It's shocking how far some of these eco-terrorists go in their efforts against research, which is one of the largest areas of concern for physical security practitioners. Attacks and harassment are carried out against not only researchers, but the institutions that host them, support agencies and even companies that do business with researchers. I hear a lot of activists say that they are being lumped into the terrorism label - especially after 9-11 to demonize their work. They say that the "greedy - soul-less researchers and corporations "are trying to paint them as hijackers, or suicide bombers when they are really just animal lovers who want to fight for creatures who can't fight for themselves. Some activists even try to say that they are being treated like the government treated actors, artists, musicians and other folks during the red scare of the 1940's-50's (I've seen them even spin it like it's a war against the "green" movement).
This topic in itself is the topic of books - large books - and many people much smarter than me have tackled it in numerous formats. I'm not trying to get into anything like that - just draw some attention to how careful we need to be protecting research, researchers, facilities and equipment. Also - to get people thinking about how many people consider this a war. And in any war - aside from the fighting and psychological maneuvers - there is usually a large, dark and ambiguous intelligence gathering component going on behind the scenes.
That's right - Wherever there's information that can be considered valuable (of monetary, logistical or strategic value) there are folks that will try to get that information. And believe me - there is no shortage of skilled operators out there who used to deal in that kind of information gathering for the government. In fact, our most productive breading ground for intelligence gatherers is from our good old Uncle Sam. And although they were trained to get information, protect information and deal in information that holds a life-and-death value - they can apply the same tactics to information that could be sold - or used by activists, or by groups trying to protect against activists. There is a large scale world power intelligence war out there carried out by nations, affiliated religious groups an political parties but there is also a parallel intelligence war going on in the corporate and educational world.
A recent article published in Mother Jones details the exploits of the failed security firm BBI (Beckett Brown International ). Yes - Mother Jones is a very liberal source but it's a very interesting article nonetheless. There are some pretty good details listed - but basically this firm made up of ex-government, and ex-law enforcement agents launched operations to gather information on "Green Groups". The client list for BBI is very robust and includes some of the heaviest hitting corporations in America. All of them - concerned about the activity and actions of activist groups, plus the harm they can cause to people, property and business. I'm not stupid - I know that the harm to business is sometimes the largest motivator - but from a security professional's point of view they are all the same. Now there is a lot of talk about BBI's dumpster diving tactics and intelligence gathering methods - but the fact is - the same tactics are used by everyone looking to get that kind of information. We all know it - employees are not careful about what they throw away, what they write on notepads, what they say to people out in public, what they have on their laptop/smart-phone -etc.. etc.. I've seen cases where the activists engage in much more brazen acts of intelligence gathering - and they are also known to insert their own undercover operatives to gain information.
So - my points:
- Eco-terrorism is real, it's a threat, and it needs to be considered and planed for accordingly - same goes for home grown terrorists.
- These "home grown" activists/terrorists are sometimes even more dangerous because they have no criminal history, no overt affiliations, and can be wildly unpredictable.
- Industrial and corporate espionage is also real, and you should ensure your information security policies/practices protect against it.
- You have to find a good way to address these topics with your administration or clients. It's hard to believe that the information on that new network engineer's laptop is worth a ton of money to the company down the street - but it may be - and someone may want it.
- You don't want to be an alarmist but you do want to educate the decision makers about real risks.
- Most companies have information security policies, but they center around personal private information - not sensitive information. It's a good idea to launch a sensitive information protection program to identify, and develop methods to protect it.
- And at least consider what kind of damage or harm an activist could do when you're performing assessments. Make sure that activism and corporate espionage is a part of your standard assessment process.
