Sticky Fingers: Managing the Global Risk of Economic Espionage/ Microsoft Security Notification Service
Sticky Fingers: Managing the Global Risk of Economic Espionage
Steven Fink Dearborn Trade Publishing ISBN: 0-7931-4827-8 368 pages $26.00 http://www.dearborntrade.com/ 1-312-836-4400
Before we started reading Sticky Fingers we though it was a book about economic espionage. Although anyone dealing with this issue of economic espionage should read this book, it is really more about crisis management after the fact than about economic espionage per se.
Fink takes an interesting historical view of the Economic Espionage Act of 1996. The EEA was written in that unhappy period that came between the fall of the Soviet Union, which took away a lot of the justification for many agencies’ existence, and the attacks of 9/11, which was arguably the best thing to ever happen to most agencies. Overseas, intelligence agencies were re-tooling their spies to steal commercial secrets rather than retiring them (bureaucracies don’t willingly cut staff or close their doors), and in the U.S. the FBI was casting about for some way to use its people once the Red Menace disappeared (bureaucracies don’t willingly cut staff or close their doors). And so, according to Fink, the EEA was born.
His discussion of his involvement with the Avery Dennison trial is instructive on many levels, not least of which is bringing up the question of whether you should go to the Feds if you are the victim of espionage, or just accept your losses.
Why would you not go to the Feds?
• The publicity won’t do you a lot of good: There is little way you can escape looking foolish.
• The FBI has its agenda, which will not be the same as yours.
• You will lose all control of the investigative, prosecutorial, and public relations process.
• If the country conducting the espionage is an important trading or military partner, the likelihood of the Feds choosing to create an international incident to protect your profits is, er, low.
• While the FBI is the best in the world at many things, it is not clear that going to trial over theft of intellectual property is one of them.
Going to the Feds or not going to the Feds is not an easy decision to make, but it is one that you should make well before a crisis hits you.
And, in fact, there are a lot of decisions relating to the management of an economic espionage incident that are better made before the fact rather than after the fact. This book will help you make these decisions, as well as help you plan in advance for many of the things that will happen as a result of being the public victim of this crime.
Steven Fink has a lot of hard-won experience as a crisis manager, and it is always better to learn from someone else’s experience rather than learning from your own mistakes.
Microsoft Security Notification Service
Whenever a major worm or virus sweeps through the world, it usually turns out that the offending vulnerability (usually a Windows vulnerability) has been known for a relatively long period of time, and that there were available patches from Microsoft to deal with the problem, and prevent it from actually becoming a problem.
While the updates are posted at sites such as http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/, many people don’t know about this site, and, frankly won’t bother to look at it in any case.
For those who would like to make the effort to keep the security of at least their own systems current, Microsoft will cheerfully send you, for free, an e-mail whenever there is a security update. You can sign up for this service at http://register.microsoft.com/regsys/pic.asp.
What does this mean in practical terms? It means that whenever there is a patch available to address a vulnerability, you will know about it, and have the option to apply it within hours of its release, before it is a danger, rather than waiting until after it makes the headlines, or you find strange things happening on your computer.
Be aware that bad people send out notices purporting to be from Microsoft: We got one claiming to be from “MS Customer Services” which contained a virus, according to our virus scan. How can you be sure that the document you get is from Microsoft? The security bulletins come as PGP signed documents. You can download the signature from http://www.microsoft.com/technet/security/notify.asp and import it into your PGP key ring. This way you can validate the document as being actually sent from Microsoft.
If computer security is a concern to you, you should sign up for this free service from Microsoft.