Introduction
The annual Defense Security Service (DSS) study is a counterintelligence
(CI) tool for security professionals. The data presented in this
study are based solely on suspicious reports sent to DSS industrial
security representatives (ISR) and special agents. It is designed
to help cleared companies and DSS personnel recognize and report
suspicious foreign activity so that DSS can assist these companies
and enact responsive, threat-appropriate, and cost-effective security
countermeasures.
Executive Summary
Technology Interest Trends. Forty-seven nations were associated with technology targeting incidents. The extent of foreign interest and collection methodologies employed against specific technologies varies dramatically—from a passive request to sophisticated collection activities using various methods of operation (MOs). The majority of targeted technologies and Department of Defense (DoD) programs and weapons systems were covered by the International Traffic of Arms Regulations(ITAR). Instead of targeting complete weapons systems and military equipment, foreign entities have continued to target weapon components, developing technology, and technical information more intensely. 1998 reports of suspicious activity concerning critical technologies reaffirm for the third consecutive year that every militarily critical technology category is targeted by foreign interests for military and/or economic exploitation.
Country Trends. In 1998, DSS received reports of suspicious activities associated with 47 countries. This number represents a slight increase from 1997. Reporting indicates that the majority of countries targeting cleared industry has limited military capabilities and is seeking technological advancement. In some instances countries possess older weapons systems and military equipment and are attempting to upgrade specific subsystems on a given platform.
Most Frequently Reported Technology Targets. Technologies generating the most foreign interest in 1998 included: sensors and lasers, information systems, aeronautics systems, armaments and energetic materials, electronics, and signature control.
Most Frequently Reported MOs. 1998 reports by cleared US defense companies indicate several trends with respect to the variety of MOs—techniques used by a foreign entity to collect against a given target—used by foreign entities. Ranked in order of frequency of occurrence are the MOs associated with potential collection efforts in 1998:
Unsolicited requests for information were the most frequently used collection method employed by foreign interests in 1998. Although foreign interests employed a variety of methods, they are consistently similar to those reported in 1995, 1996, and 1997.
Reporting
DoD Directive 5240.2 requires DSS to assist US industries in recognizing
and reporting suspicious activities. Cleared companies and DSS
responded well in 1998, continuing a trend of increased awareness
and reporting. The following criteria ares used to identify potential
foreign collection efforts:
During 1998, 124 reported incidents were assessed as foreign collection efforts. Although this represents a significant decrease from 1997 reporting (265), we attribute the reduction to more stringent criteria, implemented in 1998, to assess foreign collection efforts and to increased security countermeasures at cleared facilities. These incident reports continue to emphasize the importance of using company facility security officers (FSOs) as a central coordination point for timely and comprehensive reports of suspicious activity.
Whether for investigation or analysis, reporting helps educate industry, security, and CI professionals about foreign collection methods employed against US industries. Thus, the DSS CI office needs to know the minute details of the ultimate target (technology, system, or research), foreign identity (name and address), circumstances of the incident and background information (for example, "met at convention in 1996"), and suspicious activity (for example, called a few times and e-mailed inquiring about program or technology). Timely reporting enables DSS to immediately deter and neutralize foreign collection activity at its lowest level.
Cleared company reporting indicates numerous successes in applying appropriate security countermeasures to potentially threatening situations. Many companies, based on information provided by DSS, refused tours to unauthorized visitors; did not respond to suspicious foreign requests for information; refused inappropriate visit sponsorship requests; used effective escorts to control visiting delegations; and examined authors’ requests to determine their interests. Scrutinizing the foreign requests proved useful in identifying and reporting inappropriate foreign interests. Most successes closely align with security countermeasures outlined in the May 1998 DSS brochure entitled, Suspicious Indicators and Security Countermeasures for Foreign Collection Activities Directed Against the US Defense Industry, and indicates that awareness training efforts by DSS and the defense industry have been effective.
Technology
Overview
DSS documents and reviews foreign collection efforts directed
against US defense technology in the categories described by the
Militarily Critical Technology List (MCTL)—the primary reference
used by DSS to identify and describe militarily critical technology.
Sanctioned and published by DoD, it contains definitions of thresholds
that make technology militarily critical. Volume II of the MCTL:
Weapons of Mass Destruction Technologies was published and distributed
in February 1998. Please refer to these volumes prior to forwarding
your suspicious activity report so that you may identify whether
the sought-after technologies are militarily critical.
A review of reported incidents of suspected targeting against critical technologies in 1998 has reaffirmed for the third consecutive year that all 18 MCTL categories continue to be the subject of foreign interest for military and economic exploitation. The degree of foreign interests in specific technology categories varies dramatically. In some cases, nations were associated with targeting all technology categories, while some were only associated with targeting one technology.
Twenty-two countries collected sensor technology, which was the most targeted technology. The second-most-targeted technology was information systems which 23 countries pursued. The third most targeted technology was aeronautics technology, in which 22 countries were associated with collection efforts. The statistics discussed in this section are based solely on those technology categories that could be identified through incident analysis. DSS does not have CI investigative jurisdiction regarding these incidents.
The majority of 1998 reports identify finite foreign technology targets, intended use of information or technology, or an identification of a foreign entity. The vast majority of suspicious activities demonstrates incidents of clear foreign targeting (including the identification and intended use of the technology and/or the foreign entity involved). Several incidents were difficult to access because the individuals involved were not immediately connected to a foreign entity, and attacks on peripheral technologies (such as information systems) and the use of third-country cutouts masked the true identity of the collectors. In some cases, what appeared to be a foreign company or a regional franchise office was actually a foreign government-sponsored, government-owned, or government-influenced academy, institute, or activity.
Because of varied technology applications and the wide range of military and economic foreign interests, cleared contractors are encouraged to provide additional application details. Your identification of how a foreigner intends to use US technology helps DSS analysts to determine foreign trends, intentions, targets, usage, and programs or upgrades associated with it.
Technology Interest Trends
Table 1 depicts the overall percentage of MCTL interests reflected
in the 1998 reporting. DSS believes that identifying specific
technologies that have been targeted by foreign collectors increases
the threat awareness of cleared companies, DSS agents, and ISRs.
DSS hopes that this document will promote relevant security considerations
and additional reporting that may not have been noticed. Because
many cleared companies are involved in several technology areas,
DSS identifies foreign collection target frequencies that assist
cleared companies in comparing and contrasting relevant threat
data and in implementing threat-appropriate security measures
and countermeasures.
| Sensors/Lasers | 22.4 |
| Information Systems | 16.3 |
| Aeronautics Systems | 9.6 |
| Armaments/Energetic Materials | 7.8 |
| Electronics | 6.1 |
| Signature Control | 6.1 |
| Ground Systems | 3.8 |
| Guidance/Navigation/Vehicle | 3.2 |
| Manufacturing/Fabrication | 3.2 |
| Power Systems | 3.2 |
| Marine Systems | 3.0 |
| Space Systems | 2.7 |
| Weapons Effects and Countermeasures | 2.7 |
| Chemical and Biological Systems | 2.3 |
| Information Warfare Technology | 1.5 |
| Materials | 1.5 |
| Nuclear Systems | 1.5 |
| Directed Energy Weapons | 0.3 |
| Other | 2.7 |
The most-sought-after militarily critical technology category in 1998 was sensors and lasers. Cleared contractors reported 73 foreign collection incidents targeting sensors and four targeting lasers. Targeted technologies included:
The continued increase in acoustic sensors can be attributed to two factors: there was greater interest by more countries in surface acoustic wave technology, as DSS forecasted last year, and broader applications of acoustic technology.
Focal plane array (FPA)/IR radars have many military applications such as early warning, sensor-fused munitions, target guidance, and missile seeking. This diversity may account for the steady increase by foreign interests to collect FPA/IR and by developing countries increased targeting of ground and airborne radars in 1998. One country has repeatedly sought airborne radars to update its air fleet.
Of note, foreign collectors continued to state their intent to apply IR technology to commercial and environmental programs. These countries appear to wait for successful US IR applications before seeking this technology. The initial purpose for airborne IR sensors—acquiring military information—is not absent from commercial IR. Cleared contractors must understand how this concern relates to many "dual-use" technologies.
Sensorsa
| Acoustic |
Electro- Optical Navigation |
Focal Plane Array/IR |
Radar | Imagery | Other | |
| 1996 | 2 | 6 | 1 | 10 | 6 | 6 |
| 1997 | 4 | 3 | 8 | 5 | 5 | 2 |
| 1998 | 18 | 13 | 11 | 8 | 13 | 10 |
aSensors targeted include both technologies and systems.
Information systems (IS) targets had the second-highest reporting frequency in 1998, accounting for 16.3 percent of total reported incidents. Twenty-three of 47 countries targeted IS, five more countries than in 1997. 1998 targets for foreign collection included:
In 1997, the majority of IS targets consisted of enciphered and cryptographic information security systems for computer and communications networks. Computer software was the next most frequent IS target followed by naval, ground, and air C4I systems. Suspicious activities concerning INFOSEC and software subcategories doubled from 1996 to 1997. In 1998, INFOSEC resumed its 1996 targeting level, and software was targeted at the same level as in 1997.
1998 reports confirmed DSS’s 1997 expectation that developing countries would continue to seek advanced computing and communicating systems while more advanced countries would target IS enhancements (MCTL foreign technology assessment demonstrates that nations’ technical capabilities vary). It seems that developed countries preferred not to change computer systems each time they determined a need for upgrade. DSS assesses that those countries, whose targeting of computer and communications systems have decreased, will target computer enhancements and enabling technology in 1999.
Most suspicious IS activities in 1998 concerned software and originated from countries with limited or significant software capabilities. This may indicate successful prevention of ITAR-controlled INFOSEC device sales and the sale of commercial INFOSEC items. Foreign collectors most likely settled for commercial products after learning that their collection efforts failed and were not worth pursuing. The surge in foreign software interest by moderately capable countries indicates a desire to keep pace with US software applications, to obtain US source codes, to avoid dependence on outside venders, to decrease maintenance contract expenses, and to apply reusable US source codes into new products. As shown in the technology collection trends, the MCTL foreign technology assessments concerning each technology category may help determine foreign capabilities and their intentions each reported incident. Aeronautics system technology was the third most frequently targeted technology reported by cleared companies and accounted for 9.6 percent of all reporting to DSS. However, 25 countries targeted aeronautics technology, ranking it first in the number of countries associated with collection efforts. Identified targets in the aeronautics systems category included:
Information Systemsa
| C41 | CAD/CAM |
Super Computers |
Information Security |
Intelligence Systems |
Model Simulation |
Network Switch |
Signal Process |
Software Systems |
Transmissions | |
| 1996 | 4 | 0 | 5 | 7 | 8 | 5 | 0 | 2 | 5 | 21 |
| 1997 | 6 | 1 | 2 | 13 | 4 | 5 | 4 | 0 | 10 | 5 |
| 1998 | 5 | 1 | 5 | 6 | 3 | 6 | 1 | 1 | 15 | 6 |
aCollection incidents is category per year.
Aeronautics
|
Fixed-Wing Aircraft |
Gas Turbine Engine |
Crew Interface |
Helicopters |
Unmanned Aerial Vehicles |
|
| 1996 | 5 | 4 | 6 | 2 | 2 |
| 1997 | 10 | 8 | 1 | 3 | 4 |
| 1998 | 5 | 5 | 5 | 1 | 4a |
a3 target drone, 1 turboprop
Aircraft targeting that cannot be associated with particular technologies includes two unauthorized attempts by different groups to record tail numbers. One group avoided being escorted in an aircraft production area and the other attempted to video a fighter aircraft (NFI).
Reported foreign collection activity in 1998 continues, as in 1997, to show broader interest by nations in US aeronautics. Developed countries continue to target military and commercial engines and were very interested in avionics. In 1998, developing countries targeted aircraft and target drones. These countries, as in 1997, still do not appear interested in sophisticated enhancements.
Armaments and energetic materials followed in fourth place (fifth most frequent in 1997), and 7.8 percent of incidents were reported by cleared companies. It should be noted that 15 of 47 countries (31.9 percent), as opposed to 27.7 percent of the 37 countries in 1997, targeted this technology category. Sometimes the targeted program was not identifiable because it applied to more than one weapons system. 1998 targets included:
In 1998, more suspicious incidents involved specific projects such as:
Foreign targeting of electronics dropped into a fifth place tie with signature control, each attracting 6.1 percent of the total suspicious activity reports from cleared companies. In 1998, 12 countries (10 of which are Middle Eastern, Asian, and East European developing countries) targeted electronics. The majority of targets concerned defense applications of dual-use electronics, including:
Electronics are key to providing faster, smarter, and better information solutions. Reporting indicates that developed countries involved in multiple suspicious incidents in 1997 were subjects of one or no incident reports in 1998. This suggests that perhaps the electronics described as militarily critical in 1996 are no longer desired products by developed countries. However, DSS expects increased foreign interest in electronics from developing countries.
Signature control was tied for the fifth most frequently reported technology associated with foreign collection efforts. Of 19 nations reported to be collecting this technology, only six are developed nations. Most developing nations interested in signature control seem to be improving existing weapon platform survivability and surprise rather than acquiring new weapons systems. This strategy might reduce regional arms races.
Electronics
|
Materials/ Components |
Fabricated Materials |
Micro- Electronics |
Opto- Electronics |
|
| 1996 | 2 | 1 | 5 | 1 |
| 1997 | 4 | 2 | 5 | 4 |
| 1998 | 6 | 3 | 2 | 1 |
Many opto-electronics targets in 1997 may have concerned sensors. Detailed 1998 reporting allowed DSS to identify opto-electronic targets that were being applied to sensors, which may account for last year's anomaly.
Signature control targets included IR suppression dyes and chemicals, damping materials for vehicle noise control, counterstealth signal analysis, low observable composite materials, radar cross-section computer codes, TEMPEST equipment, and RF shielding paint. Five developing and three developed countries sought microwave absorber information and materials. One country requested information concerning acoustic, magnetic, infrared, and radar countermeasures. Only three requests pertained to specific military application: ship noise control, aircraft coatings, painting and depainting materials, and infrared and radar-defeating camouflage netting.
All MCTL categories were identified in reported incidents. Ground systems at 3.78 percent had the sixth highest reporting frequency. Guidance, navigation, and vehicle control; manufacturing and fabrication; and power systems were targets in 11 suspicious activities (3.2 percent each). Eleven suspicious activities involved DoD equities not defined as militarily critical. Marine systems followed with the eighth highest reporting frequency (2.9 percent) and space systems and weapons effects were targets in nine reports each (2.6 percent). Chemical and biological systems had the tenth highest reporting frequency (2.3 percent) and tied for eleventh (1.45 percent) were information warfare, materials, and nuclear power, and directed energy, which was once an identified target (.3 percent).
Foreign Collection Methods
The 1998 data on foreign collection MOs is derived from increased
and improved reporting by cleared defense industries. This improvement
facilitated a more critical DSS analysis of the reported incidents
and a refinement in assessing which MOs were employed. For more
detailed information on suspicious indicators and security countermeasures,
contact the DSS special agent servicing your facility. Figure
1 depicts the frequency each MO was reflected in 1998 reporting.
As in previous years, we have provided as a point of reference
the percentage of frequency of reporting for each category. When
a specific MO could not be identified, but there was the presence
of potential espionage indicators, the data is recorded in the
category other—unidentified MOs, which accounted for 2 percent
of the total activity recorded.
There are 10 reporting MOs categories for 1998 and 11 in previous years. Marketing surveys have been deleted as a separate reporting category and that data is now included in the category request for information. The word "unsolicited" has been deleted from the title of the category request for information. This change reflects the growing influence of the Internet and other open sources of information that are now available to the general public. US Government and cleared defense contractor activities that were traditionally isolated from the general population are now vulnerable to exploitation. A wealth of once protected technical and proprietary information is now easily retrievable by individuals from around the world.
Readers are cautioned that any list of MOs must be viewed in the context of the overall atmosphere in which they were employed. Our analysis of suspicious incidents takes into consideration the following basic assumptions concerning MOs:
Looking at the ranking of the MOs categories as presented in figure 1, the top three MOs employed remain in the same order as in 1997: requests for information, foreign visits to US facilities, and exploitation of joint ventures/research. The margin of difference in percentage points between the top three categories also remains relatively the same when percentages are adjusted for the analytical changes we made in 1998. However, there was a change of positions for numbers four and five. Solicitation and marketing of services moved ahead of targeting at international conventions, seminars, and exhibits. Although the frequency of reporting for solicitation and marketing of services only increased by about 1.5 percent, there is a significant five-percentage-point drop in frequency of reporting for targeting at international conventions and exhibits. The most likely reason for the rise and fall in reporting of suspicious activity in this area is that the major international air and land warfare shows, which generate the majority of the suspicious incident reports, are not yearly events.
Requests for Information. Suspicious incidents involving
requests for information continue to be the most frequently reported
MO, accounting for 40 percent of the total activity recorded in
1998. However, even with the inclusion of marketing surveys in
this category, the 1998 figure is about five-percentage points
lower than in 1997. The principle catalyst for the change is the
improved cleared defense industry reporting. In 1998, we applied
a more critical view of what constitutes a particular MO. For
example, some suspicious incidents that may have been recorded
against requests for information in previous years, are now assessed
against solicitation and marketing of services.
A suspicious request for information is any request that is not sought out or encouraged by the cleared company and received from a known or unknown source. The information targeted in 1998 included classified, unclassified but sensitive, and company proprietary information. The requests originated from foreign and domestic companies and individuals and from foreign government officials and organizations. These requests were transmitted by e-mail, telephone, facsimile, postal system, and face-to-face elicitation.
In today’s environment there is a growing amount of information that is now available to the general public concerning US Government and cleared defense contractor activities. In particular, the Internet has expanded this exposure throughout the world. There continues to be a sharp increase in the use of the Internet by foreign collectors as a tool to identify potential targets and to facilitate the actual collection of information. The Internet provides a simple, low-cost, nonthreatening, risk-free means of worldwide access. E-mail and webchat exchanges are inconspicuous and can bypass many traditional security safeguards, directly reaching the targeted individual. Requests for information over the Internet accounted for almost half the total reporting for this MO category, while traditional postal system correspondence accounted for just over a quarter of the total.
In 1998, we saw an increase in the reporting of requests for information from countries that do not normally conduct business with the United States or have embargoes placed on them. A factor that made the vast majority of these contacts suspicious was that the requests involved informational exchanges that required an export license in accordance with ITAR. Requests for information received from countries that have highly restrictive/controlled political, social and/or business environments, or limited electronic mail connectivity with the United States, still favor the use of the postal system. This does not imply that only embargoed or restricted countries rely on traditional written correspondence. In fact, the largest portion of suspicious letters emanated from countries with developed electronic connectivity to the United States.
In 1997, we reported the use of the "thesis request" ploy and a noticeable increase in requests for copies of technical articles that had appeared in trade journals and periodicals—this trend continued to increase in 1998. The thesis request ploy usually targets a specific individual at a cleared facility. The "student" will state that he/she is working on a thesis, most likely in a field that is indirectly related to the protected US technology activity at the facility, and that he/she located the US employee’s name while conducting initial research. The student will ask for whatever assistance the cleared employee can provide. In several 1998 incidents, the requested information was on smart building technology, specifically the application of fuzz logic and security measures.
Technical articles can provide new information, confirm existing assumptions about US technology, and serve as a means to identify targets for exploitation. In a suspicious series of events in 1998, a cleared defense facility received, within a three-day period, three separate requests for different but related articles. The requests emanated from three different foreign countries. One of the requests indicated that the material would be used for the requester’s "graduate studies." What caught the eye of DSS was the fact that two of the requests were sent on the same day.
In late 1998, a cleared defense contractor employee reported, during his clearance update, that a foreign national who was visiting the United States had recently contacted him. The foreign technical expert requested a reprint of an article that the contractor employee had published years before while on active duty. It became suspicious when DSS linked the request to a suspected foreign collection operation.
Foreign Visits to US Facilities. Reports concerning suspected exploitation of foreign visits to US facilities increased 2 percent in 1998, and this MO category remained second in frequency of reporting. The term foreign visitor refers to one-time visitors, long-term visitors (such as exchange employees, official government representatives, and students), and frequent visitors (such as foreign sales representatives). Suspicious conduct includes actions before, during, and after a visit. The one factor that made many foreign visits suspicious was the extent to which the foreign visitor would request access to facilities or discuss information outside the scope of approved activities. Suspicious indicators include:
The frequency of reports concerning the suspicious brokering of foreign visits increased in 1998. A brokered visit is when a third party, who is not involved in the actual business transactions, acts on behalf of the prospective visitor (can be unwitting) to arrange for an invitation to be extended to the foreigner. Brokered foreign visits become suspicious when the third party bypasses established foreign visitor request procedures by going directly to a company employee to solicit an invitation for the visit. There were two major variations on this theme. In one instance, the prospective visitor has not yet arrived in the United States and a third party will contact an employee at the cleared facility and request that the employee sends a letter of invitation to the perspective foreign visitor. The broker may indicate that the prospective visitor has "tentative" approval from his superiors to make a trip to the United States and only needs the letter of invitation to gain final approval for his itinerary. In the second variation, a third party contacts an employee at the facility and states that the foreign national is already here in the United States and has free time to include a visit to the facility. In both variations, the broker, in an effort to have the US employee respond prior to clearing the action with the appropriate company authorities, will try to establish a reason for immediacy in responding to the visit request.
DSS has seen an increase in the use of academics as the broker. In one reported incident, a professor at an eastern university contacted employees at three cleared defense contractors on the west coast and requested that letters of invitation be sent to a group of country Z electronics experts planning to visit the United States. When the facility security officer at company A learned of the prospective visit, she became concerned because her company was not involved in foreign sales or the area of expertise of the foreign delegation. On closer analysis, DSS identified that company A was involved in the use of an ITAR-restricted rocket fuel and that country Z had been suspected of targeting this fuel in 1997. In addition, one of company A's subcontractors - company B, which produces specialized ITAR-restricted components for rocket engines using the fuel - was also on the list of facilities contacted by the broker. All three of the cleared facilities contacted by the broker were involved in export controlled technologies different from the area of expertise of the foreign delegation.
Exploitation of Joint Venture/Research. This was third most often reported MO, and it offers significant collection opportunities for foreign interests. As with frequent foreign visits and other international programs, joint business efforts place foreign personnel in close proximity to US personnel and technology and can facilitate access to protected programs. Of growing concern is the use of foreign research facilities and software development companies located outside of the United States to work on commercial projects that are related to protected programs. If a company relinquishes direct control of its processes or product to someone else, they are exposing that technology to possible exploitation. Also of concern is the placement of foreign workers in close proximity to protected operations. Although high-technology programs receive the greatest amount of public attention, low-technology programs, such as fabrics for military battle dress uniforms, are equally at risk.
Indicators of suspicious activity include the foreign worker who seeks access to areas and information outside the purview of the work agreement and entices US contractors to provide large quantities of technical data as part of the bidding process and the foreign organization that sends more foreign representatives than necessary for the project.
In 1997, a number of incidents involved cleared personnel being targeted while in a foreign country to work on joint projects. For example, airport border control personnel have subjected travelers to unwarranted, lengthy elicitation activity prior to their departure from the host country. The questioning moved from security-and visitor-control–related topics to detailed questions about the US national’s specific work and business activities. Other travelers have received excessively "helpful" services by host-government representatives and hotel staffs. Reporting also indicates that traditional foreign intelligence service (FIS) collection methods are still being employed. These measures include surreptitious listening devices, hotel room searches, intrusive inspection of electronic equipment, and positioning personnel to eavesdrop on conversations.
Solicitation and Marketing of Services. This was the fourth most frequently reported MO in 1998, moving from fifth place in 1997. Consistent with past reporting, individuals, companies, and research facilities offer their technical and business services to US research facilities, academic institutions, and the cleared defense industry. In several incidents reported in 1998, US cleared defense contractors received offers to form marketing arrangements to sell dual-use, export controlled products overseas. In each instance, the person making the offer was vague about official foreign government sanctioning of the sales and who would be offered the products.
In one 1998 incident, a cleared defense contractor reported receiving, from a company in country Y, an unsolicited offer of free engineering assistance to aid the US company in winning a commercial construction contract in country Y. The foreign company indicated that it was particularly interested in one area of the project. Analysis identified that the manufacturing process of the subject portion of the project required the use of export-controlled commercial technology that was closely related to military applications of interest of country Y. In 1997, an official request by country Y to purchase the military version of the technology had been denied. On the basis of pattern analysis of other reported suspicious incidents, the "free" offer was assessed as being part of an elaborate, nine-month collection attempt by country Y to obtain the denied technology.
Targeting at International Conventions, Seminars, and Exhibits. This category rounded out the five most frequently employed MOs in 1998. International events continue to provide a "target-rich" environment for foreign intelligence collection. These functions directly link US programs and technologies to knowledgeable personnel. Overseas events provide an opportunity for foreign nations to employ a greater variety of MOs to target visitors. In addition, international exhibits provide a unique opportunity for foreign entities to study, compare, and photograph actual products in one location. Of even more importance, events held on the collector’s home territory are vulnerable to exploitation by traditional FIS technical means (for example, electronic surveillance) and the employment of entrapment ploys (inducement of the target into a compromising situation).
As indicated earlier, the most likely reason for this MO category dropping to the fifth position in 1998 is because of the scheduling of the different major international air and land warfare shows and their locations. The major air shows, which generate the majority of the suspicious incident reports, are not yearly events and each location will impact on the number of companies participating and the type of visitors to the event. This pendulum-type swing in reporting should be viewed as an indication of the importance foreign collectors place on major air and land warfare exhibitions. However, suspicious incidents at international events are not limited to overseas. DSS receives reports concerning the targeting of attendees at international seminars and conventions held in the United States.
The audiences at international seminars are composed principally of the leading national scientists and technical experts who pose more of a threat than do intelligence officers. Technical experts focus their questions and requests on specific technical areas that have direct application to their work. Reports show that during seminars foreign entities may attempt subtle approaches such as sitting next to a potential target and initiating a casual conversation. This can establish a point of contact that may be subjected to exploitation at a later date. The use of membership lists of international businesses and technical societies as a source to identify potential targets is increasing.
Reporting has included incidents where foreign entities have obviously known travel arrangements of US participants and have employed more invasive techniques such as hotel room intrusions. Cleared defense contractors should review the type and amount of information contained in the registration, biographic, and other materials requested by the host.
Technology/Method of Operation Correlation. Requests for information was again the most frequently used foreign collection method in virtually all technology areas. One reason for its widespread employment is the minimal risk. If the cleared contractor fails to respond, the foreign entity employs another MO or moves on to another target. Foreign visits may appear less intrusive to US hosts; however, they provide access with which foreign defense engineers, government personnel, and businesses can probe and assess what is available for targeting. At risk during the visit is proprietary data, unclassified program information, unclassified scientific and technical data, and classified information.
The pie charts show the various MOs employed against the most-sought-after MCTL categories. More than one MO can be employed by a collector. Sequential use of different methods is sometimes planned to limit risks and maximize collection efficiency. At other times, sequential use of MOs indicate that one or more collection methods failed. If a cleared company ignores RFI, a foreign entity may attempt to employ another method. Trends show that several sequences appear more frequently than others do. For example, after a cleared employee attends an international convention, contact is often initiated with a RFI. Foreign visits often precede joint ventures because foreign entities want to ensure that their goals can be achieved and their equities protected. Cleared companies should report commercial foreign visits if they identify a threat to their cleared employees or programs.
Assessment of Future Trends
Countries. DSS forecasts that countries assessed as most and moderately active from 1995 to 1998 will continue technology collection operations against the US defense industry. These foreign collection efforts will continue to be driven by force modernization, economic competition, and commercial modernization using technologies with dual-use applications.
Targets. As developing countries obtain second- and third-generation weapons systems through foreign military sales, DSS expects increased targeting of weapon components, developing technology, and technical information.
MOs. As forecast in 1997, DSS believes that foreign collectors will increasingly use automated systems (e-mail and fax) to request information. Developing countries that do not have these capabilities may continue to solicit by mailing letters and postcards, while more developed countries may transition from using the postal system directly to sending e-mail. DSS assesses that fully developed countries will continue to use e-mail more frequently.
As the international political and economic environment continues to change and mature, US defense industry strategic management processes will be increasingly challenged to balance international marketing and partnerships with sound security countermeasures. Good risk management practices will ensure that cleared employees are properly trained and empowered to recognize and report suspicious activity.
If you believe that any of the above situations apply to your company, you should immediately notify your DSS industrial security representative or special agent through your company facility security officer. Likewise, notify DSS should you have any indication that your company or any of your employees may be the target of an attempted exploitation by intelligence services of another country. Reports of actual, probable, or possible espionage should be submitted to the FBI.