Produced by Defense Security Service Counterintelligence Directorate Contributors: Ms. Sara DeWitz, Mr. Joseph O’Brien, Mr. Timothy Deerr, Mr. John Parsons, and Mrs. Erika Souliere http://www.dss.mil A TREND ANALYSIS OF REPORTING FROM DEFENSE INDUSTRY Tables andFigures . ......... ....... 2 Prefaca e . 3 Executive Summary A. Key Findings .... ....... 4 B. Regional Collection Trends ........... 4 C. Cyber Trends . ........... .. 6 D. Collector Affiliations..... ....... 6 E.E Methods of Operations. ... 6 F.F Targeted Technologies . 7 Background A. Scope/Methodollogy ... 8 B. Exxplanation of Estimative Language . 9 Cyber TrT endss . ... 111 Regional Collection Trends A. EaE st Asia and thhe PaP cific . 155 B. Neaar East . 19 C. Europo e and Euraasis a . 23 D. South andd Cene trala Asia... 27 E. Case Sttudu iees . 313 OuOutlt ooo k A.A CoConccluussionn . 343 B.B Foreecacasstt . 3535 RReefeereencn e Maap . 3636 FeFeededbab ck / Commmementnts Formm . 393 In the interests of readability and ease of comprehension, the editors have deferred the conventional stylistic use of repeated acronyms in favor of a full exposition of terms as they are fi rst used within each specifi c section. 11 TARGETING U.S. TECHNOLOGIES TAT BLE S FIGURES CYBER CYBER Regiono s of Origin . ...... 12 Affi liations....... 13 Targeted Technologies . ...... 14 Methods of Operation .......13 EAST ASIA AND THE PACIFIC EAST ASIA AND THE PACIFIC Targeted Technologies . ... ... 18 Affi liations. ... ... 16 Methods of Operation . 17 NEAR EAST Targeted Tecchnologies . .. 22 NEAR EAST Affiliationss. 220 EUE ROOPEPE ANDD EURASIA Methods ofo Operation . 221 Taarggeeted Technologies . ... 26 EUROPE AND EURU ASIAA SOUTH AND CEENTRAR L ASA IAI Affiliationss. 24 TaT rgeted Tecchnologgies . 30 Methods ofo Operar ttiono . 255 SOS UTH ANND CENTRAAL ASIA Affiliationsn . 288 Methods of Operation . 299 2 A TREND ANALYSIS OF REPORTING FROM DEFENSE INDUSTRY Ta r g eting U.S. Technolo g ies: A Trend Analysis of Reporting f rom Def ense Industry The Deefense Security Service (DSS) is chartered to work in partnership with defensse industs ry to prp otect critical technologies and information. An essential component of that effort is a requirement for defense contractors, who have access to classified matere ial or “Cleared Defense Contracctors,” to identify and report suspiciouss contacts and potential collection attempts, as outlinedd in thhe National Industtrial SeS curity Program Operating MaM nual (NISPOM). DSS publishes this annual report based on an analysis of those Suspicious Contact Reports (SCRs) that DSS considers indicative of efforts by entities to target defene se-related information and personnel. This publication is intended to assist security officials, cleared defense contractors, intelligence profeessionalsl , and Department of Defense policymakers and decision makers assess the techhnologyg collection threat and implement appp ropriate security coounnteermeasures. Based on analysis s of SCRs received from defense industry, thhis ppublication iddene tifies the most frequently targeted UU.SS. technologies, refl ectc s the most commmon collel ction methods utilized, identifies entities attempting the collecttion, and identifies the regionsn wherer theese collection efforts originate. DSS ene courages all Facilitty Security Offif cerrs to use infforo mation in this report to sus ppp lement security awareness and education programs at their facilities. In additiono to inncreaasis ngg threat awareness within theh industrial base, the additionnal SCRs geenen raateed by rorobbust training effforts furtheh r coc ntn ribute to the integrity off this annual anan lylytical prodducu t.t Timely subbmisss ion of SCRs to DSSS fi eldd offif ces is criticala to ann effecctive Industriaal SeS curityy Progrg am. ThThisi doco ummenent wowoulu d nnot be poosssiiblb e wwithouut the strorongg supu port of FaF ciciliityy Sececuru itty OfOfficecersrs withih n thhe UU.S.S. clleearred deefene see indn usu trry.y DSSS thhana ksk thee empm looyeyees of the U.U SS. cleeara edd defene ses indusu trt y ffor ththeiir coc nnttinnueued susupppporrt off the NISPOM and tht eir coc ntribubutit ons too this ana nun al pubblliicacatiiono . KAKATHTHLELEENEN M. WAWATSTSONON DiD rerecttoror Defensn e Secucurir tyty Sererviv cece 3 TARGETING U.S. TECHNOLOGIES A. Key Findings suggest a concerted effort to exploit In response to Department of Defense (DoD) contact for competitive, economic, and guidance, DSS publishes this report to detail military advantage. and analyze possible foreign targeting of information and technologies developed • DSS identifi ed a shift in the affi liation of or maintained within the Cleared Defense the entities making suspicious contacts. Contractor (CDC) community. The principal In most region-specifi c analyses, the substance of this report is drawn from DSS majority of contacts originated from analysis of suspicious contacts with foreign commercial entities vice those affi liated entities as reported by the CDC community with governmental entities. This is during fi scal years 2006 and 2007 (FY06-FY07). likely a purposeful attempt to make the The following constitutes key fi ndings based on contacts seem more innocuous by using DSS analysis of data received from the defense non-governmental entities as surrogate industry during FY06-FY07: collectors for interested government or government affi liated entities. It also likely refl ects the growing and increasingly • The number of reports DSS receives interconnected global economy. from CDCs detailing foreign contacts evaluated as “suspicious” continues • Exploitation of cyberspace as a vehicle to grow exponentially. This is likely for surreptitious access to information attributable in part to the explosive resident on CDC data systems is a growth of the Internet and the ever- growing concern, and it constitutes a increasing opportunity it affords for signifi cant portion of contacts that DSS uninhibited and unfi ltered global contact, deems “suspicious.” The ability to fi eld but it is also likely indicative of hostile effective security countermeasures to entities’ increased exploitation of oppose this persistent threat and to the Internet to target critical defense mitigate the ability of hostile elements to technologies. Enhanced CDC threat control the information battlefi eld requires awareness is also partially responsible constant diligence. for increased recognition and reporting of suspicious incidents. B. Regional Collection Trends • Contacts originating from the East Asia and the Pacifi c region constitute, by According to the U.S. State Department, there far, the greatest number of suspicious are 200 independent countries in the world. In contacts attributable to a specifi c FY06-FY07, entities within over half of these region of origin. The nature and countries attempted, at least once, to acquire disproportionate extent of these contacts U.S. defense technologies or information in a suspicious manner. DSS organized these 4 A TREND ANALYSIS OF REPORTING FROM DEFENSE INDUSTRY attempts into the State Department’s six historically the most active collector. This area regional groupings (See Reference Map for had the largest portion of overall reporting with information about the countries within the State a slight increase from 30 percent to 36 percent Department’s regional bureaus). For FY06- from previous years. Although reporting from FY07, the six regions DSS most frequently “East Asia and the Pacifi c” increased, reporting affi liated with Suspicious Contact Reports were from the other regions either stayed constant or in descending order of occurrence: slightly decreased. Once again, in FY06-FY07, the “Near East” region was the second most active area East Asia and the Pacific with 20 percent of the reporting, followed by “Europe and Eurasia” and “South and Central Asia” with 17 and 16 percent respectively. Near East (Note: The minimal number suspicious Europe and contacts reports from the remaining two Eurasia regions, Africa and the Western Hemisphere regions, did not justify inclusion in this year’s South and report of most prolifi c collectors.) Central Asia Additionally throughout FY06-FY07, the most suspicious cyber entities had Internet Protocol Western (IP) addresses suggesting origination in the Hemisphere following regions, listed in descending order: Africa East Asia and the Pacific Also, fi ve percent of traditional collection Europe and attempts were from entities of unknown origin. Eurasia It is noteworthy that the regions affi liated with Unknown Region the suspicious requests may not always be the ultimate end user of the targeted technology. Near East Collectors may use anonymous proxies or base their collection activity in another region South and to conceal their intentions or the identity of the Central Asia ultimate end-user. Reporting and analysis indicated “East Asia Western and the Pacifi c” as the region of the world Hemisphere most actively attempting to illegally acquire U.S. defense technologies. This region was responsible for 36 percent of traditional Africa collection attempts in FY06-FY07 and is 5 TARGETING U.S. TECHNOLOGIES C. Cyber Trends means the suspicious activity is affi liated with or acting on behalf of a foreign government In recognition of an increasingly pervasive or agency. Other collector affi liations include threat, this report includes a section specifi c to “Commercial,” “Individual,” and “Government the use of cyberspace as a collection medium. Associated” entities. In FY06-FY07, DSS Of the cyber incidents
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages44 Page
-
File Size-