SGIS Security wants you all to be aware that you could potentially be a target.  Whether it’s for Economic Espionage, a type of cyber crime or Elicitation/Recruitment, the fact that you are a working for a U.S. government contracting company puts you at a level of risk.

Those who have clearances and access to sensitive or proprietary information are prime targets to foreign intelligence operatives a.k.a. “spies.”  Now when I say spy, someone might think of 007 or “Get Smart,” but the fact is today’s operatives are usually friendly, everyday people who want to become “friends” with you.  They use a technique called “Elicitation”, which simply put is “the art of conversation honed by intelligence services…”  Often times, they will make initial contact with you at a seminar, business conference, networking event or social networking site.  Their goal is to determine if you have ANY information or access to information that could be potentially valuable.

If this initial contact seems worthy, they will proceed to get to know you and assess your vulnerabilities.  This is why it is extremely important to be careful what you say about yourself and your co-workers!  If you begin telling this spy… err, I mean “friend,” about your financial difficulties, marital problems or work related stresses, you are letting them know what your vulnerabilities are and they will exploit those vulnerabilities to gain an advantage.

Elicitation can take place over a long period of time. They collect tidbits of information on you, your job and coworkers. Elicitation is sometimes very hard to recognize.  Over time they hope to earn your trust and have you consider them a friend. They may ask for your expertise or consultation. Typically their goal is to have a “trusted source” that they can go to for information.

Please review the information below for further details on how they may try to recruit you and or your information:



Elicitation might be hard to recognize, but if feel you are being targeting and assessed by a Foreign Intelligence Operative, remember you have done nothing wrong unless you start maintaining a regular contact without reporting it to your security officer. Your main defense is awareness and reporting. The government may be able to notify you that you are dealing with a known intelligence operative, or it may identify the person as an operative as a result of your reporting the contact. Always report so that you are part of the solution and not the problem. See reporting requirements below.

You are required to report the following to your security office:

• Any effort by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise you or any other cleared employee.  In addition, all contacts by you or any other cleared employee with known or suspected intelligence officers from any country, or any contact which suggests that you or any other employee may be the target of the intelligence service of another country or other clandestine group shall be reported.¹

• Any other known, suspected, attempted, or planned activity that threatens U.S. national security. This includes unauthorized release of or access to any classified or otherwise sensitive information, intrusion into an automated information system containing classified or otherwise sensitive information, or information relating to terrorism, sabotage, subversion, or illegal diversion of U.S. technology to a foreign country. Knowledge of any activity by a foreign country or organization that suggests that country or organization may have unauthorized knowledge of U.S. national security information, processes or capabilities.

Just to show you that this is REAL and happens regularly, I have linked some interesting articles on recent espionage cases that have happened this past year:

U.S.: Product engineer swiped Ford’s secrets

China proves to be an aggressive foe in cyberspace

Scientist offered U.S. secrets for $2 million, prosecutors say

As always, SGIS security is here to HELP you! Please email us a SECURITY@SGIS.COM for assistance or if you’d like to suggest further monthly topics, we would love to hear from you.

References:

1. National Industrial Security Program Operating Manual, paragraph 1-302. Presidential Decision Directive NSC-12, Security Awareness and Reporting of Foreign Contacts, August 5, 1993.

2. Many ideas in this topic came from a NRO foreign intelligence threat awareness briefing.

3. DSS pamphlet, “Elicitation, Can you recognize it?”

Newly issued FY 2010 guidelines and policies from the White House Office of Management and Budget and the Department of Defense Component Manpower Authority are taking a stance to minimize reliance on non-specialized contracting while growing their civilian workforce.

White house executive and administration officials have new strategies to shift workforce reliance with the intent of saving $40 billion in contract funds annually starting in 2010. The strategies are designed to minimize contract reliance on non-specialized, generic, or commonly available services, and replace much of the contract workforce in those areas with government civilian acquisition programs.

In deciding between a Government Civilian solution or a contract solution, two basic rules must be answered: Is the work an inherent Government responsibility? And can the work be done by accelerating the acquisition of Government Civilians or by being brought into the Governments umbrella of inherent responsibility?

If the answer is no to both of those key questions, a permanent, or on going contract solution is easily justifiable. If the answer is yes to both questions, a Government workforce will clearly be responsible for the work. If the answer is no to one question, but yes to another, a temporary contract solution, not intended to be more than 5 years, can be implemented. The intent of temporary contract solutions will be to satisfy the requirement while also allowing the Government time to analyze the work requirement for inclusion as a Government responsibility and bring the work into the Government Civilian workforce acquisition process.

This does not negate the need for a contract workforce. Accomplishing government missions and requirements remains paramount. However, this will focus Government requirements for contractors into specialized and short-term needs, surgical solutions and unique solutions not available elsewhere. Contract solution providers must become a true solution provider instead of a generic personnel provider. Large and small companies cannot rely solely on providing personnel; they most provide true solutions, niche abilities and enhancements to existing programs that the Government cannot obtain elsewhere to reach the intended balance in Government solutions and abilities.

About the author: Jason Wilson, the SGIS Division Manager of the Intelligence and Training Division, is a recently retired US Army Warrant Officer with 21 years of military experience. Wilson has strong relevant operational and institutional credentials and subject matter expertise as well as 19 years of experience in leadership and contract supervision positions.

Specific accolades for Jason Wilson include:
Certified Project Manager (CPM)
5 years supporting DoD and US Army level acquisition programs
6 years supporting and participating in Advanced Concept Technology Demonstrations and Joint Capability Technology Demonstrations
6 years supervising a theater wide contract for Oracle and MS SharePoint development

If you are interested in reaching out to the author via discussion, visit SGIS on LinkedIn.