Transcript Slide 1

Incoming Visitors
San Diego Industrial
Counterintelligence
Working Group
This document is intended solely for the use and information of the client to whom it is addressed.
Version 1 - 07/09/2012
Table of Contents
• Visit Purpose
• Vulnerabilities and Collection Techniques
• Countermeasures
• Reporting Requirements
2
Visit – Knowledge Collection
• Types
– Contractually based
– Exploratory
– Unsolicited
• Benefits
– Face-to-face collaboration
– Relationship building
– Scientific and technical exchange
– Share successes
– Dispute resolution
– Promote products and services
3
An Inherent Threat
• Although the majority of visits are valid with well intention, visits are a
low risk manner for a collector to obtain access to information and/or
materials
• Unclassified and/or Private/Proprietary information more likely to be
target of collection due to access
• Threat not limited to Foreign Visitors
4
Collection Techniques
• The possibility of a trained collector within the visit delegation
– The unannounced visitor or last minute addition to the planned visit delegation
– The wandering visitor
– Taking photographs, excessive notes, or collecting materials
– Probing questions beyond the scope of the meeting
• Easily concealed recording device(s)
5
Countermeasures
• Identification and Badging
– Require visitors to provide U.S.-based identification
– In turn, require visitors to display identification while on site
• Host briefing reinforcing Need-to-Know principle
• Pre-visit survey
– Determine before the visit meeting space and tour routes
– Ensure affected areas are clear of potentially sensitive
information
6
Countermeasures
• Inform affected employees about the
presence and purpose of visitors prior
to the meeting
– Employees may need to be reminded to
protect sensitive information or materials
– Opportunity for employees to be an extra
set of eyes and ears regarding the visitor
activities and whereabouts
• Visitor briefing
– Control the potential for inappropriate
activities by informing visitors they must
remain under escort, they may not use
audio or visual recording devices, etc.
– If visitors require network access consider a
guest network or standalone system to
prevent visitor access to your company
information
– Acknowledge non-compliance of security
and safety regulations will result in an
immediate end to the meeting
7
Countermeasures
• Technology Control Plan (TCP) may be required for long term foreign
visitors
– Details badging, escort, work areas, awareness trainings/briefings, etc., all aimed at
preventing unauthorized access. TCP requires active signature acknowledgment
from both affected employees and long term visitors.
– National Industrial Security Program Operating Manual (NISPOM) 2-307, TCP within
the framework of Foreign Ownership, Control, or Influence (FOCI)
– NISPOM 10-508 & 10-509, TCP when hosting on-site foreign nationals
8
Reporting Requirements
• Post visit follow-up with host and/or affected employees
• NISPOM 1-302 requires reporting of suspicious contacts to the CSA
– Report anything questionable
– Benefits of reporting something seemingly inconsequential outweigh the negative
impact of not reporting at all
– Your report may be the missing piece of the puzzle or the beginning of a trend
9