U.S. defense technology is under attack “each day, every hour and from multiple sources,” according to a new report from the Defense Security Service (DSS). Consequently, America’s “technical lead, competitive edge and strategic military advantage are at risk.”
The DSS, the DoD organization that works with the defense industry to protect critical technology and information, bases their analysis on reports filed by defense contractors with access to classified information in accordance with the National Industrial Security Program Operating Manual (NISPOM). According to the report, suspicious contact reports (SCRs) filed by contractors in the past year are “indicative of efforts to target defense-related information” made by cyber spies.
Here are the report’s key findings:
- Most SCRs originate from East Asia and the Pacific for the fifth year in a row, “reporting with an East Asia and Pacific nexus far exceeded those from any other region suggesting a continuing, concerted, and growing effort to exploit contacts within United States industry for competitive, economic, and military advantage.”
- “Aggressive collection attempts” by commercial entities continued their “surge.” In fiscal ’08, commercial actors tried to steal defense technology “at a rate nearly double that of governmental or individual collector affiliations, most likely representing a “purposeful attempt to make the contacts seem more innocuous” by shifting authorities focus away from governmental or “non-traditional” spies.
- Spies continued their “bold and overt exploitation of the Internet to acquire information via direct requests.” In other words, cyber spies actually ask holders of classified information to send it over via email, through “overt email requests and webpage submissions” making this method “a premier vehicle for solicitation and/or collection. While not all direct requests for information or services represent organized collection attempts, exploitation of this medium provides collectors an efficient, low-cost, high-gain opportunity to acquire classified or restricted information.”
- What technologies are these cyber spies trying to steal? “Unmanned aerial vehicle (UAV) technology has emerged as a priority target of aggressive collectors from multiple regions.“ In fiscal ’08, DSS found a major increase in attacks against UAV systems and technologies, and found that the focus on UAVs is not region-specific but broadly based. UAV data collection attempts spans all phases of R&D and deployment, and it’s “highly likely” that the interest in UAV systems is a consequence of the rapidly growing world market for UAVs.