Corporate America is facing economic challenges that are without precedent. Although many factors are contributing to this situation, none are as dramatic as the growing competition in the global marketplace. Joint ventures with international competitors have become a way of life. Although these alliances often provide the capital and the labor rates necessary to compete in an international marketplace, they are not without danger. They have the potential to provide short term gains while simultaneously providing the tools that could ultimately jeopardize the survival of the corporation. Failure to balance the need for profits with the necessity of maintaining a competitive edge could (in the long run) be disastrous. For economic survival, corporate America must learn to "walk the tightrope."

In an article in USA TODAY (March 12, 1992) titled "'Buy America' debate: Jobs vs. Control," Harvard economist Robert Reich was quoted as saying "Borders are disappearing economically." The article continued with the on-going debate about what we need - good paying jobs or American control? Is it better to have good paying jobs in this country regardless of whether the firm is American or foreign owned, or is American control more important regardless of where the jobs are? There are no easy answers to this dilemma as there are no easy answers to what actually constitutes an "American product". I would like to suggest that good paying jobs within the U.S. are critical to the nation's immediate well-being. However, at the same time, "control" is the element that is absolutely essential to long term corporate survival. It is the "control" factor that allows the American Corporation to maintain the edge.

Competition in the global marketplace is a reality and will continue to grow. In 1979, I wrote in Industrial Security Issues in the 1990's that "The corporate community of today exists in an environment that is changing at an unprecedented rate." At that time, I had no idea of the magnitude or rapidity with which these changes would occur. These changes will force most American corporations to enter into alliances with their foreign competitors. These alliances will not only give them the capital required to compete on an international scale, but will give them access to labor rates that will permit them to remain competitive. These advantages are positive, but there is a flip side that should not be ignored.

We must never forget that in joint ventures, our partners, foreign or domestic, will continue to be our competitors. A short time ago the threat was clearly defined. We recognized and accepted the "hostile intelligence ' threat. We all knew who the "bad guys" were, and we assumed the rest were "good guys". It was a relatively simple and uncomplicated world. Although we have always had teaming agreements between U.S. firms, and were often partners, and competitors at the same time, similarities made it easier. Even with the complexities of these agreements, we shared an inherent advantage. We were a common culture, adhered to the same laws, shared common beliefs and ethics, and basically played by the same set of rules.

But, the world has changed. The "hostile" threat has changed to the foreign threat and now includes our "friends". The reality of this threat has been documented time and time again. It has been reported that the French have used black bag jobs, personnel penetrations, and a heavy reliance on technical intelligence. Recently, a government agency threat advisory warned business travelers to avoid Air France. An article in the Houston Post, March 6, 1992 titled -Should U. S. Spy on Foreign Businesses?" stated that "American businesses are being hurt by the spy machines of foreign governments..." It continued with "The French do it. The Japanese and Israelis to <sic> it. So do the Germans." The February 1992 issue (Vol. 7, No. 7) of the NSI Advisory (a National Security Institute publication) provides another insight into what could be the source of future threats. In an article titled "Japan to Expand Intelligence Network," it is noted that "Japan currently has one of the world's most sophisticated economic intelligence organizations, but the intelligence network is not run by the government. Rather, it is linked closely with businesses and trading companies." If non-government intelligence is the wave of the future land I believe it is), American corporations must get on the bandwagon before it leaves the gate.

Although the threats to U.S. corporations are becoming more pervasive and are growing, the risks inherent in joint ventures and alliances are real. We can't forget that corporations are in business to make money. As noted in the "Opinion" column of the January 23, 1992, issue of Washington Technology, George Millburn was quoted as saying "It is no longer sufficient to decide not to compete in the global market...lt is no longer possible for a manufacturer to ignore the challenge...the local company either competes or closes." Cash flow is the lifeblood that keeps corporations in business. Without it they perish. However, in the long run they must also have a competitive edge. The " edge" is that technology, process, or procedure that sets them apart from their competitors. An edge isn't static, but must constantly be advanced to retain the advantage over the competition. The possessors must constantly guard, and protect their edge until their product or service is introduced into the market. They must continue to advance their edge, or lose their position and advantage in the market.

The growing seriousness of this situation was clearly stated in an article in the June 14, 1992, issue of the Chicago Tribune which was titled "U.S. Falls Behind in the Battle to Compete." It read in part "Though America is still savoring its ideological victory in the Cold War, the nation is already engaged in a more fundamental contest... It is, for the most part, a silent war, waged without official declaration and with little acknowledgement. Yet unlike traditional conflict, every American - know it or not, like it or not - is a soldier in it. It is a war of economic survival...and we are losing." This war, that we are losing, is hitting us where it hurts, in our National Economy, in the stability of Corporate America, and in our individual pocketbooks.

Although, there is a growing acceptance of the economic challenge facing the National and Corporate America. The importance of this challenge should not be minimized or taken lightly. The previously cited Houston Post article of March 6. 1992, contained a very telling statement for the future "...the status of being a world power seems to be changing from one which claims military might to one which has economic dominance..." Neither the American corporate world nor the Nation can ignore the fact that we are in a global economy. In order to survive, we must compete on an international basis. Although the reality of the threat is growing, industry continues to have a rather unique perception. They continue to focus their emphasis on the internal threats (which are also getting more serious), and tend to ignore, or accept, the reality of external threats.

The American personality is reflected in corporate America in that we tend to close our eyes to the unpleasant and would like to believe that everything is on the up and up. We would like to think that ethical behavior is a common global trait ingrained in all of our business associates. The thought of people cheating or really eavesdropping on our private affairs may be repulsive, but it happens all too often. Gentlemen do read other gentlemen's mail. Unfortunately, as Americans, we are also brought up to believe it is a near Cardinal Sin to copy someone else's work. But as we know from some bad experiences, this belief is not shared by our "friends" around the world. As a result, this creates one of the major dangers in joint ventures. Our tendency is to refuse to fully accept the threat posed by our "partners" in joint ventures. We should never forget the reality that it is much more economical to steal an idea than to develop it. It is absolutely essential that all of us carry this message to our management and convince them of the serious nature of the "foreign" threat. It is not the simple old world of good guys and bad guys anymore. To survive in the new economic war, we must look at every competitor (especially our partners) as potential threats.

Before we go too far, especially with our concern for technology, there are a couple of points that need to be clarified. We have a tendency to think of technology in terms of nuts and bolts, and the transfer of technology as with a widget or some other physical object, such as a piece of paper, that we can actually see and touch. But, technology is so much more. It includes those intangibles we often think of as processes, procedures, manufacturing and production techniques, and plain old fashioned "American know-how." It is that secret ingredient that gives us "the edge" over our competitor, and it (technology) can be transferred physically, orally, or visually.

American corporations will have to have joint ventures to compete in the global marketplace. It will provide them with the necessary financial base, and access to the expanded and labor resources required to compete globally. Although we should never forget that profits are the lifeblood and are critical to survival, we must never lose sight of the dangers of becoming partners with our competitors. We must find a way to achieve the balance required to earn profits, while maintaining an "edge" required for long term survival.

Somehow, we must find a way to achieve a balance between "Ferrill's Two Laws of Business Survival."

Ferrill's First Law: Profit - If you don't make money, you are out of business.

Ferrill's Second Law: Edge - Without a competitive edge, you are going out of business.

Well how can we gain the knowledge and skill to maintain this delicate balance? Considering the focus of this journal, and my background, the answer should be apparent. We must learn to adapt the processes and methodologies of OPSEC to the industrial sector which operates in the realm of joint ventures, both foreign and domestic. We must do this in an informed manner with full consideration of the basics of a typical industrial OPSEC Program.

First of all, what is Operations Security (OPSEC)? It has often been described as a common sense way of doing business. However:

"Unfortunately, common sense is not so common." -- Benjamin Franklin

Other people have compared the OPSEC process to collecting bits and pieces of information, and then putting them together to solve a puzzle. From the perspective of an analyst. this is a basic concept. From a protection viewpoint. we are trying to hide the key pieces of the puzzle from a competitor to prevent them from gaining access to our "critical information" which may be revealed by solving the puzzle. The concepts of "common sense," "bits and pieces," and numerous other clever definitions of OPSEC will be bantered around for years. For this article, I have elected to define Industrial OPSEC as noted below:

OPSEC is a process that provides a competitive advantage by denying competitors access to your CRITICAL INFORMATION.

The obvious question is what is "critical information?' Discussions attempting to define critical information are as heated and varied as those defining OPSEC itself. In the corporate world it may be called Sensitive or Private. It is often treated as Proprietary Information, but ultimately it is Intellectual Property. It is a corporate asset and it has value. It is the "secret' element that gives a corporation its competitive edge. Although, it is not classified in the traditional sense, it must be clearly demonstrated that the corporation has implemented protective measures, if the corporation intends to maintain its legal rights to the information, or process. The label we put on it could be argued beyond reason, and we could go into elaborate analyses of the components and merits of numerous definitions. However, in the industrial environment I don't believe they are warranted. There are numerous formal definitions in the Corporate World. But in almost all cases. there are two key elements that they all share. The first deals directly with fiscal considerations [money), and the second deals directly with image which ultimately focuses on our first consideration "money." Remember in the corporate world of business it always comes back to the bottom line. As noted in Ferrill's First Law: "Profit -If you don's make money you are out of business." In reality, definition and identification of Critical Information in the corporate world is relatively simple in comparison to other environments, since there are basically two questions to be asked.

The first question to ask is - -If a competitor gains access to the information, will it impact your competitive advantage?" Then you ask - "Would unauthorized release damage your public image?"

If the answer to either of the questions is yes, and management's "Best Business Judgment" does not find it an acceptable business risk, then it is Critical Information. Identification and marking of the information, or property, to clearly identify it as corporate "secrets" is always warranted. But, the need to implement additional protective measures must consider other factors. The existing or potential threat to the information: the existence of identified vulnerabilities: and finally an assessment of the resources required to provide protection in relation to its potential value.

"Innocent" conversations are one of the major causes of inadvertent disclosure of critical information. The cause can be traced directly back to a poor security awareness program and lack of internal communications. "Professional pride" is the second major cause of disclosure. It happens when you brag to associates or a new acquaintance at a conference or seminar, or even worse by electronic media such as an electronic bulletin board. Then there are "joint ventures." If not well thought out and documented, they can be disastrous when your associate becomes your primary competitor. Finally, there is the "Bad guy" and they do exist. The risks from loss can be minimized with an effective security awareness, and OPSEC programs.

But there are a number of other complications in the corporate world. Individual components often operate as separate profit centers. The result is a great deal of autonomy and an absence of strong direction that is common in many government organizations. The degree of autonomy still surprises me, and I have been in the private sector for over two decades. The significance of this characteristic becomes important when you need to identify management or the person with the "gold."

The motivation within a corporation is a true dichotomy. If their corporation is to stay alive, it must have continuous transfusions of the lifeblood called earnings. In order to gain these needed earnings it must successfully market its products or services. In the global marketplace of today, it is probably true that the corporation had to enter into a joint venture to gain this competitive position. Once again we find ourselves in partnership with our rivals. Even with profits flowing into the coffers, failure to maintain the competitive edge will ultimately result in the death of the corporation. In addition to the flat organizational structure with its high degree of autonomy, and this motivational dichotomy, we must keep in mind the short span of attention when earnings are involved. When profits fall or you lose your competitive edge, past performance is quickly forgotten. The transfusions of profits must be frequent, or the patient may fall critically ill.

Many of us believe that OPSEC can provide the balance pole to maintain the delicate balance between profitability and a competitive edge. It will (with fiscal responsibility, quality, and customer satisfaction) maintain a level of attention by avoiding losses of "profits" or ' the edge. " But before we can sell an OPSEC Program we must overcome the perception of threat. All of the media coverage, published articles, and congressional hearings on this subject should do the trick. But if you have a problem, remember one simple truism. The costs and time required to develop a technology that will make a product or service competitive is truly enormous. Despite the American trait to think good of everyone, it is quite obvious that it is easier to steal a product than to develop one. Now that you understand the characteristics of the corporation. and you have your management accepting the threat, what next? You use the "Building Block Concept" to sell your OPSEC Program.

A full explanation of this concept warrants a separate discussion of its own. But I will provide an overview and highlight the three major steps of this concept. The cornerstone of establishing an OPSEC Program is to get support from your top management. This will not be the most difficult step in establishing your program, but it is the key to getting started. Just remember the Golden Rule, "he who has the gold (your management) rules. " If you fail to put this cornerstone in place, you'll never get your program off the ground. The way to sell your program is to show how it can be implemented without an undue impact to operations, and without a large expenditure of resources. Depending on your organization's commitment to TQM, you can even suggest that OPSEC can be overlaid on existing committees. A real key in selling your OPSEC is not "just another security program." They must understand that it is an analytical process that examines your operation or program to see how it is actually being conducted and determine where information may be lost. The corrective measures are usually changes in procedures or patterns of operations. It is not a set of recommendations for physical systems requiring huge expenditures of funds.

Well, enough on laying the cornerstone. Now to the really hard block to put into place. The second block in your foundation involves the operations and security personnel who will play a major role in the establishment of your OPSEC program. Both the operations and security personnel will perceive your efforts as an attempt to build an empire which will be a threat to their domains. You will be seen as an invader because you are a threat to their domains. You will be seen as an invader because you are a threat to the "status quo." After all you are suggesting a change in their system. Since you will be considered an outsider, it is natural they may view your efforts as meddling. It is extremely important at this point of time that you do not permit yourself to be drawn into a confrontation. You must find ways to form alliances. Identify something they need and help them get it. Make their needs your needs. You must find ways to break down the silos of resistance. Success in implementing the program hinges on your efforts at putting this block in place. It must become their program. You must give them "ownership!"

The hard part is over, but now you have to provide your program with direction, purpose, and continuity. The final block will meet these needs. It can also provide your program visibility and long term support. The label I have arbitrarily chosen for this group is "Steering Committee." Regardless of the label you choose, this will be the rudder for your activities. You can probably improve the chances for success with your OPSEC Program, if you are really clever in forming the group. Since you have given ownership to the people that will play a leading role in implementing it, careful selection of members can pay big dividends. If you anticipate resistance from a particular individual, try to get them appointed to the committee. You will find that these individuals, when made owners, will do what it takes to make the program a big success. They may also provide an unbiased viewpoint and some very innovative approaches and solutions to problems identified during analyses or surveys. In order to ensure the highest degree of visibility, which is a key to continuing support, make sure that all major elements of your organization are on the committee and share a sense of involvement. Publicize your successes and give recognition for contributions made by individuals or groups. Always remember two key items that will ensure the continuing success of your OPSEC Program. First, you must give ownership of the program to those who support its implementation. Second, you must keep management apprised of the contributions being made by the OPSEC Program.

The economic challenges facing Corporate America are without precedent. We have entered an era where corporations must compete in the global marketplace or be left behind. In this environment, we will see more and more joint ventures. It will become a common business practice. Although the opportunities for increased revenues will be great, an underlying danger will persist. While earnings are the lifeblood of the corporation, the "edge" must be maintained if we are to achieve long term survival. Maintaining this delicate balance is truly akin to "Walking a Tightrope." In 1978, I noted, Industrial Security Issues of the 1990's, in a discussion of the changing global market that "...becoming more and more competitive will create a corresponding need for new methods, techniques, and system to provide adequate information protection." Today I see this need as the one that must balance earnings and the "edge. " I personally believe the process and methodology we call OPSEC can, and should be used to maintain this delicate balance.