Celebrating 30 Years of OSAC's Information-Sharing Partnership
On July 1, 1985, leaders from 15 major U.S. corporations and members of the Department of State’s Bureau of Diplomatic Security came together to develop a council to share security information and discuss terrorism and other threats facing U.S. interests abroad. Thirty years later, this Overseas Security Advisory Council (OSAC) works with more than 3,900 private businesses, non-governmental organizations (NGOs), academic institutions and faith-based enterprises to provide invaluable information on threats, resources and services around the world. Current OSAC chairman Bill A. Miller calls it the most successful public-private partnership in the U.S. government’s history.
Building a Better Public-Private Partnership
Speaking to the American Society for International Security (ASIS) in 1984, Secretary of State George P. Schultz announced that the Department of State would be creating a council that could bring together private sector leaders and Department officials to discuss terrorism and share security information. By 1985, 16 major corporations had joined, including Citibank, Bechtel, Boeing, Exxon, IBM and Pan American Airlines, according to The History of the Bureau of Diplomatic Security of the United States Department of State. OSAC records say that the key topics of discussion included the need for better information sharing, the development of a matrix of threat assessments and adding value and incentives for Americans working overseas to use the U.S. Embassy.
These early discussions of partnership grew into a robust resource for private enterprises and public departments over the next 30 years.
“When OSAC was formed in 1985, Secretary Schultz, who was the driving force behind the creation of OSAC, looked at it as a public-private partnership that could actually take the best practices of businesses to bolster our security endeavors overseas, mostly giving us opportunities to better defend our missions (Embassies and other overseas interests) with better technological advantages,” says current OSAC chairman and Director of the Diplomatic Security Service Bill Miller. “It very quickly flipped around to be what it is today – an information-sharing platform, one where we work with not only corporate America but also non-government organizations (NGOs), faith-based organizations and academic partners in providing advice and counsel to them overseas, as well as receiving best practices as we all come together in our Country Councils.
“The synergy of expertise is priceless,” he says. “There’s no way that any one corporation or any one U.S. government entity could become the be-all-know-all of security. We all operate in so many different environments around the world, and OSAC has purely developed from that initial anticipated business-government security partnership into something that is so much greater now. And it really goes back to our moral imperative to protect anything that is related to U.S. branding overseas – U.S. facilities, personnel, businesses, others who are out for pleasure, who spread their faith, seek academic advancement, or are helping underprivileged people through different programs.”
OSAC’s popularity and private industry’s participation has grown tremendously over the past three decades. The organization’s first Annual Briefing in December 1985 had a mere 150 corporate security directors. More than 1,200 private sector security leaders attended the 29th Annual Briefing in 2014. More than 1,300 leaders are expected to attend the annual briefing this November in Washington, D.C.
At the 2013 OSAC annual meeting, U.S. Secretary of State John Kerry addressed the OSAC constituents in attendance, saying that "...some of OSAC's greatest work comes from the threats that we actually never see and that never have a change to be able to materialize because the information that is shared allows our people to be more prepared and sometimes even to thwart together."
Kerry also noted that "Everyone here understands the risks; you know the dangers. You can't retreat. There is no fortress." This is the climate that OSAC is working to help U.S. businesses face around the world.
A Moral Imperative
According to the Inman Panel’s 1985 Report of the Secretary of State’s Advisory Panel on Overseas Security, “The United States Government does not have a direct responsibility for providing a secure environment in which non-official overseas Americans can work, live, or travel. There is, however, a moral obligation to provide assistance, advice, guidance and information that can enable citizens, businesses, or other organizations to enhance their own protection.”
This moral obligation fueled the foundation of OSAC, and guides its mission even now.
Director Miller, who has spent 29 years within the Diplomatic Security Bureau, including multiple assignments as a Regional Security Officer or RSO throughout the Middle East and other regions, knows firsthand the value of OSAC’s information-sharing, and its mission.
“To me and other RSOs in Diplomatic Security, one of the most important aspects (of our job) is the moral imperative to protect American interests, be they personnel, facilities or anything else,” he says. “We take that as a service, and we do believe that we are part of the service of the U.S. government. That’s just part of who we are.” OSAC is an extension of that service, and the moral obligation the U.S. government has for its constituents, he adds.
“Because we have been doing this now for 30 years, we have been able to call upon those experiences and the vast network that we’ve built – more than 16,000 individuals who we are routinely in contact with over those 3,600 constituent organizations, constantly sharing that critical security information when times are bad… We’re like the doctor or the dentist – people go when they have pain. OSAC, though, has built a network of professionals that are always on call, and we have the type of relationship that we meet even in the good times.”
The growth of OSAC is demonstrated in its Country Councils. In 1988, there were just four Country Councils in high-risk areas. Now, there are more than 140, each with its own RSO acting as the public sector co-chair, and a private sector security leader acting as the other co-chair. These Councils work to collect and disseminate valuable security and threat information, as well as best practices for operations in the region.
“We’ve better prepared American citizens and our corporate partners by being a readily accessible and helpful government entity. I’m passionate about it; I’ve seen it firsthand,” Director Miller continues. “During the Arab Spring, I was the RSO in Cairo, Egypt. And if it hadn’t been for our very robust and really tight-knit OSAC Country Council, we and the American businesses and others who were there would have had a much more difficult time. We were able to share evacuation routes; we were able to share simple things like which bus companies can be trusted with your children and your dependents.
“That’s what we’re really there for – to make these crises as painless as we can possibly make them.”
According to OSAC’s private sector co-chair Dan Schlehr, Vice President, Global Security Services for American defense contractor and industrial corporation Raytheon, the private sector is also helping to broaden the information gained by the U.S. government.
“Part of the partnership is that we (private enterprises participating in OSAC) report incidents that occur in our overseas operations,” Schlehr says. “For example, we would report crime that might take place against our employees, or trends that they see like surveillance of facilities that we may operate in. We’re very much sharing our information with OSAC so they can develop a clearer threat environment for others who are trying to operate in the same areas.”
Foreign Policy and Economic Policy
“If you look at the genesis of OSAC, when senior business leaders and CSOs approached Secretary Schultz after some of the events that transpired in the early ‘80s, he found a way to provide real-time security information to the private sector,” Schlehr says. “With globalization taking place, more and more companies were sending their employees to live and work overseas. I think Schultz firmly believed that a strong economic policy is a strong foreign policy as well.”
OSAC can also help organizations operating abroad compete while avoiding any violations of U.S. laws. For example, Director Miller says that OSAC can and has connected U.S. businesses with resources and direction through the FBI and the Department of Justice in regards to the U.S. mandate to counter foreign corrupt practices: “We work with U.S. businesses overseas that are faced with some tenuous economic circumstances if they’re not playing the way that particular culture likes, but our U.S. corporations are vulnerable in U.S. courts if they commit to paying bribes at all. So by linking the FBI and the Department of Justice with those corporations, we’ve actually had several seminars where we’ve been able to advise American businesses on how best to appropriately counter and document those types of attempts so they don’t run afoul of our laws while still remaining competitive in that overseas environment.”
While larger enterprises with extended security departments might not need the resources OSAC can provide quite so much, smaller businesses, faith-based organizations, charities and academic institutions can find them invaluable. OSAC’s Country Councils can provide these organizations with proven best practices for operations in the region, compiled through cooperation with other American enterprises that are more established in the area.
“I believe OSAC can provide products that can build up their security program overseas without a great deal of investment,” says Schlehr. “Enterprises can take advantage of the Country Councils, specifically sharing best practices. OSAC has a number of products that they’ve developed – physical security standards, for example – so you don’t need to have a huge security department in order to put together a comprehensive security program for your employees as you expand your international footprint.”
Director Miller adds: OSAC gives the U.S. State Department access to “greater detail about what our American business counterparts were actually encountering in all of these countries, and it also gave us an opportunity to better advise them. Oftentimes, they’re small corporations or small entities, and they really can’t afford a top-notch security service to advise them or provide the analytical capabilities that we bring to the table… We can provide that, because it’s of no cost – OSAC is a government-affiliated organization; we’re free.”
A Two-Way Street
The key to OSAC’s products, whether they’re analysis or preparedness, is information sharing. If you attend a meeting or join a Country Council, there’s never a requirement that you have to say something, but the multi-directional flow of information helps U.S. government leaders, RSOs, private security directors and American citizens make smarter decisions.
“Typically as government employees, we’re meeting with other government employees overseas, receiving their perspective on what the diplomatic environment is or the security or threat environment is,” says Director Miller. “The more points from which we can draw that information, the better we are able to provide appropriate security for those for whom we are responsible.
“It also benefits us in that we are better capable of responding in the event of an emergency,” he continues. “Because we all know, when something happens, there’s going to be a constituent here in the U.S. who has a son or daughter overseas, or a businessperson who has an interest overseas who is going to pick up the phone and call a Congressman and say ‘I need some help.’ We’re the ones they reach out to. It (information sharing and networking) gives us a better opportunity to really rapidly respond because we know one another; we know the points of contact, whether they be program managers or security advisors for the private corporations or NGOs that we deal with. It really is a circle that is constantly spinning.”
Despite its being one of the most successful public-private partnerships in the U.S. and a model for cross-sector cooperation around the world, OSAC is not resting on its laurels. The organization recently revitalized its website and launched a mobile application (currently available on iOS platforms) to open new channels of communication with its members and constituents. Country Councils are also utilizing Google Groups, webinars, virtual cafes and social media to better share and gather information.
OSAC is continuing to evolve in order to best address the threats of the day, and to provide tools to its constituents across the world.
“When we had our first meeting in 1985, there were several topics of discussion,” says Director Miller. “They talked about hostage concerns, Iran, terrorism in the Middle East, information sharing; we talk about the same things today, but the environment in which those particular points are being exercised has tremendously changed.
“The technological advances over the past 30 years, especially as we think of that all-encompassing phrase of ‘cyber crime,’ and the impact they have had on our businesses, our protection of information… We are dealing now with a much more widespread enemy, I believe, as we look at information flow, the ability to emulate what someone sees on various website or to receive direction on those websites around the world and take a very loose collection of individuals and give them a common purpose… we didn’t see that 30 years ago. We look at how crime is conducted through sharing of information – you don’t have to break a door down or blow up a vault; now you can steal so much with just zeroes and ones and the ability to manipulate our electronic systems. Same crimes, different tools,” he says.
In the late 1990s, OSAC developed the Research and Information Support Center (RISC), which directly supports the private sector by providing threat analysis information, and these products continue to be offered today.
OSAC is working with private sector businesses as well as industry and RISC analysts in a variety of areas to get a head-start on what will be some of the major concerns of the next decade: cybersecurity best practices are weighed against privacy concerns; economic crises are carefully monitored for the stirrings of crime or terrorist organizations; a medical professional was hired as an OSAC analyst to build best practices for potential pandemics and make connections for the organization and its members throughout the medical community.
“We’re continuing to look at how we can help benefit others – forecasting future trends, looking at ways of dealing with those cyber crimes or medical issues, and helping our people better understand the environments in which they are doing business and living – and that is probably one of the chief things that we can bring to the table,” says Director Miller. “Intelligence is both an art and a science, and our intelligence community does a great job in terms of trying to forewarn, but they’re not always successful. So on the security side, we’re constantly building better mousetraps to counter what has already been encountered, but you still have to be flexible and adaptive when things do occur. I believe that the very intelligent group of risk analysts that we have allows us to be appropriately postured to be as aware as we possibly can be of new trends, so that’s something that we’ll continue to grow over the near term.”
This is just one way that OSAC has, over the past 30 years, brought public and private enterprises together for a common goal: the protection of U.S. assets, personnel, property and citizens overseas.
Adds Schlehr, “For international business issues, I don’t believe there’s any better organization than OSAC.”