By Daniel J. Benny, M.A., CPP, PCI, CLET, CPO, CSS
"Espionage is not a game; it's a struggle we must win if we are to protect our freedom and our way of life." These words spoken by President Ronald Regan nearly twenty years ago during a November 30, 1985 radio speech may not seem relevant today since the "cold war," has been won. However, in the world of industrial espionage, foreign intelligence and terrorism, it is never over.
At stake are secrets essential to our national security and campus research projects. Many countries, including our allies, will continue to spy on the United States to obtain vital information. Targets include d educational institution, which work on government projects, along with those that conduct research related to high- tech industrial applications. Institutions that conduct their own research or are contractors for the United States Government are always a target.
Theft of trade secrets or economic espionage is a federal criminal offense as defined by the Economic Espionage Act of 1996. It imposes up to a 15-year prison term and or a maximum $5000, 000.00 fines on any person and a $10 million fine on any organization that steals or destroys a trade secret of value with intent to benefit any foreign power. (Title 18 UCS 1831) The act imposes a 10 year prison term and or maximum $250,000.00 fine o any person and %5 million fine on any organization who knowingly steals or destroys any trade secret with intent to economically benefit anyone other then the owner and or injuries the owner of the trade secret. (Title 18 USC 1832) The act also allows the forfeiture to the U.S. government of proceeds or property derived from economic espionage and may require forfeiture of property used to commit economic espionage.
Espionage and the theft of protected company information is also a violation of state law as exemplified in the Crimes Code of Pennsylvania, Section 3930, Theft of Trade Secrets. Under Pennsylvania law theft of trade secrets is a felony offense.
The best source of intelligence by a hostile intelligence agency is to use employees and students who have access to the information they seek. This allows easy access and in many cases, long-term access to information with low risk to the hostile intelligence agency.
Education is the first line of defense. While prevention of espionage includes physical security controls such as intrusion systems, CCTV, access control, physical barriers, and patrolling by a professional campus security and or police force. The best and first line of defense is to be alert to the signs of espionage through the behavior of employees and students. By establishing an effective educational program on the subject of counter-espionage, a college or university can reduce the risk of loss from espionage.
The following inform should be included in the counter-espionage educational program:
Discuss why an individual may take part in such activity. This could be a change in ideology and they now have a negative view of the college, and the United States Government. They may be supportive of a competitor, foreign country or even a terror organization. Individuals who express inquisitiveness or attempt to gain access to information in areas in which they do not have a need to know could be a risk to your institution as they may be seeking such information for unlawful reason. Individuals seeking to gain unauthorized information may also arrive for work early, work through lunch or stay late in an attempt to gain access to the information they seek. Many employees involved in long- term espionage will not even take vacation in fear that their activities will be uncovered if absent. The photocopying, photographing or the removing sensitive information especially with evidence of sudden unexplained financial gain is an obvious sign of espionage. As Sherlock Holmes stated in the case of Sliver Blaze, "There is nothing more decisive than an obvious fact".
In the educational program, review in detail the other reasons for an employee or student to steal information. Money in nearly all of the espionage cases brought to light is the number one reason. This can be because an individual is in debt or just seek to change their lifestyle with additional money. Sympathy for a cause or political belief is also attributed to such activity. This is especially true today incases where the individual is aliened and supportive of a terror organization. Revenge may also be the motive of a disgruntled employee or student who feels the college or university wronged them. Blackmail is a common motive should an employee be lured into a compromising position. This is a method use by intelligence agencies in order to obtain access to information they seek. Sex and or love while not the most common motive, can lead to the theft of information. In this type of situation the employee or student is often manipulated by their handler with sex or love as the tool and the love is of course one sided. There have been times when real love has lead to an individual betraying their beliefs and country. The addictions of life such as drugs, gambling, credit card use or even sex can lead to the thief of information to support such habits or addictions.
Obtaining the support of top management for the educational and information security program is critical. Without such support, it will difficult to instruct, implement and enforce security guidelines and procedures. The establishment of written policies and procedure is critical in the development of an espionage prevention and training program. Should the institution be conducting classified contract research for the United States government the all procedures in handing the classified information must follow the National Industrial Security Program Operating Manual (NISPOM) and this needs to be part of the educational program.
The organization must identify what information is to be protected and for how long and develop a review program to determine if the information is current and needs to be protected. It is also important to determine the monetary or competitive value of your information. If information is stolen, for effective prosecution and recovery of damages, there needs to be a monetary value for the information and or impact of its loss.
Ensure that classified NISPOM or company confidential information is properly marked and staff, as part of the education program understands this requirements. In addition to proper marking the college or university must ensure that the information is properly stored and secured in authorized security containers. Combination and other locks of such containers are to be changed frequently and when required. Proper disposal procedures to shred material or pulp sensitive or classified information needs to be in place as well as effective disposal equipment.
Conduct pre-employment and periodic background investigations of staff that will have access to company confidential information. Ask new employees if they are obligated under any confidentiality or nondisclosure agreements and obtain nondisclosure agreements from employees, vendors and others with access. Continue to provide training to staff with regard to the protection of information. During the annual performance review would be an excellent time to provide update training and remind employees of their obligations.
By having a strong education program covering the vital information as discussed, you can protect your institutions research and information and prevent espionage that would affect not only the college, but in many cases our country.
There are many sources from which to obtain information in the establishment of an effective counter-espionage training program. Many colleges and universities have a degree programs with a major in intelligence. Other colleges incorporate count-espionage topics in Security Administration degree programs as I do as a Professor of Criminal Justice at Central Pennsylvania College. In the Corporate Security course offered at the college, the protection of classified information and counter-espionage techniques are a part of curriculum.
Organizations that have information covered under NISPOM can obtain educational information from the Defense Security Service Academy. They offer ready to use educational programs in the form VHS, DVD, power point and publications.
An additional source of information on the development of educational programs at a college is the ASIS International Academic Programs Council. Contact the chair of the council David Gilmore, CPP thought ASIS Internationl for more information.
Professional Organization Web Pages
Association of Former Intelligence Officers
Business Espionage Controls and Countermeasures Association
Naval Intelligence Professionals
Business Intelligence A Primer, Cooper, 1996, Executive Protection Institute
Business Intelligence and Espionage, Green, 1966, Dow Jones-Irwin
Confidential, Noland, 1999, Harper Business
Countering Industrial Espionage, Heims, 1982, 20th Century Security Education LTD
Director of Central Intelligence Directive (Manual for Physical Security Standards for Sensitive Compartmented Information Facilities), 1999, Central Intelligence Agency
National Industrial Security Program Operating Manual, DOD, 2003
Safeguarding Proprietary Information, ASIS Reprints Series, 1994, ASIS International
Trends in Intellectual Property Loss Survey, Heffernan and Swartwood, 1996, ASIS International