The NSA: Just One Threat to Supply Chain Security

When it comes to the NSA's spying activities, worldwide outrage is perhaps overblown — and shouldn't detract from supply chain concern about information security in the broadest sense.

One of the most memorable scenes in the film classic Casablanca is when the French police chief uses gambling as a pretext to shut down Rick's Café Americain. He feigns disbelief when he tells Rick, played by the iconic actor Humphrey Bogart, that he is “shocked” to see gambling taking place on the premises — just before he is handed his winnings for that night. The scene aptly serves as an analogy of the German and, especially, the French governments' very public display of their shock and outrage over Le Monde’s report that the NSA has intercepted millions of communications among their high-level officials.

The France and German governments were certainly aware that one of their staunchest allies was spying on them, long before the Le Monde report was published. The United States is also well aware that France and Germany use their technology to attempt to spy on the country. Before the diplomatic row started over the report of the NSA's spying on France and Germany, Arnaud Danjean, a European parliament member and a former employee of France’s NSA equivalent Direction Générale de la Sécurité Extérieure (DGSE), told Le Monde that Western allies routinely spy on each other.

Regarding how the United States was reportedly eavesdropping on French embassy communications, Danjean told Le Monde that the US, French, German, and UK governments invariably do the same between them.

Indeed, spying is sometimes called the world's second oldest profession for good reason. Espionage among allies in Western countries has taken place for centuries and is certainly widespread around the world beyond US and European borders. While arguably more of a threat to Western countries, the US Department of Defense, for example, has revealed cases of attacks originating in China and Russia when US trade secrets were compromised.

Still, the Le Monde report of a few days ago has certainly added flames to the fire for those concerned about the potential security risks that the NSA poses to supply chains, especially for organizations with direct business ties to the United States.

Already, US companies in the tech sector probably lost a significant amount of business from overseas customers when Edward Snowden, a contractor for the NSA, leaked information earlier this year to the press about how the NSA has collected user data from Facebook, Google, Skype, and other US companies. As an indication of the damage done to US technology firms' reputations, the Cloud Security Alliance (CSA) published the results of a survey earlier this year that revealed that 56 percent of non-US residents were less likely to use US-based cloud providers following the Snowden affair.

However, to say that there is more going on in the murky world of supply chain and industrial espionage than meets the eye is a euphemism. While the NSA's activities continue to dominate the headlines, it is easy to overlook the fact that governments from other countries are engaged in spying activities that, at the very least, are similar to what the NSA is doing. France routinely monitors email, social networking, and other communications without warrants or court orders.

France's NSA-like activities have been underreported in the United States and in France and certainly have not invoked the outrage that the Snowden affair has. In fact, according to Le Monde, the French government tries to intercept all Twitter, Facebook, and Gmail communications sent within France's borders and stores the data for years, making the NSA's activities seem like a misdemeanor in comparison in many ways.

The NSA's activities, at the very least, are still a concern for supply chain companies that have communicated sensitive information to parties in the United States, especially when using Gmail, Facebook, Skype, or other services compromised by the NSA. But the NSA is but one of many security worries that threaten supply chains.

Keeping data as safe as you can involves many facets of security management, including encryption, avoidance of electronic communications altogether for certain very sensitive data sharing, and other means. However, without defending the NSA in any way, government-sponsored espionage by governments around the world, as well as a data thieves whose mission is to steal and broker your sensitive data, collectively represent the biggest security problem to today's supply chain.

12 comments on “The NSA: Just One Threat to Supply Chain Security

  1. Jwarren
    November 5, 2013


    Interesting article. With the NSA threat, supply chain professionals are now certainly tasked with further due diligence sparked by data security concerns. You might find this article of interest which covers the US surveillance programme's impact on procurement:

  2. Bruce Gain
    November 7, 2013

    Indeed, the point I have been trying to make is that NSA spying is only one of many things that keep those in charge of security awake at night.

  3. Ariella
    November 8, 2013

    LOL @Rich Are you a Mac fan then? 

  4. SP
    November 8, 2013

    Dont think NSA ia sany threat to supply chain security. US is one of the world's superpowers and they enjoy the priviledge to review any and all data around the world. Its one way its good. 

  5. Ariella
    November 10, 2013

    @Rich I see. thanks for clarifying.

  6. Daniel
    November 11, 2013

    “When it comes to the NSA's spying activities, worldwide outrage is perhaps overblown — and shouldn't detract from supply chain concern about information security in the broadest sense.”

    Bruce, the latest developments shows that nothing, none including dignitaries are not at safer zone, in terms of information passing and communication. Would you think, they can make it safer? Quiet difficult and most of the military and defence sectors are facing the same issue.

  7. Paumanok Publications, Inc.
    November 19, 2013

    “Gentlemen do not read other gentlemen's mail.”

    In his history of the Cipher Bureau, Yardley charged that Stimson had axed the organization strictly for moralistic reasons. In his own autobiography, Stimson did not deny this: he noted that although he became a heavy consumer of decrypt intelligence in wartime, certain practices that might be necessary during war were unacceptable during peace.

  8. RobertBishop
    November 19, 2013

    I would suggest that the elephant in the room is the possibility that the NSA is spying on innovative individuals and small companies and passing harvested information on to mega-companies in the military industrial complex and others.
    It is common knowledge around the beltway the NSA spies on innovative individuals and companies in Japan, Germany , Russia and elsewhere to make certain the US is always on top technologically.
    The NSA is also said to be tasked to seek out disruptive technologies and  to make certain such technologies make a controlled entry into the market place.  Can you imagine the negative effect on the economy of a automobile that operates for years on a single glass of water?

    Since companies and individuals are not allowed to possess technologies that will secure information from the prying eyes of the NSA – and it now seems a real possibility that every commercial communications device has a back door that allows the NSA to interrogate it freely, there is really nothing anyone can do while still remaining part of society. And I for one enjoy capitalism too much to stop playing the game.

    Knowing all that we know now – is it so far fetched to believe the rumor that the NSA can remotely turn on any device embedded camera or microphone at will – with no indication to the owner of the device.

     It should be clear to everyone, that there are no more secrets.  The task before us it would seem – is to try and understand how innovative startups and innovative individuals can survive in such an environment. I would suggest the best path is to become aligned with a mega-company as soon as possible in the startup cycle.

    And always – we should remember that the value for us in this proposition is that from the innovation supply chain to the physical supply chain we can all feel very safe that the NSA and other three letter fiefdoms are keeping the world safe so we can do our day-to-day business.

    Certainly if you have nothing to hide there is no reason for concern.

    Orwell it would seem, was an optimist.

  9. Daniel
    November 19, 2013

    “”Gentlemen do not read other gentlemen's mail.””

    Paumanok, you are right and they don't want to poke in to others business. But when it comes to military intelligence, IB (Intelligence Bureau) etc, they have to as a part of vigil. Unless and until if they are keeping it confidential and not misusing, its fine.

  10. Paumanok Publications, Inc.
    November 19, 2013

    Jacob, thank you; I do understand why it is important to build an ark before the rain starts to fall.

  11. Daniel
    November 20, 2013

    “thank you; I do understand why it is important to build an ark before the rain starts to fall.”

    Paumanok, so funny.

  12. Anand
    November 21, 2013

    NSA has been claiming that it does “selective spying” i.e. it is not concerned about a company's information technology sector as long as they are not planning to use technology to disrupt peace settlements in the world. Most software that is deemed important to a company is placed with NSA keys through which NSA can track the software and its proceedings. Because of NSA, the EU and rest of the world are not approaching US based companies (especially cloud based companies) because they are believed to be infested with tracking technology of NSA. If this continues to go on, NSA will be directly responsible for the demise of US based software industries. Similarly, supply chain will also be affected as a large number of electrical and electronic parts arise from the US homeland, and if people get the wrong idea that these microchips can be tracked, then down go the supply chain in the homeland.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.