COUNTERINTELLIGENCE AND REPORTING REQUIRMENTS

1
COUNTERINTELLIGENCE AND REPORTING REQUIRMENTS
2
ALL THE WEIRD STUFF AN FSO OR CLEARED CONTRACTOR
IS SUPPOSED TO REPORTAND WHO THEY ARE SUPPOSED
TO REPORT IT TOAND WHILE WERE AT IT, SOME SPY
STUFF TOO
s
3
RULE NUMBER ONE

• Reporting requirements are in Section 1-300 of
  the NISPOMso never hesitate to look it up if
  youre not sure

4
RULE NUMBER TWO

• Feel free to call me anytime you have a question
  on any of this
• Richard L. Harper
• Manager, Investigations/Counterintelligence/Intern
  ational Security
• Lockheed Martin Missiles and Fire Control
• 972-603-9398

5
RULE NUMBER THREE

• The easiest way to remember this stuff is as
  follows
• Any report of possible, probable, suspected or
  known espionage, sabotage, or terrorism goes to
  the local office of the FBI
• Verbal report OK, but must be followed by written
  report with a copy to DSS
• Anything else goes to DSS

6
General Guidelines Regarding Reports to DSS

• Cleared contractors are required to report events
  that
• impact the status of the facility clearance (FCL)
• impact an employee's personnel security clearance
  (PCL)
• affect proper safeguarding of classified
  information
• indicate classified information has been lost or
  compromised.
• appear to be suspicious contacts
• Cleared contractors must establish procedures to
  ensure that cleared employees are aware of their
  individual reporting responsibilities

7
REPORTS REGARDING EVENTS AFFECTING YOUR FCL

• (1) Any change of ownership, including stock
  transfers that affect control of the company.
• (2) Any change of operating name or address of
  the company or any of its cleared locations.
• (3) Any change to the information previously
  submitted for key management personnel including
• names of the individuals they are replacing
• whether the new key management personnel are
  cleared and if so to what level and when
• DPOBs, SSNs, and citizenship of the new key
  management personnel
• whether they have been excluded from access or
  whether they have been temporarily excluded from
  access pending the granting of their clearance.
• (4) Action to terminate business or operations
  for any reason, including imminent adjudication
  or reorganization in bankruptcy
• (5) Any material change concerning the
  information previously reported by the contractor
  concerning foreign ownership, control or
  influence (FOCI).

8
REPORTS REGARDING THE LOSS, COMPROMISE, OR
SUSPECTED COMPROMISE OF CLASSIFIED INFORMATION

• reasonable time ruleif you cant find it
  quickly, assume its lost
• Preliminary Inquiry - immediately capture the
  circumstances of the disappearance
• Initial report confirms the loss and provides
  the known information
• Final report provides
• Material and relevant information that was not
  included in the initial report
• Name/SSN individual(s) primarily responsible,
  including any record of prior loss, compromise,
  or suspected compromise for which the individual
  had been determined responsible
• Statement of the corrective action and any
  disciplinary action
• Specific reasons for reaching the conclusion that
  loss, compromise, or suspected compromise
  occurred or did not occur.

9
REPORTS REGARDING EVENTS AFFECTING YOUR
FACILITIYS ABILITY TO SAFEGUARD CLASSIFIED INFO

• Changes in Storage Capability
• Any change in the storage capability that would
  raise or lower the level of classified
  information the facility is approved to
  safeguard.
• Inability to Safeguard Classified Material
• Any emergency situation that renders the facility
  incapable of safeguarding classified material.
• Security Equipment Vulnerabilities
• Significant vulnerabilities identified in
  security equipment, intrusion detection systems
  (IDS), access control systems, communications
  security (COMSEC) equipment or systems, and
  information system (IS) security hardware and
  software used to protect classified material.
• Unauthorized Receipt of Classified Material
• Receipt or discovery of classified material that
  the contractor is not authorized to have. The
  report should identify the source of the
  material, originator, quantity, subject or title,
  date, and classification level.

10
REPORTS REGARDING AN INDIVIDUALS SUITABILITY FOR
ACCESS TO CLASSIFIED INFORMATION

• Change in Cleared Employee Status
• Death
• termination of employment
• change in citizenship
• possibility of access to classified information
  in the future has been reasonably foreclosed.
• Citizenship by Naturalization (when a non-U.S.
  citizen employee granted a Limited Access
  Authorization (LAA) becomes a citizen through
  naturalization).
• city, county, and state where naturalized
• date naturalized
• Name of the court
• certificate number.
• Employees Desiring Not to Perform on Classified
  Work (employee no longer wishes to be processed
  for a clearance or to continue an existing
  clearance)
• Refusal by an employee to execute the "Classified
  Information Nondisclosure Agreement" (SF 312).

11
REPORTS REGARDING AN INDIVIDUALS SUITABILITY FOR
ACCESS TO CLASSIFIED INFORMATION (continued)

• Violations of the NISPOM which
• indicate a deliberate disregard of security
  requirements.
• indicate gross negligence in the handling of
  classified material.
• were not deliberate in nature but involve a
  pattern of negligence or carelessness.
• Must include description of administrative
  actions taken against the culpable employee
• Adverse Information
• Cleared employee
• No rumor or innuendo
• Subsequent termination of employment of an
  employee does not obviate the requirement
• If the individual is employed on a Federal
  installation, send a copy of the report to the
  head of the installation.
• Becker vs. Philco and Taglia vs. Philco (389 U.S.
  979) contractor is not liable for defamation of
  an employee because of reports made to the
  Government under the requirements of this Manual

12
REPORTS REGARDING SUSPICIOUS CONTACTS PER
NISPOM 1-302B

• efforts by any individual, regardless of
  nationality, to obtain illegal or unauthorized
  access to classified information or to compromise
  a cleared employee.
• all contacts by cleared employees with known or
  suspected intelligence officers from any country
• any contact which suggests the employee concerned
  may be the target of an attempted exploitation by
  the intelligence services of another country

13
(No Transcript)
14
REPORTS REGARDING SUSPCIOUS CONTACTS PER THE
SCHOOL OF HARD KNOCKS

• Personal, Telephone, E-mail And Written
  Communications Asking Questions Beyond The
  Scope.
• Company Info
• Classified Info
• Tech Info
• Illegal Acts
• Incidents During Travel
• Luggage/Belongings Tampered With
• Same Hotel Room Every Trip
• Sense Of Being Followed/Observed
• Detention By Host Country Law Enforcement Or
  Intelligence Services
• Confiscation Of Passport Or Personal Papers
• Any Attempt At Coercion
• Any Attempt At Elicitation
• Any Attempt By A Foreign Citizen To Establish
  Long-term Relationship

s
15
SUSPICIOUS CONTACTS - WHO IS CONTACTING US AND
WHAT DO THEY WANT?

• 106 countries targeted US Technologies last year.
  
• 80 of data targeted was OPEN information-NOT
  CLASSIFIED information.
• What are they looking for?
• -Dual-use technology
• -DATED Military technology
• -Infrastructure-supportive technology
• What arent they looking for?
• The Crown Jewels.

s
16
SUSPICIOUS CONTACTS - HOW DO THEY DO IT?

• They ASK for it.
• They employ use of Internet.
• They go to trade shows.
• They sit at bars/restaurants and LISTEN.
• They task students, visiting scientists, etc.
• They dont play by U.S. rules.
• They are patient. They gather info a piece at a
  time. They dont want or need the big picture.

s
17

• Most Frequently Reported Foreign Collection
  Methods of Operation (MO)
• Requests for Information - 34.2
• Acquisition of Controlled Technology 32.2
• Solicitation of Services - 9.6
• Exploitation of Relationships - 5.3
• Suspicious Internet Activity - 5.3
• Exploitation of a Foreign Visit - 4.6
• Targeting at Conventions,
• Expositions, or Seminars - 4.3
• Cultural Commonality - 0.9
• Foreign Employees - 0.6

18
SUSPICIOUS CONTACTSSIGNS THAT YOUR FRIENDLY
VISITOR MAY NOT BE YOUR FRIEND

• Foreign Liaison Officer or embassy official
  attempts to conceal official identity during
  commercial visits
• Suspected hidden agendas versus the original
  purpose of the visit
• Last minute and unannounced persons are added
  to the visiting party
• Presence of wandering visitors who act offended
  when confronted
• Foreign entity attempts a commercial visit or
  uses U.S. based third party to arrange a visit
  after the original foreign visit request is
  denied
• Visitors ask questions outside the scope of the
  approved visit to receive a courteous or
  spontaneous answer
• Visitors claim business-related interest but
  lack experience researching and developing
  technology
• Visitors ask to meet personnel from their own
  countries and attempt to establish continuing
  contact with them

19
Todays foreign/domestic intelligence-gatherer.

• IS NOT A 007!!!
• He or she IS
• Visiting foreign Student/Intern
• Defense Attaché
• Émigré
• Businessman/Scientist/Researcher
• External contact (phone, e-mail, letter)
• Insider

s
20
SUMMARY DO YOU REMEMBER

• What you have to report?
• events which
• impact the status of the facility clearance (FCL)
• impact an employee's personnel security clearance
  (PCL)
• affect proper safeguarding of classified
  information
• indicate classified information has been lost or
  compromised.
• suspicious contacts
• potential or actual acts of espionage, sabotage,
  or terrorism
• Who you report them to?

21

• Thank You Questions?

s