February 27, 2015
Michel Juneau-Katsuya has seen it all when it comes to incidents of cyber security breaches and corporate espionage. The former senior intelligence officer with the Canadian Security Intelligence Service (CSIS), who started his career as a member of the RCMP, also knows just how smart and or lucky perpetrators can be. Speaking recently during the Toronto leg of the cross-country Dell Secure Enterprise Roadshow, Juneau-Katsuya talked about once incident that occurred in the late 1990s. An employee of an Ottawa high-tech firm sold information about a “gadget” that had just been developed by the company he worked for to the Vietnamese government for $50,000. It took exactly one month for Viet Nam to reverse engineer that same gadget and put it on the market at a price far lower than what it should have been – so low, in fact, the company that created it could not compete. And while the employee, a Vietnamese native, was eventually caught by authorities when a jilted girl friend dropped off damaging documents outlining the heist at CSIS headquarters in Ottawa and then fled in a taxi, in the end he was only fined $25,000 and received a suspended sentence. The firm estimated that the single theft cost them 10 years worth of research and development at a cost of $40-45 million and potential revenue losses anywhere between $200 million and $1 billion. “One gadget, one guy, one case,” said Juneau-Katsuya, who was in charge of the Asia-Pacific region with CSIS, an area that stretched from Afghanistan to North Korea where he focused on counter-terrorism and also tracked corporate espionage incidents against Canada. Now the CEO of The Northgate Group, an Ottawa-based corporate security intelligence and research firm, he recalled that during the mid-1990s he was seeing more incidents of corporate espionage than had occurred five years before prior to the breakup of the Soviet Union. Juneau-Katsuya had one of his analysts conduct a study to determine how much Canadian firms were losing annually from data being pilfered in some form or another. The results revealed the total was anywhere between $10-$12 billion, which compared to the U.S. was five times more. “It begged the question, why Canada?” he said. “Why were we losing so much? We identified that Canada is a knowledge-based society. We have much more investments in research per ratio than the U.S. We have more investment in R&D than the entire European community and we are at the cutting edge in many fields and many technologies. The country has a lot to offer.” In the 15+ years since the survey was carried out, said Juneau-Katsuya, co-author of Nest of Spies: The Startling Truth About Foreign Agents At Work Within Canada’s Borders, corporate espionage has continued to soar: “Everybody fights for the same market share, everybody fights for the same contract,” he said. “Nobody is a friend anymore. We all compete against one another. “You have the traditional foes: Russia, China, but also the so-called friends in the game as well – the French, the Germans, the English, the Americans. On top of that we have the emerging countries like India, Brazil and South Africa.” On the CSIS Web site, agency director Michel Coulombe writes that in recent years there has been an “exponential increase in public awareness of the cyber threat, a realization that if you open even one malicious e-mail hostile actors can steal your most sensitive information – and do so in a blink of an eye and from thousands of kilometres away. “The sophistication and determination of cyber-spies, some of whom are backed by foreign governments will continue to grow. Individuals, corporations and nations that are unable to defend themselves will suffer economic and other consequences.” There are, said Juneau-Katsuya, five threat agents organizations need to consider: state-sponsored espionage, company versus company, organized crime, activists and finally employees. “The weakest link is always the human being,” he said.