By PHILIP A. JANQUART
BOISE, Idaho (CN) – An energy company employee used sensitive information to develop a competing product that could jeopardize the security of the nation’s power grid, Battelle Energy Alliance claims in court.
Battelle sued Corey Thuen and his company, Southfork Security, in Federal Court.
It claims Thuen violated copyright by using its proprietary information to develop competing software that undermines two years of research and development and threatens to leave the nation’s power grid vulnerable to cyber-hackers and other threats.
“This is a case of a copyright infringement and violations of federal and state laws,” the complaint states. “Defendants have intentionally duplicated Battelle’s valuable copyrighted and trade secret software and have adopted and used that software in blatant disregard of Battelle’s intellectual property rights. …
“BEA’s copyrighted software is called Sophia and protects the United States’ energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation’s energy grid.
“Given the nature of Sophia, defendants’ actions have implications for our national security. Defendants know of these implications but have ignored them.”
Battelle Energy Alliance is a subsidiary of the Battelle Memorial Institute, according to publicly available information. The Institute calls itself “the world’s largest nonprofit research and development organization, with over 22,000 employees at more than 130 locations globally,” on its Internet home page.
Idaho Falls-based Battelle Energy Alliance was incorporated in 2004, and conducts nuclear energy research and development at the Idaho Nuclear Laboratory (INL). It recently has been tasked with developing software to protect the power grid.
The federal government has relied on tracking patterns of previous attacks to spot suspicious activity. That method has become obsolete as hackers employ new and evolving tactics.
Battelle received funding in 2009 from the Department of Energy, Office of Electricity Delivery and Energy Reliability to develop software to enhance the security of Supervisory Control and Data Acquisition (SCADA) systems, which control and monitor power grid systems.
Five Battelle employees, including Thuen, developed closed-source software they named “Sophia,” describing it as an Industrial Control System Computer Networking Fingerprinting Tool. The project was developed between 2010 and 2012 at a cost of approximately $1.5 million, according to the complaint.
Thuen formed Southfork Security Inc. to compete with seven other third-party bidders vying for the contract to act as Sophia’s vendor, which would market and sell the product. He withdrew from the bidding process when he learned he would have to share royalties and licensing fees with Battelle, according to the complaint.
Although he is one of its developers, Thuen is prohibited from using Sophia materials and trade secrets copyrighted by Battelle for his personal gain, the company says. But he did use to develop a competing product called “Visdom,” in violation of employment agreements, Battelle claims.
It claims that Thuen signed an agreement requiring him to “keep all Battelle proprietary information confidential and barred him from using it for personal use or advantage; required him to disclose and assign all innovation arising out of his work for Battelle to Battelle; acknowledge copyright in all software arising from his employment as belonging to Battelle and specifically agreed not to infringe the same.”
He also acknowledged receiving an Employee Handbook, Standards of Conduct and Business Ethics guide, and a Computer Security guide, and signed an agreement specifically stating that he would not use information from the project for personal gain, according to the complaint.
“To identify and mitigate against the obvious conflicts of interest that could arise by the developers’ bidding on Sophia, the developers and Battelle agreed upon and executed a Conflict of Interest Plan, wherein the developers agreed to disclose any conflicts of interest and not use for personal gain any non-public information regarding Sophia derived from their employment at Battelle,” the complaint states.
Battelle claims Thuen’s software will undermine its ability to market and sell Sophia, and could threaten national security.
“Defendants created Visdom by copying elements, architecture and code from Sophia, in breach of copyright law and Thuen’s contractual obligations to Battelle,” the complaint states. “Thuen removed from INL property an unauthorized copy of Sophia from which defendants created Visdom. Because Battelle’s business model requires it to license the software, defendants’ actions will destroy Battelle’s business and substantial investment in the development of Sophia: Battelle will be unable to license a product that is being given away license-free by Southfork.”
Battelle seeks an injunction preventing Thuen from releasing his software, and ordering him to disable his southforksecurity.com website. It claims such an injunction “serves the public interest by protecting copyrighted intellectual property of high value, both monetarily and for national security, by helping protect the nation’s critical energy infrastructure from cyber attacks.”
Battelle also seeks an accounting, disgorgement and damages for copyright infringement, misappropriation of trade secrets, breach of contract, tortious interference with prospective economic advantage, unfair competition, conversion and unjust enrichment.
It is represented by Scott Randolph with Holland & Hart, in Boise