News and Events

Preventing Insider Threats at Manufacturing Facilities

Oscar Villanueva
July 15, 2020

 

 

 

How to Protect Assets, Intellectual property, and Operations

 

By Oscar Villanueva

Managing Director of Security Services at R3 Continuum

 

Manufacturing facilities pose an attractive target for those seeking to commit criminal attacks against a company including sabotage, fraud, and theft of materials and/or intellectual property.  Anything of value at a manufacturing facility is at risk, and corporate complacency in having robust security countermeasures exacerbates the risk. Adding to this risk is the reality that these criminal attacks are often perpetrated by insiders.

 

Examples of insider threats and incidents include:

  • In June 2020, a court in Taiwan found three Chinese engineers guilty of stealing intellectual property from Micron Technology, a US company. The three engineers were sentenced to 4.5 to 6.5 years in prison and must pay large fines. You can read more about this case here.
  • In February 2020, Joseph Kukta, a senior manager at the Seaford, Delaware FedEx facility pled guilty for stealing parcels shipped through the company and reselling them. He is facing up to 15 years in prison. Kukta’s alleged criminal activity went on for over 10 years from 2007 to 2019. You can read more about this incident here.
  • This August 2019 Fox11 News story in Wisconsin reported on the arrest of Derrick Cherney for the alleged theft of 106,061 pounds of aluminum coil worth an estimated $200,000 from his employer, Manitowoc Tool & Manufacturing in Manitowoc County, Wisconsin. Cherney was responsible for managing raw material at the manufacturing site and coordinated delivery to various facilities.

 

What you need to know

 

While most employees, contractors, vendors, and visitors are honest and trustworthy, there will always be some willing to engage in illegal activity, and insider security vulnerabilities should be taken seriously. The most effective way to safeguard against this risk is to create an effective insider threat program to detect, prevent, mitigate, report, and resolve threats involving company insiders. Leadership support for this kind of initiative is essential to ensure the viability, effectiveness, and longevity of the program. The first steps to stand up an insider threat program include:

  • Identifying vulnerable assets. These could include intellectual property, proprietary manufacturing practices, precious metals, essential IT information and procedures, and other valuable items.
  • Ensuring buy-in from corporate leadership
  • Identifying who will own and manage the program
  • Obtaining the resources necessary to implement and run the program

 

The actual program should include at a minimum:

  • Policies and procedures – what the program covers, how it will be implemented and maintained, who will run it, and what will happen if incidents occur.
  • Training – awareness for all employees and specific training for management and those running the program.
  • Reporting methods – how issues will be reported and to whom, and what follow up will be done.
  • Testing capabilities and methods – how the program will incorporate testing program components.
  • Built in alerts – how will program administrators and management learn if there is a violation.
  • Employee and stakeholder communication – communication to all employees and stakeholders regarding the program.

 

Insider threats pose a real and present danger. Creating and implementing an insider threat program can help mitigate this risk.

 

Ensure the physical and psychological safety and security of your organization. Talk to us.

 

For security resources, behavioral health solutions and real-time front lines information, visit us at www.r3c.com, email us at info@r3c.com or call us at 866-927-0184

Oscar Villanueva

Managing Director of Security Services & Crisis Preparedness, Oscar

As a former federal security and law enforcement agent and executive, and now security consultant, Mr. Villanueva has led large scale high-performing security, law enforcement and training consulting missions and operations in several large metropolitan areas worldwide including in the U.S.A., Europe, Latin America, Asia, the Caribbean, and Africa. Oscar is bilingual in English and Spanish.

Mr. Villanueva is currently a member of ASIS International and the organization’s Crime Prevention Council. Oscar has also worked in the ASIS Professional Development Council, where he served as immediate past Chair of the Council's mentoring program. Mr. Villanueva is a Member of the Association of Threat Assessment Professionals (ATAP), and the International Association of Chiefs of Police (IACP).