Unlocking the Chinese Puzzle: Insider Espionage and Four Ways to Protect Your Organization

By Greg Cullison

insider espionageThe recent indictment of six Chinese nationals over alleged theft of cellphone-related technology is yet another chapter in the saga of purloined technology.  Many more undiscovered insider espionage cases are certainly still operating now.

As-yet untold intellectual property losses and stymied future innovation are two unfortunate outcomes for the commercial sector, the public sector risks the theft of national security information and personnel data.

Based on a 32-page indictment from the U.S. Justice Department, the accused in this case worked at two U.S. companies on sophisticated frequency-blocking technology useful in cellphone applications.  They allegedly set up a dummy corporation and were in league with a foreign university to exploit the technology.

The indictment further notes that the two victim companies did in fact use “reasonable measures” like passwords and segmented networks to shelter their intellectual property.  Only by chance was the fraud discovered when one of the original developers visited China, according to the document.

While this case involves theft of technology from protected networks this is not at root a technology problem. It is a human problem.

Capitalism efficiently allocates capital to its most productive uses.  But humans are not economic units.  They are creative beings.  You should treat them as such if you want your organization to be around for awhile.

‘But,’ you may say, ‘We already mollycoddle our employees with foosball tables and spa coupons.  What more is there?’

The U.S. military also provides generous benefits, like free weapons, healthcare and uniforms, and generous educational subsidies. Yet, as an organization, it has produced a striking array of employee loyalty, from General Eisenhower to PFC Chelsea (nee Bradley) Manning of WikiLeaks fame.   

Take an honest look at your organization and determine whether you have truly integrated Human Resources into your security program.

In the above economic insider espionage case, clearly these were highly skilled engineers but their personal interests ultimately did not align with those of their employer.

The solution, then, lies in several concrete actions that need to become part of the daily fiber of your organization. Convinced that you have the right mix of skills for a successful organization, have you instituted a program to monitor for signs of disaffection, competing loyalties, or distress? 

  1. Continually pulse employee attitudes.  In this way you will be alerted to signs of disgruntlement, which could be isolated to particular individuals but could also come from underlying organizational problems that might cause widespread Unhappy Camper syndrome.
  1. Conduct continuous evaluation of employees.  An annual review is most probably too infrequent to meaningfully measure significant changes in employee performance. 
  1. Create a work environment where all employee input is valued and acted upon as appropriate.
  1. Have an employee support program for those employees who experience personal or professional difficulties.  Remember that many insider threat cases resulted from several external triggers, such as financial distress.

Above all, if you find employees who do not embody your organization’s core values, kindly show them the exit door (and shut off their account accesses).

Organizations like yours must take internal action to protect yourself and your employees.  As a stark reminder, in the U.S. eleven cases have been brought under the Economic Espionage Law since 1996.

Insider Threat: Is Your Company Prepared? - Schedule Your Assessment