November 27, 2012

Counterintelligence Awareness

Teaching Industry How to Protect Trade Secrets and National Security

Protect Information Image with Locks

The FBI vigilantly investigates cases of industrial espionage and theft of intellectual property, but the Bureau also places great emphasis on preventing such crimes by educating industry on ways to keep trade secrets safe. One such innovative program in North Carolina’s Research Triangle is a collaborative effort with other federal partners called RED DART.

The threat to America’s trade secrets—and to our national security—is real, whether it comes in the form of international spies, hackers probing online security systems, or disgruntled employees out for revenge. RED DART seeks to mitigate the threat by raising counterintelligence awareness.

Through briefings to cleared defense contractors and others in technology-rich North Carolina, RED DART makes executives and employees aware of how counterintelligence works and how they can spot suspicious activity both inside and outside their companies.

“Everybody wants to emulate U.S. technology,” said Brent Underwood, a special agent with the Naval Criminal Investigative Service who helped create RED DART. “If countries can shortcut 10 or 20 years’ worth of research and development by stealing our technology, that puts them at an obvious advantage.”

Protecting Your Business from Espionage

Here are a few precautions business executives and employees can take to protect trade secrets:

-  Recognize there is an insider and outsider threat to your company.
-  Identify trade secrets and implement a plan for safeguarding them.
-  Secure physical and electronic versions of your trade secrets.
-  Confine intellectual knowledge to a need-to-know basis.
-  Provide training to employees about your company’s intellectual property plan and security.
-  Do not store private information vital to your company on any device that connects to the Internet.
-  Use up-to-date software security tools. Many firewalls stop incoming threats but do not restrict outbound data.
-  Educate employees on e-mail tactics such as spear phishing. Establish protocols for quarantining suspicious e-mail.
-  Remind employees of security policies on a regular basis through active training and seminars. Use signs and computer banners to reinforce security policies.
- Ask the FBI or other security professionals to provide additional awareness training.

Despite the occasional high-profile case where a spy accesses highly classified documents, the majority of stolen technology is unclassified, said FBI Special Agent Lou Velasco, who manages the program out of our Charlotte Division. “With the right amount of information,” he explained, “state actors can reverse-engineer our products or build them from scratch.”

When that happens, our adversaries can be more competitive on the battlefield as well as in the global marketplace. “A big part of our program is putting information out there about the threat so that people understand just how serious it is,” Velasco said. “When a company’s trade secrets are compromised, it can threaten national security, but it can also hurt that company’s bottom line and its ability to keep people employed.”

The threat from inside a company may be employees secretly sent by foreign countries to steal secrets. RED DART briefings help employees spot suspicious behavior, such as a staffer working odd hours, asking inappropriate questions, or making frequent trips overseas. Externally, foreign agents may pose as potential investors or customers to gain access to technical information that could compromise a company’s trade secrets. And weak online security is always an invitation to hackers.

Griff Kundahl, executive director of the Center of Innovation for Nanobiotechnology in North Carolina, a state-funded organization that fosters new technology in the region, has worked closely with the RED DART program to help educate the center’s members.

“Our core constituents are early-stage companies,” Kundahl said. “They developed a product that might treat cancer, for example. They are trying to raise money and get their product to market. They don’t have much time or the resources to consider security risks. If RED DART can get them to understand these risks, it helps everybody. When they realize that all their efforts could be for naught if their technology is stolen or compromised, it can be eye-opening for them.”

“Our challenge is to show how real the threat is,” Velasco said. “We arm people with tools so that they can make appropriate business decisions.”

Michelle Brody, a special agent with the Defense Security Service and a founding member of RED DART, added, “When RED DART helps a company protect itself a little better, it not only helps them, it helps our national security.”

- More about counterintelligence