CIO

Protecting Your Organization's Innovations

Two members of NASA's Technology Protection Program explain security's critical role in helping protect an organization's ability to innovate.

Global economic competition, to a large extent, has replaced the Cold War political and military competition. As a result, countries now pursue national economic interests through a myriad of activities, including espionage. Their goal is to maintain and sustain a competitive advantage in the global market place as quickly and affordably as possible, preferably at YOUR expense. This has placed US businesses in an even greater position of risk as countries and companies increase the targeting of innovative US based research, technologies, and products.

The targeting and theft of US innovation, be it in the form of intellectual property, trade secrets, research, prototypes, etc., has significant dire effects on the nation. In an attempt to quantify the impacts of this information theft, the Office of the National Counterintelligence Executive estimated that the "combined costs of foreign and domestic economic espionage, including the theft of intellectual property, is as high as US$300 billion per year and rising." These findings were consistent with the Trends in Proprietary Information Loss report prepared by the American Society for Industrial Security, which surveyed Fortune 500 companies and concluded "over the past few years this annual report has highlighted the fact that documented losses of trade secrets and other proprietary information cost US companies tens of billions of dollars annually." Similarly, the Department of Justice estimates that the loss of research and technology information annually cost US companies as much as US$250 billion and the Chamber of Commerce estimates 750,000 jobs are annually lost as a result of this information theft. The theft of US innovation erodes our industrial base, our economy, and weakens not only the competitive advantages of our companies, but our Nation as a whole. To maintain a competitive edge US companies and governmental organizations must continue to foster innovation and must also protect the innovation from competitors.

What can US companies and government organizations do to protect their innovation from competitors?

US commercial and governmental organizations should establish an integrated Innovation Preservation Process (IPP) into their overall business strategy. The IPP is not solely a security function, but a multi-disciplined collaborative effort with the mission to maximize the lifetime of innovation and the associated return on investment. This multi-discipline team includes executive management and representatives from each organizational unit concerned with the innovation.

Identifying your innovation is the first step in the IPP. Innovation presents itself in ideas, concepts, applications, etc., that when applied to your services and products, ensure market sustainment, promote market growth and enable market development.

Page Break

Accurate innovation identification enables step two, conducting timely and precise threat analysis. This involves determining the threats and associated impact(s) to your organizations 5Rs: Revenue, Relevance, Reputation, Resources, Research, as they relate to the loss of the identified innovation.

After determining the threats to the innovation, analysis is conducted to determine the susceptibility and vulnerably of the innovation. This information allows your organization to tailor protection strategies for the identified innovation specifically to the threat. Protection must be afforded to information, materials, and / or processes that would allow a competitor to replicate or steal your innovation. Once innovation requiring protection is identified, a cost benefit analysis must be conducted to weigh the benefits of protection against innovation loss.

Protection must be implemented in a systematic manner. For example, if the innovation provides or will provide you an economic advantage you may designate it a Trade Secret. According to the Trade Secrets Act, designation is not enough, but reasonable steps must also be taken to ensure the informations secrecy. To be enforceable in court in the event of theft, the information must be properly safeguarded is the bottom line. This includes steps such as proper labeling and storage and perhaps even measures such as encryption for the data at rest or on the organizational networks.

When establishing an IPP, substantial savings in terms of cost, schedule and performance will be gained by researching and applying the lessons learned from Federal Agencies such as the Department of Defense (DoD) and the National Aeronautics and Space Administration (NASA) which have established programs to protect innovation from theft and unauthorized disclosure.

Within the DoD, the IPP is termed Research and Technology Protection (RTP), with the innovations requiring protection termed Critical Program Information (CPI). Whereas within NASA, the IPP is called Technology Protection, with the innovation requiring protection termed Mission Critical Information (MCI). Both programs identify the research or technology (innovations) that competitors could not replicate without stealing the information or investing heavily in their own independent research and development.

Likewise, your IPP must be tailored to your organization. Simply replicating an IPP from another organization is not a viable option. Establishing and implementing a truly effective IPP requires that it be uniquely tailored to meet your specific organization. Business areas, product lines, competitors, corporate culture, regulatory requirements, mission and vision, and stakeholder priorities are unique to each organization. These factors will shape the overall design and implementation of an effective IPP. ##

Ryan Averbeck is a Program Manager for NASA's Technology Protection Program and is currently completing his PhD dissertation in computer and information security at Northcentral University. Gregory A. Gaddy, Ph.D., is a Program Manager for several US Army Technology Protection Programs and is part of the NASA Technology Protection team.