Targeting U.S. Technologies: A Report of Threats to Cleared Industry by the Defense Counterintelligence and Security Agency
This unclassified report is by the Defense Counterintelligence and Security Agency and covers the threats to cleared industry and academia (2024).
Preface from Director David Cattler:
In the ever-evolving foreign intelligence threat landscape, the Defense Counterintelligence and Security Agency (DCSA) stands as a gatekeeper, guarding against foreign intelligence threats that transcend borders and apply diverse, novel collection means. The foreign intelligence threat environment, much like the strategic environment, is increasingly complex and interconnected. DCSA, other U.S. Government agencies, and industries involved in the Defense Industrial Base (DIB) must remain informed and adaptive to counter and mitigate these intelligence collection threats.
Foreign intelligence collectors apply a wide array of methods across a growing spectrum of means to access information. This includes exploiting non-traditional collection methods such as commercial ventures and leveraging social media in coordination with cyberspace operations and traditional intelligence collection methods. To combat this complex, interconnected, and coordinated intelligence threat, we must be aware of current collection methods and adversaries’ avenues to access information to enact stout security protocols.
As the leading nation in technology and manufacturing innovation, foreign adversaries and economic competitors target U.S. research and development facilities, production facilities, and personnel to create shortcuts in developing and manufacturing competing products. Acquiring information without expending time and cost on research and development provides a considerable market advantage to foreign competitors and allows potential adversaries to counter or negate the battlefield benefits of our technology advantage.
DCSA has unique access to cleared facilities and a singular role in assessing and reporting the foreign intelligence threat to cleared facilities. This assessment details the depth and breadth of the most virulent collectors targeting U.S. technologies. Along with sharing information with the Intelligence Community, Department of Defense (DoD), and other U.S. Government agencies, DCSA publishes this product to aid cleared industry in establishing and maintaining effective security programs to protect technology, classified information, facilities, and personnel.
Scope and Methodology:
Each year, the Defense Counterintelligence and Security Agency (DCSA) publishes Targeting U.S. Technologies: A Report of Threats to Cleared Industry, in accordance with (IAW) Department of Defense Instruction 5200.39, Critical Program Information (CPI) Identification and Protection within Research, Development, Test, and Evaluation (RDT&E), dated 1 October 2020. The purpose of this assessment is to inform stakeholders of foreign intelligence entity (FIE) efforts to target, compromise, or exploit cleared personnel and/or obtain unauthorized access to classified information or technologies resident in cleared industry and academia. This assessment provides an unclassified snapshot of DCSA findings on the most pervasive actors targeting cleared industry and academia in fiscal year (FY) 2023. The classified version of this assessment offers a more comprehensive view of FIE threats to cleared industry and academia.
Throughout FY 2023, approximately 12,800 cleared contractor (CC) facilities were required to report suspicious contacts to DCSA IAW 32 Code of Federal Regulation Part 117, National Industrial Security Program Operating Manual. DCSA received and processed suspicious contact reports (SCRs) from cleared industry containing indicators that likely, very likely, or almost certainly involved an individual—regardless of nationality—attempting to obtain illegal or unauthorized access to a cleared facility, classified information, classified technology, or to compromise a cleared employee. DCSA cannot estimate the volume of suspicious FIE activity gone unnoticed or unreported by cleared industry or academia.
We organized this assessment by geographic regions, targeted technology, methods of operation (MOs) and methods of contact (MCs) used, and collector affiliation. DCSA evaluated regions on the basis of the number of SCRs received: East Asia and the Pacific, Near East, Europe and Eurasia, South and Central Asia, Western Hemisphere, and Africa. Each regional section addresses the sources used and provides different and distinct analysis of the threat to cleared industry. Although DCSA considered relevant reporting and finished intelligence (FINTEL) products from the Department of Defense (DoD) and Intelligence Community (IC), SCRs served as the basis for the assessment’s threat levels and numeric listing of regional threats to cleared industry. Additional reporting from cleared industry on foreign intelligence threats continues to improve accuracy of analysis and threat levels addressed in DCSA annual assessments.
