Security and Intelligence Studies in the Private Sector

By Scott Small

When considering a career in the field of international security, one’s mind is often first drawn to the public sector. Students graduating from academic programs in international security or intelligence studies may first think of pursuing a position with the U.S. or their home government, or working for a relevant branch of an international governmental organization such as the United Nations. However, numerous opportunities exist in the private sector for those possessing the skills developed in a security-focused degree program. Furthermore, contrary to common perceptions about the differing nature of the public vs. private sector, the vast majority of the day-to-day tasks and ultimate goals of an individual working for an international security company are the same as those of a public employee in a comparable position.

I work for a private company that helps other organizations identify and mitigate risk in the international supply chain. The ultimate goal of our company is to enhance our clients’ supply chain security – a term that describes efforts to ensure the integrity of goods from the point of production to the ultimate point of resale and consumption. As a member of my company’s intelligence team, I am tasked with collecting information about the myriad risks to international supply chains, analyzing this information, and then producing and disseminating finished supply chain security intelligence to our clients.

Much like analysts employed at a government agency, our team is responsible for producing a variety of intelligence products in any given week. Intelligence briefs give the consumer a concise overview of a particular incident and the significance of that event in the context of the broader risk environment. Special reports allow us to dig deeper into a particular country or a specific threat. Like many analysts employed in government intelligence organizations, I am responsible for a particular geographic region. While this provides the opportunity to delve into the specific risks present in a particular part of the world, the transnational nature of many supply chain risks also requires close coordination with colleagues focused on other regions of the world.

The overall objectives of an intelligence professional will remain the same whether the individual is working for a government agency or a private company. Most of the day-to-day tasks of an intelligence analyst are comparable between private and public employment. All analysts will follow some form of the intelligence cycle: first collecting raw information; processing and analyzing this information; disseminating a finished intelligence product; and constantly evaluating the entire process for areas of improvement or optimization.

Furthermore, the key tenets and ultimate goals of an intelligence professional should remain consistent regardless of the employer. Most importantly, objectivity is fundamental in order to provide the most accurate assessment of any issue to the intelligence consumer, whether they are a policymaker in Congress or the White House or a corporate executive. Critical thinking skills are essential in order to synthesize seemingly disparate pieces of information into a more complete picture. Finally, but certainly not least important, conciseness and solid writing skills are necessary to clearly convey your message to individuals who often have only minutes to read and process a finished intelligence product.

Although it may not often be as apparent, working for a private company in the field of international security offers a directly comparable experience to many similar positions in the public sector. The day-to-day tasks of intelligence officers are overwhelmingly similar regardless of the employer, and the end- goals and skill sets required to accomplish these goals are identical. My own experience with a private-sector company in the field of supply chain security has afforded the opportunity to further develop the skills I was first introduced to in the classroom, in addition to providing the chance to have a direct impact with my work.


The Dragon of the East Goes Spear-Phishing


Are you sitting down?  Good, because I have some troubling news.  The Chinese are spying on us!  Yes, the sarcastic tone detracts from the gravity of the situation, but the media has been awhirl with the merely symbolic indictment of PLA Unit 61398.  The recent incident involving several Pittsburgh-based companies demonstrates that national security hits home.  The question that remains is: So what?  We spy on allies and companies of interest, and our allies certainly steal our trade secrets.  There is a reason people call espionage the second oldest profession.  But what concerns policymakers and intelligence analysts in the long-term is the shear alacrity and overtness of Chinese cyber espionage targeting American industry.

First, it is important to define terms as scholars, governments, and companies have various definitions.  While there are permutations of each definition, industrial espionage is simply one private company stealing from another; on the other hand, economic espionage involves foreign government-backed activity.  For instance, IBM stealing from Google would be industrial espionage, but China stealing U.S. trade secrets is economic espionage; this article focuses on the latter.   The issue becomes increasingly muddled with state-owned enterprises and private defense contractors, but the concepts remain the same.

Another key distinction is between cyber war and cyber exploitation or spying.  Although there is little differentiation in academia, cyber war is more about offensive penetration capabilities.  Stuxnet, the U.S./Israeli virus that attacked Iranian nuclear centrifuges is an example of cyber war.  Cyber espionage or exploitation is also penetrative, but involves the covert collection of data rather than attack or destruction of systems.  This is the type of operation PLA Unit 61398 is accused of committing.  The difference is subtle, but the policy and strategic implications, subsequently addressed, are significant.


In 2001, the FBI released a report claiming that 22% of the industrial “suspicious activity” was government-sponsored.  However, a deeper look at the pilfering of American technology illustrates a graver threat to national security; the cost is potentially staggering.  The Center for Strategic and International Studies produced this table in 2013 to illustrate the potential damages:

tableCSIS estimates that global and U.S. cyber-crime at most costs 1.4% and .8% of GDP or $1 trillion and $120 billion, respectively.   Conversely, the FBI testified during a House subcommittee on Counterterrorism and Intelligence that the loss to U.S. companies is approximately $13 billion.  Nevertheless, the disparate estimates illustrate a key point:  there are significant barriers to quantifying the costs of economic espionage.  In the end, loss of intellectual property is difficult to calculate.   Simply assessing the opportunity cost of research and development does not tell the whole story.

This problem is pertinent to national security as well.  Chinese military officers stealing Alcoa’s aluminum trade secrets has the potential to damage the economy and U.S. companies.  But what if China stole secrets that can enhance nuclear weapons?  Well it did, albeit over fifteen years ago.  Defense contractors and military technology is on the top of the list for foreign governments.  A recent commission by defense contractor Northrop Grumman to assess China’s capacity to conduct cyber warfare and espionage labeled it as the “…single greatest threat to U.S. technology…”  Countless examples of Chinese cyber espionage operations and subsequent investigations, cat and mouse games, and code-names such as Ghost Net, Aurora, and Shady Rat epitomize Sino-U.S. cyber relations.  There are myriad sources detailing Chinese industrial and economic espionage in books, reports, and house review, yet this is nothing new.

Some researchers argue that the Chinese ethos embodies intelligence collection. Military and strategic intelligence is ingrained in Chinese culture, originating with Sun Tzu’s Art of War (sunzi bingfa).  This is not an ethnocentric accusation, but merely an observation held by scholars and intelligence analysts.  Intelligence and the Art of War is applicable in various facets of Chinese culture.  Four years ago I studied Chinese business culture at Fudan University in Shanghai.  We were required to memorize lines from Sun Tzu and apply it to contemporary business models.  Yet the claim that Chinese steal more aggressively due to cultural propensities is unfounded.  In the past, some of the greatest perpetrators of economic espionage against the United States were the French and Israelis.  The shift is simply because China is a rising power, no different from the expansion of Soviet espionage during the Cold War.  In this case, however, the high-tech advancements in information and communication technologies (ICTs) create attribution problems and permit government agents to operate thousands of miles away. In sum, as long as there is a technological gap or economic advantage, countries will spy and steal, and China is no different.


This does that change the fact that China is presently the consummate pilferer of U.S. technology and something must be done.  First, we need to know how much economic espionage is truly hurting the U.S. economy.  There is no doubt that stealing military secrets from a defense contractor will weaken the U.S. relative to other nations, but the jury is still out on the impact of cyber spying on U.S. companies.  The House Committee on Counterterrorism and Intelligence claims that foreign government-backed corporate espionage is costing U.S. jobs and billions of dollars.  There are many examples of companies going under after Chinese, French, and Israeli stole secrets, but, as previously mentioned, the estimates range greatly.  The U.S. needs to enhance its ability to articulate, quantify, and communicate losses due to economic espionage.

American security policy also includes the enhancement of cyber capabilities, but the investment in resources is misplaced.  The establishment of U.S. CYBERCOM is one way the U.S. beefs up its attack and defense capabilities.  But the enlistment of cyber-warriors, as necessary as it is, is the incorrect response to cyber espionage.  Cyber-warriors are for cyber-war, not necessarily cyber exploitation or espionage. The Chinese are not looking to engage the U.S. in a cyber-war, or a war on any battlefield in the near future.  American military prowess and technological capabilities are unequalled. So the Chinese (and other nations) will continue to steal in an attempt to level the playing field.  The U.S. needs cyber spies, not warriors, and the FBI is falling behind.  In fact, the agency has begun to recognize this after the recent indictment of the PLA Unit.  Several days after the announcement, the FBI is considering changing its drug policy to encourage young hackers and computer programmers to apply. Explicit cyber-war is a long way away, but cyber spying has been here for quite some time and there is no indication it is going anywhere. China has become increasingly aggressive and more overt it its tactics, but, in the end, art of war has not changed.




Islamic Terrorism and Online Video Games: Virtual Worlds, Real Threats

This article is part of a recurring series by Alex Halman, a PhD student at the Graduate School for Public and International Affairs at the University of Pittsburgh.  If you have any questions or comments, feel free to contact him at

When Americans think terrorism, their minds shift to caves, bearded men, and high-tech ignorance.  Our conceptions of Jihadi organizations are that they abhor technological innovation; however, there is evidence that these groups are embracing new options. The idea that terrorists use Call of Duty to train and plot attacks is equally both laughable and frightening.  Online gaming is at an all-time high.  With such a massive and untapped resource at their disposal, terrorists may use these virtual environments for communication, funding, and other illicit activities.   Security analysts and academics have barely scratched the surface of this capability.  Recently, Edward Snowden released a bevy of classified documents; one was an NSA report from 2007 that addressed concerns about violent non-state actors utilizing Games and Virtual Environments (GVE).  Two years later, the Intelligence Advanced Research Projects Activity (IARPA) revealed Project Reynard, a venture aimed at supporting research on and in Virtual Worlds.  When the project was funded, there was little academic literature on the subject and limited evidence demonstrating terrorists were using this technology.  If the extent of future video game use by violent non-state actors is uncertain, it is also potentially, quite significant.  It is important, therefore, to consider the options available to these groups.  Bounding the problem in the ways described here could be useful for both intelligence agencies and the DOD.


There is evidence that points to a continued real world focus for violent non-state actors.  First, terrorist organizations, and more broadly criminal syndicates, often rely on real world funding, communication, and recruitment mechanisms.  In other words, they don’t need to fix what is not broken.  Despite technological advances, drug trafficking, jewelry trades, and traditional money laundering schemes have worked for thousands of years.  Using GVEs, even though they might be more efficient, leaves footprints for our agencies to follow.  Thus, it is possible that GVE utilization would be detrimental for Jihadist terrorist organizations – and will be avoided rather than embraced by them.

In this case, budgeting and policy direction would remain unchanged in regards to U.S. DOD data-mining capabilities.  There are several advantages to this option.  First, this is the most risk averse of the policy options.  If you are unconvinced that online game usage by enemies of the state is a serious threat, no further action is required.  Project Reynard ended in 2009 with little evidence of such activities.  The political risks are also quite low with this option.  When Snowden released the documents in 2013, there was significant public uproar.  The program was trivialized and an embarrassment for the NSA and DOD.  Furthermore, some researchers from the National Research Council argue that data-mining is futile.  Ultimately, this is the option with few potential benefits as the risks are rather low.


The second option represents an incremental change from the first.  In this situation, CYBERCOM and/or the NSA would launch a development similar to Project Reynard.  Project Reynard was a crowdsourcing project.  This, on the other hand, will be an in-house job.

There is some support for such an initiative.  Jihadi organizations are designing video games, and this demonstrates their willingness to adapt and incorporate new technologies into strategy.  Games like “Under Ash” and the sequel “Under Siege” can be potent recruitment and communication tools for these groups.  In these games, a Palestinian protagonist seeks revenge on Zionists and their supporters for occupying his homeland.  In a sense, this is the jihadi version of “America’s Army”, a game developed by the U.S. Army.  There are several more games that have been developed to draw in and radicalize Arab youth.  Because these games are so overt, it is unlikely developing Jihadi games will be a primary strategy.  Nevertheless, these games are evidence that terrorist organizations are shifting to virtual worlds.

Another example of Islamic fundamentalists expressing a willingness to adopt advanced technology, and possibly GVEs, is the Syrian Electronic Army (SEA).  The SEA, although supporting the Syrian government, is one of the first public and virtual armies in the Arab world to strike cyber targets.  This online activism by the youth in the Arab world possibly demonstrates a paradigm shift in recruiting and communication for Jihadi organizations.  Globalization and power diffusion have empowered small and previously insignificant actors, enabling them to pose a serious threat to states.  Game technologies could do the same.

Further evidence supporting Jihadi terrorists’ potential use of GVEs is the funding opportunities through online game markets.  Games like World of Warcraft have autonomous markets that are targeted and penetrated by illicit actors. Although illegal, the market is massive and extremely lucrative; estimated at several billion dollars. Jihadist groups may use virtual markets as they are resilient and similar to other illicit markets.  Keegan et al (2010), using social network analysis, finds that gold markets (GVE currency markets) are structurally similar to drug trafficking networks.  Moreover, the state markets have similar characteristics like secrecy, resilience, and efficiency that are displayed in real world black markets.  This suggests that terrorism funding through GVEs might be a serious issue in the future.  A covert policy and budgetary shift toward data-mining has “low” political and “medium” financial risks and moderate benefits.  Pilot program development would prevent public resentment and allow the DOD to assess the extent of this problem.


This is the high-risk/ high-reward option.  It would represent a significant and public shift for DOD agencies to enhance data-mining techniques.  The political and financial risks would be extensive, but the benefits would be substantial.

There are several indications this is the right course of action.  First, data output will be 50 times greater in 2020 than it was in 2010; a nearly exponential increase. The DOD needs to keep up with trends in data use.  Second, with the proliferation of technology, third party game developers are becoming commonplace.  Games are easier and cheaper to produce and there will be more and larger haystacks to search for the needles.  Finally, the effectiveness of current programs are unknown.  For example, in an experiment by British researchers, their data-mining software caught 60% of the malicious/terrorist-like activity. With significant public investment, we could dramatically increase our detection capabilities in the virtual realm.

In sum, there is sufficient evidence to conclude that GVEs are a potential asset for violent non-state actors, especially Islamic terrorist groups.  In fact, Islamic extremists have demonstrated a willingness to adopt new technologies and gaming into their arsenal.  However, the most likely outcome is that usage of virtual worlds for funding, communication, and recruitment will be rather limited.  The perks of GVEs are a significant draw for these organizations, but one blunder or oversight can be devastating for the network; once discovered, the advantages quickly dissolve.  As the IC community ramps up SOCMINT and other digitally-related INT’s with innovative data-mining methodologies, illicit networks may retreat into the shadows of real world activities.

Consequently, the pilot program development and evaluation is the most politically and financially feasible option when the costs and benefits are considered.  It is imperative we assess the extent to which terrorists are using GVEs.  Maintaining the status quo would be beneficial in the short-term, but recent trends illustrate that data-mining will be significant for law enforcement and national security in the near future.  A massive investment in these capabilities, on the other hand, is premature and will result in public blowback in the current economic climate. Nevertheless it is time we consider seriously new Islamic terrorism and the uses of virtual worlds.  After all, the worlds might be virtual, but the threats are certainly real.