Blog

Welcome to the BD Consulting and Investigations Inc. site!

Hello and welcome to our site. As part of our website revision and at the request of our clients, we have added this Blog section to provide information from our staff or associates about issues we believe are relevant. We will be posting the information as it becomes available and will post selected responses to the information. The selected responses, either positive or negative, will be relevant to the topic being presented. Any posts off topic, inappropriate language or inappropriate comments will not be considered for posting. Now for our first Topic!

Market Entry Planning for IP and Intangibles.
Recently, my friend Michael Moberly hosted the ASIS Seminar, “Safeguarding Information Assets,” in Denver, Colorado and asked that I participate as a presenter on the topic of Market Entry Planning. When I asked specifically what he wanted, he told me that there was a lot of interest in how a company could protect their Intellectual Property (IP) and Intangibles when moving into a new market. I considered his request and realized that many companies don’t make plans to protect their IP and especially, their intangibles (knowledge, people, etc.) when moving into a new market.

At about the same time we were having our discussions, I had a new client wanting to move their Research & Development Center to the United States (US). I made a point to ask them why they wanted to move to the US and the answer was to protect their IP and any new developments. They saw the US as a new market and wanted to also be seen as a US Company. Their market entry plan took into consideration how they were going to protect their IP (US Laws and assistance from my company) and also their people by ensuring they were prepared, could speak English and wanted to live/work in the US.

In August, I was interviewed regarding outsourcing R&D to China and other countries for CIOZone. I gave my opinion that not enough companies are doing market entry planning with one of the goals being protection of their IP. Outsourcing R&D should be considered as a new market because of the risks involved. Outsourcing can provide a company with a competitive advantage as long as in the process of competing, the company doesn’t lose its IP or even worse, its intangibles (people or knowledge). If you have an opinion on this subject, please send me an email.

Thomas Quilty

Due Diligence for Solar Companies

Welcome Back!

Lately we have been involved in the sustainable energy sector assisting companies with finding viable solar sites in the state of California.   With the growing popularity of renewable energy, solar investors are scrambling to buy or lease land to install their solar installations.  However, solar investors need to take into account multiple due diligence factors when acquiring property. 

Power purchasing agreements (PPAs) are a vital piece of the puzzle to ensure a steady income and customers.  PPAs are contracts with utilities, public entities or large corporations to purchase the energy from the solar site for their use or to distribute to their customers.  When considering a potential site, the potential energy demand needs to be researched in advance to guarantee a practical, profitable, market in a given location.  Questions, such as who will use the energy, i.e. commercial, industrial, or residential entities are factors which need to be considered.  In addition, location is an important factor in choosing a site. 

Location issues such as the necessary infrastructure, price per KwH, and security all impact on decision of where to locate the site.  Will the solar company need to build infrastructure to transmit large amounts of energy to distant locations?  How much energy, time, and money will be used in the transmission of the energy?  Solar installations are subject to public vandalism and theft primarily due to their location.  Most sites require flat clear spaces to guarantee maximum sun exposure during the day.  As a result of these wide open spaces, security of the installation is a concern when choosing where to site the project.  As we all know, solar panels are rather expensive and with the need to be placed in open spaces, theft or vandalism is inevitable.  Protection of the installation is one of many factors to consider when choosing a site.

 These are just a couple of due diligence bits and pieces to think about when locating a potential solar site.  Please feel free to submit personal experiences or other critical due diligence factors which you feel are important in selecting solar sites.  Until next time…

Kaitlin Keith, BD Consulting and Investigations

Recovering from a Data Breach

BD Consulting and Investigations Inc. conducted a presentation on Data Breaches and IP Thefts (The Insider Threat) at the 38th Annual San Francisco ASIS Seminar and Exhibits that was held in San Jose, California on May 12-13, 2010.  Research data indicates that companies/corporations (both private and public sector) should be thinking ahead by asking, not if, but when will a data breach occur.  Every organization should take preventive steps by having policies and procedural safeguards in place.  In addition, conduct necessary training to all involved employees and corporate level members to help prevent a breach.  The best defense against any hacker or an individual inside your organization is, be prepared and think ahead.  The news is full of stories everyday about data breach incidents: financial, medical or personally identifiable information being stolen from major corporations in both the public and private sectors. 

After a breach occurs, companies find themselves asking, what do we do now and how do we recover from this breach?  Professional organizations in major league sports have a plan and a playbook to use throughout their season.  The same holds true with disaster recovery for companies.  Companies need a plan or playbook to be ready and waiting for a data breach to occur.  If there is no plan or playbook the breach can and will turn into a panic mode situation.  If the data breach incident is published by the media the company could lose: credibility, trust, assets, financial exposure, customers, market share and consequently legal proceedings could be filed.    

We highly recommend that companies contemplate and answer the following questions as well as conduct a complete risk assessment and analysis of the IT network system within their company.    

1. Who is the person that is responsible for the network? 
2. Does this person know what data is critical and must be protected more than other data?
3. Does the owner of the information know where the data is stored and who has authorized access to the information? 
4. Are there any additional steps that are taken to protect these records? 

Identifying the information which needs to be protected, where it is stored and who has access to it is part of the risk assessment process.  Risk assessments help in planning for disasters including breaches, losses or thefts.  IT managers and personnel should reflect on the following:

1. Does the company/corporation have a plan for a data breach, loss, or theft? 
2. Who is responsible for coordinating the investigative activities? 
3. Who will notify law enforcement if necessary? 
4. What information will be shared? 
5. What’s the game plan to handle the press, legal issues, public relations, law enforcement and other concerns that may arise during the breach – this could be the difference between your company/corporation surviving or not surviving a loss, theft, or breach. 

A person who has mentored me throughout the last thirty-four years has always reminded me over and over again: “Be prepared, be prepared for any situation that life may throw your way.  When that situation arises, stop and ask yourself: Am I doing the right thing, at the right time, in the right way, and for the right reason? 

James R. Keith, BD Consulting and Investigations

Law Enforcement and Industry Cooperation

Recently I was reminded of the importance of Law Enforcement and Industry cooperation to resolve complex criminal cases.   The most recent reminder was Apple and the REACT Task Force, where I worked for a number of years.  Before the Search Warrant Affidavit was released, REACT and Apple were blasted in the media for working together.  The fear or concern was that Apple had a special relationship with REACT which gave them priority over other crime victims.  Before addressing this relationship, it’s important to understand how and why the REACT Task Force came into existence.    

The REACT Task Force was originally formed to address the specific and special criminal investigative needs of the Silicon Valley High Technology Companies.  In the mid 1990’s, High Tech Corporations were being targeted by the very technologies they helped develop.  Local and even Federal Law Enforcement was ill equipped to investigate these crimes.  These crimes included many crimes previously unheard of by Law Enforcement and included Trade Secret Thefts, Computer Intrusions (Hacking), Denial of Service attacks and many others.  They also included traditional crimes such as robbery, extortion, counterfeiting and copyright infringement except with a High Tech twist.  The companies involved were starting to lose jobs or in some cases had to close their business as a result of these crimes.

In an attempt to halt the theft or counterfeiting of their products, Silicon Valley companies began meeting informally with Law Enforcement to provide training on the new technologies being developed.  These meetings became more formalized and helped create the High Technology Crime Investigation Association (HTCIA).   In 1997, Rich Bernes, an FBI Supervisory Special Agent, Sheriff Charles Gillingham, Chief Craig Steckler and others developed a Memorandum of Understanding to create the REACT Task Force.  The goal of the REACT Task Force was to address the specific criminal investigative needs of Silicon Valley Companies and to identify, target and prosecute crimes which local Law Enforcement Agencies were not able to address.   When REACT was formed there were questions by the Steering Committee as to how REACT would operate.

From the beginning, it was understood that there had to be a relationship of trust between the REACT Task Force and Silicon Valley Companies, but there were limitations on what assistance and information could be shared by both parties.   Operational guidelines, mostly informal, were developed on what information could be shared by all.  These guidelines included the understanding that the companies would initiate their own investigation under their own policies and procedures, but when the case was turned over to the REACT Task Force, they had no control or direction of the investigation.   The company could continue their investigation in parallel and any additional information would be provided to REACT.  REACT though, was not allowed, except under limited circumstances, to share investigative information or results until the case was to be filed criminally.  The biggest decision for any company was whether to contact REACT, handle the case in house or just ignore that it occurred.

The decision to call the REACT Task Force and provide information relating to a criminal case involving a High Tech Company was and still is a difficult choice for any publicly owned company.  When a crime occurs in which the company is a victim, the company has the following choices:  Investigate and report the crime; Investigate the crime and not make a report; or just ignore that the crime occurred altogether.  The company has to decide if they want to be a victim.  The company may have been victimized by a criminal act and could be victimized again in the press or via stock price if it was reported that they had been a victim of a crime.  This was especially true if it was a theft of their Trade Secrets.

  To counter this and to help a company make an informed decision, from the company’s viewpoint, as to whether a crime should be reported, informal meetings or telephone calls were initiated regarding, “What If,” questions.  These meetings or informal telephone calls would usually take the form of…I’m not reporting a crime, but if something like … occurred, would REACT be interested.  The response, at least from me, would be … If something like that occurred and there was evidence of … available which identified a particular person, then we would at least review whether it was an appropriate case.  As far as I know, this process continues.  REACT has changed over the years, with focus on other areas and victims.  This doesn’t apply to mandatory reporting of certain crimes.  That’s the short history of REACT and how it started and the reasoning behind its creation.  Now it’s time for my opinion as to why it should continue and if possible be expanded.

Silicon Valley and other Companies in the US must be protected.  This doesn’t mean a bailout or special favors, because any business which can’t stand on its own merit or products is not a good business.   High Tech businesses in Silicon Valley provide many of the jobs which drive the economy of the San Francisco Bay Area.  The loss of intellectual property through trade secret thefts, counterfeiting, copyright infringement, intrusions, component theft or other crime ultimately costs jobs in the Bay Area.    The REACT Task Force, and its sister Task Forces in California, through investigative activities helps protect Bay Area jobs and encourages other companies to consider moving to the Bay Area, because there is a knowledgeable  group able to understand and respond to their unique investigative needs.  The REACT Task Force is one of the last High Tech Crimes Task Forces in existence and like all Law Enforcement agencies is under pressure to justify what it does and what benefits it provides.   Though there are local and federal agencies available, none of them have the time or resources available for a lengthy High Tech crime investigation. 

If you have a comment, please feel free to email me at info_AT_bdcon.net.

Thomas Quilty, BD Consulting and Investigations Inc.

Risk Management and Renewable Energy

Hi All! Traditional methods of alternative renewable energy acquisition has become a staple in today’s marketplace.  Two sectors in particular include solar and wind energy.  Corporations are rapidly buying land to develop solar and wind farms throughout the world.  Thinking outside of the box will become necessary for future companies to acquire these resources while competing to stay in business.  Two upcoming companies, Magenn and Nolaris show their creativity and innovation through their renewable inventions. 

  Magenn is a wind power company which has developed a high altitude wind turbine, otherwise known as MARS.  The turbine resembles a blimp.  This concept is advantageous over the typical wind turbines because they are 1,000 feet above ground which allows MARS to be closer to the grid, mobile, easily deployed and deflated, and it is bird and bat friendly due to the height. See http://www.magenn.com/ for more information. 

  Nolaris has developed a solar island of panels that float above water and rotate to align with the sun to ensure maximum sun exposure.  The island is almost immune to waves and wind due to the outer ring height of up to 20 meters and the horizontal position of the panels.  For more information see http://www.nolaris.ch/. 

  Magenn and Nolaris are perfect examples of companies that should explore risk management protection options for their products.  Some questions to consider would be: What are potential location risks?  What security measures need to be taken to ensure that the products are not stolen, tampered with, and/or damaged, either by human or natural causes.  BD Consulting and Investigations has dealt with these and many similar issues that have arisen from risk management issues.  Risk management is an important part of maintaining a company’s integrity, public image, and success.

Kaitlin Keith, Administrative and Marketing Officer