents, a formal procedure to ensure that the different components of an aircraft conform to safety requirements. One of AFP’s sources also stated that hackers were interested in information concerning the A350’s engines and avionics – the entire electronic system used to operate the aircraft.

Security in industry: a very serious issue

“The news this year has reminded us that industry can also be hit by cyberattacks, targeting not only their employees’ personal data, but also the technical documentation relating to the equipment they produce,” said French Minister of the Armed Forces, Florence Parly, at the beginning of September 2019. “I am talking in particularly about the attack that targeted one of the sub-contractors of a large industrial group, which shows how important it is to implement a system ensuring each link in our national defense is secure.”

“Today, our adversaries seek to exploit all the flaws they can in order to hit us, flaws in industrial companies, their sub-contractors, their suppliers, and their employees too. Every weapon system, every computer or smartphone, every connected object, unbeknownst to its owner, could tomorrow become not only a target, but also a means of launching a cyberattack. That is why we must take this issue extremely seriously,” the Minister added.