Long-Term Foreign Visitors

Long-term foreign visits to U.S. defense contractors, national laboratories or other companies or research laboratories in the private sector can pose a serious threat to security unless appropriate countermeasures are taken to mitigate the vulnerabilities associated with the foreign presence.1

Given access to scientific, technical, or other proprietary information, foreign experts can gain for their home country information that will erode the U.S. lead in militarily critical technologies. Often the difference between the technology used in unclassified research and a classified weapons program is nothing more than the "application" of the technology. The vast numbers of foreign scientists visiting the U.S. make it difficult to assess the full extent of the problem.

During joint research and development activities, foreign governments routinely request the presence of an on-site liaison officer to monitor progress and provide guidance. Several allied nations have used these positions as cover for intelligence officers who are tasked to collect as much information about a facility as possible. These officers use their access to the facility's computer network or relationship with their U.S. counterparts to gain unapproved access to classified or restricted data that is then sent back to their home country.

Foreign scientists and engineers sometimes offer their services to research facilities, academic institutions, or defense contractors. This can be an effort to place a foreign national inside the facility to collect information on the technology available there. Some prominent foreign scientists who obtained employment with U.S. companies have immediately begun sending acquired information via fax transmissions back to their former associates in their home country, using their native language so the U.S. company could not monitor what was being sent.

As part of a joint venture, one cleared contractor had a number of foreign representatives working on unclassified projects. "One of them was caught hacking into the unclassified, but proprietary local area network system. This person accessed company proprietary source code information. He was expelled from the facility, but the computer intrusions continued a few days later. The suspected perpetrators were the remaining representatives from the same country. Since the start of the joint venture, the foreign representatives had stated their desire for the source codes."2

In some instances, at a foreign government or corporation's behest, foreign graduate students serve as assistants at no cost to professors doing research in a targeted field. The student then has access to the professor's research and learns the applications of the technology.

Some foreign governments routinely task their graduate students in the United States to acquire information on a variety of economic and technical subjects. In some instances, the students are contacted and recruited before they come to the United States to study. Others are approached after arriving and are recruited or pressured based upon a sense of loyalty or fear of their home country's government or intelligence service. The security officer of a cleared U.S. defense contractor reported the company's desire to employ the son of a prominent foreign scientist from a European country. A name check of the scientist revealed he had previously cooperated with his country's foreign intelligence service.

One allied foreign government has an organized program to send interns abroad as an alternative to compulsory military service. In return for exemption from military service, the intern has the specific task of collecting foreign business and technological information. A student from this country recently offered to work "free" for a U.S. company that has a U.S. Government contract for classified work.

The following indicators should trigger security concern:

  • Foreign applicant has a scientific background in a specialty for which his country is known or suspected to have a collection requirement.

  • The technology the individual wants to conduct research on may have classified applications (dual use technology), be on the militarily critical technology list, or be export-controlled technology.

  • Foreign intern (student working on masters or doctorate) offers to work under a knowledgeable individual for free, usually for a period of 2-3 years. If any foreign national applicant offers services for free, the foreign government or a corporation associated with the government may well be paying the expenses and expect to gain accordingly.

Without sustained security and counterintelligence awareness training programs, assimilation of foreign personnel into the work environment usually results in a relaxation of security awareness among U.S. employees. Security compromise is a frequent result. Appropriate security countermeasures may include:

  • Technology Control Plan (TCP): A TCP or other similar document will educate all employees on what needs to be protected and what their responsibilities are to prevent the loss of classified information, intellectual property, or proprietary information. It will also help educate facility employees on counterintelligence awareness issues.
  • Briefing the Foreign National: The foreign national should be briefed on his or her obligations and responsibilities, including limitations on access.
  • Briefing Employees: Facility employees should be briefed prior to the arrival of a foreign national on the access limitations, potential foreign collection techniques that could be used, recognizing indicators of economic espionage, and to whom to report any relevant security information.
  • Periodic Interviews: Facility employees who have frequent contact with foreign national personnel should be interviewed periodically to check for indicators of economic espionage.
  • Local Area Network (LAN) Restrictions: In anticipation of gaining access to a LAN, some foreign employees are trained in hacking techniques. Good risk management means reducing vulnerabilities to the technologies or information you are trying to protect. It may mean providing long-term visitors with a "stand alone" computer instead of access to a LAN. At a minimum, it should include regular checking of computer audit logs to detect any effort by the foreign employee to exceed his or her approved computer access.
  • Fax Machine Restrictions: Unless you have some means to read and review the documents being sent, including those written in a foreign language, a foreign visitor should not be given access to company fax machines. Fax machines make it possible for someone who is stealing information to compromise documents without having to take the riskier step of physically removing them from the building.

Related Topic: Short-Term Foreign Visitors.

Reference
1. Source for most information in this topic is "Long-Term Foreign Visitors Threaten Security," Counterintelligence News and Developments, March 1997, National Counterintelligence Center. Also, Annual Report to Congress on Foreign Intelligence Collection and Industrial Espionage, July 1995, National Counterintelligence Center.
2. James Norvell, "Assessing Foreign Collection Trends," Security Awareness Bulletin, No. 1-98 (Richmond, VA: Department of Defense Security Institute, 1998).

 

HOME   |   METHODS OF OPERATION CONTENTS   |   TOP OF PAGE   |   HELP

SECURITYTHREATS | TECH VULNERABILITYASSISTANCE | SPY STORIES | TREASON 101