UNCLASSIFIED
Technology and Intellectual Property
Protection in a Global Economy
AUVSI Symposium
Gregory S. Witkop, M.D.
Special Agent, FBI
Basic and Applied Research Consultant, Critical National Asset Unit
Strategic Partnership Coordinator, Seattle Division
Affiliate Scientist, UW Applied Physics Laboratory
UNCLASSIFIED
UNCLASSIFIED
The Great Game
- From time to time, God causes men to be born
who have a lust to go abroad at the risk of their
lives and discover news – today it may be of far
off things, tomorrow of some hidden mountain,
and the next day of some near by men who have
done a foolishness against the State. We of the
Game are beyond protection. If we die, we die.
Our names are blotted from the book. When
everyone is dead the Great Game is finished.
Not before.
- Rudyard Kipling’s Kim
UNCLASSIFIED
UNCLASSIFIED
Traditional Threat
“Many people assume the end of the Cold
War made the world of cloak-and-dagger
obsolete. Unfortunately, espionage is still
very much with us. Nations will always try
to learn one another’s secrets to gain
political, military, or economic advantage.
Indeed, the foreign intelligence presence
operating in the United States is roughly
the same as it was during the Cold War.”
Robert S. Mueller, III – Director, FBI 11/17/2011
UNCLASSIFIED
UNCLASSIFIED
Asymmetric Threat
“ Apart from the more traditional types of
espionage, today’s spies are just as often
students, researchers, businesspeople, or
operators of “front companies”. And they seek
not only state secrets, but trade secrets from
corporations and universities-such as research
and development, intellectual property, and
insider information.”
Robert S. Mueller, III – Director, FBI 11/17/2011
UNCLASSIFIED
UNCLASSIFIED
Cyber Threat
“ I am convinced that there are only two
types of companies: those that have been
hacked and those that will be. And even
they are converging into one category:
companies that have been hacked and will
be hacked again.”
Robert S. Mueller, III – Director, FBI
UNCLASSIFIED
03/01/2012
UNCLASSIFIED
Commercial / ITAR Threat
“At least 108 countries have full fledged
procurement networks that work through
front companies, joint ventures, trade
delegations and other mechanisms to
methodically target our government, our
private industries, and our universities.
Assistant Attorney General Kenneth Weinstein
October 2007
UNCLASSIFIED
UNCLASSIFIED
Risks when we sell…
COUNTRY
1
OPERATIONAL THREAT:
COUNTRY 1 CHANGES FROM
A FRIENDLY COUNTRY TO A
COUNTRY THREAT COUNTRY.
2
TRANSFER CAPABILITY
OR TECHNOLOGY OR
BOTH
COUNTRY
3
COUNTRY
4
COMPETITIVE THREAT:
COUNTRY 2 USES
TECHNOLOGY GAINED TO
FURTHER ITS INDUSTRIAL
BASE & GAIN MARKET
SHARE.
PROLIFERATION THREAT : COUNTRY 3
INTENTIONALLY OR UNINTENTIONALLY
RELEASES TECHNOLOGY,
PROLIFERATION RESULTS IN THREAT
COUNTRIES GAINING TECHNOLOGY.
PRECEDENCE THREAT :
RELEASE TO COUNTRY 4 NECESSITATES RELEASE TO OTHER
COUNTRIES RESULTING IN PROLIFERATION AND THREAT
COUNTRIES GAINING TECHNOLOGY.
UNCLASSIFIED
UNCLASSIFIED
PRC J-10
F-16
UNCLASSIFIED
UNCLASSIFIED
Commercial Tactical Response
Continue export vigilance- report not only “unusual” but
rejected
Domestic Sales – Every sale is an export i.e. know end
users, all invoices have export controlled warning
Accounting – alert to shipping destination payment
origination discrepancies
Active Measures – Prosecutions are nice. Disruption is
Better!
UNCLASSIFIED
UNCLASSIFIED
Cyber Tactical Response
“Assume Breach” – Kirk Bailey, CISO UW
Buy In – “easy” things are hard i.e. update
patches, change passwords, unknown =
unopened
Clean machines whenever travel outside of US
Reverse firewalls
Compartmentalize – need to know = need to
access; no need to know = no access
UNCLASSIFIED
UNCLASSIFIED
Insider Threat Tactical Response
“Mind the Gap” – emotional, social, financial
changes
Anonymous reporting
Banners
Linear relationship between responsibility /
access and transparency i.e. CEO, CEO Admin,
Program Directors and Systems Administrators
should be most transparent not only because
could do most harm but more importantly avoids
adversarial culture
UNCLASSIFIED
UNCLASSIFIED
Proactive Risk Mitigation
Taxonomy of Risk
Reporting
Security Responsibility
Counterintelligence Responsibility
Corporate Responsibility
Individual Responsibility
UNCLASSIFIED
UNCLASSIFIED
Taxonomy of Risk
Threat Vectors
Human (witting) + Technical – Inside
(collection technology / hardware /
software) = air gaps, specificity, targeting,
justified access
Human – Inside (unwitting) + Technical
Technical - Outside
Human - Outside
UNCLASSIFIED
UNCLASSIFIED
Insider Threat – Greatest
Challenge
Modern era – 2 greatest traitors, Ames
and Hanson, worked for the CIA and FBI.
Their success proves how difficult it is to
deal with this threat.
Myriad of psychological, ethical, and
sociological reasons prevent reporting of
suspicious behavior
UNCLASSIFIED
UNCLASSIFIED
National Industrial Security Program
Operating Manual
“The contractor shall promptly submit a written
report to the nearest field office of the FBI, regarding
information coming to the contractor’s attention
concerning actual, probable, or possible espionage,
or subversive activities at any of its locations. An
initial report may be made by phone, but if must be
followed in writing, regardless of the disposition
made of the report by the FBI. A copy of the written
report shall be provided to the CSA”
Chapter 1, Section 3, Paragraph 301
UNCLASSIFIED
UNCLASSIFIED
Risk Mitigation = Security
Keeping the Adversary Out
Security is necessary but not
sufficient – all the guns, gates,
guards, badges, passwords,
firewalls, and classification
systems in the world will not
defeat our adversaries
UNCLASSIFIED
UNCLASSIFIED
Risk Mitigation Counterintelligence
Keeping the Adversary Close
Counterintelligence is necessary but
not sufficient – all the threat and
vulnerability assessments,
understanding of motivations, and
even active measure programs are
not enough to defeat our adversaries
UNCLASSIFIED
UNCLASSIFIED
Risk Mitigation = Corporate
Responsibility
Ownership
Trust / Respect
Creativity
Meaning
UNCLASSIFIED
UNCLASSIFIED
Risk Mitigation = Individual
Responsibility
Security System + Counterintelligence
Strategy + Corporate Responsibility +
Individual Responsibility is necessary and
sufficient
Ultimately no one can defend your house
other than you
UNCLASSIFIED
UNCLASSIFIED
Thank you
Greg Witkop, M.D.
Special Agent, Seattle Division
(206) 262-2177
[email protected]
UNCLASSIFIED
UNCLASSIFIED
Espionage Statutes
18 USC 794 – Espionage Statute

1 Transmittal
2 National Defense Information
3 To an Agent of a Foreign Power
4 With Intent to Injure U.S. or Aid Foreign Power
50 USC 783 -- Unauthorized Disclosure





A "Filler" Statute
1 U.S. Government Employee
2 Who Knowingly Transmits
3 Classified Information
4 To a Foreign National
UNCLASSIFIED
UNCLASSIFIED
Economic Espionage Act of 1996
Economic Espionage – 18 USC 1831
- “Economic espionage is (1) whoever knowingly
performs targeting or acquisition of trade secrets to (2)
knowingly benefit any foreign government, foreign
instrumentality or foreign agent.”
Theft of Trade Secrets – 18 USC 1832
- Commonly called Industrial Espionage
- “Theft of trade secrets is (1) whoever knowingly
performs targeting or acquisition of trade secrets or
intends to convert a trade secret to (2) knowingly
benefit anyone other than the owner.”
UNCLASSIFIED
UNCLASSIFIED
Bayes Theorem
Given some phenomenon (A) that we
want to know about, and an observation
(X) that is evidence relating to A, Bayes’
theorem tells us how much we should
update our knowledge of A, given the new
evidence X
Gives a mathematical basis for belief i.e.
probability
UNCLASSIFIED