UNCLASSIFIED
Targeting U.S. Technologies

Europe and Eurasia

Case Study

OVERVIEW

There are many historical, cultural, and geostrategic ties and developmental and economic similarities between the United States and Europe and Eurasia. Many countries within the region see the United States as a model for innovation, modernization, and manufacturing expertise and look to it for assistance in achieving their own national defense, military, and technological goals. Sometimes the United States provides this assistance willingly; sometimes foreign collectors attempt to obtain it illicitly.

Since fiscal year 2009 (FY09), the number of suspicious contact reports (SCRs) ascribed to each of the six regions increased dramatically; Europe and Eurasia's reported collection attempts more than doubled from FY09 to FY10.

As a result, Europe and Eurasia displaced South and Central Asia as the third most reported collector. It should be noted that Europe and Eurasia—a region that contains many U.S. allies—helped to account collectively for 15 percent of the total world-wide reports of collection attempts against the U.S. industrial base.

While commercial entities remained the most active collectors in the region, collection attempts from unknown and individual collectors increased their share. Requests for information (RFIs) remained the most common method of operation (MO), but the most dramatic change was the rise in targeting via suspicious network activity (SNA). Consistently battling for the top targeted technology category within this region, information systems (IS) technology returned to being the top targeted categorys.

COLLECTOR AFFILIATIONS

Defense Security Service (DSS) analysis of industry reporting shows that Europe and Eurasia is moving increasingly toward the pursuit of illegal or unauthorized access to sensitive or classified information and technology resident in the U.S. cleared industrial base. Personal and/or individual economic goals may drive some of the collectors, whereas others may be acting on behalf of national or corporate entities while successfully masking their identities and/or affiliations. Based on FY10 industry reporting, European and Eurasian actors targeting U.S. technologies included anyone from representatives of private companies to foreign liaison officers, journalists, civil servants, and scientists.

Overall, although the number of SCRs ascribed to the region in FY10 doubled from the previous year, the percentage of incidents attributed to commercial, government, and government-affiliated entities from Europe and Eurasia decreased. Attempts attributed to unknown and individual collectors increased.

Most notable in comparison to the relatively modest changes in other categories was the rise in reported collection attempts by individual actors. Reports ascribed to individuals linked to Europe and Eurasia multiplied by a factor of six since last year. In FY09, individual actors were the least active collectors, but in FY10 SCRs ascribed to individuals almost tripled their relative share, from 6 percent in FY09 to 16 percent in FY10.

Analyst Comment: These statistics probably reflect an attempt by entrepreneurs to take advantage of economic modernization programs in parts of Europe and Eurasia. (Confidence Level: Moderate)

Despite the small decrease in the overall percentage of reports from FY09, FY10 reporting showed that commercial entities remained the most active collectors from Europe and Eurasia, with the number of reported attempts doubling. Reported attempts by collectors in the second most active category, unknown, increased by a similar proportion, from 25 to 28 percent.

Analyst Comment: Intelligence Community reporting indicates that commercial firms from Europe and Eurasia target U.S. military technologies and export a considerable quantity of indigenously produced technologies to countries of concern to the United States. DSS assesses that the continued strength of reporting that falls into the commercial category likely reflects the region's role as a technology supplier within the defense industry trade. (Confidence Level: Moderate)

Figure 10

METHODS OF OPERATION

All of the methods of operation (MOs) in the DSS categorization scheme experienced an increase in reported attempts in FY10. However, in proportional terms, exploitation of relationships had no change, and RFIs (formerly direct requests), and the combination of the three categories that make up the former foreign visits and targeting declined. RFIs declined from 69 to 55 percent of the total SCRs attributed to the region, the combined visitors and traveling sections from 16 to 8 percent.

The United States maintains friendly relations with almost all the countries in Europe and Eurasia and, as a matter of geostrategic policy, encourages many of them to increase defense spending and modernize their militaries. U.S. cleared contractors and industry from Europe and Eurasia share longstanding relationships, including in the form of joint ventures.

Based on industry reporting, European and Eurasian collectors often used overt RFIs to seek technology from U.S. cleared industry, primarily in the form of emails or web-card submissions.

Analyst Comment: Joint ventures and the relationships they nurture can convince some foreign partners that an RFI is not illicit but actually both innocuous and justified, perhaps even welcomed by the United States. Nonetheless, it is likely that RFIs allow foreign entities an opportunity to gain access to information normally denied to them. Since such RFIs offer a combination of low risk, low cost, and potentially high payoff, they will probably continue to be an option frequently used by European and Eurasian collectors. (Confidence Level: Moderate)

Similarly, longstanding relationships and a history of frequent interactions between the United States and Europe and Eurasia meant that the official foreign visits and targeting; targeting of U.S. travelers overseas; and conferences, conventions, and trade shows MOs remained a factor in the soliciting of information and technology in FY10. Together they accounted for eight percent of the total industry reporting for Europe and Eurasia.

However, industry reporting in FY10 indicated that European and Eurasian collectors increasingly used indirect MOs in their attempts to gain access to cleared industry information or technology. Academic solicitation, solicitation or marketing, and seeking employment combined increased by almost a factor of five, more than doubling their share of the total. Of these, solicitation or marketing was the third most reported MO in FY10, at ten percent. As a single category, it accounted for almost four times as many SCRs as the broader former category of solicitation and seeking employment did in the FY09 data.

Analyst Comment: European and Eurasian collecting entities demonstrate a willingness to invest the time and effort necessary to integrate themselves or their personnel into the cleared contractor realm via longer-term business or academic relationships and processes. If entities successfully solicit a business relationship with cleared contractors, they could probably exploit that relationship to gain access to or compromise sensitive components of advanced military systems. (Confidence Level: Moderate)

Most significantly, however, the number of SCRs listing SNA multiplied by a factor of eight from FY09, and this category more than tripled its share of the total. SNA now constitutes the second most commonly used MO for Europe and Eurasia, whereas in FY09 it was only the fourth. The majority of cyber incidents attributed to Europe and Eurasia involved multiple login attempts or the use of remote administrative tools.

Europe and Eurasia is home to an active and significant cyber criminal underground. Members of these underground communities conduct activities such as the theft and resale of personally identifiable information and the compromising and selling or leasing of access to computer networks.

Analyst Comment: In the course of such activities, cyber criminals are likely to gain access to information that may be of value to national intelligence services. It is likely that in multiple instances technical and program information from cleared industry was compromised through such collateral collection. Foreign intelligence entities would likely find this information useful in satisfying collection efforts directly or in targeting or vetting potential assets. While clear links between cyber criminal underground elements and national intelligence services for the transmission of such information are not always evident, such a connection probably exists. (Confidence Level: Moderate)

Another notable trend identified through FY10 cleared industry reporting is the increase in suspicious emails containing variants of the Zeus Trojan, which steals online credentials (e.g., usernames, passwords, online banking information).

Figure 11

SUPPLY CHAIN IMPLICATIONS4

Supply chain vulnerabilities provide adversaries access to corporate information systems, including those of cleared contractors. Globalization, especially the outsourcing of information technology (IT), provides potential adversaries greater access to, and therefore greater opportunity to compromise, hardware and software, including that which goes into our most sensitive military systems.

A foreign intelligence entity that partners with a U.S. commercial entity could exploit the relationship by supplying components destined for incorporation into a targeted technology. The modified hardware or software may maliciously compromise supply chain security, leading to stolen data, system corruption, and operational compromise.

The United States' shift toward outsourcing the development and assembly of IT components reduces the transparency and traceability of the supply chain. This increases the opportunity to insert corrupted software or altered hardware. Yet although international mergers and foreign acquisitions of suppliers may exacerbate the problem, even domestic production processes are not immune.

TARGETED TECHNOLOGIES

European and Eurasian governments vary considerably in their goals regarding defense spending, with some continuing a gradual decline and others ramping up. However, many share a goal of producing a considerable portion of their own defense platforms to reduce reliance on foreign military imports, thereby decreasing foreign influence on their policy-making.

Analyst Comment: This dedication to improving indigenous defense industries likely contributed to the high number of SCRs received from industry in FY10 involving commercial collectors attempting to fill technological gaps or shortcomings. (Confidence Level: Moderate)

Among the categories of technology targeted by illicit collection attempts in FY10, three historically prominent categories (aeronautics systems; electronics; andlasers, optics, and sensors) approximately doubled in reported cases, yet declined as a percentage of total SCRs, with the former top category, aeronautics, declining from 22 to 16 percent.

Armaments and energetic materials and positioning, navigation, and time all remained in the range of four to five percent of total SCRs each; marine systems was at one percent.

Some other categories, however, showed noteworthy changes from the previous year. Space systems and information security, which were negligible or nonexistent in FY09, accrued an appreciable number of cases and established themselves at five percent of the total each.

Both government and commercial entities sought U.S. technology within the IS and aeronautics sectors. The targeted systems constituted some of the United States' most cutting-edge technologies, including software, communications, data transmission, imaging, and unmanned aerial systems.

Analyst Comment: These technologies have a wide range of commercial and governmental applications. As militaries within the region engage in modernization campaigns, they will likely continue to target them to upgrade intelligence, surveillance, and reconnaissance (ISR) capabilities. (Confidence Level: High)

Table 3

ANALYTICAL FORECAST

Because of limited resources, even the strongest and most advanced defense industries in Europe and Eurasia do not have the capability to indigenously produce all the weapons systems and technologies they require. DSS assesses that the region will likely remain a significant threat to U.S. technology and information resident in cleared industry, with no indication of abatement in the coming years. (Confidence Level: Moderate)

Modernization is a priority across Europe and Eurasia, and its militaries will need to develop new technologies to replace aging and obsolete weapons and systems. DSS assesses that it is likely that commercial collectors will continue their attempts to collect sensitive, classified, and export-controlled U.S. defense technologies to boost indigenous military and defense industries and development programs. (Confidence Level: Moderate)

IS and aeronautics systems will likely remain among the top targets for European and Eurasian collectors in FY11. Priorities will likely focus on technologies applicable to strategic nuclear forces and aerospace defenses, command and control and reconnaissance systems, and long-range, high-precision weapons. (Confidence Level: Moderate)

Increased interest in supplying sensitive technologies to foreign customers also will likely direct collection requirements emanating from Europe and Eurasia. As the defense industry within the region continues to grow, and especially to the extent that the region is a major arms exporter, third-party transfer of U.S. technology will likely be a concern. (Confidence Level: Moderate)

DSS assesses that domestic requirements and the region's pattern of third-party transfer will probably drive an increased effort by European and Eurasian entities to collect U.S. export-controlled technology to save money and time, while simultaneously enabling them to develop technologies to counter U.S. systems. (Confidence Level: Moderate)

Collectors from the Europe and Eurasia region will likely continue to prefer to make requests directly to cleared industry in their efforts to fill technology requirements not satisfied by sanctioned partnerships and exchanges. Depending on the state of their relations with the United States at a particular time, countries within the region will probably shift between SNA and RFIs coming from unknown actors and from government entities. (Confidence Level: Moderate)

Back to Top

UNCLASSIFIED