OSAC Topical Forum: Protecting Valuable Information Overseas
OSAC hosted its 8th Topical Forum, a two-day program on a particularly timely issue that crosses all OSAC regions and industries, welcoming 120 participants on July 10-11, 2019 at The Boeing Company in Arlington, Va. Entitled Protecting Valuable Information Overseas: Safeguarding the U.S. Private Sector from Insider, State and Non-State Actor Threats, this forum provided exceptional advice, live bench-marking and best-practice techniques from security experts across the private and public sectors.
The forum covered counterintelligence, corporate espionage, cyber security, third-party risks and more. These issues affect the smallest company or non-profit to government agencies. In fact, the U.S. loses an estimated $500 billion annually to trade secrets and espionage. Several myths were debunked by the experts presenting at the forum, such as hacking is rare and hard to do. The reality is that it’s quite common: 75% of all networks can be easily hacked, and all it takes is one entry point (which includes Bluetooth).
This year’s annual OSAC topical forum focus on providing up-to-the-minute tips and techniques for attendees was well received, and several people commented on the quality of the speakers:
- “Awesome to have RSO participate and provide on-the-ground information,” was the feedback on the presentation by Andrew Wroblewski, the Regional Security Officer for Beijing, Bureau of Diplomatic Security, U.S. Department of State, on traveling to China.
- “This presentation was outrageously good. I have relayed some of the things he discussed to at least 6-7 colleagues already,” noted another attendee about the riveting presentation Edward You, FBI Supervisory Special Agent, Countermeasures, gave on safeguarding the bioeconomy.
- Equally riveting was the presentation by former KGB agent Jack Barsky. With honesty, humor, heartfelt emotion and a visual recap of post-WWII Soviet espionage history, Barsky shared his fascinating journey from his East German boyhood to his double-life in America. He is the author of Deep Undercover: My Secret Life and Tangled Allegiances as a KGB Spy in America.
The night before the event, the forum’s speakers, OSAC staff and the Planning Committee enjoyed a reception at the International Spy Museum, complete with a chance to stump a working lie-detector machine from the 1960s.
Thank you to the many experts who shared their wisdom, expertise and company’s/agency’s experience as case studies, The Boeing Company for hosting the topical forum and OSAC’s Planning Committee for this memorable event, particularly James Weston and Lili Dalton.
This event was sponsored by donors to the International Security Foundation (ISF). Hosting annual topical forums was long a vision of OSAC’s, but prior to the creation of the ISF in 2011, it was difficult to find an organization to cover the costs of these events Gifts to the ISF through the annual OSAC Appreciation Dinner enable OSAC to implement this initiative and to fund Country Councils and Common Interest Council events.
A few take-aways from the 2019 Topical Forum:
For resources and tutorials for policy suggestions, training modules and real-life scenarios, visit National Counterintelligence and Security Center.
Be proactive and be prepared. Create a crisis policy and conduct table-top exercises twice a year with top administration and security personnel. And if your company experiences a crisis, do post-incident reviews and put technology controls in place.
When traveling abroad, consider using a burner phone, any person, any position.
Be vigilant professionally and personally by always asking:
- Why is a site asking for a password?
- Where is my data going?
- Where is it being stored?
- Who has access to it?
Best practices for carrying digital assets abroad include: 1) identifying your company’s valuable information and not travelling with it, 2) having another copy of information you do travel with in a secure location in the U.S., and 3) making sure that everyone cleans their phone and laptop upon return BEFORE connecting to any network.
Mandate that everyone traveling use a VPN and multi-factor identification on all company and personal devices.
Create a corporate culture where employees are comfortable “seeing and saying something.”