Advisory Notice 18 -- Information Security Resource Center

DEPARTMENT OF ENERGY
INFORMATION SECURITY RESOURCE CENTER
PACIFIC NORTHWEST NATIONAL LABORATORY

ADVISORY NOTICE No. 18
April 30, 1997

TECHNOLOGY COLLECTION TRENDS

SUMMARY

A recent Defense Investigative Service (DIS) publication states that foreign technology collection activities directed against the US defense industry are growing. Collection activities were observed/reported during 1996 against all 18 technology categories contained on the Militarily Critical Technologies List (MCTL). These same technologies are found across the Department of Energy (DOE) Complex. DOE security professionals must remain aware of foreign technology collection trends in order to adequately mitigate against them and ensure that all suspect incidents involving DOE and/or DOE contractor personnel and resources are properly reported.

BACKGROUND

A March 1997 DIS publication entitled "Technology Collection Trends in the US Defense Industry" provides a useful summary of foreign government and corporate collection activities against American science and technology organizations. Several key points contained in the publication are outlined below.

Foreign Scientists and Engineers as Collectors. According to DIS, while foreign intelligence services may employ intelligence officers to collect US technology, a more efficient means frequently involves the cooption of scientists and engineers. In fact, DIS concludes that under certain circumstances technology collection activities carried out by foreign scientists and engineers represents a more significant security challenge than those involving actual intelligence officer. Visiting scientists or engineers often gain access to US facilities to collaborate on research. Once they have gained access to a facility, they have the advantage of knowing exactly what they want, there is less risk involved because of plausible cover, it is less expensive to develop bonafides, the technology can be collected more quickly, and the collected technology can be put into more immediate application in the foreign country.

Expansion of the Non-Traditional Threat. Although traditional foreign threats (e.g., those from Russia, China, etc.) continue their collection activities, DIS continues to observe an expansion of non-traditional foreign collection activities (e.g., from friendly, allied, neutral countries) against the US defense industry. As the frequency and number of suspicious reports grew during 1996, there was a commensurate increase in the number of different countries involved in some form of suspicious behavior. A DIS summary of suspicious contacts reported during 1996 indicates over 40 different countries displayed some type of suspicious interest in one or more of the 18 MCTL technology categories listed below.

* Aeronautics Systems
* Manufacturing & Fabrication
* Armaments and Energetic Materials
* Marine Systems
* Chemical and Biological Systems
* Materials
* Directed and Kinetic Energy Systems
* Nuclear Systems
* Electronics
* Power Systems
* Ground Systems
* Sensors and Lasers
* Guidance, Navigation, and Vehicle Control
* Signature Control
* Information Systems
* Space Systems
* Information Warfare
* Weapons Effects & Countermeasures

One particular trend identified by DIS during 1996 was the apparent focus of many foreign collectors on three distinct technology fields -- information systems, sensors and lasers, and aeronautics systems.

Foreign Collections Modus Operandi. The following were the most common methods used to collect US technology, as observed by DIS during 1996.

Unsolicited Requests. Unsolicited requests for information constitute the most frequently reported method of collection. These requests covered a wide range of interests, and often represent an information management problem, according to DIS. An increasing number of incidents involved fax, mail, e-mail, or telephonic requests to individual US persons rather than corporate marketing departments. One frequently used tact entailed the use of so-called "marketing surveys" faxed or mailed to US companies by foreign consortiums or "consultants," which often exceeded generally accepted terms of marketing information, to include the outright solicitation of proprietary information (i.e., market projections, pricing policies, program director's names, purchasing practices, dollar amount of US Government contracts, etc). Collection via unsolicited requests is relatively simple, low cost, non-threatening to the recipient, and poses few risks to the collector. The growth of the Internet has helped facilitate such requests, providing a direct line of communication. Internet access to a company's bulletin board, homepage, and employees, DIS notes, provides foreign collectors avenues through which to broaden a collection effort. DIS also notes that many requests during 1996 were considered suspicious because the information requested frequently was covered under the International Traffic in Arms Regulations (ITAR) and would require a license for export.

Inappropriate Conduct During Foreign Visits. Although visits are more costly and entail more risk to the foreign collector, DIS notes that they usually result in direct access to the targeted facility. As a result, DIS assessed this method as the most damaging form of collection activity. Once inside a facility, good collectors can attempt to manipulate the visit to address some or all of their collection requirements. The one factor which made certain foreign visits suspicious was the extent to which the foreign visitor would ask questions or request information outside the scope of what was approved for discussion. DIS notes that with few exceptions, security compromises reported from foreign visit incidents could have been prevented if US personnel had been properly pre-briefed as part of the risk management process. Several specific visit exploitation methods noted by DIS include the following.

* Hidden agendas as opposed to the stated purpose of the visit.
* Last minute and unannounced persons added to the visiting party.
* "Wandering" visitors who become offended when confronted.
* Initiating conversations with escorts beyond the approved scope of the visit.

Soliciting and Marketing Services. Foreign individuals with technical backgrounds solicited and marketed their services to research facilities, academic institutions, and even cleared defense contractors with greater frequency during 1996. DIS also noted that US technical experts are often requested by foreign entities to visit the foreign country and share their technical expertise. While many such requests are viewed as routine and benign, some pose significant concerns. There is also an increasing trend involving headhunters soliciting information from employees in connection with alleged employment opportunities.

International Exhibits, Conventions, and Seminars. These gatherings constitute rich collection targeting opportunities, since each function typically links programs and technologies with knowledgeable personnel. DIS reports frequent collection activity in such settings. Effective risk management and security countermeasures planning can mitigate these concerns.

Joint Ventures and Joint Research. Co-production and exchange agreements offer significant collection opportunities for foreign interests. Joint ventures often place foreign personnel in close proximity to US personnel and afford potential access to science and technology programs and information. Access can be both intentional or unintentional, legal or illegal. The "dangle" of a potentially lucrative joint venture is often sufficient to entice US contractors to provide unusually large amounts of technical data to their foreign counterparts as part of the bid process, according to DIS. Once the contract or bid process in question is over, sometimes with little or no success, the technical data is then lost to the foreign "partner."

Cooption of Former Employees. Targeting former employees who had access to sensitive, proprietary, or classified information remains an ongoing counterintelligence concern, according to DIS. Frequently, such targeting involves exploitation of cultural commonalities between a targeted foreign national employee of a US company and the foreign collector. Current and former employees who are foreign nationals are viewed by some as excellent prospects for collection operations because certain foreign countries believe these individuals may feel less obligated to comply with US Government or corporate security requirements.

RECOMMENDATIONS

These DIS findings are highly relevant to the Department, as virtually all targeted technology categories found on the MCTL exist throughout the DOE Complex. Collection efforts similar to those referenced above have been reported by DOE and DOE contractor personnel and can be expected to continue. Further, many "defense industry" companies covered under the DIS report also maintain relationships with the Department.

It also merits mention that while this particular report focused upon foreign targeting of military and dual use technology, similar foreign collection activities persist against purely commercial technologies under development throughout DOE.

DOE maintains extensive and growing foreign interactions as part of its various mandates, which support important national goals. It must be recognized, however, that these same interactions, typically via foreign visits and assignments and foreign travel, also provide many collection opportunities ripe for exploitation.

Return to Advisory Table of Contents

Security and Privacy Notice
To contact send email to ISRC
Last Updated October 2001