Corporate executives must bear the responsibility of today’s evolving corporate world entering into a global community where not only are the exposures to such a wide market area lucrative to an already thriving business, but also to a grave danger of the companies’ trade and technology secrets, systems, financial accounts and much more.
No longer is “Security” to the facility and personnel all that is
required. Many foreign countries and interests take short cuts to becoming
competitive through the theft of trade secrets, products and overt and covert
espionage of all sorts. Some of these entities are now facing a growing
challenge from United States corporations with safeguarding of commercial information,
proprietary information, and economic factors.
Many of
the tactics utilized in private sector counterintelligence have much in common
with the secrets and information the government does its best to safeguard from
theft of foreign governments or non-traditional actor threats. The FBI
estimates U.S. Corporations lose over $100 billion annually. There are open and legal
methods of collection open that are harmful and a good counterintelligence
program should target this as well as illegal activities such as electronic
eavesdropping, hacking, etc. Passive counterintelligence tries to curtail what
a collector may do through countermeasures, and awareness training. Active
counterintelligence will prove beneficial to identify and detect a threat, and
will conduct operations including eliminating threats or ongoing targeting. A
mitigation policy should be of avail. After an attack it may raise shareholder
concern which needs to be quelled quickly. Quick realization of a threat and implementing
action promptly and efficiently can stop immeasurable damage.
The
leaders in the private sector need to be proactive and realize that it is no
longer only local threats they face. The threats can be global and may not only
be an economic threat but also a threat to national security. In the U.S.
private sector ties to the Defense, Intelligence and other government entities
can be vast with a great deal of interplay and interconnectedness. Also,
corporations do not employ many of the safeguards put in place by the defense
and other government departments. Compartmentation, clearance, and many
operations taken for granted in the government aren’t serving the corporate
structures well-being at all or as well as it should be. The
Economic Espionage Act of 1996, Title 18, Sections 1831 and 1832 of the U.S.
Code covers
economic espionage and also if they are considered trade theft prosecutions.
Where
once economic espionage meant directly infiltrating a company or recruiting an
employee within the corporation our biggest challenge today is cyber espionage.
In reality secrets and information are stolen often and not even known they
were taken. And a much less chance of apprehension. Cybercrimes operate in a
stealth mode in many ways, but in a contrast way can be identified and detected
and countered with effective counterintelligence methods. The U.S. economy has
changed over the past 20 years. “Intellectual
capital rather than physical assets now represent the bulk of a U.S.
corporation’s value.”
With the
growth of cybercrimes including corporate espionage some
tips for safeguarding and thwarting foreign hostile intrusions include
Conduct
real-time monitoring of networks and retaining access records
Software
tools for content mgt., data loss prevention, network forensics
Encrypt
data on servers
Utilize
multi-factor authentication measures such as biometrics, PINS, passwords
Mobility
policy in which measures are developed to oversee which connections can and cannot
be made to corporate systems
Limits on
social networking
Establish
contingency plans
Many
others
When
deciding to emplace a counterintelligence program to safeguard a corporation
the first
stepis to conduct a risk assessment by assessing vulnerabilities and estimating
the consequences of losing critical assets. This should be headed up by a board
member or senior executive.
Then move
to step two in which groundwork is laid for establishing a corporate
counterintelligence program. Hire
a manager dedicated to counterintelligence. Hook up the company’s security,
intelligence assurance, general counsel and HR departments. Develop liaison
with government law and intelligence. Ensure centralized management of the
counterintelligence program. And have legal counsel provide guidance on the
counterintelligence program actions.
Identify the Capabilities needed
Threat
awareness and training
Analysis, Reporting and Response
Suspicious
activity reporting
Counterintelligence
Audit
Counterintelligence
Investigations.
Liaison
Implement the Counterintelligence Program
A basic
counterintelligence program description will look something like this: PM
(Program Manager) interplay such as:
PM
develops and implements CI program
PM
oversees a centralized CI Program office
PM
maintains insight into all corporate elements
PM is
responsible for liaison with US Government
Security
officers responsible for tactical CI
PM
provides CI guidance through training programs
Also be
aware that not only high tech companies are targeted since the targeted
information they seek may be deemed important by who is doing the shopping.
***Bob
Budahl: I am an educated professional who has completed 3 University programs
with the latest being in Counterintelligence from American Military University.
Formerly I managed a Bank and currently hold a Real Estate license. US
Citizen.