Implementation of the business counterintelligence branch in enterprise
3 Co-operation between external consultancy and company execution representatives at the
organiza-tion process of counterintelligence department, practical problems and guideline solutions
The gradual implementation of the business counterintelligence struc-ture, presented in details in the previous section, assumes a very close co-operation between executive board and external consultants. The complexity of the implementation process requires from the consulta-tion company a lot of experience in counterintelligence tasks and combating espionage. First of all consultants should adapt their ac-tions to organizational culture and entity business activity.
Co-operation with executive board and top management officers is a complicated, tedious and time consuming process. Figure 3 pre-sented the basic diagram of such joint action between executive board, external consultant agency and new innovation structure of
3 Person who betrays company.
tive security branch. Hence, consultants should pay attention to some of the aspects mentioned below, from the scope of counterintelligence branch organization and management and obligation rules of the inte-grated information security system.
Figure 3. Basic diagram of the co-operation between executive management, counterintelligence branch and external consultancy agency
Source: Author’s diagram.
• Identification of intentions of the executive board, main tasks:
o Separating manager fantasies from actual information problems.
o To verify situation, that it is not a case of external experts en-tanglement in some internal competition within the company e.g.:
– with the hidden aim to get rid of certain employees, – promote specific individuals within the company,
– cover top executive own treason or incompetence and steer an attention to other employees, with a final dumping re-sponsibility allowance, or criminal investigation,
– maintain own leadership and dispose of competing individu-als or groups of interest.
o Determine what information specifically has been leaked,4 when, which way, what are the amount of losses (short-term or long- -term), if a leak continues to place, are there still active “moles”
and what are the proofs?
o Other specific questions, as in the following examples:
– whether leaking of the information is from one company sector or from many places?
– where management learns of the implicit information leak-age or employees disloyalty and their effects for entity pre-sent position as:
strengthen market position of competitors,
drop in sales in an absence of seasonality in the market conditions,
worsen of own products or services quality,
leaving key personnel,
unusual increased interest of competitors or clients in personal contact with basic business and engineering staff;
– whether phone or internet bugging was detected or other electronic surveillance attacks have been taken places?
– emergence of the secret corporate data in media release.
• Diagnosis of counterintelligence or information security problems, its basic reasons from the past and still existing sources:
o Individuals inside and outside company, o Groups of employees and groups of interest,
o Ways of external impacts from clients, suppliers, customers, in-vestors, governmental authorities and competitive enterprises, o Methods of enterprise restructuring process with the
participa-tion of other entities,
o Level of the company secret information leak,
o Lack of implicit data security and company’s information sys-tem integrity.
• Possibility of using detected leaks for information warfare to coun-teract market competitors, using specific methods as:
o Inspiration,
4 In the language of the special services it is called “the list of questions” or “the question marks.”
o Disinformation,5
o Intelligence games (operational games), o Camouflage,
o Covert operations, o Competitor stimulations,
o True and deceptive marketing strategy, o Hidden recruitment process.
• Closure methods of counterintelligence, counterespionage or in-formation security issues, using approaches such as:
o “Silent closing case,”
o Official disciplinary proceedings,
o Notice of the commission of crime to the public prosecutor's of-fice,
o Deter competitors from interference within the enterprise integrity, o Disciplining employees, suppliers, subcontractors and business
partners by:
– intelligence and espionage case study and company informa-tion counteract,
– pressure on development of the future observation counterin-telligence methods and security clearance obligation proce-dures,
– strengthening organization by releasing of disloyal employees, – exclusion of employees or degradation of individuals in the
organization structure, that knew about a leak of information or about some people disloyalty and have done nothing to prevent those situations (“better to know nothing” case).
• Implementation of continuous time complex counterintelligence system with periodic evaluation procedure (internal or external controlling).
• Valuation of company counterintelligence development prepared by an external consultancy entity, in terms of:
o Complexity and comprehensive structure of business tasks, o Company information security screening,
o Counterintelligence branch implementation steps,
o Separately of each case investigation problem and its solution, o Market competitors surveillance,
5 Disinformation methods are the key tools of inspiration process.
o Workshops and group or individual counterintelligence espio-nage training,
o Business counterespionage cases consultancy.
• Recruitment and special selection of staff for the future company counterintelligence branch.
• Efficiency measurement of the counterintelligence cell in a long term perspective:
o From the point of view of market competitors, o Internal executive board operational demands, o Realisation of the company strategies,
o Case study suggested by business intelligence practice,
o Protection against business, economics, technological and po-litical espionage.
Figure 4. Business counterintelligence impact channels on the enterprise management structure
Source: Author’s diagram.
Information flows between counterintelligence branch and strate-gic, operational and tactical management can be segregated according to the type of sufficient knowledge, which categorization is describing by popular sentences in the secret services terminology: “nice to know,” “need to know” and “right to know” (Fig. 4).