Tuesday, April 06, 2010

Defense Security Service Publishes 2009 Report on "Targeting U.S. Technologies"

Thanks to Team Cymru I learned of a new Defense Security Service report titled Targeting U.S. Technologies:
A Trend Analysis of Reporting from Defense Industry
. The report seems to be the 2009 edition, which covers reporting from 2008. I'll have to watch for a 2010 version. From the report:

The Defense Security Service (DSS) works with defense industry to protect critical technologies and information. Defense contractors with access to classified material are required to identify and report suspicious contacts and potential collection attempts as mandated in the National Industrial Security Program Operating Manual (NISPOM). DSS publishes this annual report based on an analysis of suspicious contact reports (SCRs) that DSS considers indicative of efforts to target defense-related information.

The executive summary offers these bullet points:

  • East Asia and Pacific-originated contacts continued to generate the greatest number of suspicious reports attributable to a specific region of origin. For the fifth year in a row, reporting with an East Asia and Pacific nexus far exceeded those from any other region suggesting a continuing, concerted, and growing effort to exploit contacts within United States industry for competitive, economic, and military advantage.

  • Aggressive collection attempts by commercial actors continued to surge. In FY08, commercial entities attempted to collect defense technology at a rate nearly double that of governmental or individual collector affiliations. This trend likely represents a purposeful attempt to make the contacts seem more innocuous, shifting focus from government collectors to commercial or non-traditional entities.

  • Collectors continued bold and overt exploitation of the Internet to acquire information via direct requests. Facilitated by ever increasing world wide connectivity, the ease of inundating industry with overt email requests and webpage submissions made direct requests a premier vehicle for solicitation and/or collection. While not all direct requests for information or services represent organized collection attempts, exploitation of this medium provides collectors an efficient, low-cost, high-gain opportunity to acquire classified or restricted information.

  • Unmanned aerial vehicle (UAV) technology has emerged as a priority target of aggressive collectors from multiple regions. In FY08, DSS noticed a significant increase in exploitation attempts against UAV systems and technologies at CDCs. Targeting of UAVs is non-region specific, broadly based, and spans all phases of research, development, and deployment. It is highly likely that this interest and probable targeting is the direct result of a growing and increasingly competitive world market for UAV systems.

This report is good background and support for your threat-centric security measures.


Felix_Dzerzhinsky said...

There doesn't seem to be a lot of attention on non-state actors exploitation of these technologies. Things that used to be only doable by a state (or a larger corporation) may in the near future be done by smaller sub national groups or what John Robb calls the "super empowered individual". Robb has an interesting post on DIY Bioengineering. What I note is that what the National Labs or Beltway contractors say it can't be done while the people on the cutting edge are just doing it. I would expect the same to apply to targeting information technologies. http://globalguerrillas.typepad.com/globalguerrillas/2010/04/journal-diy-clean-rooms-and-garage-biolabs.html

gih said...

well, so far I've known U.S has stil the best defense for that.

Edward Francois said...

how threatening is it to be in this world when nations invest on technologies for defense security..can't we just live peacefully and have this budgets allocated on more important things