Michael D. Moberly November 29, 2012
The Obama administration issued a guidance memorandum earlier this week to address the persistent, wide-ranging, and presumably growing threat of (classified) information loss posed by insiders and adversaries which the U.S. GAO characterizes as a ‘meteoric rise’.
This guidance memorandum was the culmination of an October, 2011 Executive Order (13587) which, among other things, created a high level task force to develop strategies, or perhaps better stated, minimum standards which government agencies are to implement and follow, to prevent more PFC Bradley Manning – WikiLeak situations from occurring. The actual ‘standards’ have not been publicly released yet, but many in the affected government agencies anticipate they will be issued in the coming week.
I am very comfortable in stating it would be in the interests of the U.S. private sector, i.e., c-suites, boards, management teams, CIO’s, CFO’s, CIPO’s, CSO’s, and CRO’s, etc., to ‘put their proactive hats on’ and actually read – study the President’s guidance memorandum and the standards as they become available. Reading-studying the memorandum through a proactive vs. reactive lens can influence parties to recognize the array of risks-threats described in the administrations’ memorandum and their equivalency to private sector firms, not just the government (agency) side.
It’s worth noting too, that, defense-national security adversaries are not necessarily an exclusive or separate domain or skill set, apart from adversaries and/or insiders engaged in economic and industrial espionage. An equally significant reality is that, whether the perpetrators be insiders or external, presumably foreign (state-sponsored) adversaries and/or agents, information asset losses, i.e., intellectual, structural capital and proprietary operational knowhow, the result is no longer merely a temporary public embarrassment. Rather, information asset losses and compromises more frequently reflect long term and permanent (irreversible) losses to a company’s value, revenue, reputation, market space, and competitive advantage it may enjoy.
My work is exclusively focused on the private sector. My business mantra is to ‘help companies identify, assess and sustain control, use, ownership, and monitor value and materiality of their contributory value, revenue, and competitive advantage producing intangible assets’. I firmly believe, and experience clearly supports, companies that either do not have or have ineffective, poorly designed and inadequately overseen practices in place for each component of ‘my mantra’ will inevitably, not probably, find their key intangibles vulnerable and unsustainable. Translated in 2012 and 2013 contexts, this means company’s most valuable (intangible) assets and the contributory value they produce, will, not may, be misappropriated, infringed, counterfeited, or merely meld away as an irretrievable precipitator to a company’s premature demise.
Willie Sutton, the infamous bank robber, was asked, according to urban legend, ‘why do you rob banks’? In straightforward fashion his response was reportedly, ‘it’s because, that’s where the money is’!
In a perverse sort of way, and, of course, setting aside classified national security assets, Sutton’s view and mine are similar in this context; U.S.-based intangible (intellectual property) assets are frequently, if not wholly targeted by economic and competitive advantage adversaries and insiders because, the U.S. is where large percentages of such assets, i.e., intellectual and structural capital originate and is developed, i.e., commercialized.
In today’s increasingly interconnected global business transaction environment, there is a high level of universality in the economic fact that 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, sustainability, profitability, market space, and competitive advantages lie in – evolve directly from a range of intangible assets.
Readers are encouraged to recognize, it’s not solely national security/defense information assets insiders and other adversaries seek, rather it’s the intellectual and structural capital, and operational knowhow necessary to achieve quick and least costly economic and competitive advantages. And yes, intellectual property is also sought, but only in the context if the IP leads to quick and profitable outcomes in a particular market space. My own experiences suggest that those companies who disagree with this perspective will find themselves constantly engaged in the proverbial uphill skirmishes in which they may periodically perceive they win a war or maybe two. On the other hand, the persistent, asymmetric, and increasingly technologically advanced threats – risks posed by insiders and other adversaries, are highly individual battles, not wars, which unfortunately thus far, they’re all too likely to win.
Anecdotal accountings and a multitude of studies identify gradations, motives, tenacity, and intensity of the threats-risks posed by ‘insiders’. But, what’s new and clear relative to the Manning – Assange (apparently collaborative) incident, is that there’s no precedent for the shear mass of data and information assets that were taken and disseminated, aside from perhaps, the ‘Pentagon Papers’, a 1960’s event which few, if any ‘mannings’ even know, about let alone try to emulate. And, to add insult to injury, stealth in this instance, was apparently merely a single PFC’s rouse of downloading ‘Lady Ga Ga’ music but, from a remote government computer with access to classified information.
So, however one perceives the ‘pfc manning’s’ of the world, he represents a new, but surely inevitable breed of insider/adversary (threat, risk), one that is more calculating and in some respects more stealthy, and whose acts can potentially cause more irreversible, costly, and immediate/instantaneous damage-harm and embarrassment to a company than their predecessors who were largely confined or limited to stealing only ‘hard copies’ that they could put in the proverbial shoe box and carried out the front door. It’s not unlike the former Detroit auto executive who literally put paper copies of ‘plans, intentions, and capabilities’ of his former employer to take to his new European automaker employer as an arrogant and very strategic ’housewarming gift’.
The PFC Manning event certainly prompted the executive orders, memorandums, and soon to come, minimum standards. But, this event should also have represented the proverbial ‘wakeup call’ to the millions of small, mid-size, and Fortune 1000 firms that have developed unique and valuable sets of intangible assets that literally deliver (underlie) their company’s value, sources of revenue, competitive advantages, market position, and growth potential.
When a company experiences a theft, misappropriation, or compromise of information-based (intangible) assets, be it by a trusted insider or a global adversary, while the consequences are seldom equivalent to a significant national security breach, their impact to the victim firm, in terms of lost revenue, undermined competitive advantages, lost market position, damaged reputation, etc., can be, and often is, financially devastating and irreversible!
Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to the circumstance. And, I always welcome your inquiry at 314-440-3593 or firstname.lastname@example.org
Please watch for Mike’s book ‘Intangible Assets: Security Managers Roadmap’ to be published soon!