trade secrets?

The Power Elite: Enron and Frank Wisner

by Vijay Prashad

On 28 October 1997, Enron Corporation announced the entry of Frank G. Wisner Jr. onto its board of directors. Most of the business press did not find this untoward and it certainly did not emerge as part of the US discussions on corruption at the highest level. Frank Wisner, as we know in India, was the US Ambassador from 1994 until this year and his entry into Enron must be seen in light of the scandal of Dabhol. Enron, like most US corporations, uses its close association with the state (both its elected and bureaucratic arms) for its own ends. US campaigns are financed by corporations whose money not only enables politicians to win elections, but it also buys businesses the state's power both for domestic subsidies and for the use of US power in the international arena.
Frank Wisner, Jr. was a big catch for Enron Corporation. His lineage is impeccable, since his father, Frank Wisner Sr., was a senior CIA official (from 1947 until his suicide in 1965) who was involved in the overthrow of Arbenz of Guatemala (1954) and Mossadeq of Iran (1953). Wisner Junior was well-known in the CIA and he worked as Under Secretary of Defense for Policy and Under Secretary of State for International Security Affairs; his current boss, Kenneth Lay, Chief Executive Officer of Enron Corporation, also worked for the Pentagon during the US war in Vietnam. With "economic espionage" as a task for the CIA (see PD, 12 October 1997), there is little doubt that Wisner used this instrument during his long-tenure as Ambassador in Asian nations. A Wisner staffer told InterPress Services this year that "if anybody asked the CIA to help promote US business in India, it was probably Frank".

When Wisner was US Ambassador to the Philippines (1991-92), Enron was in the midst of negotiations to manage the two Subic Bay power plants. When Wisner left Manila in July 1992, Enron won the deal and began to manage the plant in January 1993. During Wisner tenure in India, he fought long and hard to secure various deals for Enron. He went so far as to boycott the "India Power '96 -- Beyond Dabhol" summit, despite being scheduled to give an address (this was part of a US advisory to companies to avoid India for six-months, a pressure tactic on India during the winter of 1995-96). Wisner left India earlier this year only after it seemed like Enron's place was secure.

Enron, like most monopoly corporations in the US, uses money as a means to buy influence and power. To gain access to a lucrative contract to rebuild the Shuaiba power plant in Kuwait, Enron hired former US Secretary of State James Baker as a consultant who travelled to the oil kingdom to negotiate with his Gulf War allies for his new employer. The sons of George Bush also helped Enron win this contract despite a lower bid from Deutsche Babcock, a German firm. The Bush brothers also helped Enron in their deal to win a contract to build a pipeline from Chile to Argentina in 1988. Finally, Wendy Gramm (wife of Senator Phil Gramm) joined Enron's Board of Directors in 1993 after she resigned from the Commodity Futures Trading Commission. This Commission, just days after Gramm's resignation, deregulated energy futures, thereby allowing Enron to earn 10% of its profits by adventures on the financial markets. Beside all this evidence, it appears hypocritical for Rebecca Mark, Chairperson of Enron Development Corporation, to declare that "Enron's reputation is being attacked, and we do not do business under the table".

The story does not end there. In 1991-92, Enron donated $28,525 to the Democratic Party and in 1993-94, it gave $42,000. These monies enabled Enron to send its executives on international tours with the late Secretary of Commerce Ron Brown in January 1995 (when Kenneth Lay came to India) and in March-April 1994 (when Chief Executive Officer of Enron International, Rodney Gray came to Russia). In the former, Enron was in negotiation for the Dabhol plant among other things (such as the $1.1 billion offshore holdings) and in the latter, Enron was interested in the marketing of Russian gas in Europe. President Clinton noted that Brown's trips resulted in "expanded opportunities for American business in [the USA] and abroad". The "pay to play" project of US "democracy" is once again in evidence. The example of Enron and Wisner proves beyond a reasonable doubt that the US state is not a neutral actor in world affairs and that US transnational corporations are part and parcel of the corruption within the US Empire. The hearings in Washington on "campaign finance reform" do not bother with this level of corruption, for most of those who are running the investigation are beholden to business interests. Enron, for instance, will not be a part of the investigation, since it is deemed to be a patriotic US entity out to create jobs for US workers and to accumulate wealth to defer the costs of the US's mercenary army.

Vijay Prashad is Assistant Professor of International Studies at Trinity College in Hartford, Connecticut.

Source: People's Democracy, 16 November 1997



"Internet is creating new exposures for business and for all of us.
As companies or consumers we must enter our new volatile age under attack.
And those attacks we know will not stop. "

" Our reputations are trade secrets, the trust of our customers.
Because many companies have spent years building reputations,
many of us have reason to fear admission
that we have been attacked by cyber criminals."

"there are no insurance policies in the traditional underwriting world
that can begin to address the threats and risks of the Internet"



New York City Summit
September 22, 2000
Ambassador Frank G. Wisner

It is a particular pleasure to be with the Institute of Internal Auditors today and to participate in this session. I have now been part of four gatherings that have been put together to consider the issue of information and Internet security. And I must say today the quality, the tone of the presentations, the range, the sophistication is really impressive. And it is good to be able to reach out and meet so many new people as well as to greet old friends from San Francisco, Washington and other places where we have come together.

We still have a long way to go, and I doubt that, as we gather here this morning, any of us would quarrel with the assertion that the Internet enables transformation of business and represents a set of challenges for established business similar to those we faced when the industrial revolution began in the 19th Century. A networked economy is the rule. The interdependencies are prevalent and growing. Companies are dependent on one another for survival and success. In a word, it would be hard to argue with the proposition that the age of information technology is a time of unprecedented change and opportunity. And the opposite side of that coin is that opportunity contains risk. The age of information technology is also about managing new risks.

Today, I would like to talk with you for a few moments about those risks and what we have to do to cope with them. We are assembled here today commissioned with a responsibility of charting our way in new territory. Bringing order to chaos, that is one of the most powerful tools of our time-the chaos of the Internet.

To repeat myself, the Internet is creating new exposures for business and for all of us. The heightened dependence of global business on information technology and specifically on the Internet has introduced new, confusing and potentially dangerous elements into the traditional business risk analysis. And whether it is in the form of denial of service attack or a computer virus, cyber attacks from inside or outside a company have been increasing dramatically and all of us are facing damages that we previously could not imagine. As companies or consumers we must enter our new volatile age under attack. And those attacks we know will not stop.

The Internet is an additional zone of competition. That competition is for good. It is also for bad. It is a legitimate field of commercial competition. It is also a field for foul play. A cyber war can exist where we are not even aware that we have entered into a battle zone. And the recent attacks we have discussed during the course of this morning are but a wake up call to government and to the public at large. Consumers in general now realize they are not safe on the Internet and we have to ask ourselves, "Is this is a storm cloud for commerce on the horizon?" and "What is the potential disruption of the force that has fueled such an unprecedented market?"

All of us therefore, in business need to pause. We might be tempted to think twice about doing business but I don't think any of us will pause for long. The day is long gone when we had that choice. We are stuck. We will be doing business on the Net. And so, we face a dilemma. We need the power of a networked economy, access to the Internet, but even then the simple act of going online could put our businesses at risk. Well, if there is an established problem, how do we find a solution? And I would suggest the solution begins with the decisions we make and the leadership we are prepared to show.

Throughout the last few years, companies like my own, The American International Group, and many others have worked to identify potential solutions, or at least to advise on how to respond to new threats to business as usual.

As a representative of the insurance industry, I am pleased to be with you and to share our present thinking about the role that insurance can play in protecting business and reducing risk. Let me assure you, defining out role has been both challenging and it has been extremely difficult. For we as underwriters, realize that businesses are not only risking new liability lawsuits, but also the confidentiality of our information, technologies and the disruption of our day-to-day operations. We are also risking things that are much more intangible and difficult to rebuild. Our reputations are trade secrets, the trust of our customers. Because many companies have spent years building reputations, many of us have reason to fear admission that we have been attacked by cyber criminals.

The obligation of the insurance industry in the face of great uncertainty is to understand the risk, assess it and offer in alliance with other best in class technology and companies, solution sets that will heighten trust in an Internet environment. Define the right solutions, we have got to grapple with some tough questions. How do we assess risk in a landscape that is uncertain and is constantly changing? How to foresee potential hazard when the obstacles are immeasurable and the threat to even a small single business can come from across the street or the other side of the world.

Regrettably, I have to tell you that there are no insurance policies in the traditional underwriting world that can begin to address the threats and risks of the Internet. Business interruption policies don't cover Internet related business interruption. Property policies don't cover intangible assets such as trade secrets or customer lists. Business liability policies called Comprehensive General Liability are neither - especially when applied to cyber liabilities and cyber extortion policies.

In essence, ladies and gentlemen, business insurance was created for a businesses as usual world and that world has disappeared. Therefore, companies and insurers have got to evolve if they are to survive. We need new formulae. Specifically, I recognize the insurance industry must provide protection to companies prepared to accept the risks of conducting business in a new economy. And leadership in the insurance industry means one cannot simply modify a package here or add a solution there - it means that we have to start right at the beginning.

Insurance for e-businesses, in force today, are no more than in their infancy. Even at companies like my own, where top-flight technologies work closely with top-flight underwriters to identify potential risks, the most difficult challenges for industry lie ahead. Responsible large insurance companies will build the market for new products. The knowledge and risk identification of intellectual capital that is used in the regular course of business will be brought to bear.

At AIG, we have begun to think in terms of some new approaches. In fact, we have developed seven protections that the leaders in the insurance industry must give if insurance is to do its part.

First, liability coverage should address four different elements. First, privacy has become an emerging issue for Internet connected companies as we have just heard. Disclosure, second, of private information belonging to our customers is a major issue. Third, transmission of a computer virus, which can be done as simply as an unknown attachment to an email confirmation message can cause lawsuits. So-called "down stream liability" against those innocent companies, which become agents in a transmission of computer attacks will become the newest weapon in the hands of the plaintiff attorney. Finally, denial of service lawsuits. Those denial of service attacks will stop you from transaction business. In the event that you have guaranteed customers access to your system, they could sue you for the denial of service.

Second challenge we have is protection from web content or media liability such as libel and slander or copyright and trademark violations arising from the content of your web page.

Third, a loss of property. Industry leaders must understand and provide protection for the new economy assets of your company and the information you possess. You are most vulnerable to the loss of information, which you have spent millions of dollars to gather. The assets can range from simple accounting information or supplier information to competitor information, trade secrets or essential technology.

Fourth, a potential loss of ebusiness such as what happens in a distributed denial of service attack or other cyber criminal flooding of your system. So much traffic is directed to your system that you are overwhelmed and shut down. Not only do you have to worry about direct attacks to your company, but also attack on a company that you depend on which stops your business from operating.

Fifth, cyber extortion. This is the issue that brought CD Universe to its knees. We at AIG believe helping companies combat extortion threats means making available the funds and forces of a large company to act as your partner when you are under attack.

The sixth issue for protection policies is criminal rewards. Hackers like to brag that they have broken into your system. Well, let's think about providing an incentive for other hackers to turn these braggarts in. A reward for information leading to arrest won't stop every attack but it could be enough to scare away some thrill seekers.

Seventh, and the last piece of Internet security policy is crisis communications management coverage. This is one of the most crucial pieces in protecting your business reputation. If the unthinkable happens, you will need public relations resources to help you rebuild your image. In this regard, let me add for emphasis, insurance companies must be able to protect corporate management and boards of directors who are doing their job. We face a tough job in getting through and to engaging the boards, much as was the case at the outset of Y2K.

For these seven points I would like to address the coverage sides of policies. But, leadership and insurance, it seems to me, go beyond simply providing a policy. Insurance companies must align themselves with best in class technology firms that offer security products and services to protect businesses from being the target of cyber attacks. For example, insurance companies should require as a mater of underwriting integrity a reasonable cost security analysis of a potential insured system before binding the coverage. Of course, the needs of the new economy are not static. They are changing and dynamic. And leadership in the insurance industry has got to mean flexibility.

Constant reevaluation is imperative. Leadership has got to mean reinvention. This will be a constant challenge. At the American International Group, we have designed a program that addresses information security issues. We are open for business in each of the seven areas I outlined, and we would welcome your inquiries. But, we also know that a great deal more work must be done to bring our coverages up to date. Conditions are changing rapidly and new threats are emerging. Although companies like my own are addressing the problem of critical infrastructure protection, the insurance industry, I would argue, cannot meet the challenge alone.

Managing the risks posed by a massive disaster is one of these challenges. Just as no private insurer can cope with all of the consequences of a natural catastrophe, neither can private industry cope with a digital earthquake. The costs of reconstitution are potentially overwhelming. Government, federal and state, must share in the burden and I recognize that building a partnership with government will be difficult.

I suggest, however, that the hard work of building a consensus, beginning the tough job of reviewing and adjusting legislation needs to begin as soon as our electoral calendar will make it possible. I also accept that government has other responsibilities in the field of research and in securing government's own infrastructure.

Dick Clark outlined several of these points this morning. Industry welcomes this commitment. We specifically ought to applaud Dick and his team's drive, imagination and commitment. Just as we do not want government to regulate the field of Internet security, we welcome government's role as a catalyst and a discussion leader. And I think we also look to government's leadership in working with governments and industry groups abroad, especially our allies and the members of the G8 and emerging technologically sophisticated nations, like India, to establish increasingly an international dialogue on IT security issues we face.

Ladies and gentlemen, I would like to suggest, a time of testing lies ahead, when we make the transition of one administration to another. Continuity is not a foregone conclusion. Private industry bears specific responsibilities. Dick suggested this morning setting standards, introducing security technologies, educating our employees, customers and suppliers and indeed, insuring ourselves. These are serious challenges. But none, would I argue, are as important as the role for all of us as education, especially broad public and industry education.

People in this room represent the pinnacle of knowledge for security threats and potential vulnerability, yet business leaders are aware of and have spoken to their companies risk managers about the threat. How many have done that? Do information technologists and risk managers even discuss these threats? How many have prompted our risk managers to determine how insurance must play a critical role in network security risk management. My assumption is very few.

Ladies and Gentlemen, I would like to argue, for auditors and businessmen insurers we have a massive job of education ahead of us. Thank you very much for your time.

(For more on this subject, visit AIG's web site at

All told at least twenty-two of the failed S & L's can be tied to joint money laundering ventures by the CIA and organized crime figures (Glassman, 1990: 16-21; Farnham, 1990: 90-108; Weinberg, 1990: 33; Pizzo, et al., 1989: 466-471).