COUNTERINTELLIGENCE TRENDS EXPORT EXPO 2014 December 9, 2014

FBI Counterintelligence Strategic Partnership Program Public Voice for Counterintelligence Issues Point of Contact for U.S. Businesses and Academia Awareness Training

Protect the United States…… FBI Priorities Protect the United States…… ….From terrorist attack ….Against foreign intelligence operations/espionage ….Against cyber-based attacks and high tech crimes Former FBI Director Mueller June 21, 2002 Congressional Testimony

Issue Threat List Terrorism Espionage (National Defense Information) Proliferation (Weapons of Mass Destruction) Economic Espionage National Information Infrastructure U.S. Government Perception Management Foreign Intelligence Activities Economic Espionage – Greatest Threat to US national security since the Cold War.

Top Espionage Techniques Unsolicited Correspondence & Requests for Information Exploitation of Foreign Visits Trade Shows, Exhibits, Symposiums, Conventions & Seminars Electronic Interception Targeting of US Personnel Traveling Abroad Elicitation Cyber Intrusion Operations Social Networking Sites Insider Threat

Foreign Threat Efforts not directed against the “Crown Jewels” Dated military technologies Dual-use technologies Infrastructure-supportive technologies Proprietary Information

Foreign Threat 108 Countries Targeted U.S. Technologies Friend and Foe Rich and Poor Low and High Technologies Government and Private Collection against the U.S. has roughly doubled since the end of the Cold War. Focus of Foreign Intelligence has shifted from military secrets to critical technology and U.S. proprietary economic information. Political and military allies are just as active in technology/economic collection as our traditional adversaries.

Foreign Threat Commercial (Private Companies) Government Affiliated Individual Foreign Government Unknown Affiliation

Foreign Collectors Private Sector Companies Only way to compete with U.S. Gain access to U.S. dominated market Individuals Bolster their stature in a foreign firm Revenge (Terminated)

Foreign Collectors Governments Advanced Countries Leapfrog scientific hurdle w/o time and expense Move closer in parity with United States Give Defense-Industrial base competitive edge Less Advanced Countries Technologies that increase nations power and influence Export controlled – utilize reverse engineering and mass produce

Targeted Technologies FY13 (Military Critical List) Information Systems Information Security Lasers, Optics and Sensors Ground Systems Aeronautic Systems Marine Systems Space Systems Nuclear Systems Chemical Biological Biomedical Armaments & Energetic Materials Directed Energy Systems SOURCE: Defense Security Service (DSS) Targeting US Technologies “A Trend Analysis of Reporting from Defense Industry” 2014 report.

Emerging Technologies Inertial Navigation Systems Positioning, Navigation, & Time Signature Control Materials (Raw & Processed) Synthetic Biology Nanotechnology Cognitive Neuroscience Quantum Systems SOURCE: Defense Security Service (DSS) Targeting US Technologies “A Trend Analysis of Reporting from Defense Industry” 2014 report. Foreign entities’ interest in inertial navigation system (INS) technology has risen over the past several years, as reflected in industry reporting culminating in fiscal year 2013 (FY13). Reported targeting of INS technology rose nearly 60 percent from FY12. The Defense Security Service (DSS) produced this special focus area to alert cleared industry to the increasing foreign threat to INS technology and facilitate the implementation of mitigation strategies to counter that threat.

Best Practices Insider Threats Educate and regularly train employees on security or other protocols Routinely monitor computer networks for suspicious activity Ensure appropriate screening process to select new employees Cyber Educate employees not to open email w/ links or attachments from unfamiliar sources Do not store IP vital to your company on devices that connect to the Internet Establish protocols for quarantining suspicious e-mails INSIDERS’ TECHNIQUES TOOK ADVANTAGE OF INTERNAL ACCESS TO STEAL PROPRIETARY INFORMATION USED COMPUTERS TO DOWNLOAD INFORMATION USED THUMB DRIVES PRINTED DOCUMENTS MOST INTENDED TO USE THE INFORMATION WITH ANOTHER EMPLOYER ONE MAY HAVE DONE SO OUT OF LACK OF RECOGNITION BY CO-WORKERS

Joint Ventures/Joint Research Best Practices Joint Ventures/Joint Research Share the minimum amount of information appropriate to the scope of the joint venture Refuse to accept unnecessary foreign representatives Provide foreign representatives with stand- alone computers 1. Review all documents being faxed or mailed, and translate them when necessary. 2. Provide foreign representatives with stand-alone computers. 3. Share the minimum amount of information appropriate to the scope of the joint venture. 4. Educate employees extensively on the scope of the project and how to deal with and report elicitation. Initial education must be followed by periodic sustained training. 5. Refuse to accept unnecessary foreign representatives into the facility.

Best Practices International Exhibits, Conventions, and Seminars Take mock-up displays instead of real equipment Carefully consider whether equipment or software can be adequately protected Foreign Visitors: Risks & Mitigations Brief all employees about threat issues surrounding foreign visitors Ensure the number of escorts per visitor is adequate Check background and references Exhibits, Conventions, and Seminars – Countermeasures 1. Consider what information is being exposed, where, when and to whom. 2. Take mock-up displays instead of real equipment. 3. Provide detailed travel briefings concerning the threat, precautions to take, and how to react to elicitation. 4. Restrict information provided to what is only necessary for travel and hotel accommodations. 5. Carefully consider whether equipment or software can be adequately protected. Inappropriate Conduct During Visits Countermeasures 1. Brief all employees about threat issues surrounding foreign visitors. 2. Ensure appropriate personnel, both escorts and those meeting with visitors, are briefed on the scope of the visit. 3. Ensure the number of escorts per visitor is adequate to properly control movement and conduct of visitors. 4. Have a Technology Control Plan. 5. Provide employees periodic security awareness briefings with regard to long-term foreign visitors. 6. Check backgrounds and references.

Foreign Travel Considerations Best Practices Foreign Travel Considerations Sanitize your laptop, cell phone and PDA If feasible, use a “clean” laptop, phone and new email account while traveling Do not use non-company computers to log into your company’s network Prior to travel ensure no sensitive contact, research, or personal data in on them. Back-up all information you take overseas. Always consider any information conveyed through a non-company computer to be compromised, even if encrypted.

SA Carmine Nigro Carmine.Nigro@ic.fbi.gov 617-223-6038 SA Dara L. Nussbum Dara.Nussbum@ic.fbi.gov 617-223-6258 SA Bradley E. Davis Bradley.Davis@ic.fbi.gov 617-223-6528 1. Mention the availability of the quarterly FBI Boston CI SP Program 2. Availability of the CIVA for Corporate America as a tool for companies to use.