Espionage Incident Management

Incident Management Guidelines

Espionage can be conducted by individuals, groups, or governments in order to gain commercially sensitive information. Espionage can take many forms, either covert or overt, and can have significant impacts on a company, especially during a tendering phase of a business pursuit. Espionage can be conducted within the parameters of the law, or may be illegal. It can be geared to commercial activities, as well as operational functions.

In the event of an espionage incident occurring, the following points should be addressed:

 Action Points

1. Stand up the Incident Management and Crisis Response Teams using the SAD CHALETS system.
2. Determine what has occurred:
   • When did it happen?
   • Where did it happen?
   • Who was involved?
   • What information or materials were stolen or divulged?
   • What implications does this have to the company?
3. Secure facilities or sensitive materials to prevent further losses.
4. Take a statement from the individual reporting the event.
5. Determine whether any laws have been broken.
6. Determine who might be or is responsible:
   • Group or organization.
   • Individuals involved.
7. Determine whether persons are at physical risk following the event; stop any activity that might be compromised if persons are at risk.
8. Alert police or federal agencies if urgent in nature.
9. Provide an IMP Risk Assessment Report as soon as possible.
   
   
   
   

Domestic Terrorism or Special‐Interest Groups Incident Management

Incident Management Guidelines

Domestic terrorists or special‐interest groups may focus on companies for a variety of reasons, typically due to the nature of a business activity that falls within their area of interest. Domestic terrorist groups are generally nonviolent toward individuals (although can cause alarm and might engage in intimidation), but do often damage property and destroy materials, which in itself can present a physical risk. Such groups leverage the media as a tool to promote their causes and should be managed with care so as not to further their agendas.

In the event of a domestic terrorism incident occurring, the following points should be addressed:

 Action Points

1. Stand up the Incident Management and Crisis Response Teams using the SAD CHALETS system.
2. Secure the facility to prevent access by unauthorized personnel.
3. Alert the local police and request assistance.
4. Determine the immediate objectives of the group:
   • To steal information.
   • To sabotage materials, facilities, or equipment.
   • To illicit media attention.
   • To instigate a physical or verbal response from employees or managers.
   • To gain access to sensitive areas, or stage a sit‐in within offices or work sites.
   • To barricade or impede access to areas.
   • To intimidate, threaten, or harm employees.
   • To plant harmful or hazardous materials.
   • To conduct prank activities (i.e., disruptive in nature).
5. Do not physically touch any activists or their possessions if possible.
6. Avoid inflammatory remarks or heated discussions.
7. Ask persons to leave a premises or work site politely, and inform them of any laws or regulations they are breaking.
8. Do not discuss company activities, policies, or plans.
9. Record the group's or individual's activities using cameras or closed‐circuit TVs as part of investigation and legal response requirements.
10. Record their activities and note any risks posed to personnel, facilities, or materials.
11. Secure offices, laptops, and sensitive information if an intruder has been reported.
12. Engage other elements of the IMP if specific threats are presented (assault, intimidation, fire, damage, espionage, etc.).
13. Send regular situation reports to the Crisis Response Team.
14. Provide an IMP Risk Assessment Report as soon as possible.