Technology Collection Trends In The U.S.

Technology Collection Trends In The U.S. Defense Industry

Volume III March 1997

Based on US defense industry reporting of suspicious activity during 1996, the Defense Security Service (DSS) was able to build upon previously observed trends of collection interest and activity by foreign companies and governments against US industry. The data used and assessed to develop these trends is also used to provide threat data for national policy formulation. Our referrals for investigation or analysis help to educate industry, security, and counterintelligence personnel in the methods of operation (MO) being used against US industry by foreign entities.

Personnel security investigation (PSI) and industrial security (IS) reports resulted in counterintelligence investigative and analytical referrals to the US counterintelligence community covering a wide range of issues. While using an intelligence officer (IO) to collect US technology is a serious matter, it is not the most efficient means available.

The use of foreign scientists or engineers, working for foreign companies or institutions, is assessed to represent a more significant security challenge than the use of an IO. Visiting foreign scientists or engineers often gain access to US facilities to collaborate on research. Once a foreign scientist or engineer has gained access to a facility, they have an advantage over an IO: they know exactly what they want; there is less risk involved because of plausible cover, it is less expensive to develop bonafides, the technology can be collected more quickly, and the collected technology can be put into more immediate application in the foreign country.

Although traditional foreign threats continue their collection activities, DSS continues to observe the expansion of non-traditional foreign threat collection in industry. As the frequency and numbers of suspicious reports from cleared contractors continued to grow in 1996, an increase in the number of different countries involved in some form of suspicious contact also grew. A summary of the suspicious contacts reported in 1996, indicates over 40 different countries displayed some type of suspicious interest in one or more of the 18 technology categories listed in the Militarily Critical Technology List (MCTL). These major technology categories include:

Aeronautics Systems
Armaments and Energetic Materials
Chemical and Biological Systems
Directed and Kinetic Energy Systems
Electronics
Ground Systems
Guidance, Navigation, and Vehicle Control
Information Systems
Information Warfare
Manufacturing & Fabrication
Marine Systems
Materials
Nuclear Systems
Power Systems
Sensors and Lasers
Signature Control
Space Systems
Weapons Effects and Countermeasures

A trend observed in 1996, was the relative significance or priority of technology collection interest. Of the 18 MCTL categories, the three primary technology categories of suspicious foreign collection activity against the US defense industry were Information Systems Technology, Sensor and Laser Technology, and Aeronautics Systems Technology.

A summary of suspicious contacts in 1996, reported by cleared defense contractors, indicates foreign entities employed a variety of modus operandi in attempting to acquire information. Reported suspicious foreign contacts associated with various defense industry security countermeasure (SCM) concerns include:

unsolicited requests for S&T information,
inappropriate conduct during visits,
solicitation and marketing of services,
targeting at international exhibits, seminars, and conventions,
exploitation of joint ventures and joint research,
outright acquisitions of technology and companies,
co-opting of former employees,
targeting cultural commonalities,

Unsolicited requests for US defense industry S&T program information are the most frequently reported MO associated with foreign collection activity. These requests generally reflect a wide range of interests, and often represent an information management problem for the US defense industry. A growing number of incidents involve faxing, mailing, E-mailing, or phoning such requests to individual US persons rather than corporate marketing departments. There are several reasons to explain the popularity of this MO -- simplicity, low cost, non-threatening to the recipient, and less risk to the collector. The growing popularity and expansion of the INTERNET is reflected in a significant increase in reports of SCM incidents. Using the INTERNET provides a direct method of communication for foreign collection efforts. INTERNET access to a company's bulletin board, home page, and employees provide a foreign collector many avenues to broaden a collection effort. The one factor which made the vast majority of reported unsolicited requests for information suspicious was the fact that the information, frequently being requested, was covered under the International Traffic in Arms Regulations (ITAR) and would require a license for export.

"Marketing surveys," faxed or mailed to US companies by foreign consortiums or "consulting" companies, of various types often may exceed generally accepted terms of marketing information. Often, there are strong suspicions that the "surveyor" is employed by a competing foreign company. Surveys may solicit proprietary information concerning corporate affiliations, market projections, pricing policies, program or technology director's names, purchasing practices, and types and dollar amounts of US Government contracts. Customer and supplier bases for a company may also be surveyed.

Inappropriate conduct during visits was the second most frequently reported MO associated with foreign collection activity. While visits may be more costly and slightly more risky to the foreign entity, they usually gain access to the targeted facility. For this reason, this MO, while not the most frequently used, is assessed to be the most damaging form of collection activity because it can result in the loss of some technology as a result of the visit. Once in the facility, good collectors can attempt to manipulate the visit to address some, and perhaps all, of their collection requirements.

The one factor which made many foreign visits suspicious was the extent to which the foreign visitor would ask questions or request information outside the scope of what was approved for discussion. With few exceptions, security compromises reported from foreign visit incidents could have been prevented if US personnel had been properly pre-briefed as part of the risk management process. Potential exploitation methods include:

hidden agendas as opposed to the stated purpose of the visit,
last minute and unannounced persons added to the visiting party,
"wandering" visitors who become offended when confronted,
initiating conversations with escorts beyond the approved scope of the visit.

Many of these techniques are specifically designed to produce potentially embarrassing incidents for the host, in order to obtain collection objectives as a result of the host attempting to be conciliatory. Additionally, foreign sponsored work shops, tours, and the like are potential responses to a disapproved visit request. Another variation involves the foreign activity attempting to exploit different visit procedures for US Government-sponsored, non-sponsored, and commercial visits, using each category as an alternative mechanism to gain access to excluded and protected information.

Foreign individuals, with technical backgrounds, soliciting and marketing their services to research facilities, academic institutions, and even cleared defense contractors, was reported with greater frequency during the past year. Additionally, US technical experts are often requested by foreign entities to visit the foreign country and share their technical expertise. US defense industry reporting indicates that while many requests are routine and benign, some are viewed with suspicion and represent significant SCM concerns. Usually associated with alleged employment opportunities, there is also an increasing trend involving "headhunters" soliciting information from employees.

International exhibits, conventions, and seminars are rich collection targeting opportunities for foreign collectors. These functions directly link programs and technologies with knowledgeable personnel. Consequently, US defense industry reporting reflects collection activity at these events is usually expected. Good risk management processes which accurately consider what information is being exposed, where, when and to whom is essential for implementing threat appropriate, cost effective, and rational security countermeasures to balance marketing requirements.

Joint ventures, joint research, co-production and various exchange agreements potentially offer significant collection opportunities for foreign interests. As with frequent foreign visits and other international programs, joint efforts place foreign personnel in close proximity to US personnel and afford potential access to S&T programs and information. Access can be intentional or unintentional, and for both, legal or illegal. More frequently, as the world market for defense products and services shrinks, the dangle of a joint venture is sufficient to entice US contractors to provide unusually large amounts of technical data as part of the bidding process, only to have their information taken when the contract is canceled. US defense industry reporting of SCM concerns continues to indicate that assimilation of foreign personnel into the work environment, without security sustainment training programs, usually results in a relaxation of security awareness, often resulting in a security compromise.

Foreign acquisition of technology and companies in the US defense industry continues to generate significant SCM concerns regarding foreign access to US markets or sensitive and proprietary information. Once a foreign entity gains ownership, control, or influence over a US company with classified contracts, that ownership, control, or influence must be mitigated through an insulating instrument approved by the Defense Department. If such an approved insulating legal instrument is not implemented, the US company and the foreign investor face the possibility of contract cancellations and loss of future classified contracts.

Incidents involving the co-opting of former employees who had access to sensitive proprietary or classified S&T or program information remains a potential counterintelligence concern. Frequently, targeting cultural commonalities to establish rapport is directly associated with the collection attempt. As a result, quite often foreign employees working for US companies are specifically targeted by foreign collectors. Former employees may be viewed as excellent prospects for collection operations and considered less likely to feel obligated to comply with US Government or corporate security requirements.

As the international political and economic environment continues to change and mature, US defense industry strategic management processes will be increasingly challenged to balance international marketing and partnerships with sound security countermeasures. Good risk management practices will ensure that cleared employees are properly trained and empowered to recognize and report suspicious activity.

If you believe that any of the above situations apply to your company, you should immediately notify your DSS Industrial Security Representative through your company Facility Security Officer. Likewise, notify DSS should you have any indication that your company or any of your employees may be the target of an attempted exploitation by the intelligence service of another country. Reports of actual, probable, or possible espionage should be submitted to the FBI.

This brochure was prepared by the Counterintelligence Office of the Defense Investigative Service based solely on reporting from the defense industrial security community.

This brochure is approved for public release.

OASD-PA/97-S-0797