Each year DSS highlights a technological sector. In 2014, it was “Inertial Navigation Systems” used in commercial and military aircraft, spacecraft, and naval vessels.
Based on information received from cleared defense sector companies, DSS analysts were able to identify five distinct methods of operation when targeting INS technologies:
- an attempt to purchase (usually by finding a corrupt company in an allied State to act as the middleman)
- academic solicitation
- solicitation or marketing services
- sending a Request For Information (RFI)
- foreign visit (such as attending a conference in a foreign State)
This is easier to do with tangible collection activities as described above than with cyber attacks, which DSS (to its credit) acknowledges in the conclusion of its report (p.71). With an RFI or an invitation to attend a conference, you know who sent the invitation. With a cyber intrusion or what DSS calls “Suspicious Network Activity (SNA), it could be anyone.
However, cyber espionage is simply a new way to conduct industrial espionage so it’s reasonable to assume that governments and corporations who are attempting to acquire a specific technology in any of the five ways detailed by DSS will also use a network attack if it will produce a successful end result. See our white paper on espionage-as-a-service, for example.
What the DSS Report Won’t Tell You
The Defense Security Service produces one of the very best analytic reports available today, both in terms of sound intelligence collection and analysis methodologies (missing from 90% of cyber intelligence reports) as well as actionable content. However, it doesn’t tell you who is doing the collecting. It also doesn’t provide the entirety of any nation’s technology acquisition interests. If your company doesn’t produce any of the INS-related technologies mentioned in this report, does that mean that you’re safe from foreign collection efforts? Absolutely not.
That’s why we built the Redact™ knowledge base and the OverWatch™ intelligence feed. Used in conjunction with the DSS report, you can identify which Chinese and Russian government institutes, universities, state key labs, and state-owned enterprises have received funding for high priority technology R&D projects, and which of those have been reconnoitering your company’s website for product information. We are also mining South Korean and French institutes and will be adding more nations over the next few months.
Compatible with Maltego and other Threat Intelligence Platforms
Our OverWatch™ intelligence feed is written in Common Event Format (.CEF) and is compatible with many SIEM products including ArcSight ESM, Splunk, and ThreatStream. We are also about to launch our Maltego transform.
OverWatch™ will alert in real-time when one of the foreign government research institutes that we track is visiting your website while Redact™ will provide you with the details on their government funded R&D projects. We are currently scheduling demos for new corporate customers as well as federal agencies who are approaching the end of the federal fiscal year.
NOTE: This is cross-posted from the original article at the Taia Global website’s blog.