Corporate executives must bear the responsibility of today’s evolving corporate world entering into a global community where not only are the exposures to such a wide market area lucrative to an already thriving business, but also to a grave danger of the companies’ trade and technology secrets, systems, financial accounts and much more. No longer is “Security” to the facility and personnel all that is required. Many foreign countries and interests take short cuts to becoming competitive through the theft of trade secrets, products and overt and covert espionage of all sorts. Some of these entities are now facing a growing challenge from United States corporations with safeguarding of commercial information, proprietary information, and economic factors.
Many of the tactics utilized in private sector counterintelligence have much in common with the secrets and information the government does its best to safeguard from theft of foreign governments or non-traditional actor threats. The FBI estimates U.S. Corporations lose over $100 billion annually. There are open and legal methods of collection open that are harmful and a good counterintelligence program should target this as well as illegal activities such as electronic eavesdropping, hacking, etc. Passive counterintelligence tries to curtail what a collector may do through countermeasures, and awareness training. Active counterintelligence will prove beneficial to identify and detect a threat, and will conduct operations including eliminating threats or ongoing targeting. A mitigation policy should be of avail. After an attack it may raise shareholder concern which needs to be quelled quickly. Quick realization of a threat and implementing action promptly and efficiently can stop immeasurable damage.
The leaders in the private sector need to be proactive and realize that it is no longer only local threats they face. The threats can be global and may not only be an economic threat but also a threat to national security. In the U.S. private sector ties to the Defense, Intelligence and other government entities can be vast with a great deal of interplay and interconnectedness. Also, corporations do not employ many of the safeguards put in place by the defense and other government departments. Compartmentation, clearance, and many operations taken for granted in the government aren’t serving the corporate structures well-being at all or as well as it should be. The Economic Espionage Act of 1996, Title 18, Sections 1831 and 1832 of the U.S. Code covers economic espionage and also if they are considered trade theft prosecutions.
Where once economic espionage meant directly infiltrating a company or recruiting an employee within the corporation our biggest challenge today is cyber espionage. In reality secrets and information are stolen often and not even known they were taken. And a much less chance of apprehension. Cybercrimes operate in a stealth mode in many ways, but in a contrast way can be identified and detected and countered with effective counterintelligence methods. The U.S. economy has changed over the past 20 years. “Intellectual capital rather than physical assets now represent the bulk of a U.S. corporation’s value.”
With the growth of cybercrimes including corporate espionage some tips for safeguarding and thwarting foreign hostile intrusions include:
- Conduct real-time monitoring of networks and retaining access records
- Software tools for content mgt., data loss prevention, network forensics
- Encrypt data on servers
- Utilize multi-factor authentication measures such as biometrics, PINS, passwords
- Mobility policy in which measures are developed to oversee which connections can and cannot be made to corporate systems
- Limits on social networking
- Establish contingency plans
When deciding to emplace a counterintelligence program to safeguard a corporation the first stepis to conduct a risk assessment by assessing vulnerabilities and estimating the consequences of losing critical assets. This should be headed up by a board member or senior executive.
Then move to step two in which groundwork is laid for establishing a corporate counterintelligence program. Hire a manager dedicated to counterintelligence. Hook up the company’s security, intelligence assurance, general counsel and HR departments. Develop liaison with government law and intelligence. Ensure centralized management of the counterintelligence program. And have legal counsel provide guidance on the counterintelligence program actions.
- Identify the Capabilities needed
- Threat awareness and training
- Analysis, Reporting and Response
- Suspicious activity reporting
- Counterintelligence Audit
- Counterintelligence Investigations.
- Implement the Counterintelligence Program
A basic counterintelligence program description will look something like this: PM (Program Manager) interplay such as:
- PM develops and implements CI program
- PM oversees a centralized CI Program office
- PM maintains insight into all corporate elements
- PM is responsible for liaison with US Government
- Security officers responsible for tactical CI
- PM provides CI guidance through training programs
Also be aware that not only high tech companies are targeted since the targeted information they seek may be deemed important by who is doing the shopping.