Targeting U.S. Technologies: A Report of Threats to Cleared Industry
This report reflects foreign collection attempts to obtain unauthorized access to sensitive or classified information and technology resident in the U.S. cleared industrial base. In FY21, DCSA received nearly 24,000 reports of suspicious contacts from cleared facilities operating as part of the National Industrial Security Program (NISP). Of these, DCSA reviewed and identified thousands of incidents of counterintelligence concern that likely involved a foreign entity attempting to illicitly obtain classified information or technology resident in cleared industry, or an attempt to compromise a cleared employee.
The large scope and diversity of collection efforts targeting U.S. technologies meant that foreign entities simultaneously directed considerable efforts at many technologies using variations of methods and collectors. In FY21, electronics; software; and command, control, communications, and computers (C4) made up the top three targeted technologies. These three technologies accounted for 40 percent of all reporting for FY21. Aeronautic systems and armament and survivability finished out the top five targeted technologies. The remaining reported collection efforts targeted a variety of technologies covering the remaining 24 IBTL categories.
In FY21, East Asia and the Pacific and Near East entities remained the most significant collectors of sensitive or classified U.S. technology and information, collectively accounting for 61 percent of overall reporting. DCSA attributed nearly 31 percent of suspicious contacts to collectors from Europe and Eurasia, as well as South and Central Asia. Collectors from the Western Hemisphere and Africa, collectively accounted for just 7 percent of reported suspicious contacts.
In FY21, rĂ©sumĂ© submission was the top MO, accounting for a third of overall reported attempts, more than doubling the next closest MOâexploitation of experts. Near East entities accounted for 35 percent of rĂ©sumĂ© submission incidents, with students seeking to conduct postgraduate level research at U.S academic centers involved in sensitive or classified research. East Asia and the Pacific entities represented 26 percent of overall rĂ©sumĂ© submission, despite primarily relying on exploitation of supply chain when targeting cleared industry. The most pervasive MOs used by entities from Africa were rĂ©sumĂ© submission and request for information (RFI)/solicitation. Each of these two MOs represented 82 percent of the incidents DCSA attributed to this region. Western Hemisphere collectors relied heavily on exploitation of cyber operations, followed by exploitation of insider access and exploitation of experts.
In FY21, individual was the top collector affiliation, collectively accounting for nearly half of overall reported attempts, primarily due to résumé submission. DCSA attributed nearly 27 percent of suspicious contacts to individual collectors from the Near East, as well as South and Central Asia, seeking advanced degrees and employment opportunities at CCs. Reporting indicated that commercial entities from East Asia and the Pacific, constituted 62 percent of the overall reported attempts. On several occasions, commercial collectors offered manufacturing services and requested to serve as overseas distributors for CC products in regional markets.
Gloss