In its most recent report on the subject, the Defense Security Service listed the most common methods foreign entities’ have used to obtain U.S. defense-related information and technologies. Understanding these methods can help companies and individuals with security clearances to better protect classified and sensitive information. We recommend that our clients make their workforce aware of these methods:
• Direct Request, which can take the form of e-mail requests for information, webcard purchase requests, price quote requests, phone calls, or marketing surveys.
• Suspicious Internet Activity, including confirmed and attempted intrusions, computer network attack, potential pre-attack, or spam.
• Solicitation and Seeking Employment, including offering technical and business services, resume submissions, or sales offers.
• Foreign Visits and Targeting, which could be suspicious activity at a convention, an unannounced visit to your facility, solicitations to attend a convention, offers of paid travel to a seminar, targeting of travelers, questions beyond the scope of business, or overt search and seizure of your property.
Remember that if you hold a security clearance or your company holds a facility security clearance, you are obligated to report such “suspicious contacts” to the federal government. We would not advise reporting ordinary spam e-mail as a suspicious contact, but if any of the other above incidents occur you may be obligated to report them under clause 1-302(b) of the NISPOM. You may download this excellent, convenient DSS-Suspicious-Contact-submission-form.