Dec 14, 2017 | 08:00 GMT
Stopping Company Secrets From Walking Out the Front Door
By Scott Stewart


While hackers can pose a serious threat to a business's sensitive information, the well-placed insider can do tremendous damage by stealing proprietary secrets.

As threats of computer intrusions proliferate, many companies have rightly focused their efforts on fending them off. But few train their staffs on how to spot or respond to other techniques used to steal company secrets, including those exploited by employees with inside access. This topic came up during a recent discussion that my old friend and Stratfor colleague Fred Burton and I participated in for a webinar produced for Stratfor's Threat Lens site called "Beyond the Cyber Espionage Threat." In the course of our presentation, we noted how employees who steal a company's intellectual crown jewels can be driven by a range of motives. While money is often the goal, other factors, including satisfying egos or opposing a company's activity, can push employees to bite the hand that feeds them. 

intrusions: 侵入
spot:見つける I spotted a rare bird in the backyard. 裏庭で珍しい鳥を発見した
webinar :オンラインセミナー.
Don't feed stray cats with household scraps.:食事の食べ残しを野良猫にあげないでください

Shortly after the Dec. 6 webinar ended, news came out of the U.S. District Court for the Northern District of California that indictments had been unsealed charging four former senior employees of Applied Materials with stealing trade secrets. Another story of industrial espionage surfaced in the news media two days later. The Idaho Statesman reported on two cases that involved alleged attempts by Chinese competitors of Idaho-based chipmaker Micron to steal trade secrets with the help of employees from two of its subsidiaries. Taken together, these cases provide an interesting window into the profound threat that insiders pose to intellectual property. 

have a profound effect [influence] on :に多大な影響をもつ.

The Threat Posed by Entrepreneurial Insiders
The indictments in the Applied Materials case detailed activities that the four executives were alleged to have engaged in since 2012. They each had been at the company for about two decades: 
Liang Chen was corporate vice president and general manager for Applied Materials' Alternative Energy Products division. He had worked for Applied Materials since 1995.
Donald Olgado was the managing director of engineering in Applied Materials' Product Business Group. He had worked at the company since 1992.
Wei-Yung Hsu was the vice president and general manager of Applied Materials' Semiconductor LED Division. He was hired in 2000.
Robert Ewald was director of energy and environmental systems in Applied Materials' Alternative Energy Products Division. He also joined the company in 2000.

pose no threat to humans:人間に何の脅威も与えない.

All were charged with conspiring to steal proprietary methods that Applied Materials had developed for the high-volume manufacturing of semiconductor wafers used in lighting and in electronic devices such as smartphones and flat-screen televisions. The alleged theft included not only blueprints for machines and facilities, but also lists of materials, including information on sourcing, recipes for chemicals used in the processes and even the marketing materials and plans for these chips. 

lighting :(部屋・建物・街路などの)照明, 照明器具

The indictment charges that beginning in September 2012, the defendants conspired to steal information from Applied Materials in order to establish a new company called Envision, which would be based in China and the United States. According to the indictment, the group used personal email accounts to plan the Envision launch and discuss what information they would need to steal to do so. They then allegedly obtained files containing proprietary information while also directing subordinates, none of whom have been accused of wrongdoing, to gather some of the information for them. The indictment said that the executives uploaded the stolen materials to a Google Drive account and that during that process, the conspirators even discussed their progress on transferring the documents. The indictments also quoted them discussing their efforts to find investors in China to fund Envision. 

allegedly :伝えられるところでは(…ということらしい), (真偽のほどはわからないが)申し立てによれば,
proprietary:所有主の〈権利など〉; 所有主のような〈態度など〉.

At this point, it looks as if the conspirators may have been motivated by greed and only sought Chinese funding after having hatched their plan, rather than, as has happened in similar cases, recruited by a Chinese business to steal trade secrets. However, it is not unusual for Chinese investors to fund a company based on stolen proprietary information. In January 2016, five employees of pharmaceutical manufacturer GlaxoSmithKline were indicted on charges that they tried to use stolen trade secrets to attract Chinese investors to a company they had established in China called Renopharma. 

a man driven by greed for money:金の亡者.
(much [highly]) sought after:〈人・物が〉求められている, 需要がある, 引っぱりだこである
hatched:hatch a plot 陰謀を企てる.

And in October, a former employee of the Chemours Co., the world's largest maker of sodium cyanide, was indicted on charges related to an attempt to use purloined information to win Chinese backing to establish a competitor based in China. As in the Applied Materials case, these also involved the alleged use of personal email accounts to transmit critical information outside the company. 

sodium cyanide:シアン化ナトリウム
purloined:(…を)盗む(steal); (…を)許可なく借りる.

When Insiders Are Poached by the Competition
The Micron cases appear to have followed a different path from the Applied Materials indictments. Criminal charges in the first case, filed in Taiwan in 2016 and in the Northern District of California on Dec. 5, involve Stephen Chen, the former chairman of Micron Memory Taiwan, a Micron subsidiary that produces dynamic random-access memory (DRAM) chips used in computers and other electronics. Chen left Micron's Taiwanese subsidiary in 2015 to take a job with United Microelectronics Corp. 


The Taiwanese indictment alleges that Chen recruited two high-ranking employees of Micron Memory to steal information, which they downloaded onto flash drives before quitting the company to take lucrative positions with United Microelectronics. That company then entered into an agreement with the China-based Fujian Jinhua Integrated Circuit Co. to produce DRAM chips. The indictment charges that United Microelectronics had not produced DRAM chips before entering into the agreement with Jinhua and that the stolen information would allow Jinhua to become a Micron Memory competitor and a serious force in the DRAM market. 

The second case involving Micron that was detailed in the newspaper report occurred in 2016 when five high-level employees from Inotera Memories Inc., a Taiwanese company Micron had purchased, resigned to take jobs with the Chinese company Tsinghua Unigroup Ltd. They were indicted on charges of illegally passing trade secrets in Taiwan in October 2017. The group is alleged to have taken proprietary DRAM information with them as they left. Interestingly, the Idaho Statesman notes that Tsinghua Unigroup had attempted to purchase Micron in 2015 but dropped its bid after the U.S. government raised national security concerns over the implications of such a sale. 

It appears that Tsinghua was able to acquire the DRAM manufacturing technology far more cheaply without buying all of Micron. The acquisition of Inotera by Micron, an American company, may also have made the decision by the Taiwanese employees to jump ship easier, as they likely did not feel much loyalty to Micron or to the company’s leadership. 

jump ship easier:転職する

How Can The Theft of Ideas Be Stopped?
As illustrated by these cases, an insider can pose a significant threat. Some cases of proprietary information theft have cost companies upward of billions of dollars. These staggering losses have made a system that will identify insider threats a sort of holy grail for many companies — especially if such a system could do so in a nondiscriminatory fashion. While much effort is being put into developing a comprehensive turnkey system that roots out insider threats, the quest may well prove to be impossible. 

staggering:〈金額・規模などが〉驚くべき, 衝撃的な, 信じられないほどの.
holy grail:(キリストが最後の晩餐で用いた)聖杯(the Grail). 価値があるが見つけられないもの.
turnkey system:ターンキー方式、完全[一括]請負契約◆システムや設備をキー(鍵)を回すだけですぐに使える状態で発注者に納入する契約方式。

However, some interesting approaches to the problem are being developed, including the use of machine intelligence to watch for changes in an employee's pattern of access and work using company computer systems. Is Employee X suddenly downloading material irrelevant to his position or information that he's never used in the past? Is Employee Y asking colleagues in other parts of the company to send her documents she has no apparent legitimate need to access? 


Is Employee Z copying sensitive company information to an external drive or uploading it to the cloud? Obviously, such patterns could be indicators of skullduggery, but since there could also be logical and innocent explanations for such changes in behavior, a degree of human investigation would still be required. 

skullduggery:いんちき, 不正な行為.

One problem for many companies is that they have not undertaken audits of sensitive information to categorize what is critical to keep secret from what is merely sensitive. Such categories would make it easier to protect the critically important information by limiting access to employees who have a true need to know. For instance, the secrets could be protected by storing them in a stand-alone or segregated computer system that limited the ability for them to be easily copied or uploaded to a third-party site. 

sensitive:(事態・話題などが)細心の注意を要する, 微妙な

Court records in the Applied Materials case indicate that the alleged conspirators ran into a roadblock when the company suddenly disabled users' abilities to download information from company computers onto flash drives. This could be an indication that someone had gotten wind of the scheme, or perhaps it was just a routine IT administrative change. 

get wind of:〔計略・気配・うわさなど〕をかぎつける

But aside from technical countermeasures such as disabling USB ports or prohibiting access to virtual private networks outside the company, nontechnical approaches can be used to mitigate the insider threat. Perhaps the simplest countermeasure — and one that is often overlooked — is employee education. Co-workers, managers, subordinates and others who are trained in what to look for are often in the best position to notice changes in a fellow employee's behavior that might indicate a brewing problem. 

brewing:There's trouble brewing between them. 彼らの間にもめごとが起こりかけている.

But beyond teaching them how to watch for signs of industrial espionage, employees and managers must also be trained to understand the nature of the threat as well as the types of information considered critical and why protecting it is important. Finally, employees must get the message that industrial espionage is not just a problem for other people to worry about, but that it represents a threat to their employer's future (and their jobs) and that they are the first line of defense. In the end, after all, insider threats are a problem that must be addressed holistically, not just by corporate security, the information technology team or the legal department. 


Indeed, just as in a successful campaign to prevent workplace violence, all parts of a company must work together to combat the industrial espionage threat, and company leadership must ensure that the corporate culture encourages and empowers employees to report suspicions and provides them with an avenue to do so. 

explore [pursue] another [every possible] avenue:別の[あらゆる]方法を探る[追求する]

Scott Stewart supervises Stratfor's analysis of terrorism and security issues. Before joining Stratfor, he was a special agent with the U.S. State Department for 10 years and was involved in hundreds of terrorism investigations. 

アメリカでは企業機密が盗まれることが多く起こっている。Applied Materialsのケースでは経営者レベルの人達が企業の機密を盗んで、別の会社を起こそうとしていた。こうしたケースをどのように阻止するのかは簡単ではない。手っ取り早く最良の方法は社員を教育することだ。そうすることによって、問題を社員の中から指摘させることが可能となる。後は従業員が今までとは違った行動で情報にアクセスしてきたら、それを把握する仕組みも考えられる。


swingby_blog at 08:54コメント(0) 


  情報を記憶: 評価:  顔   星



海野 恵一



Swingby 最新イベント情報
海野塾のイベントはFacebookのTeamSwingbyを参照ください。 またスウィングバイは以下のところに引っ越しました。 スウィングバイ株式会社 〒108-0023 東京都港区芝浦4丁目2−22東京ベイビュウ803号 Tel: 080-9558-4352 Fax: 03-3452-6690 E-mail: clyde.unno@swingby.jp Facebook: https://www.facebook.com/clyde.unno 海野塾: https://www.facebook.com TeamSwingby

Recent Comments
  • 今日:
  • 累計:


社長ブログ ブログランキングへ