Title: Technology and Intellectual Property Protection in a Global Economy AUVSI Symposium
1Technology and Intellectual Property Protection
in a Global EconomyAUVSI Symposium
- Gregory S. Witkop, M.D.
- Special Agent, FBI
- Basic and Applied Research Consultant, Critical
National Asset Unit - Strategic Partnership Coordinator, Seattle
Division - Affiliate Scientist, UW Applied Physics
Laboratory
2The Great Game
- From time to time, God causes men to be born who
have a lust to go abroad at the risk of their
lives and discover news today it may be of far
off things, tomorrow of some hidden mountain, and
the next day of some near by men who have done a
foolishness against the State. We of the Game
are beyond protection. If we die, we die. Our
names are blotted from the book. When everyone
is dead the Great Game is finished. Not before. - Rudyard Kiplings Kim
3Traditional Threat
- Many people assume the end of the Cold War made
the world of cloak-and-dagger obsolete.
Unfortunately, espionage is still very much with
us. Nations will always try to learn one
anothers secrets to gain political, military, or
economic advantage. Indeed, the foreign
intelligence presence operating in the United
States is roughly the same as it was during the
Cold War. - Robert S. Mueller, III Director, FBI 11/17/2011
4Asymmetric Threat
- Apart from the more traditional types of
espionage, todays spies are just as often
students, researchers, businesspeople, or
operators of front companies. And they seek
not only state secrets, but trade secrets from
corporations and universities-such as research
and development, intellectual property, and
insider information. - Robert S. Mueller, III Director, FBI 11/17/2011
5Cyber Threat
- I am convinced that there are only two types of
companies those that have been hacked and those
that will be. And even they are converging into
one category companies that have been hacked and
will be hacked again. - Robert S. Mueller, III Director, FBI
03/01/2012
6Commercial / ITAR Threat
- At least 108 countries have full fledged
procurement networks that work through front
companies, joint ventures, trade delegations and
other mechanisms to methodically target our
government, our private industries, and our
universities.Assistant Attorney General Kenneth
WeinsteinOctober 2007
7Risks when we sell
COUNTRY 1
OPERATIONAL THREAT COUNTRY 1 CHANGES FROM A
FRIENDLY COUNTRY TO A THREAT COUNTRY.
COUNTRY 2
COMPETITIVE THREAT COUNTRY 2 USES TECHNOLOGY
GAINED TO FURTHER ITS INDUSTRIAL BASE GAIN
MARKET SHARE.
TRANSFER CAPABILITY OR TECHNOLOGY OR BOTH
COUNTRY 3
PROLIFERATION THREAT COUNTRY 3 INTENTIONALLY
OR UNINTENTIONALLY RELEASES TECHNOLOGY,
PROLIFERATION RESULTS IN THREAT COUNTRIES GAINING
TECHNOLOGY.
COUNTRY 4
PRECEDENCE THREAT RELEASE TO COUNTRY 4
NECESSITATES RELEASE TO OTHER COUNTRIES RESULTING
IN PROLIFERATION AND THREAT COUNTRIES GAINING
TECHNOLOGY.
8 9Commercial Tactical Response
- Continue export vigilance- report not only
unusual but rejectedDomestic Sales Every
sale is an export i.e. know end users, all
invoices have export controlled
warningAccounting alert to shipping
destination payment origination
discrepanciesActive Measures Prosecutions are
nice. Disruption is Better!
10Cyber Tactical Response
- Assume Breach Kirk Bailey, CISO UW
- Buy In easy things are hard i.e. update
patches, change passwords, unknown unopened - Clean machines whenever travel outside of US
- Reverse firewalls
- Compartmentalize need to know need to access
no need to know no access
11Insider Threat Tactical Response
- Mind the Gap emotional, social, financial
changes - Anonymous reporting
- Banners
- Linear relationship between responsibility /
access and transparency i.e. CEO, CEO Admin,
Program Directors and Systems Administrators
should be most transparent not only because could
do most harm but more importantly avoids
adversarial culture
12Proactive Risk Mitigation
- Taxonomy of Risk
- Reporting
- Security Responsibility
- Counterintelligence Responsibility
- Corporate Responsibility
- Individual Responsibility
13Taxonomy of RiskThreat Vectors
- Human (witting) Technical Inside (collection
technology / hardware / software) air gaps,
specificity, targeting, justified access - Human Inside (unwitting) Technical
- Technical - Outside
- Human - Outside
14Insider Threat Greatest Challenge
- Modern era 2 greatest traitors, Ames and
Hanson, worked for the CIA and FBI. Their
success proves how difficult it is to deal with
this threat. - Myriad of psychological, ethical, and
sociological reasons prevent reporting of
suspicious behavior
15National Industrial Security Program Operating
Manual
- The contractor shall promptly submit a written
report to the nearest field office of the FBI,
regarding information coming to the contractors
attention concerning actual, probable, or
possible espionage, or subversive activities at
any of its locations. An initial report may be
made by phone, but if must be followed in
writing, regardless of the disposition made of
the report by the FBI. A copy of the written
report shall be provided to the CSA - Chapter 1, Section 3, Paragraph 301
16Risk Mitigation SecurityKeeping the Adversary
Out
- Security is necessary but not sufficient all
the guns, gates, guards, badges, passwords,
firewalls, and classification systems in the
world will not defeat our adversaries
17Risk Mitigation CounterintelligenceKeeping the
Adversary Close
- Counterintelligence is necessary but not
sufficient all the threat and vulnerability
assessments, understanding of motivations, and
even active measure programs are not enough to
defeat our adversaries
18Risk Mitigation Corporate Responsibility
- Ownership
- Trust / Respect
- Creativity
- Meaning
19Risk Mitigation Individual Responsibility
- Security System Counterintelligence Strategy
Corporate Responsibility Individual
Responsibility is necessary and sufficient - Ultimately no one can defend your house other
than you
20Thank you
Greg Witkop, M.D. Special Agent, Seattle
Division (206) 262-2177 Gregory.Witkop_at_ic.fbi.gov
21Espionage Statutes
- 18 USC 794 Espionage Statute
- 1 Transmittal 2 National Defense
Information 3 To an Agent of a Foreign Power
4 With Intent to Injure U.S. or Aid Foreign
Power - 50 USC 783 -- Unauthorized Disclosure
- A "Filler" Statute
- 1 U.S. Government Employee
- 2 Who Knowingly Transmits
- 3 Classified Information
- 4 To a Foreign National
22Economic Espionage Act of 1996
- Economic Espionage 18 USC 1831
- - Economic espionage is (1) whoever knowingly
performs targeting or acquisition of trade
secrets to (2) knowingly benefit any foreign
government, foreign instrumentality or foreign
agent. - Theft of Trade Secrets 18 USC 1832
- - Commonly called Industrial Espionage
- - Theft of trade secrets is (1) whoever
knowingly performs targeting or acquisition of
trade secrets or intends to convert a trade
secret to (2) knowingly benefit anyone other than
the owner.
23Bayes Theorem
- Given some phenomenon (A) that we want to know
about, and an observation (X) that is evidence
relating to A, Bayes theorem tells us how much
we should update our knowledge of A, given the
new evidence X - Gives a mathematical basis for belief i.e.
probability