Roulette Table: How to Avoid Intellectual Property Theft
Jul 10, 2006
By Christopher Burgess and Richard Power
Today, the U.S. economy faces many threats, including spiraling energy costs, corporate governance abuses, huge federal deficits, foreign ownership of the national debt, the loss of jobs to offshore outsourcing and the impact of disasters (whether terrorist related or environmental). And of course, there is the looming possibility of a bird flu pandemic or other global health emergency that could result in the closing of borders, the interruption of business, the cessation of travel and the deaths of many thousands.
But there is another threat, difficult to quantify or even detect, one that has not yet grabbed the headlines or captured the imagination, and yet is relentlessly and efficiently looting, pillaging and plundering the U.S. and global economies of precious resources—vulnerable trade secrets.
Economic espionage is as real a threat as terrorism or global warming. But it is subtle, insidious and stealthy. Even if the United States finds the will to come to grips with the many threats it faces, this silent, invisible hemorrhaging of intellectual know-how and trade secrets could deliver the death blow to our pre-eminent place in the global economic world before we even wake up to the magnitude of the danger.
According to the U.S. Commerce Department, intellectual property theft is estimated to top $250 billion annually (equivalent to the impact of another four Katrinas), and also costs the United States approximately 750,000 jobs, while the International Chamber of Commerce puts the global fiscal loss at more than $600 billion a year. But both estimates appear to be woefully underestimated; by some other estimates, there was over $251 billion worth of intellectual property lost or illegal property seized in August 2005 alone.
The United States, like other great nations, stands on three legs: military power, political power and economic power. Arguably, economic power is the most vital of the three. Without economic power, its political elite would be bereft of the consultants and lawyers who insulate it; it would have nothing to bargain with at the geopolitical roulette table; and it would lack the bureaucratic muscle to impose its will domestically. Without economic power, the military would be unable to deploy advanced weapons systems, spy on its enemies from space, span the globe with bases or even raise an army.
Secrets are the magic ingredient of power. When state secrets—i.e., political and military secrets—are stolen, governments fall and wars are lost, people are disgraced and people die. When trade secrets—e.g., scientific or engineering secrets—are stolen, corporations lose their competitive edge, small entities cease to exist, and whole sectors of the economy weaken and fall behind in the global marketplace. People lose their livelihood and their children’s futures.
In other words, the United States could win the war on terrorism, overcome the challenges of global warming, balance the federal budget, strengthen the United Nations, end global armed conflict and restore our edge in science and engineering, and still end up behind China, India, Japan, Russia or Brazil in several vital sectors of the economy, and at a serious, if not fatal, disadvantage within the global marketplace.
The threats of economic espionage, intellectual property theft, counterfeiting and piracy are global, dangerous and increasingly common.
It is within your power to decide for yourself if your enterprise is going to be a hard target or soft target. The time for action is now. You can be prepared. Remember, it is important to invest in protective measures commensurate to the value of the asset being protected. Here are some recommendations for a comprehensive program.
Organization
Where security reports within an organization is perhaps the most vital issue of all. Consider appointing a chief security officer, who reports to either the chief executive office or the chief financial officer. This person should hold the reins of personnel security, physical security and information security, and should not be a stranger to the board room.
Awareness and Education
Educate your workforce on an ongoing basis about the threats of economic espionage, intellectual property theft, counterfeiting and piracy. Help them understand your expectation that they will protect the enterprise’s intellectual property and, by extension, their own livelihood. Provide general education for the entire workforce, and specialized education for executives, managers, technical personnel, etc.
Personnel Security Implement a “Personnel Security” program that includes both background investigations and termination procedures. You need policies that establish checks and balances, and you need to enforce them. Know the people you are going to hire. Don’t lose touch with them while they work for you. Consciously manage the termination process if and when they leave the enterprise.
Information Security Recruit certified information security professionals (e.g., CISSP, CISM, etc.). Adopt best practices, and establish a baseline. Utilize appropriate information security technologies, such as firewalls, intrusion detection, encryption, strong authentication devices, etc. Pay attention to data retention and data destruction as well as data access.
Physical Security
Do not overlook the “Duh” factor. It is pointless to invest in information security, or commit to background investigations, if agents of an unscrupulous competitor or a foreign government can simply walk away with what they covet.
Intelligence
You need both business and security intelligence. Know your competition, your partners and your customers. Research the market environment. Keep abreast of the latest trends in hacking, organized crime, financial fraud and state-sponsored economic espionage. You can outsource this expertise. But someone must be looking at both streams of intelligence, with the particulars of your enterprise in mind.
Industry Outreach
Actively participate in industry working groups appropriate to your sector and environment. Talk with your peers about the types of attacks or threats they are encountering.
Government Liaison
Leverage your tax dollars. Avail yourself of threat information from law enforcement, foreign ministries, elected officials, regulatory and trade organizations in your enterprise’s country, and in other countries where you conduct business.
Legal Strategies Realize that even when right is on your side, a market may be lost to you, and protecting a portion of the global market is sometimes a viable survival strategy. Litigation is not the solution; it is confirmation that intellectual property theft has occurred. Work to protect your intellectual property and avoid the costs associated with litigation. Don’t let a small legal mind make decisions about big legal issues. Get expert legal advice on intellectual property issues.
In sum, your security is in your hands. Employees tend to apply effort and intellect to the issue in portions commensurate with management attention to the topic of intellectual property protection. Employees line up smartly behind the leader providing direction, guidance and support. Providing that leadership is essential to your own continued economic viability in the global economy of the 21st century.
Christopher Burgess has recently retired as an officer of the U.S. Central Intelligence Agency, with 30 years of experience in the clandestine services. He can be reached via e-mail: cburgess@att.net. Richard Power (www.wordsofpower.net) is an internationally recognized authority on cybercrime, information age espionage and other threats. He can be reached via e-mail: richardpower@wordsofpower.net.
NOTE: Portions of this study were reviewed, and cleared without objection, by the Publication Review Board of the U.S. Central Intelligence Agency. A longer version of this article, with numerous real-life examples of IP threats, can be found at sister site CSOonline.com.
By Christopher Burgess and Richard Power
Today, the U.S. economy faces many threats, including spiraling energy costs, corporate governance abuses, huge federal deficits, foreign ownership of the national debt, the loss of jobs to offshore outsourcing and the impact of disasters (whether terrorist related or environmental). And of course, there is the looming possibility of a bird flu pandemic or other global health emergency that could result in the closing of borders, the interruption of business, the cessation of travel and the deaths of many thousands.
But there is another threat, difficult to quantify or even detect, one that has not yet grabbed the headlines or captured the imagination, and yet is relentlessly and efficiently looting, pillaging and plundering the U.S. and global economies of precious resources—vulnerable trade secrets.
Economic espionage is as real a threat as terrorism or global warming. But it is subtle, insidious and stealthy. Even if the United States finds the will to come to grips with the many threats it faces, this silent, invisible hemorrhaging of intellectual know-how and trade secrets could deliver the death blow to our pre-eminent place in the global economic world before we even wake up to the magnitude of the danger.
According to the U.S. Commerce Department, intellectual property theft is estimated to top $250 billion annually (equivalent to the impact of another four Katrinas), and also costs the United States approximately 750,000 jobs, while the International Chamber of Commerce puts the global fiscal loss at more than $600 billion a year. But both estimates appear to be woefully underestimated; by some other estimates, there was over $251 billion worth of intellectual property lost or illegal property seized in August 2005 alone.
The United States, like other great nations, stands on three legs: military power, political power and economic power. Arguably, economic power is the most vital of the three. Without economic power, its political elite would be bereft of the consultants and lawyers who insulate it; it would have nothing to bargain with at the geopolitical roulette table; and it would lack the bureaucratic muscle to impose its will domestically. Without economic power, the military would be unable to deploy advanced weapons systems, spy on its enemies from space, span the globe with bases or even raise an army.
Secrets are the magic ingredient of power. When state secrets—i.e., political and military secrets—are stolen, governments fall and wars are lost, people are disgraced and people die. When trade secrets—e.g., scientific or engineering secrets—are stolen, corporations lose their competitive edge, small entities cease to exist, and whole sectors of the economy weaken and fall behind in the global marketplace. People lose their livelihood and their children’s futures.
In other words, the United States could win the war on terrorism, overcome the challenges of global warming, balance the federal budget, strengthen the United Nations, end global armed conflict and restore our edge in science and engineering, and still end up behind China, India, Japan, Russia or Brazil in several vital sectors of the economy, and at a serious, if not fatal, disadvantage within the global marketplace.
The threats of economic espionage, intellectual property theft, counterfeiting and piracy are global, dangerous and increasingly common.
It is within your power to decide for yourself if your enterprise is going to be a hard target or soft target. The time for action is now. You can be prepared. Remember, it is important to invest in protective measures commensurate to the value of the asset being protected. Here are some recommendations for a comprehensive program.
Organization
Where security reports within an organization is perhaps the most vital issue of all. Consider appointing a chief security officer, who reports to either the chief executive office or the chief financial officer. This person should hold the reins of personnel security, physical security and information security, and should not be a stranger to the board room.
Awareness and Education
Educate your workforce on an ongoing basis about the threats of economic espionage, intellectual property theft, counterfeiting and piracy. Help them understand your expectation that they will protect the enterprise’s intellectual property and, by extension, their own livelihood. Provide general education for the entire workforce, and specialized education for executives, managers, technical personnel, etc.
Personnel Security Implement a “Personnel Security” program that includes both background investigations and termination procedures. You need policies that establish checks and balances, and you need to enforce them. Know the people you are going to hire. Don’t lose touch with them while they work for you. Consciously manage the termination process if and when they leave the enterprise.
Information Security Recruit certified information security professionals (e.g., CISSP, CISM, etc.). Adopt best practices, and establish a baseline. Utilize appropriate information security technologies, such as firewalls, intrusion detection, encryption, strong authentication devices, etc. Pay attention to data retention and data destruction as well as data access.
Physical Security
Do not overlook the “Duh” factor. It is pointless to invest in information security, or commit to background investigations, if agents of an unscrupulous competitor or a foreign government can simply walk away with what they covet.
Intelligence
You need both business and security intelligence. Know your competition, your partners and your customers. Research the market environment. Keep abreast of the latest trends in hacking, organized crime, financial fraud and state-sponsored economic espionage. You can outsource this expertise. But someone must be looking at both streams of intelligence, with the particulars of your enterprise in mind.
Industry Outreach
Actively participate in industry working groups appropriate to your sector and environment. Talk with your peers about the types of attacks or threats they are encountering.
Government Liaison
Leverage your tax dollars. Avail yourself of threat information from law enforcement, foreign ministries, elected officials, regulatory and trade organizations in your enterprise’s country, and in other countries where you conduct business.
Legal Strategies Realize that even when right is on your side, a market may be lost to you, and protecting a portion of the global market is sometimes a viable survival strategy. Litigation is not the solution; it is confirmation that intellectual property theft has occurred. Work to protect your intellectual property and avoid the costs associated with litigation. Don’t let a small legal mind make decisions about big legal issues. Get expert legal advice on intellectual property issues.
In sum, your security is in your hands. Employees tend to apply effort and intellect to the issue in portions commensurate with management attention to the topic of intellectual property protection. Employees line up smartly behind the leader providing direction, guidance and support. Providing that leadership is essential to your own continued economic viability in the global economy of the 21st century.
Christopher Burgess has recently retired as an officer of the U.S. Central Intelligence Agency, with 30 years of experience in the clandestine services. He can be reached via e-mail: cburgess@att.net. Richard Power (www.wordsofpower.net) is an internationally recognized authority on cybercrime, information age espionage and other threats. He can be reached via e-mail: richardpower@wordsofpower.net.
NOTE: Portions of this study were reviewed, and cleared without objection, by the Publication Review Board of the U.S. Central Intelligence Agency. A longer version of this article, with numerous real-life examples of IP threats, can be found at sister site CSOonline.com.