“Intelligence ... aims at supporting the process of modernization of our country and
creating the optimal conditions for the development of its science and technology.”
- Mikhail Fradkov, Director, SVR, December 2010
|Source: Moscow Times|
Two good examples of companies at risk are Boeing and General Atomics. Boeing, which has a defense, space and security division alongside its civil aircraft division, has 170,000 employees in over 70 countries, including Russia. General Atomics, who makes the Predator drone, has an affiliate office in Moscow. In fact, GA was recently praised by Russian military analyst Konstantin Makiyenko.
Any foreign business operating inside of Russia which holds technology vital to Russia's national security interest will be contacted by the Russian Security Service (FSB). Under article 15 of the FSB law, those companies are obliged to provide assistance to the Federal Security Service in carrying out their assigned duties which could include a wide range of possibilities including the examination of source code. All communications emanating from those companies including landline, VOiP, mobile, and satellite will certainly be harvested electronically and entirely legally by the FSB.
While I'm using Russia and these two U.S. companies who do business there as examples, this same problem exists in many other nations which have active industrial espionage operations. It is a major part of a company's threat landscape and one that is frequently being ignored because (a) it doesn't involve a spear phishing email or a piece of malware and therefore doesn't fit the business model of most cyber security companies and (b) defending against it requires a specialized skill set.