return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Intellectual Property Theft Public ]

Multisourcing: belated recovery of forgotten first principles, part 2


Part 1

For those of us that come from a background of a Counterterrorism (CT) and Counterintelligence (CI) threat analysis, a Governance Model that Gartner belatedly embraces is the essence of effective performance definition, and the Design Basis Threat (DBT) becomes an integral, inseparable part of that governance model as the mechanism that informs the Command or Senior management of the types of threats it may face over time and allows them to define the threats that are in or out of scope, the level of deflection or defense that will be committed to each threat, and the cost for that level of deflection or defense. The commercial side could learn much the military in essential risk management starting with Field Manual FM 100-14, Risk Management, which is the commander's principal risk reduction process to identify and control hazards and make informed decisions:

  • Identify hazards
  • Assess hazards
  • Develop controls and make risk decisions
  • Implement controls
  • Supervise and evaluate

The discriminator in DBT design is that almost all conventional DBTs are a scenario-based risk process instead of a rigorous procedural analysis that:

  • Defines risk management objectives under an integrated Command vision
  • Balances efficiency vs. security
  • Provides exportable and testable guidelines
  • Mandates periodic review under changing threats

The false complacency that scenarios instill is so great that I am compelled to beat the drum one more time:

Scenario-based responses are dangerously omissive, driving clients to extraordinary cost and diversion, often without merit, but is prevalent in part because it is simple. It requires no procedural rigor or grounding in fact, only the ability to ask "What if?" endlessly, yet is virtually ineffective for deferring, deflecting, or interdicting an adversary's preparation.

Witness the events of the July 2005 mass transit bombings in London where the UK had had a thirty-year history of dealing with a variety of terrorist attacks and bombings, the "scenario" and "lessons learned" from the earlier transit attacks in Madrid, Spain, were well-known, yet proved little benefit to the British in interdicting the London attacks of July 2005.

Scenario-spinning has no logical end and provides no threat assessment, vulnerability assessment, or risk assessment that would normally be enshrined in a firm's Governance Model.

Scenarios were an Army staple until the terrorist truck bomb attack along the northern perimeter of Khobar Towers, Dhahran, Saudi Arabia, on June 25, 1996. (Khobar Towers was a facility housing U.S. and allied forces supporting Operation SOUTHERN WATCH, coalition air operations over Iraq.) The report by Wayne A. Downing, General, U.S. Army (Retired) which has become known as the Downing Report (Introductory Letter, Preface and Report), reinvigorated the uphill effort to substitute procedurally consistent threat and vulnerability analyses in place of scenario generation.

Without guiding bounds, scenarios proliferate endlessly, often crippling most well-intended, protective efforts (paralysis by analysis). Defenders must define a coherent view of their risk tolerance before they can craft a response strategy that can reasonably and consistently respond to the threats on offer.

Risk Management
FM 100-14
Field Manual Headquarters
No. 100- 14 Department of the Army
Washington, DC, 23 April 1998

Report to the President and Congress on the Protection of U.S. Forces Deployed Abroad
ANNEX A - The Downing Investigation Report
Downing Assessment Task Force
NMCC Room 2C890, The Pentagon
Washington, DC 20310
August 30, 1996
Annex A consists of following three documents:
The Introductory Letter - A two page letter from Downing.
The Preface
The Report - 68 pages of text and tables.

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Multisourcing: belated recovery of forgotten first principles


Having long held that "insultants" outnumber consultants, and mindful that certain consultancies prey upon the short attention spans of their clients even as certain clients use their consultant's opinions as 'security blanket' surrogates for omissive decision making, I am displeased that the consulting community has ridden the outsourcing pony for years and only now is actively turning on the outsourcing concept as its political and structural impacts are becoming increasingly obvious. In point of fact, the consulting community is beginning to issue a new prescription for a disease which they themselves helped to construct.

I would like to offer a realistic assessment of why and how firms outsource. Firms almost universally devolve the problem to a divisional or unit level, thus the means, omissions and results that are achieved will vary on a case-by-case basis. The upshot is that the same problem is solved in differing ways, as a colleague said, "to avoid some organizational consequence" such as cost savings, headcount reductions (which can be to protect existing staff or to get credit for any reduction), functionality (that is missing, failing or inconvenient), or at the personal level, a positive annual personnel rating (which may be measured against suboptimizing criteria). What is missing is a decision making framework that integrates global and national aspects of need, technology, business considerations, risks, scope, duration, cost implications and ultimately solutions (there is always more than one solution, depending upon the desired outcomes and the bounds of monies, mindshare, and timing available).

I am displeased that Gartner's Linda Cohen is now leading the charge to "stop outsourcing now" and is conveniently substituting 'multisourcing' in its place, which is nothing more than a return to first principles, to what outsourcing should have been in first instance.

Only now does Gartner say that "Most organizations are utilizing ad hoc approaches to outsourcing that are both short-sighted and ineffective. Successful outsourcing requires a new operational model - multisourcing - that seamlessly blends internally and externally delivered services, not just to cut costs or gain efficiencies, but to maximize growth, agility and bottom-line results."

Yes, Gartner has been honing this multisourcing idea for a while.  Gartner was flagging multisourcing in early 2003 even as it noted that "IT outsourcing has been a rare bright spot in a gloomy technology spending climate." By late 2004, Gartner was finally noting that industry needed a sourcing strategy that assesses a firm's "cultural, financial, contractual and statutory factors [so as to] be capable of fulfilling business objectives for the long term"... that "multi-sourcing is the "new normal"; senior executive involvement is gained and retained; and governance is regarded as a core competency." By mid 2005, they were noting that firms needed to "replace or retrain the executives responsible for managing outsourcing."

One has to ask, where were they back then, over the past decade, and did they, in effect, train those they now recommend for redundancy? Sun's Scott McNealy was already using multisourcing by Aug 2002.

"Outsourcing" should have been 'multisourcing" from the onset. Gartner is calling multisourcing a "new terrain" for outsourcing, but I agree with Farber that it is "more accurately a rational, common sense terrain" and one that should have been pressed years earlier. Gartner's eight "pervasive myths" and eight "outsourcing maladies" were predictable at the dawn of outsourcing.

Worse, neither Gartner or Forrester address the implications of essential information security and Intellectual Property (IP) security components both here and abroad. Protection of IP on the "sell side" of manufacturing must be matched on the "buy side" of consulting and outsourcing services. Rules applicable to outsourcing apply equally to manufacturing and the manufacturing supply chain, yet they are handled in isolation thereby creating more opportunities for corporate inefficiency and hemorrhage of IP. See Outsourcing obscured by distortion and fog.


There are small ways to venture outside accepted norms in estimating outsourcing impacts and designing new work rule streamlining. We recommended that Northwest Airlines' streamlining of work rules (job redesign) and outsourcing was applicable to the business continuity interests of clients in other sectors with regards to their core labor unions in both outsourcing and manufacturing operations. We recommended that they put Northwest on their watch list for continuous examination so as to produce an AAR (After Action Report) for lessons learned by Northwest (NWA) and their applicability to each client's condition, i.e., assemble a cross-functional 'war room' to track and model Northwest actions against the client's situation, in effect gaming the NWA effort internally.

[History: I remember the 1998 UAW strike (here and here) against General Motors who then secretly trucked out stamping dies out of Flint, MI, to Mansfield, OH, to preserve production of profitable truck and SUV models, the resulting labor storm and production interruption that closed 27 of GM's 29 assembly plants and laid off some 200,000 of its work force, cost GM $2.2 billion, and then GM effectively folding after 53 days without gain. Remembering that GM's approach seemed mad, I thought that a Northwest approach is a workable means to plan-in-advance for a restructuring and use the inevitable strike as an opportunity to readjust without significant business interruption. (It has long been my opinion that the relatively buoyant automotive labor market was an anomaly due to pent-up demand after WW II and was (is) unsustainable, no matter what labor management wants for its aging members. Yes, management and engineering are going to have to design better, more desirable product, but labor must cooperatively work to produce it at most efficient cost. Yes, union membership might not/would not grow as much but I think that there would be more continuity and stability for those at work. Your mileage may vary.)]

Part 2

Gartner: Stop outsourcing now
Posted by Dan Farber @ 10:03 am
October 17, 2005

Gartner: Outsourcing managers must be retrained
Or given the chop...
By Simon Sharwood
Published: Tuesday 7 June 2005

By Linda Tucci

Well-Laid Plan Kept Northwest Flying in Strike
New York Times
August 22, 2005

Do it right, or not at all
By Maggie Macrae
CFO (Australia)
01 September 2004

By Barney Beal

Gartner: IT outsourcing will disappoint
By Ed Frauenheim
Published: March 25, 2003

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Commercial blindness: a "twofer" attack on the Indian state and US and European outsourcing assets


Documents seized from three members of the Lashkar-e-Toiba (LeT) terrorist group killed in an encounter with the police on Saturday revealed that they planned to carry out suicide attacks on software companies in Bangalore... "The terrorists planned to hit these companies in an effort to hinder the economic development of the country."

The LeT has a history of orchestrating attacks in India and its cadres are well networked, as well as very savvy with computers, gadgets and gizmos, making them very difficult to track. Some of its bold attacks include an attempt to storm the Indian parliament on December 13, 2001, which triggered a military standoff with Pakistan and brought the neighbors close to a fourth war; India also holds the LeT responsible for the killing of 37 and injuring more than 80 Hindu devotees assembled for prayer at the Akshardham temple in September 2002 in the state of Gujarat.

One must wonder how inattentive major US outsourcers can be, and how 'missing in action' that major consultancies such as Forrester can be, so as to not recognize the physical threat to core outsourcing facilities in India. Perhaps it is the mere continuation of the lesser lapse of failing to factor intellectual property (IP) theft risk in supposedly low cost areas. (See Intellectual property theft: the unspoken unknown of offshoring.) Even more curious is the effective absence of concern by Europeans who would normally have an attentive ear to the near and middle east. (The UK has a term EMEA for Europe, Middle East, and Africa to describe their version of the 'Near Abroad.')

The threat to IT and outsourcing assets in Bangalore and Hyderabad should be taken seriously despite the bland denials from Indian authorities who are understandably anxious to protect what amounts to the core of Indian economic revival:

India's software and services exports totalled $17.2 billion in the fiscal year to March 31 this year, up by 34.5 percent from the previous year... [Indian] exports of software and services are expected to grow by between 30 percent and 32 percent in the fiscal year to March 31, 2006. [In the year to March 2005] exports of IT software and services grew by 30.5 percent to $12 billion, while exports of business process outsourcing (BPO), call center, and related services grew by 44.5 percent to $5.2 billion. The growth in exports came despite fierce opposition last year to offshore outsourcing from politicians and workers unions in the U.S. The U.S. accounted for about 68 percent of India's outsourcing exports, with Europe accounting for another 24 percent.

Who can blame the Indians for keeping mum, but where are the US and European firms that should have a fiduciary responsibility to their stakeholders and to their clients who data and business continuity are in the possession of their Indian entities and outsourcing partners?

Bangalore has a large concentration of Indian software outsourcing companies, and a number of multinational companies have software development and chip design facilities in the city. IBM, Intel, Texas Instruments (TI), and Accenture are among those with operations in Bangalore. Two of India's largest software and IT services outsourcing companies, Wipro and Infosys Technologies, have their headquarters and large facilities in Bangalore. Bangalore also has some of India's key defense research and development organizations.

The only thing that the Indians have going for them is that the great unwashed commercial consumers in the West do not know who Lashkar-e-Toiba, Army of the Pure, really is. The South Asia Terrorism Portal overseen by a retired Indian police commander, K.P.S. Gill, is a sound source of basic information, unlike many other Indian sites which are merely anti-Pakistani or nationalistic (the South Asia Analysis Group comes to mind). SATP has much to say about Lashkar-e-Toiba here but I would net it out as follows:

LeT rose as part of the Mujahideen resistance against Soviet occupation in Afghanistan as the military wing of Markaz-ud-Dawa-wal-Irshad (MDI), an Islamic fundamentalist organization rising from Pakistan, where the US has been pressuring Musharraf to curb their activities. LeT's goals go far beyond regaining Muslim control of Jammu and Kashmir to recreating Islamic governance of India in union with other predominantly Muslim states surrounding Pakistan. LeT is now active in Jammu and Kashmir, India, Chechnya, again in Afghanistan from 2002 to date, Iraq, Bosnia and other garden spots. Think of LeT more as educated and skilled than peasants, e.g., an LeT activist, formerly an engineer with Hindustan Aeronautics Ltd (HAL) was arrested 14 May in New Delhi on a flight from Singapore:

The LeT has a history of orchestrating attacks in India and its cadres are well networked, as well as very savvy with computers, gadgets and gizmos, making them very difficult to track.

Like al-Qaeda, LeT cadres are generally not mercenaries out to make a fast buck from the cash-laden terror industry, but indoctrinated youths driven by the desire to kill in the name of a distorted jihad. The LeT derives most of its cadres from Indian Kashmir, as well as Pakistan, while mercenaries are usually renegade mujahideen from Afghanistan, with the intention of keeping the fire of terror burning in Indian-administered Jammu and Kashmir.

[The] terrorists visited Bangalore last December and surveyed the locations of many software firms. Police gathered this information from a diary seized from two captured associates of the slain terrorists. Similar evidence was gathered by the police from laptops recovered from the terrorists who attacked the Indian parliament, revealing detailed mapping of the parliament building before the attack took place. It is also worth noting that it is apparent that the LeT is trying to move beyond Delhi, the other area of its active operation apart from Kashmir, as the capital city has a very powerful intelligence network set up by government agencies to track their presence.

An LeT attack on outsourcers in India is a "twofer" in that an attack damages the Indian state and its ability for economic gain directly, and damages US and European firms indirectly -- where an attack on US soil would be prohibitive in terms of placing surveillance and strike teams on the ground:

Attacking software offices hits at one of the most international symbols of Indian success and could set off a wave of panic from potential foreign investors, as well as multinationals, that could hobble the rapid pace of India's economic progress. Such economic and cultural destabilization can only be the handiwork of international terror outfits that seek out targets that inflict maximum damage to people, as well as pass on a symbolic message.

I would support SATP's opinion that "LeT cadres [are] characterised by a level of brutality, which surpasses that of all other Pakistan-sponsored terrorist outfits active in J&K" and would rank them with the Chechens (also here) and the Algerian GIA (Groupe Islamique Armé) or Armed Islamic Group (also here).

The Jamestown Foundation, whom I respect, has this to say about the ability and likelihood of LeT to carry out attacks in India:

Notwithstanding its rhetoric and ambitions, LeT is unlikely to engage in serious terrorist operations outside the Indian subcontinent. Nevertheless, the potential for it to strike against Western targets in Pakistan and India is all too real, especially since it is under increasing pressure from all sides. Moreover the gradual improvement in India-Pakistan relations may motivate LeT to engage in spectacular operations to sabotage the tentative peace process.

FYI, the Indian home ministry has long been concerned with Muslim activities in the south Indian states of Andhra Pradesh, Karnataka, Tamil Nadu and Kerala which affects the cities of Hyderabad (India's Silicon Valley), Warangal, Nalgonda and Mahboobnagar in state of Andhra Pradesh; Bangalore and Gulbarga in the state of Karnataka; Malappuram and Palakkad in the state for Kerala; and Madras, Coimbatore and Ramanathapuram in Tamil Nadu.

Thoughtful outsourcers there should consider counterthreat and personnel security improvements in addition to IP theft mitigation.

Linkages between Jihadis of Singapore and India
A. S. Smiline Gini
Observer Research Foundation
14 June 2005

India's offshore outsourcing revenues grew 34.5 percent
U.S. accounted for about 68 percent of India's outsourcing exports
By John Ribeiro
IDG News Service
June 02, 2005

Delhi turns to the UN
By Siddharth Srivastava
Asia Times
Mar 12, 2005

The jihad lives on
By Amir Mir
Asia Times
Mar 11, 2005

Terrorists target India's outsourcing industry
Terrorist group planned to carry out suicide attacks on software companies in Bangalore
By John Ribeiro
IDG News Service
March 07, 2005

'LeT planned to target software cos in Bangalore'
Sify News
06 March , 2005

By Wilson John
Volume 3, Issue 4 (February 24, 2005)

Lashkar-e-Toiba, 'Army of the Pure'
South Asia Terrorism Portal

Gordon Housworth

Cybersecurity Public  InfoT Public  Intellectual Property Theft Public  Terrorism Public  


  discuss this article

Cost pressures on supply tiers prompt loss of supplier intellectual property


Suppliers worry that design reviews by an OEM prior to contract award are efforts to extract price concessions, extracting information to compare (1) proprietary cost buildups and (2) ideas among competing suppliers. OEMs, for their part, may be mistaken in asking the supplier for full disclosure of the supply chain during this period of minimum trust and maximum fear, a more common occurrence among the three "US" OEMs than Toyota or Honda.

In reality, the supplier has often not gone to the cost and effort to fully detail the part. OEM staff profess outrage when they 'find out' this is the case. We ask them what they expected. Would they not do the same were circumstances reversed?

The following [sanitized] exchange involves AutoCo and CarCo, two automotive OEMs, MetalCo, a Tier One supplier, and MasterCo, a related subsidiary. AutoCo is under financial pressure to produce improved results. Such pressure always creates hot spots under excruciating demand, to the point of program cancellation and (participant) job loss.

This redacted segment illustrates how financial pressures on AutoCo were converted into a loss of intellectual property by the supplier (MetalCo). Once compromised, the intellectual property was transferred without controls, more easily coming to the attention of both competitors and collectors.

This example includes impacts from as yet unabsorbed mergers, resulting from suppliers' efforts to build capacity in the face of OEM requirements. Problems often extend beyond regularizing amortization when some suppliers fail to understand that the OEM had asked for increased capacity or capability, not increased cost, and thus have failed to restructure the acquisition. The supplier may be too distracted, may not know how to do the analysis, or did not want to interrupt its current relations with its subsuppliers to perform the streamlining. When we see a supplier that has not restructured its acquisition costs, we know that they have not restructured their supply chain's IP protection.

In this case, pressure was transmitted from the OEM (AutoCo) to a specific program that was under threat of cancellation. As we so often see in such cases, loose corporate guidance and personal fear combine to put the supplier at maximum risk:

AutoCo Finance: I have checked your SEC 10K filing and it states that MetalCo uses a straight line, 10-yr. amortization of capital investment. Why are you using a 7-year amortization of capital investment with us in this quote?

MetalCo Controller: Were you looking at the 10K for MetalCo or for MasterCo?

AutoCo Finance: MetalCo.

MetalCo Controller: We are trying to commonize our accounting practices after the mergers and have yet to accomplish this.

AutoCo Finance: Can we assume then for this [part for model year 20XX] that you will have this straightened out and adjust the piece price down to reflect a 10-year amortization?

MetalCo Sales: We must weigh the risks we take on and make certain that we are acting responsibly for our health, for our shareholders. We have weighed our risk and feel that we must use this 7-year amortization. Can we be sure that AutoCo won't take the business elsewhere before ten years of production? Should we risk being stuck with this capitalization and no business to pay for it?

AutoCo Finance: I think that we are showing commitment to do business with you by continuing our discussion and calling for this session to spend two days trying to understand the best way to invest in this machine line and brainstorm ideas for leaning that process.

MetalCo Sales: I don't think we want to talk about this in this forum. Well, okay! Let's get it out on the table. We are all thinking about it. We are sharing information and cooperating despite the fact that you continue to market test and will probably source lowest price quote, no matter how cooperative we have been, how good our product is, how flexible our proposed process is to deal with your changing volumes. We are competitive.

AutoCo Buyer: I think you are talking about the past. It has been month's since we were market testing. Your quote has improved (reduced) since then. We are here to find the best way to design this line and help reduce capital, labor and tooling costs.

AutoCo Finance: I think the fact that we keep meeting with you and are hosting this session evidences that we are serious in pursuing you as the supplier.

MetalCo Sales: You are market testing right now and we know it. Where is your intent letter? We haven't received it!

AutoCo Buyer: There is no market testing currently.

MetalCo Sales: Unfortunately, our tool suppliers talk and we are aware that one of them is participating in a quote for a competitive supplier for this business. Of course, every idea that we have had for this part is explained to the machine supplier so that they can quote machinery for our line. Then, they incorporate that idea when they quote to our competitors in your market test.

AutoCo Finance: The only reason that we would seek other costs would be to try to understand if your costing is competitive. We feel that we are demonstrating our interest and probable commitment to you.

The AutoCo staff have now indirectly admitted that they bootlegged one supplier's data to a competitor(s) in order to secure a part at lower cost - either as price leverage upon MetalCo or by contracting to another supplier using MetalCo's IP.

Additionally, in a subsequent part of this meeting, the process of another OEM, CarCo, was mentioned as a possible solution. It would take little effort to identify the CarCo supplier whose IP was compromised.

It is an understatement to say that this is a typical instance in US automotive OEM-Supplier relationships, that these relationships are porous and that as a result their IP protection is poor.

The unintended consequence is that, unknown to AutoCo leadership, AutoCo staffers had broadcast MetalCo's information through a diffuse and uncontrolled network of suppliers and subsuppliers, a process that we see as more the norm than the exception. Unless the supplier puts in place workable security controls at the business level to deal with IP protection (such as probes from an alerted collector seeking further data on proprietary processes), MetalCo can only expect further losses through these 'normal' supply chain negotiations.

Postscript: The pressure on AutoCo continues to the point that, during piece part negotiations, suppliers are told when they cannot meet AutoCo's target price: "Meet this price or we take your [insert part name here] to China."

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Emerging Information Technology (IT) themes in India and China


Stepping out into prediction space on the Indo-Chinese IT sector:

  1. India will, for the foreseeable future, become the low-cost IT counterpart to China low-cost manufacturer
  2. India and China will complete a shift to Linux, of increasingly indigenous versions, that, given the region's user volume and technical expertise, could see the center of Linux development shift to Asia
  3. India will use its IT expertise to develop "asymmetrical" low-cost efficient computing devices driven by its 'disadvantaged' position on the Digital Divide. Much like Japanese vehicles in the 1960s, those devices will mature and expand out of Asia
  4. India's IT-based products will take advantage of both rising local manufacturing efficiency and Chinese low-cost manufacturing (rising price-volume efficiencies in both nations) along with their rising broad based consumerism
  5. India will increasingly outsource to, and acquire, IT/tech resources in China such that supply chain risks will reach similar proportions in both countries
  6. India will become the recipient of Chinese attentions in IT intellectual property (IP) much as have US and European firms in the heavy manufacturing segment

Acting as drivers, India and China, along with smaller Asian nations, acting as consumers, will invent new paradigms and take leaps unencumbered by legacy infrastructure. In 2002 for example, the third world explosion in wireless networks over traditional landlines was typified by this unacceptable cost fault line in both long line and last-mile connection:

"Unfortunately telecom networks are designed for people who can afford to pay around US$35 in monthly bills, and very few people in the rural areas can afford that," said Ashok Jhunjhunwalla, a professor at the prestigious Indian Institute of Technology (IIT).

The upshot was Wireless in Local Loop (WiLL) technology, rugged electronic switches that need no air conditioning, and solar-powered relay stations providing both voice and data. The Simputer (from "simple computer") followed at $250 on the back of Linux SW and a simplified design using low cost components. A "WiLL kiosk with a personal computer, printer, telephone, and power source" fetched about $900, which compared quite favorably with the Indian government's $800 cost of a telephone line.

Fast forward to 2005 and the Linux-powered, hand-held tactical battlefield C2 SATHI (Situational Awareness and Tactical Hand-held Information), or 'buddy' in Hindi, whose commercial versions sell for some $200. (One would expect such devices to enter terrorist inventories for similar purposes.) Indians value Linux's cost, ease of installation, and security (open source over proprietary code with possible trap doors) for both military and commercial apps:

Officially, India's strategy is to make Linux the standard for students in all academic institutions while the government trains employees to help them work in a Linux environment with support from IBM. In Bangalore, a global information-technology hub, Linux now runs a Center of Competency (CoC), equipped with IBM hardware, that offers consulting, education and certification and allows users to test and gain insights into how Linux can help them. Jyoti Satyanathan, general manager for Linux-IBM in South and Southeast Asia, believes that the CoC is set to play a "significant role in the worldwide Linux community". Red Hat, a leading purveyor of Linux, now has offices in several Indian cities.

We can expect to see IBM repatriate code and devices here. On the high end, that can be a C-DAC (Center for Development of Advanced Computing) supercomputer built after the US halted supercomputer shipments to India due to diversion to weapons and nuclear programs. Now making teraflop machines, C-DAC differentiates themselves from English or Romance language-centric devices in that they design to enable nationals of many countries to "use computers while working in their own languages." That is a powerful advantage among the largely double-byte character languages of Asia. Another interesting item, equally at home in rich areas or poor, is the Amida, a Simputer variant that is a hybrid PDA, hand-held, and phone that includes a smart card reader so that rural poor can buy a card and rent an Amida for a short period. Indians are designing for a broad use spectrum of developed world to third world.

Such advances will draw the attention of those interested in the code and architecture embedded in Indian devices, especially as Indian firms move through increasingly more complex devices while they expand their outsourcing to China and other low cost countries, retaining BPO (business and process outsourcing) from the US while outsourcing the IT/technical services that do not require English proficiency to China. As Indian firms expand both outsourcing to, and acquisition within, China, it will be increasingly impossible from the client's viewpoint to distinguish supply chain risk between India and China. One wonders how clients and end-users will evaluate the critical path of risk.

Bridging India's digital divide with Linux
By Ranjit Devraj
Asia Times
Jan 28, 2005

China no threat to India's IT industry - just yet
By Priyanka Bhardwaj
Asia Times
Feb 2, 2005

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  • Gordon - Re: India. I thought that you would find this article interesting (ht...more
    - [name not provided]

  read more (1 total)

A tipping point in intellectual property protection?


It would appear that the US is at a turning point in its treatment, or tolerance, of global intellectual property (IP) theft, although it is fair to say that our process is flawed:

  • Too much of the Administration's focus is on on-line piracy and counterfeit parts, often sold as unbadged copies of the original and where the impact is seen to go no farther than direct revenue loss, liability over presumed 'faulty' parts, and impact to the producers' reputations.
  • Too much of the Administration's approach is devoted to ineffective, and even counterproductive means, primarily legal remedies and policy guidance buttressed by industry lobbying to influence legal and policy changes.

It is revealing that the recent report that is underpinning the renewed Dept of Justice interest in IP, and is the report that AG Ashcroft reviewed with MEMA (Motor & Equipment Manufacturers Association), Congressman Knollenberg, and other US manufacturers is principally devoted to legal and criminal investigative remedies. Reading the AG's announced recommendations of that report reflects the same legal and policy approach. Although these remedies will not work, and will actually backfire, as Cisco discovered in its tiff with Huawei, there are quite workable alternatives.

What seems to be missing, or has been missing, is the understanding that:

  • The real problem of counterfeit parts is that the counterfeiters will gradually uncloak to produce badged products that directly compete with the producers from which they had expropriated intellectual property, and thus can undercut the original producers' pricing, i.e., the endgame is being driven from the market, not mere revenue dilution or 'faulty' parts.
  • Counterfeits pale in comparison to foreign competitors expropriating intellectual property specifically to produce badged parts that build an independent brand awareness for price and quality that quickly drive the original producer from the market.
  • The principal remedies on offer presume a working legal framework in the expropriating nations that reciprocate the legal protections that we have come to expect, and depend upon, in our Anglo-European legal systems, i.e., without this reciprocation, our legal remedies for adjudication and redress are ineffectual in the country where the expropriation occurs.

The problem is certainly enormous, and growing more so. I am already on-record with the following predictions:

  • Emerging Asian suppliers will displace less efficient US suppliers in US supply chains
  • US OEMs will continue their pursuit of lowest cost suppliers, abandoning historic 'domestic' suppliers in favor of new Asian suppliers

And if it is not too late:

  • After enduring growing losses, US OEMs and major manufacturers will use IP security as a key selector for suppliers in the critical path of their supply chains
  • Protective IP programs will be essential to a supply chain's critical path, and so the health of the supply chain. (The trajectory of IP protection will mimic that of the rise of part quality as a mandatory selection criterion.)

Two remarkable events have put intellectual property squarely in the limelight, GM's accusations of a Chinese automaker using stolen design data, and the national security review of Lenovo's purchase of IBM's PC unit by the Committee on Foreign Investments in the United States (CFIUS).

US Commerce Secretary Donald Evans publicly accused the Chinese automaker, Chery, of "using stolen design information from GM Daewoo Auto & Technology Co." to produce Chery's QQ minicar. The target was the Chevy Spark/Daewoo Matiz which cost GM $500 million to develop. Mathdata and 'other design information' of the Chevy Spark "were simply stolen from GM Daewoo." The impact was riveting as the QQ:

  • Reached market before Spark
  • Costs 33 % less than Spark
  • Outsells Spark by 6:1 in Chinese market
  • Has identical body structures, exterior and interior designs

Chery was then 20% owned by Shanghai Automotive Industry Corp - GM's main joint venture partner.

The Committee on Foreign Investments in the United States (CFIUS), an interagency M&A review panel on national security grounds has given notice of review of Lenovo's purchase of IBM's PC unit over the "concern that Chinese operatives might use an IBM facility for industrial espionage."

There is recent CFIUS precedent in the 2003 review of the bid by Hong Kong's Hutchison Whampoa for bankrupt Global Crossing, owner of one of the world's largest fiber optic networks. That review, which causes HW to withdraw, was based upon concerns "about control of a key telecom provider by a firm with close ties to the Chinese government."

IBM-Lenovo deal said to get national security review
By John G. Spooner
January 24, 2005

US lashes out at Chinese piracy
(Asia Pulse/Yonhap)
Asia Times
Jan 15, 2005

Report of the Department of Justice's Task Force on Intellectual Property
Department of Justice
October 2004

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

Refining a China forecast


Continuing our effort to refine a prediction for Chinese economic direction, I believe that China will:

(1) Increasingly digest and take advantage of foreign technology to create increasingly effective and efficient local products (and only then will it more rigorously enforce anti-piracy laws -- akin to what Japan is now doing in such areas as flat panels)

(2) Go beyond commercial, increasingly commodity products to embed unique Chinese standards that bar or slow foreign entry, i.e., increasing Chinese price-volume curve efficiencies while damping foreign efficiencies and denying revenue to Chinese competitors (e.g., DVD, CMDA, PC chipsets, Red Flag Unix, encryption algorithms)

(3) Continuing reduction or elimination of foreign royalty payments for any and all products - a corollary to (2) - be they products made for domestic Chinese consumption or export (the recent Microsoft contract cancellation is a mere tip of this iceberg)

(4) Displace less efficient foreign suppliers in foreign supply chains and so assume a greater percentage of a supply chain's critical path (e.g., US automotive OEMs will continue their pursuit of lowest cost suppliers to the point that they will abandon their historic 'domestic' suppliers for Chinese suppliers, thereby decreasing the critical mass of those offshore suppliers)

(5) Acquire one of the three PC manufacturers among the top ten firms that are not expected to survive the current in-progress shakeout of the global PC market by 2007 (Gateway has been the most frequently mentioned candidate but others are possible). I would expect that process to expand into other manufacturing sectors - see (6)

(6) Create reverse distribution channels under Chinese control for Chinese products thereby gaining stability while increasing price-volume efficiencies and further denying revenue to their competitors (China has watched the postwar Japanese model and will beat them at their own game)

(7) Move to gain influence on retail distribution chains in the US and elsewhere to continue that reverse distribution control. I will go so far as to put Wal-Mart in that category (a firm that cannot not now survive without Chinese products, either from indigenous Chinese firms or foreign transplants driven to China by the supply chain owners)

For those of you who think that Wal-Mart is a bit of a reach, I point to Wal-Mart's recent agreement "under pressure from the Chinese labor federation," to "permit branches of the official Communist Party-controlled union in its Chinese stores if employees requested it." The Chinese are superb at executing the long view, far better than the US, and this could well be the start of a gentle, incremental long range Chinese approach.

Many US and European actors will remember the postwar Japanese turnaround yet will be caught flatfooted by China's retracing that same path because China will traverse it far faster than did Japan. (It is almost axiomatic that each technology generation takes half the time of its predecessor as the baseline of technology, equipment, and knowledge available to the new entrant is significantly greater. "The China Price" is worth the read for the sweep and velocity of this trend line.

I also think that there is a parallel to the Nixon administration's green light to Japanese firms to hollow out early US technology/electronics markets, e.g., TV, radio, VCR, in return for Japanese support of US foreign policy aims, with the actions of the Clinton and Bush administrations to push down US product manufacturing costs under a misplaced view that this 'would draw China in' to the world economy as a 'controllable player.' If control remains a dominant factor, that control will shift to China rather than the US or the West.

Tech Firms Keep Riding Chinese Tiger
By Cynthia L. Webb
Washington Post
November 30, 2004
Note, Cynthia Webb's Filter column at the Washington Post is a good technology feed that amalgamates associated themes. This entry happens to deal with China.

"The China Price"
DECEMBER 6, 2004

EU spells out trade threat from China
By Ambrose Evans-Pritchard in Brussels
Telegraph (UK)
Filed: 30/11/2004

Are PC makers poised for major hit?
By John G. Spooner
November 29, 2004, 2:27 PM PT

China's Telecom Forays Squeeze Struggling Rivals
September 8, 2004

China goes it alone on high-tech standards
By Stephanie Hoo (Beijing)
AP/The Age 23 Jul 2004

Raising the Standard: China's Rush to Develop Technology Standards (Part I), (Part II), March 2004
China Standards Update, November 2004
China High Tech PR

Wal-Mart's Chinese workers can unionize
Associated Press
Nov. 23, 2004

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Strategic Risk Public  


  discuss this article

The defender's dilemma: common threads in exploiting commercial supply networks


We devote substantial research to asymmetrical warfare exploits involving COTS (commercial off the shelf) openly available dual-use equipment and processes. As noted in COTS electromagnetic weapons from simple dual-use items, tools and weapons derived from such sources are perfect tools "for the asymmetrical warrior, and devastating to US commercial and military installations."

It is a truism in every COTS weapon system production capacity that we investigate that investigating authorities place self-imposed blinders upon themselves, too often assuming that their opponent is a mirror image state opponent, such as Russia, or state-sponsored opponent, such as Libya, and thus compelled to access the same production base, employ state-of-the-art production processes, assume a continuous production level when manufacturing is involved, observe common industrial manufacturing and recovery processes, and expect similar military delivery means.

Just as military forces habitually look for mirror image adversaries instead of an asymmetrical opponent exploiting a key weakness that you have overlooked, so does the FBI too often look first to new, retail commercial purchase instead of looking for "good enough" components from the used, resale, internet, closure, overstock, bankruptcy, or theft sources. The perp's goal is path of least resistance and not path of greatest production.

In almost every case we find the extraordinary ease with which perps can domestically produce under the radar, "one-time, good enough" amounts of a spectrums of weapons products by harvesting the dual-use industrial base of the US, Canada, UK, continental Europe, and Japan, for example. In each case there is no need to import or smuggle something through a nation's customs, or at least in an amount that responds readily to traditional inspection techniques. (Radioisotopic products are a rare exception due to the ability to detect inherent radiation.)

The problem is that the commercial production environment, in this case the "defender," is supremely exploitable as commercial supply chains are designed around economic efficiency and manufacturing efficiency rather than exploitation security. The asymmetrical terrorist view upends a supply chain by evaluating it from the tenets of achieving the desired outcome at acceptable risk (which could include member suicide). Products and processes are combined in ways that exploit a limited lifetime, "good enough" purity or production volumes, and easily absorb less-efficient means of production.

Cost and risk rise to the commercial defender as they try to backfill security needs atop a commercial structure. In this situation, it tracks with the difficulty in countering IP theft and diversion unless the process is built in from the onset. In all such environments, it is too easy to ask how often as opposed to if or when?

It is this capability that distresses me when I review the arrest of what appears to be an operational al Qaeda cell in the UK. It does not bother me that no substantive weapons or weapons-making materials were found in the immediate raids. What disturbs me was that "two of the British suspects... were found in possession of surveillance information on the same five American financial centers" that were discovered in Pakistan with the arrest of Muhammad Naeem Noor Khan.

I take a more threaten view of the info discovery as (a) I believe that the means of indigenous off scope weapons production to be relatively easy and getting easier, and (b) active effective surveillance is key to the setup for the attack team to carry out the assault. (DHS blundered with their media announcement by not describing the very lengthy and meticulous planning and surveillance done by al Qaeda and that the data showed both tradecraft and specific target monitoring. The age of the data was secondary.)

If I discount the production threshold of the device itself, I only need to see an operational cell capable of surveilling and basic production in order to constitute a serious threat.

We need to focus on effective, rather than expensive, solutions for early stage detection as the National Association for Business Economics (NABE) now ranks terrorism over weak job growth as the greatest perceived threat to the US economy. This drag supports our adversaries and nation-state competitors alike, incrementally weakening our economy and aiding the aims of terrorists without having to execute an actual attack.

British Charge 8 Tied to Terror Plot With Murder Conspiracy
New York Times
August 17, 2004

New Cooperation and New Tensions in Terrorist Hunt
New York Times
August 17, 2004

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Terrorism Public  


  discuss this article

Intellectual property theft: the unspoken unknown of offshoring


Domestic and international outsourcing, the latter now known as offshoring in the US and also as nearshoring in Europe, is a subject I follow closely for its impacts on supply chain risk, intellectual property theft, risk pricing, and certain counterthreat needs.

What I find remarkably absent in the general discussion of job and economic loss to the country's nationals being outsourced, and economic gain to the outsourcing domestic firms and to the outsourcing destination, is the virtual absence of the impact of intellectual property (IP) theft on the outsourcing firms and, ultimately, the national economy of those firms.

For those firms sufficiently advanced to look beyond mere supply chain 'cost at tier' so that they look at the troika of cost, time, and risk, the risk focus is devoted to business interruptions to timely delivery and component quality, and not IP theft. Thus I read with dismay the otherwise fine writing of Forrester's John McCarthy on offshoring. IP theft is effectively not in attendance.

And it is not, I believe, that McCarthy is unaware of risk and security issues as he made an extremely thoughtful presentation to the SafeNet 2000 security summit well before 11 September that holds up well today, laying out a tiering of personal privacy, the desire of businesses to gravitation to regulation in order to achieve stability, and a phasing of "government intervention into security and privacy online." Yet, I feel that McCarthy today stops short of the total offshoring threat when he says that" companies, for the most part, face the same security issues whether managing data with local employees or overseas workers."

While I submit that there are added, but addressable, risks in employing foreign nationals and foreign firms, the larger risk is the placing of critical IP resources in an offshore environment where they are vastly more susceptible to exploitation by one or more collectors -- often many collectors from the same entity each intent on gaining specific bits of corporate information. The risk is effectively present in varying degrees for US offshoring in India, China, Korea, Russia, Belarus, or European nearshoring to the Czech Republic, Poland, Hungary, the Baltic states, Morocco and Tunisia.

It is that IP theft risk that is not being addressed, and it applies to both the venture capital (VC) community and established firms. We regularly address three categories of exploit:

  • Pricing model compromise, i.e., loss of market pricing advantages by whatever means at one or more tier points in the supply chain, often at multiple points in the same tier or location
  • Data citadels, i.e., targets of immense attractiveness to IP collectors, e.g., R&D centers or data centers 
  • Human resources "turnover," i.e., collectors rotate in with legitimate job applicants to acquire specific data and then move on

At the VC level, investors are driving their stable of firms to create product and to produce revenue without sufficient consideration to risk. Risk assessment is very low on their horizon. Private conversations reveal that VCs preach the mantra to their portfolio companies, for example: "Outsource hardware development and manufacturing to China or become uncompetitive." Most VC conferences conducted today direct firms to go low cost without an understanding of the risks to the underlying assets.

Some VCs have already taken the next step of forming development groups in Asia precisely to serve their entire stable of firms. In so doing the VCs have put a target-rich environment under one roof. Unlike established industrial firms that already have revenue streams and so will soften the immediate impact of foreign commercial IP harvesting, VCs have little of value in their stable of firms save their intellectual capital. The same problem affects established firms as they locate R&D facilities offshore, often at the demand of the host country to be able to do business there. Both larger firms and VC stables are moving their assets to low (direct) cost sites but high (total) risk areas.

Threats are often obscure and indirect. For example, we have observed rampant IP theft by one nation in particular both in-country and in adjacent countries where it has either penetrated or bought stakes in local firms with ties to US firms.

In each case, firms are putting their leading edge designs in an environment where diversion is almost assured. Without appropriate, early -- earlier the better -- countermeasures that both protect the asset and minimize adverse impact to the firm's relationship with the host government, it becomes a matter of not if, not when, but how often. That is an element of offshoring that I submit is being greatly ignored and underpriced to our economic peril.

Tough talk on offshoring
By Ed Frauenheim
August 9, 2004, 10:54 AM PT

'Nearshore'--the new offshore?
By Andy McCue
August 6, 2004, 10:08 AM PT

Near-Term Growth Of Offshoring Accelerating
by John C. McCarthy
Forrester Research
May 14, 2004

3.3 Million US Services Jobs To Go Offshore
by John C. McCarthy
Forrester Research
November 11, 2002

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  


  discuss this article

Hegemons come and go: a renewing Chinese hegemon eyes a mature US hegemon


In discussion of the trio of notes regarding the Chinese diplomatic initiative described first as "Peaceful Rise" and now as "Peaceful Development," colleagues questioned its implied relationship between economic and military action.

Returning to "The fall of Peaceful Rise" I noted that the Chinese perceive the moderate Peaceful Rise -- Peaceful Development as a ‘permanent’ approach so long as Washington demonstrates a "constructive U.S. response to the moderate Chinese approach." One must presume that a different US policy would occasion a different Chinese policy.

Translations of Chinese open source literature paint an intriguing view of the Sino American relationship:

  • The US is a hegemonic power that is "a major obstacle and competitor for influence in Asia"
  • The US is a superpower in decline, losing global economic, political, and military influence
  • China aspires to be a "major international power and the dominant power in Asia. To that end, China is actively pursuing a multipolar world where it could align with other rising powers such as Russia, Japan, and Europe in order to check or challenge U.S. power"
  • China can counter US power by its pursuit of a multipolar world "where it could align with other rising powers such as Russia, Japan, and Europe"
  • Maintain stable and good relations with the US as it is "an important market for Chinese goods and an important source of science and technology, financial capital, and foreign direct investment--all central components of China’s rising status and strength"
  • "Although technologically superior in almost every area of military power, [the US] can be defeated, most particularly, in a fight over Taiwan in which China controls the timing"
  • Al Qaeda's 11 September attack changed only China’s approach to the US but not the fundamentals of its vision

Other key findings, many driven by the US end of the relationship, are:

  • The US has "dedicated insufficient resources to collect, translate, and analyze Chinese writings and statements [and so] has a limited understanding of the perceptions of the United States held by Chinese leaders and the Chinese people"
  • China sought WTO membership as a means "to continue China’s rapid economic growth, which they consider essential to become a major power"
  • China aims to "deter the United States from effectively intervening in any Chinese use of force against Taiwan"
  • The Sino American bilateral relationship is uncoordinated on the US end and lacks the "necessary permanent institutions for managing and resolving conflicts. At worst, current U.S. practices have the effect of supporting Chinese efforts to enhance science, economic, financial and technology bases without adequate oversight within our government."
  • China consistently characterizes the US as a "hegemon" "connoting a powerful protagonist and overbearing bully that is China’s major competitor"
  • China employs a strategic view and military planning very different from our own, emphasizing "nontraditional and asymmetrical techniques designed to enable an inferior power to defeat a superior one."
  • The Sino American relationship lacks the confidence-building measures (CBMs) that China has put in place with "India, Russia and the ASEAN and the Shanghai Cooperation Organization"

Through all this, commercial firms on both sides of the Pacific must continue to do business from the present through the long term. For US firms, I submit that the key is doing that profitably, in spite the contested political atmosphere, while protecting their strategic position and the intellectual property assets that are the foundation of future profits.

CHINA’S PERCEPTIONS OF THE USA: The View from Open Sources
U.S.-China Commission
Dr. Michael Pillsbury
October 19, 2001

U.S.-China Commission
Michael Pillsbury
November 2, 2001

The National Security Implications Of The Economic Relationship Between The United States And China
Report To Congress Of The U.S. - China Security Review Commission
July 2002

China’s Closing Window Of Opportunity
Justin Bernier and Stuart Gold
Naval War College Review, Summer, Vol. LVI, No. 3
Naval War College 2003

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Strategic Risk Public  


  discuss this article

Prev 1  2  3  4  [5]  6  7  Next

You are on page 5

Items 41-50 of 61.

<<  |  July 2020  |  >>
view our rss feed