UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Technology and Intellectual Property Technology and Intellectual Property Protection in a Global EconomyProtection in a Global Economy
AUVSI SymposiumAUVSI Symposium
Gregory S. Witkop, M.D.Gregory S. Witkop, M.D.Special Agent, FBISpecial Agent, FBI
Basic and Applied Research Consultant, Critical National Asset UnitBasic and Applied Research Consultant, Critical National Asset UnitStrategic Partnership Coordinator, Seattle DivisionStrategic Partnership Coordinator, Seattle DivisionAffiliate Scientist, UW Applied Physics LaboratoryAffiliate Scientist, UW Applied Physics Laboratory
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
The Great GameThe Great Game
- From time to time, God causes men to be born From time to time, God causes men to be born who have a lust to go abroad at the risk of their who have a lust to go abroad at the risk of their lives and discover news – today it may be of far lives and discover news – today it may be of far off things, tomorrow of some hidden mountain, off things, tomorrow of some hidden mountain, and the next day of some near by men who have and the next day of some near by men who have done a foolishness against the State. We of the done a foolishness against the State. We of the Game are beyond protection. If we die, we die. Game are beyond protection. If we die, we die. Our names are blotted from the book. When Our names are blotted from the book. When everyone is dead the Great Game is finished. everyone is dead the Great Game is finished. Not before.Not before.
- Rudyard Kipling’s Rudyard Kipling’s KimKim
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Traditional ThreatTraditional Threat
““Many people assume the end of the Cold Many people assume the end of the Cold War made the world of cloak-and-dagger War made the world of cloak-and-dagger obsolete. Unfortunately, espionage is still obsolete. Unfortunately, espionage is still very much with us. Nations will always try very much with us. Nations will always try to learn one another’s secrets to gain to learn one another’s secrets to gain political, military, or economic advantage. political, military, or economic advantage. Indeed, the foreign intelligence presence Indeed, the foreign intelligence presence operating in the United States is roughly operating in the United States is roughly the same as it was during the Cold War.”the same as it was during the Cold War.”Robert S. Mueller, III – Director, FBI 11/17/2011Robert S. Mueller, III – Director, FBI 11/17/2011
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Asymmetric ThreatAsymmetric Threat
“ “ Apart from the more traditional types of Apart from the more traditional types of espionage, today’s spies are just as often espionage, today’s spies are just as often students, researchers, businesspeople, or students, researchers, businesspeople, or operators of “front companies”. And they seek operators of “front companies”. And they seek not only state secrets, but trade secrets from not only state secrets, but trade secrets from corporations and universities-such as research corporations and universities-such as research and development, intellectual property, and and development, intellectual property, and insider information.”insider information.”Robert S. Mueller, III – Director, FBI 11/17/2011Robert S. Mueller, III – Director, FBI 11/17/2011
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Cyber ThreatCyber Threat
“ “ I am convinced that there are only two I am convinced that there are only two types of companies: those that have been types of companies: those that have been hacked and those that will be. And even hacked and those that will be. And even they are converging into one category: they are converging into one category: companies that have been hacked and will companies that have been hacked and will be hacked again.”be hacked again.”Robert S. Mueller, III – Director, FBI 03/01/2012Robert S. Mueller, III – Director, FBI 03/01/2012
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Commercial / ITAR ThreatCommercial / ITAR Threat
““At least 108 countries have full fledged At least 108 countries have full fledged procurement networks that work through procurement networks that work through front companies, joint ventures, trade front companies, joint ventures, trade delegations and other mechanisms to delegations and other mechanisms to methodically target our government, our methodically target our government, our private industries, and our universities.private industries, and our universities.
Assistant Attorney General Kenneth WeinsteinAssistant Attorney General Kenneth WeinsteinOctober 2007October 2007
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Risks when we sellRisks when we sell……COUNTRY COUNTRY
11
COUNTRY COUNTRY 22
COUNTRY COUNTRY 33
COUNTRY COUNTRY 44
OPERATIONAL THREAT: COUNTRY 1 CHANGES FROM A FRIENDLY COUNTRY TO A THREAT COUNTRY.
COMPETITIVE THREAT: COUNTRY 2 USES TECHNOLOGY GAINED TO FURTHER ITS INDUSTRIAL BASE & GAIN MARKET SHARE.
PROLIFERATION THREAT : COUNTRY 3 INTENTIONALLY OR UNINTENTIONALLY RELEASES TECHNOLOGY, PROLIFERATION RESULTS IN THREAT COUNTRIES GAINING TECHNOLOGY.
PRECEDENCE THREAT :RELEASE TO COUNTRY 4 NECESSITATES RELEASE TO OTHER COUNTRIES RESULTING IN PROLIFERATION AND THREAT COUNTRIES GAINING TECHNOLOGY.
TRANSFER CAPABILITY OR TECHNOLOGY OR BOTH
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
PRC J-10 PRC J-10 F-16 F-16
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Commercial Tactical ResponseCommercial Tactical Response
Continue export vigilance- report not only “unusual” but Continue export vigilance- report not only “unusual” but rejectedrejected
Domestic Sales – Every sale is an export i.e. know end Domestic Sales – Every sale is an export i.e. know end users, all invoices have export controlled warningusers, all invoices have export controlled warning
Accounting – alert to shipping destination payment Accounting – alert to shipping destination payment origination discrepanciesorigination discrepancies
Active Measures – Prosecutions are nice. Disruption is Active Measures – Prosecutions are nice. Disruption is Better!Better!
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Cyber Tactical ResponseCyber Tactical Response
““Assume Breach” – Kirk Bailey, CISO UWAssume Breach” – Kirk Bailey, CISO UW
Buy In – “easy” things are hard i.e. update Buy In – “easy” things are hard i.e. update patches, change passwords, unknown = patches, change passwords, unknown = unopenedunopened
Clean machines whenever travel outside of USClean machines whenever travel outside of US
Reverse firewallsReverse firewalls
Compartmentalize – need to know = need to Compartmentalize – need to know = need to access; no need to know = no accessaccess; no need to know = no access
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Insider Threat Tactical ResponseInsider Threat Tactical Response
““Mind the Gap” – emotional, social, financial Mind the Gap” – emotional, social, financial changeschangesAnonymous reportingAnonymous reportingBannersBannersLinear relationship between responsibility / Linear relationship between responsibility / access and transparency i.e. CEO, CEO Admin, access and transparency i.e. CEO, CEO Admin, Program Directors and Systems Administrators Program Directors and Systems Administrators should be most transparent not only because should be most transparent not only because could do most harm but more importantly avoids could do most harm but more importantly avoids adversarial cultureadversarial culture
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Proactive Risk MitigationProactive Risk Mitigation
Taxonomy of RiskTaxonomy of Risk
ReportingReporting
Security ResponsibilitySecurity Responsibility
Counterintelligence ResponsibilityCounterintelligence Responsibility
Corporate ResponsibilityCorporate Responsibility
Individual ResponsibilityIndividual Responsibility
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Taxonomy of RiskTaxonomy of RiskThreat VectorsThreat Vectors
Human (witting) + Technical – Inside Human (witting) + Technical – Inside (collection technology / hardware / (collection technology / hardware / software) = air gaps, specificity, targeting, software) = air gaps, specificity, targeting, justified accessjustified access
Human – Inside (unwitting) + TechnicalHuman – Inside (unwitting) + Technical
Technical - OutsideTechnical - Outside
Human - OutsideHuman - Outside
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Insider Threat – Greatest Insider Threat – Greatest ChallengeChallenge
Modern era – 2 greatest traitors, Ames Modern era – 2 greatest traitors, Ames and Hanson, worked for the CIA and FBI. and Hanson, worked for the CIA and FBI. Their success proves how difficult it is to Their success proves how difficult it is to deal with this threat.deal with this threat.
Myriad of psychological, ethical, and Myriad of psychological, ethical, and sociological reasons prevent reporting of sociological reasons prevent reporting of suspicious behaviorsuspicious behavior
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
National Industrial Security National Industrial Security Program Operating ManualProgram Operating Manual““The contractor shall promptly submit a The contractor shall promptly submit a
written report to the nearest field office of written report to the nearest field office of the FBI, regarding information coming to the the FBI, regarding information coming to the
contractor’s attention contractor’s attention concerning actual, concerning actual, probable, or possible espionage, or probable, or possible espionage, or
subversive activitiessubversive activities at any of its locations. at any of its locations. An initial report may be made by phone, but An initial report may be made by phone, but if must be followed in writing, regardless of if must be followed in writing, regardless of
the disposition made of the report by the FBI. the disposition made of the report by the FBI. A copy of the written report shall be A copy of the written report shall be
provided to the CSA” provided to the CSA” Chapter 1, Section 3, Paragraph 301Chapter 1, Section 3, Paragraph 301
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Risk Mitigation = SecurityRisk Mitigation = SecurityKeeping the Adversary OutKeeping the Adversary Out
Security is necessary but not Security is necessary but not sufficient – all the guns, gates, sufficient – all the guns, gates, guards, badges, passwords, guards, badges, passwords, firewalls, and classification firewalls, and classification systems in the world will not systems in the world will not defeat our adversariesdefeat our adversaries
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Risk Mitigation CounterintelligenceRisk Mitigation CounterintelligenceKeeping the Adversary CloseKeeping the Adversary Close
Counterintelligence is necessary but Counterintelligence is necessary but not sufficient – all the threat and not sufficient – all the threat and vulnerability assessments, vulnerability assessments, understanding of motivations, and understanding of motivations, and even active measure programs are even active measure programs are not enough to defeat our adversariesnot enough to defeat our adversaries
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Risk Mitigation = Corporate Risk Mitigation = Corporate ResponsibilityResponsibility
OwnershipOwnership
Trust / RespectTrust / Respect
CreativityCreativity
MeaningMeaning
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Risk Mitigation = Individual Risk Mitigation = Individual ResponsibilityResponsibility
Security System + Counterintelligence Security System + Counterintelligence Strategy + Corporate Responsibility + Strategy + Corporate Responsibility + Individual Responsibility is necessary and Individual Responsibility is necessary and sufficientsufficient
Ultimately no one can defend your house Ultimately no one can defend your house other than youother than you
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Thank youThank you
Greg Witkop, M.D.Greg Witkop, M.D.Special Agent, Seattle DivisionSpecial Agent, Seattle Division
(206) 262-2177(206) [email protected]@ic.fbi.gov
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Espionage StatutesEspionage Statutes
18 USC 794 – Espionage Statute18 USC 794 – Espionage Statute 1 Transmittal1 Transmittal
2 National Defense Information 2 National Defense Information 3 To an Agent of a Foreign Power 3 To an Agent of a Foreign Power 4 With Intent to Injure U.S. or Aid Foreign Power 4 With Intent to Injure U.S. or Aid Foreign Power
50 USC 783 -- Unauthorized Disclosure 50 USC 783 -- Unauthorized Disclosure A "Filler" Statute A "Filler" Statute 1 U.S. Government Employee1 U.S. Government Employee 2 Who Knowingly Transmits2 Who Knowingly Transmits 3 Classified Information3 Classified Information 4 To a Foreign National4 To a Foreign National
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Economic Espionage Act of 1996Economic Espionage Act of 1996
Economic Espionage – 18 USC 1831Economic Espionage – 18 USC 1831- “Economic espionage is (1) whoever - “Economic espionage is (1) whoever
knowingly performs targeting or acquisition of trade knowingly performs targeting or acquisition of trade secrets to (2) knowingly benefit any secrets to (2) knowingly benefit any foreign foreign government, foreign instrumentality or foreign agent.”government, foreign instrumentality or foreign agent.”Theft of Trade Secrets – 18 USC 1832Theft of Trade Secrets – 18 USC 1832 - Commonly called Industrial Espionage- Commonly called Industrial Espionage - “Theft of trade secrets is (1) whoever knowingly - “Theft of trade secrets is (1) whoever knowingly performs targeting or acquisition of trade secrets performs targeting or acquisition of trade secrets oror intends to convert a trade secret to (2) knowingly intends to convert a trade secret to (2) knowingly benefit benefit anyoneanyone other than the owner.”other than the owner.”
UNCLASSIFIEDUNCLASSIFIED
UNCLASSIFIEDUNCLASSIFIED
Bayes TheoremBayes Theorem
Given some phenomenon (A) that we Given some phenomenon (A) that we want to know about, and an observation want to know about, and an observation (X) that is evidence relating to A, Bayes’ (X) that is evidence relating to A, Bayes’ theorem tells us how much we should theorem tells us how much we should update our knowledge of A, given the new update our knowledge of A, given the new evidence Xevidence X
Gives a mathematical basis for belief i.e. Gives a mathematical basis for belief i.e. probabilityprobability