CI Author Interview: Mark Robinson.

Mark Robinson. Beyond Competitive Intelligence: The Practice of Counterintelligence and Trade Secrets Protection. 1^st Books Library, 2003 AtAmazon.com


What motivated you to do the book?

My primary motivation was to demonstrate that to be successful in today’s economic climate, a company needs to practice not only competitive intelligence (CI) but also make use of counterintelligence techniques and develop processes to protect its trade secrets. Simply put, CI is offense and counterintelligence is defense. Successful companies will practice both.

A second motivating factor involves an expanded role that CI professionals should play in the protection side of their respective companies. Most corporate security business units focus solely on the physical protection of their companies and their employees. Rarely, if at all, do these security operations practice the protection of proprietary information including customer lists, pricing models, R&D information, and marketing plans. This is a void that I believe CI professionals can and should fill.

What did you find hard or easy to cover?

The topics for the book were easy to choose but communicating them to readers in various professions was a challenge. For example, CI professionals that have spent their careers using collection and analysis techniques will discover practical ways to prevent those very same techniques from being used against them and their companies. On the other hand, the security professional will become more aware of CI and the various ways in which we gather intelligence.

What are the main topics that CI practitioners will find most interesting in your book?

Throughout the book, I make extensive use of real world examples taken from the legal profession as well as my own work experience showing what can happen when companies fail to protect their trade secrets. Secondly, I discuss two information protection models that every CI practitioner should know and use: OPSEC which stands for OPerations SECurity, and CICM which stands for Competitive Intelligence Countermeasures Model.

OPSEC is a five step process that relies on targeting key pieces of information or specific documents, those that would be of interest to a company’s competitors, and devising protection methods. The five steps are:

• Identify critical information
• Analyze the threat
• Analyze the vulnerability
• Assess the risk
• Implement countermeasures

The CI Collection Model uses standard CI techniques to focus not on the competition itself, but how its CI unit collects and analyzes information.

What specific role can CI professionals play in the counterintelligence process?

In the book, I advocate the creation of a “virtual protection team” consisting of senior executives who can provide expertise and guidance in a crisis. As an example, Boeing recently lost $1 billion in its rocket business because the U.S. Air Force determined the company illegally acquired documents of rival Lockheed Martin. In this case, one Boeing employee admitted to having “tons” of proprietary Lockheed documents including secret pricing data in his possession. Boeing management should be asking itself how one employee managed to come to obtain this much information.

The loss of this sensitive material from Lockheed Martin is a result of lax document control on their part and not properly identifying the documents as trade secrets. Proper handling of this crisis by Boeing requires input of the “virtual protection team” which includes Human Resources, Corporate Security, Legal Counsel, and the CI unit. CI’s role at Lockheed Martin would have been to predict the techniques that Boeing or any other competitor might have used to acquire these documents and design the appropriate protection methods. In addition, the CI unit at Lockheed Martin could have “attacked” itself using standard CI techniques to probe for and reveal the company’s vulnerabilities or weak points.

CI’s role at Boeing should have been to educate managers regarding the legal and illegal ways that intelligence is gathered. Maybe the Boeing employee in question was angry at management and took this information to prove a point. Or quite possibly, competition is so intense between these two companies that one felt the need to get a leg up on the other in the government bidding process.

How vulnerable are companies today?

Companies are most vulnerable when it comes to the human element. Employees with access to sensitive company documents are rarely taught that the information they come into daily contact with is valuable and worth protecting. In the last few years, trade secret law has been expanded to include all types of company information such as marketing plans, customer lists, reports, presentations and the like.

To receive the fullest legal protection available, companies have to take reasonable measures to protect these types of information from falling into the wrong hands, i.e., their competitors or hostile foreign governments. An example of a hostile foreign government would be the People’s Republic of China (PRC). While not as sophisticated as the Japanese when it comes to gathering intelligence on U.S. businesses, the Chinese draw on the services of the following:

• 1,500 diplomats and commercial representatives
• 70 PRC companies and offices
• 15,000 students arriving annually
• 10,000 representatives traveling in 2,700 delegations each year
• a large ethnic Chinese community

All of these various groups are operating in the U.S. at present.

In terms of reasonable protection measures, I recommend some of the following:

• Using “Confidential” or “Proprietary Information” stamps on documents considered to contain sensitive information
• Access to trade secrets on a “need to know” basis
• Separation of departments so that each department has access to limited amounts of information

What can CI professionals do to make their management more aware of this issue?

First, they should review the Economic Espionage Act (EEA) of 1996 with the company’s management team so that they understand that there is legal protection already in place. [See the SCIP website The EEA is a federal law governing trade secrets. There are also state laws that offer some degree of protection. Secondly, give management specific examples of how other companies have dealt with this issue. Do a little research on companies such as Avery Dennison, Kodak, the Boeing case mentioned above and a recent case involving Verizon and Nextel.

Verizon Wireless sued Nextel on June 29, 2003 over allegations that Nextel gained unauthorized possession of two prototypes Verizon push-to-talk handsets and confidential performance-related information that Nextel leaked to at least one telecommunications industry analyst in the hope of discrediting Verizon’s effort.


Background:

Mark L. Robinson is the President and Founder of Omni Consulting Group LLC (www.OmniConsultingLLC.com) based in Vienna, VA. Omni is a consulting firm focusing on CI consulting and training and counterintelligence services. He spent over 10 years in CI with Mobil Oil Corporation. Mark also served as the CI Manager for PermitsNOW.com a company that focused on streamlining the building permit process. Mr. Robinson earned his MBA from Marymount University, Arlington, VA in 1999 and his MLS from Catholic University of America in 1985. He is also a licensed private investigator in the state of Virginia. In July 2001, Mark published “Competitive Information Security: Lessons from Los Alamos” appeared in the Competitive Intelligence Magazine.

The book is now available from the 1^st Books library at www.1stbooks.com as well as Amazon.com.

copyright Society of Competitive Intelligence Professionals

scip.online, issue 37 August 8, 2003