return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

Intellectual Property and Outsourcing Risk in India

  #

My presentation, Intellectual Property and Outsourcing Risk in India, given to GlobalAutoIndustry's "India: Leading Offshoring Center or Upcoming Manufacturing Power?" on 1 November, 2007, described India's uniqueness which separates it from other outsourcing and manufacturing regions:

  • India is unique in that risks to personnel and facilities coexist with IP risks throughout its regional supply chain.
  • Personnel and facility risk will rise over time despite prodigious efforts by the Indian security apparatus.
  • Commercial IP threat is presently more from foreign collectors and careless outsourcing in the Indian supply chain which will include outsourcing to China.
  • Indigenous commercial IP threat is largely "entrepreneurial."

Long-term readers of this weblog will not be surprised at the conclusions and their time horizons. This speaking request did, however, prompt a revisiting of previous Indian outsourcing, IP and counterterrorism projections. As an aside, I recommend frequent revisiting of projections; it's often humbling but embarrassment is preferable to an opponent's bullet:

It is my want to revisit projections and forecasts, mine and others, to look for accuracy in both substance and timing; are assumptions still accurate and if not, why not; what new players and tools have entered the market; and what has shifted. The assumptions and the development process are more interesting than the answer as too many people treat a situation in time as something fixed, instead of seeing it as a still frame in a motion picture (where the trick is to predict the next scene).

I found the Indian projections holding true and the risks rising as the target environment we've identified becomes irresistible. Consider this 30 October item on Cisco's plan to treble its manning level in India and place a third of its senior executives in its Globalisation Centre East campus in Bangalore by 2012:

The company's plan to have senior vice presidents, vice presidents, and directors, cutting across all corporate functions, in India is not aimed at cutting costs, but at nurturing talent in India, said Wim Elfrink, chief globalization officer for Cisco, who also heads the new center.

Cisco currently employs about 3,000 staff in India, which it plans to increase to 10,000 by 2010. The new center, which currently has 900 staff, is expected to grow to 3,500 staff by October next year, said Elfrink. Some of the technologies developed in India will be rolled out in other emerging economies, and also in developed countries, he added.

As prodigious as the Indian security apparatus is, I do not believe that it can scale to the growth and dispersal distribution of the target sets.

Bangalore is perhaps the prime example of a city rapidly expanding its satellite nodes to offset rampant congestion. Tyler Cowen flagged it nicely in 2004 and it has not improved:

I mean outsourcing from Bangalore, not outsourcing to Bangalore. Apparently production costs are rising out of control in a city that accounts for a third of India's software exports. The major culprit is congestion; a seven-kilometer commute can now take ninety minutes. Population has grown by a third since 1995, and the new metro and airport are badly behind schedule. Bombay has had similar problems.

The remedy? Madras (Chennai) is rising in popularity as is Calcutta, despite its propensity to elect communist governments.

The bottom line: Indian infrastructure is chaos. This economy has only a limited ability to absord outsourcing ventures. For instance it is common for current enterprises to supply their own electricity and other public services.

The presentation proceeded to encapsulate topics such as:

  • Why and how firms outsource - and where it often leaves them exposed
  • What is missing from traditional outsourcing
  • IP and outsourcing
  • Unique Indian characteristics

India's "al Qaeda" - Lashkar-e-Toiba (LeT)

Lashkar-e-Toiba (LeT), The Army of the Pure, is India's al Qaeda or Hezbollah. Were it not restrained by prodigious efforts by the Indian security apparatus, this Pakistani jihadist group would endeavor to destabilize the Indian state as its ultimate goals go beyond regaining Muslim control of Jammu and Kashmir to nothing less than reestablishing Islamic governance of India, forming a Muslim bloc with other predominantly Muslim states surrounding Pakistan.

The presentation proceeds to outline LeT's attack opportunities which I have come to call the "Two Twofers."

The two "twofers"

"Twofer" rose in American English at the close of the nineteenth century as a term for "two for the price of one" or more generally an "arrangement in which a single expense yields a dual return." LeT has recognized that India presents it with two "twofers":

In the first, LeT has recognized that attacks on outsourcers on Indian soil directly damages the Indian state and its economic capacity, while it opens the potential of striking US and European firms that would nominally be out of its reach.

In the second, what I call the "embedded twofer," an attack on a US or European data center or business process outsourcing (BPO) facility offers the potential of interrupting all the customers of the BPO/data center owner, e.g., attack a bank's data center or BPO unit and you impact all the bank's customers.

Forecasting LeT's attack progression

Extending the "twofer" concept, we forecast this attack progression (2005):

  • Personnel and symbolic targets.
  • Expat data and business process outsourcing (BPO) centers.
  • Manufacturing and development centers.

The former is almost all soft targets - gatherings of personnel. The latter two target groups can cause supply chain disruptions as well as personnel loses.

While I called the attack on the Indian Institute of Science (IISc) in Bangalore (2005) as the first iconic or symbolic target attacked by the LeT, outsourcers and their clients should not overlook LeT's 2001 suicide attack on the Indian parliament. Had it not been chance in a missed cellphone surveillance tip and two road collisions, LeT might well have decimated Parliament House and its occupants.

But far worse in my estimation was the effective failure of the western press to cover an Indian disaster that did not include large number of US/EU national casualties. I am speaking of the 2006 LeT attack on first class passenger trains in Mumbai that followed the IISc attack. More than 200 dead in an attack that was the equivalent of an assault on Manhattan or London. Indians companies must have been relieved at our appalling myopia as little or no damage control was required:

  • Mumbai Suburban Railway has highest passenger density of any urban railway system.
  • Seven bombs placed in first-class "general" compartments (some reserved for women) targeting professional classes.
  • Trains were running from Churchgate, the city-centre end of the western railway line, to the western suburbs.
  • Analogous to the Madrid and London train/tube bombings, 209 killed, over 700 injured.

The risks in India are both real and unfamiliar to many US/EU nationals. The only approach that does not carry a charge of fiduciary breach is to conduct a rigorous vulnerability assessment, then implement the appropriate risk mediation interventions for personnel, facilities, data and IP.

While the presentation can be considered an executive overview, readers are referred here for a deeper dive:

Intellectual property theft: the unspoken unknown of offshoring [ 8/11/2004 ]

India Inc. becomes another outsourcing gold rush: unwary firms get red ink [ 10/27/2004 ]

Emerging Information Technology (IT) themes in India and China [ 2/1/2005 ]

The world is flat save for the depression that we occupy: Friedman on global opportunity and competition [ 4/8/2005 ]

Commercial blindness: a "twofer" attack on the Indian state and US and European outsourcing assets [ 6/28/2005 ]

Multisourcing: belated recovery of forgotten first principles [ 10/18/2005 ]

Multisourcing: belated recovery of forgotten first principles, part 2 [ 10/20/2005 ]

Indian pipedream: "Our campuses are physically secure… The entire perimeter is guarded which we believe enable us to be fully secure" [ 1/14/2006 ]

Striking Mumbai is akin to striking financial centers such as Manhattan or London yet many in the west are oblivious [ 7/13/2006 ]

Cisco to have a fifth of its top executives in India
By 2012, India will be company's development hub and a base for technology and applications that can be deployed worldwide
By John Ribeiro
IDG News Service
October 30, 2007

At least 174 killed in Indian train blasts
Prime minister says 'terrorists' behind attacks
CNN
July 11, 2006; Posted: 10:12 p.m. EDT (02:12 GMT)

Outsourcing Bangalore
Posted by Tyler Cowen
Marginal Revolution
November 4, 2004 at 07:10 AM

Indian parliament attack 'bungled'
CNN
December 17, 2001 Posted: 3:52 AM EST (0852 GMT)

Gordon Housworth



InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  Terrorism Public  
 
In order to post a message, you must be logged in
Login
message date / author


There are no comments available.

In order to post a message, you must be logged in
Login