I sling code in the tech industry for a living and have been thinking about this for while.
The industry in the US is filled with employees from all over the world, but mainly the foreigners come from two countries: India and China. I don't have solid numbers to back this up, but let's just say 10%, or any number large enough to be statistically significant.
State-sponsored corporate espionage is a reality, and let's get real, everyone probably does it to a certain degree. But no country has as strong a reputation for this type of things as China.
If you're in charge of infosec at a large tech firm, wouldn't you be interested in finding out whether any of your employees does in fact leak IP to a notoriously hostile foreign government? How deep do you start electronically profiling (if at all) your workforce and where do you stop?
Obviously some things are easier to implement company-wide because they require comparatively few resources. If someone, anyone, starts regularly downloading code from projects they don't work on, you probably want to know about it, Chinese or not. The extreme opposite would be to follow employees around 24/7, which is obviously cost-prohibitive unless you already suspect foul pay.
I'm interested in hearing everyone's thoughts on whether infosec departments have profiling techniques that directly take into account someone's country of origin. Why? Why not?