U.S. TECH EDGEHow Foreign Intelligence Services Compromise, Exploit U.S. Technology

Published 14 November 2022

Foreign intelligence services have intensified their efforts to compromise or exploit U.S. technology. A new report analyzes foreign collection attempts to obtain unauthorized access to sensitive or classified information and technology.

The Defense and Counterintelligence Security Agency (DCSA) has released this year’s edition of its annual report, titled Targeting U.S. Technologies: A Report of Threats to Cleared Industry.

The focus of the annual report is on foreign efforts to compromise or exploit cleared personnel, or to obtain unauthorized access to classified information or technologies resident in the U.S. cleared industrial base. DCSA provides a snapshot of its findings on foreign collection attempts and provides analysis that covers the most pervasive foreign collectors targeting the cleared contractor (CC) community during fiscal year 2021 (FY21).

The agency says that the report serves to articulate the threat to industry and U.S. Government leaders.

The report includes analysis on foreign intelligence entity (FIE) threats to U.S. technologies residing in cleared facilities. The agency notes that as this report is unclassified, it does not provide a holistic view of the FIE threat to cleared industry. DCSA annually produces a classified companion assessment.

Throughout FY21, an estimated 12,550 CC facilities were required to report information in accordance with Part 117 of Title 32, Code of Federal Regulations, National Industrial Security Program Operating Manual (NISPOM). DCSA examined suspicious contacts received from cleared industry that directly address FIE threats. DCSA receives and processes suspicious contacts from cleared industry containing indicators that are either likely, very likely, or almost certain, that an entity—regardless of nationality—attempted to obtain unauthorized access to classified information or technology or to compromise a cleared employee. However, DCSA cannot estimate in this forum the volume of FIE targeting that goes unnoticed or unreported by cleared industry.

DCSA evaluated suspicious incidents received from cleared industry in FY21 depicting foreign threats to cleared companies and facilities. DCSA also considered relevant reporting and finished intelligence products from DOD and the Intelligence Community (IC) for the purpose of addressing DCSA’s analytic line. Additionally, DCSA incorporated relevant reports from the DCSA Joint Cyber Intelligence Tool Suite (JCITS)i and assessed cyber threats to cleared industry when reporting was available. The suspicious contacts serve as the foundation for this report.