As progress continues on laying the groundwork, your company should begin identifying the CI capabilities needed for an effective CI program that is focused on protecting your company’s assets, brand, and intellectual property. The risk assessment will be an important guide during this step. The Office of the National Counterintelligence Executive (ONCIX) recommends a layered approach to acquiring CI capabilities. CI capabilities are essential to identifying and countering insider and cyber threats, which represent the two most challenging threats to U.S. corporate assets. The following are six primary capabilities that should be considered when determining the size and scope of the CI program your company requires:
Corporate CI Program Capabilities
1. Threat Awareness & Training
New employee orientations and continual refresher training can equip the workforce with the skills needed to understand who your company’s adversaries are, identify threats, and follow reporting procedures for suspicious activities. A highly trained and aware workforce is key to the early detection of potential threats. Companies should utilize a CI-specific non-disclosure agreement before divulging their threat and vulnerabilities.
2. Analysis, Reporting & Response
An analysis, reporting, and response capability can integrate resources and information from across relevant corporate elements (CI, security, IA, HR, general counsel) and provide assessments and warning on data that may be indicative of a threat. Mature CI programs will also want to incorporate risk assessments related to sensitive acquisitions into this analytic and reporting process.
3. Suspicious Activity Reporting
Defining, training the workforce, and developing company reporting policies on suspicious activities that are deemed inappropriate or potentially threatening could provide an effective “early warning system” of potential threats to your employees or company.
4. CI Audit
A CI audit capability would enable your company to monitor user activity on corporate IT systems. This would help to identify anomalous behavior, deter the theft or unauthorized use of company information, and protect the company from network intrusions.
5. CI Investigations
Companies with more advanced corporate CI programs may wish to augment their ability to conduct security investigations with a capability to perform preliminary CI investigations that are consistent with the law.
Companies should consider establishing or continue strengthening liaison relationships with US Government law enforcement and Intelligence Community agencies, to facilitate the flow of intelligence reporting, investigations, referrals, and training opportunities.