Today in the news there was a story of a major security breach where nuclear secrets were stolen from Oak Ridge National Laboratory. A contract employee allegedly obtained highly classified information on uranium enrichment to be sold to a foreign country. See the news article on MSNBC: National lab worker accused of stealing secrets. It’s a stark reminder again that information is both valuable and important, and people who want said information and are willing to sacrifice and go to great extents to obtain it.
It reminded me that I recently had the opportunity to attend the “Five Pillars of Executive Leadership in a Non Secure World Conference” in Research Triangle Park, NC sponsored by the North Carolina Technology Association (NCTA). The conference focused on corporate security as a business ethic, and was discussed in light of potential criminal & terrorist attacks against U.S. citizens.
The 5 pillars referenced in the seminar’s name were:
1. Protecting People
2. Physical Security
3. Intellectual Property Protection
4. Cyber Security
5. Business Continuity Planning
The conference which targeted business leaders addressed identity theft, terrorism and natural disasters, but what I was most intrigued by was threat of Industrial Espionage especially when travelling and Counter Intelligence efforts that can be conducted by everyday Average Joe’s carrying laptops & cell phones. It suddenly occurred to me: I am that “Average Joe” and so are you!!!
Definitions: from Wikipedia
Counter Intelligence – Efforts designed to prevent enemy intelligence organizations & competitors from successfully gathering and collecting intelligence.
Espionage – The practice of obtaining information about an organization that is considered secret or confidential without the permission of the holder of the information.
What can we do?
Armed with just a little bit of knowledge, we can stay alert and use security best practice when travelling to minimize risk to our physical safety and the intellectual property stored digitally in our bags and pockets. We need to take responsibility to protect ourselves, our businesses & effectively the U.S. government from losing sensitive information or secrets including intellectual property, financials, or secret formulas that would give competitors a competitive business or military advantage.
Some examples of Espionage:
• A foreign airport official confiscates your corporate laptop to “Check it” – after duplicating your drive, it is returned to you apparently undamaged.
• Your cell phone is used as a bug to eavesdrop on your “private” business conversation
• A foreign government gives or sells your business data to your foreign competitor.
• A contract worker at a nuclear lab obtains classified secrets with intent to sell them.
Some useful travel tips:
1. Never let a laptop out of your sight in an airport & use encrypted drives (i.e. BitLocker Drive Encryption) so that only a piece of hardware, but no data is stolen with the computer.
2. Never, ever, check your laptop (or other valuables) with your luggage.
3. Assume any conversation on phones to be public & do not disclose business confidential data on phones in foreign country
4. Assume any Internet activity to be public, so be sure to encrypt any communication that need to be private. For example do not send sensitive work-related e-mail from a public hotspot.
5. When overseas, contact the U.S. Embassy and let them know where you are staying & when traveling away from your hotel.
6. Stay in hotel floors between 2nd and 6th floors. Avoid first floor rooms especially if it faces a parking lot as theft is most convenient for criminals to easily reach. Avoid rooms above the 6th floor as many fire departments are unable to reach rooms higher than 6th floor with a ladder.
7. In regions highly susceptible to terrorism, you may want to consider using a local hotel instead of a mainstream hotel chains that may be targeted simply because of its affiliation with a country.
8. Never leave valuables in a hotel with business sensitive information. If you use a room safe, it may protect against a curious maid, but will not keep out trained professionals who want your data.
9. Don’t leave passwords or dial-in remote access numbers attached to labels on your computer or in your laptop case
10. Espionage is theft of information not hardware, so someone may just want a copy of your drive. The airport official may bring your laptop back and nothing may be missing from your room when you noticed it looks like someone had been in your stuff – but that doesn’t mean nothing was taken.
Further Reading & Useful Travel Safety Links:
“Theft While Traveling” on the U.S. Department of Energy website
Industrial Espionage ‘Real and out there’ – by Will Smale – BBC News