The threat of hackers insidiously invading corporate computer systems to steal proprietary information or, even worse, to cause a disaster is getting a lot of attention — and for good reason. The 2010 Stuxnet malware attack on process control systems dramatically pointed up the peril. Companies must address their vulnerabilities and implement a strong and enduring cyber security program (see: "Build Better Cyber Security").
Many cyber-security breaches stem from the actions not of some malevolent outsider but of a company's own staff, as "Protect Your Plant," stresses. Typically, these are innocent or inadvertent lapses rather than malicious or avaricious acts.
However, employee greed is a threat. And the risk extends beyond proprietary information stored on computers to trade secrets that experienced technologists on staff know or can access.
Chemical companies spend enormous sums to develop know-how and technology to gain market advantage. Unfortunately, unscrupulous competitors won't hesitate to try to steal such information. Sometimes, it's through subterfuge, such as by enticing someone (perhaps via a head hunter) to interview for a job while really aiming to use the meeting to delve for proprietary information from the person's current employer. Other times, a felonious firm will pay well for trade secrets.
Trade secret theft is a problem for our industry, as two recent events illustrate.
In December, a federal judge in Indianapolis sentenced Kexue Huang, a Chinese national and former researcher for Dow AgroSciences and Cargill, to 87 months in prison. He had been charged under the Economic Espionage Act, which was enacted in 1996.
Huang worked for Dow AgroSciences in Indianapolis from 2003 to 2008. In 2005, he became a research leader in strain development for proprietary organic pesticides. He admitted that from 2007 to 2010 he delivered Dow trade secrets to individuals in China (PRC) and Germany and used the stolen materials to conduct research to benefit universities tied to the Chinese government, notes the U.S. Department of Justice. "Huang also admitted that he pursued steps to develop and produce the misappropriated Dow trade secrets in the PRC, including identifying manufacturing facilities in the PRC that would allow him to compete directly with Dow in the established organic pesticide market."
He worked as a biotechnologist for Cargill, Minneapolis, during 2008 and 2009. "Huang admitted that… he stole one of the company's trade secrets — a key component in the manufacture of a new food product."
"In his plea agreement, Huang admitted that the aggregated loss from the misappropriated trade secrets exceeds $7 million…"
"Dow AgroSciences and the FBI cooperated extensively to make this important investigation a success," notes the Justice department.
Then, in January, Wen Chyu "David" Liou was sentenced to five years in prison by a judge in Baton Rouge, La., for stealing trade secrets from Dow.
Liou, who came to the U. S. from China to go to graduate school, worked for the company from 1965 until he retired in 1992.
"While employed at Dow, Liou worked as a research scientist at the company's Plaquemine, La., facility on various aspects of the development and manufacture of Dow elastomers, including Tyrin CPE [chlorinated polyethylene]. Liou had access to trade secrets and confidential and proprietary information…" says the department.
"Liou traveled extensively throughout China to market the stolen information, and evidence introduced at the trial showed that he paid current and former Dow employees for Dow's CPE-related materials and information. In one instance, Liou bribed a then-employee at the Plaquemine facility with $50,000 in cash to provide Dow's process manual and other CPE-related information."
He also "made arrangements for a co-conspirator to travel to China to meet with representatives of a Chinese company interested in designing and building a new CPE plant," the department adds.
Dow, while a victim in both cases, probably guards proprietary information as well as any company in the chemical industry or elsewhere, for that matter. It outlines guidelines for the use and protection of company information in its corporate code of business conduct and expands on this in its information protection policies — and mandates employee training on both topics.
However, a dishonest person will ignore or try to find a way around policies and procedures. Unfortunately, there's no easy fix for this. So, firms must remain vigilant at their sites as well as in cyber space.