Security is serious business, and most of the men and women who work in physical security treat it as such. However, there are times when loose talk out of shop can cause serious security breaches for a contractor’s commercial and institutional clients. The result can be a successful break-in or the gleaning of critical information considered classified in nature.

One of the biggest targets of foreign intelligence agencies is the advanced information developed and contained by a variety of businesses in the United States, including defense contractors. The mandate of these agencies is to glean any and all research and design data if possible.

A good example of this is the Russian Foreign Intelligence Service, commonly referred to as the SVR. It is the SVR’s mandate to penetrate U.S. targets and glean valuable information on a variety of subjects. Robert P. Hanssen, formerly an FBI special agent, was under the employ of the SRV with a mandate to penetrate the U.S. intelligence community, and he did.

Although U.S. government secrets are highly sought after by the SVR and other nations’ intelligence services, the primary risk to the security market relates to industrial and institutional clients.

“… [T]he main consumers of intelligence are factories, research institutes, and government agencies … [and] when specialized intelligence is needed, a requirement is levied on the intelligence services, which sometimes collect the desired information through covert operations,” according to the Interagency Operational Security (OPSEC) Support Staff Intelligence Threat Handbook.

Our own CIA actively shares important foreign data with U.S. businesses. This is information that CIA field officers glean from under the noses of foreign businesses and industrial concerns.

Today, most of these attacks occur through the Internet against specific business and institutional computer networks, where much of the target data lies. But there are other approaches that internal security departments and outside security vendors must be prepared for if they are to thwart these efforts.

In his article, “How to not get hacked in Chinese surgery,” Richard Gould writes, “Just as companies’ research and development departments try to stay on the cutting-edge of technical progress, criminals are perpetually developing ways to take advantage of security lapses. Their gain is a company’s loss, and a diverse range of industries can become targets for fraudulent activity that is very difficult to reasonably anticipate.”

Almost every nation has an intelligence service, even a relatively small one, such as South Korea. According to an anonymous editorial published in the South Korea Times, the country’s intelligence service is seeking to restore domestic spying, full control of the -antiterrorist administration and regular ‘direct’ reporting to the president. Our own NSA, FBI, CIA and an alphabet of other federal agencies are working on the same three fronts.

Operation security

In spring 2004, I had the fortune to attend a talk given by former New York City police commissioner Bernard Kerik. Kerik gave the keynote address at the International Security Conference West in Las Vegas.

He suggested that professional security installers in the physical security market are on the forefront of homeland security, the eyes and ears that keep this nation safe and its industrial and institutional secrets intact.

There’s a real need for understanding where it comes to operation security within the security community. Not only is it imperative that security personnel understand the principles behind this invaluable tool, but it’s also important they ensure their clients understand it.

Lessons learned

The OPSEC lesson was originally learned during the Vietnam War when an investigation by the Department of Defense revealed that South Vietnamese nationals working on U.S. bases in the country were carefully observing and listening to everything U.S. military personnel did and said. The result was the ability of the Viet Cong to assemble an accurate understanding of classified operations, which in turn resulted in the loss of U.S. lives.

All of this goes back to a catch phrase once touted during World War II: loose lips sink ships. While the phrase was widely distributed throughout Navy ranks in order to stop sailors from talking too much when on shore leave, it is absolutely valuable and applicable in today’s post-Cold War era when almost everything in the U.S. industrial complex and institutional research are up for grabs by foreign powers. And yes, it can happen here.

The overwhelming message for security companies and installers is to encourage personnel not to talk about clients out of shop. Also, when you know your firm serves the interests of industrial clients and universities with major research departments, train your people to be watchful for any sign of tampering, no matter how insignificant it may appear. If you suspect a crime has been committed, report it to your client as well as the Department of Homeland Security.

For more information on OPSEC and what it can do for you, your firm, and your clients, visit www.defendamerica.mil.

COLOMBO is a 32-year veteran in the security and life safety markets. He currently is director with FireNetOnline.com and a nationally recognized trade journalist located in East Canton, Ohio.