The security week that was: 07/17/09

Global terrorism and U.S. multinational companies

This morning in Jakarta, Indonesia, bombs exploded at two hotels owned by U.S. hotel chains -- the Ritz-Carlton and the J.W. Marriott. Lives were lost, and the injured are believed to include Americans. From early reports, it seems that the hotels were hit by suicide bombers. The bombings followed very shortly after the reelection of Indonesia's president Susilo Bambang Yudhoyono was announced. It's unclear if the events were related.

I'm reminded of the keynote presentation made by General Electric CSO Frank Taylor, who noted that "terrorism targeting U.S.-based multinational corporations" is one of the greatest concerns he has. During that keynote, Taylor specifically mentioned that U.S.-owned hotel chains fit that profile. It's hard to say exactly what the motivation to attack those hotels was (and we may never know, since it appears the bombers died in the blasts), but security departments should heed Taylor's words when he says, "In our business, things we couldn't even image, do happen." (See our previous article on Taylor's address).

Save that coffee mug with the NBFAA logo
It could soon be a piece of historical memorabilia

It's not the first time, but maybe this time will be the actual turning point. The National Burglar and Fire Alarm Association (NBFAA) is considering once again to change its name. At a meeting of associate members in June, the organization stressed that the association's members were much more than "alarm" companies and that they were diversified into areas like access control and video surveillance. The name change idea really isn't new for the organization, which has been considering shedding its "alarm" image for a few years. In 2006, the association looked at changing the organization's name to the Electronic Life Safety & Systems Association (ELSSA), a move which was approved by the board of directors, but which wasn't approved by the association's general membership.

They're at it again; this time the proposed name is the Electronic Security Association (ESA), which has been approved by the board of directors but which still faces the general membership vote. In 2006, the membership was only 13 votes shy of a name change (the bylaws require a two-thirds majority vote for any bylaw change), so it's pretty likely this name change may pass this time around. However, as one reader astutely commented on, the name ESA is quite similar to its competitive organization, the National Electronic Security Alliance (NESA), and may lead to some confusion.

As an associate member of the NBFAA, I have to say that I think it probably is time to change the name to reflect the nature of today's members' businesses. I do agree that the ESA/NESA thing can be (very) confusing, and I find it odd that "National" isn't part of the name given the history of the NBFAA and the state-chapter efforts to retain and recruit state organization. In the end, no name is going to be perfect by everyone's opinion, but it's time to make a change.

Dirty security stories from inside the business world
Espionage and bribery, factory take-overs, hotlines and more

It must be a nightmare for the company’s security director; four employees of the Rio Tinto mining company (quite the giant in the mining industry) are being detained by Chinese authorities, who allege that the employees were involved in bribery for inside information on the Chinese steel and ore business.

At the same time, it’s pretty clear that China is no saint when it comes to espionage. Dongfan Chung was convicted by a U.S. federal court of economic espionage. He is said to have used his position as an employee of Boeing Corporation to spy on and obtain information about U.S. space and rocket programs. He was 73 years old.

This next story is a business security scare of a different sort. Rexam, a healthcare products company with operations in the U.S. but based in London, alleges in a suit that a husband-and-wife team from Mexico were misappropriating the company’s plant and using the plant to produce products for their own medical products company. The suit also alleges embezzling and use of proprietary information as well. How did Rexam find out? The tip came in from an anonymous call to the company's hotline. I find it pretty amazing that something of this nature only came to light from a hotline call, but better that it was discovered that way than not all.

If the Rexam story doesn't already validate why you should be operating an employee hotline, with options for anonymous tips, then a report from the journal "Ethikos" may convince you. The journal reported that anonymous calls to hotlines aren't any less valuable than the business ethics hotline calls when the caller is named. The concern was simply that anonymity might encourage callers to make false allegations or frivolous complaints, but the journal reports that the anonymous calls were no less substantiated than their "known" counterparts.