Tag Archives: details

Look to the big picture when protecting controlled goods

Guarding controlled goods and technologies extends beyond the obvious. A small detail that seems unimportant can lead to serious compromises.

Imagine that you are in charge of shipping a controlled item to a decommissioned military base. If the designated official has drawn up an effective security plan and you have been trained to use it, you will know not to discuss the item in emails, when speaking with unassessed persons or at conferences. You might think this is all that's required to protect the controlled goods.

But, safeguarding controlled items and technology extend beyond physical considerations. You might be out in public and someone mentions an old decommissioned military base outside of town and you say, “Oddly enough, we just shipped some items up there.” You haven’t said anything directly about controlled goods, still, agents of an unfriendly power who learn about the shipment might be able to deduce several things. They may know what types of products your company manufactures and be able to produce a short list showing likely controlled goods in question. Knowing that the item is being shipped to an abandoned base indicates activity might be restarting there. If, for instance, your company produces military grade inertial movement units (IMU) and the agents have learned that a company that manufactures high resolution cameras is shipping some kind of item to the same base, They could deduce that the base is being reactivated to support or conduct aerial espionage and bears observation. Even a single piece of information can add to a foreign power’s knowledge, such as the size of a food order being sent to the base that could indicate the number of persons who will shortly be assigned there.

Security clearances and assessments alone cannot be the only deciding factor when sharing information, even within a company, a government department or between departments. The person receiving the item or technology must have a need to know it. Those who do not need to use the goods or technology to do their job cannot be allowed to possess them. The more people who become exposed to controlled goods, the greater the possibility of a breach. The designated official must keep a list of who needs to possess each controlled goods and to make that clear to everyone  involved.