Short-Term Foreign Visitors
To Sensitive Installations

Sensitive U.S. installations receive a large number of approved foreign visitors. For example, Department of Defense approved more than 14,000 foreign visits to to its military military bases, national laboratories, and private defense contractors during Fiscal Year 2004. Each visit was usually a one-day excursion by several foreign visitors. Many of these were visitors from countries that are very active in seeking to obtain classified and other protected U.S. technology.1

  Inappropriate or suspicious activity by foreign visitors to U.S. commercial or defense installations is a common occurrence. With few exceptions, security compromises reported from foreign visit incidents could have been prevented if U.S. personnel had been properly briefed in advance of the visit as part of the risk management process.

The United States encourages technical information exchanges with scientists from foreign countries, as much can be gained from international collaboration. Most of these visitors are here as our guests at our request. Obviously most visitors are not engaged in intelligence work. They do only what they were invited to do. The problem is that in such a flood of visitors, it becomes hard to detect those who do come with ulterior motives. Without appropriate security precautions, it is possible to lose a great deal of classified, proprietary, or otherwise sensitive information.

Short-term foreign visitors use the tactics discussed below.2 For security threats associated with foreigners in the United States for longer periods of time as graduate students, researchers, or employees of U.S. firms, see Long-Term Foreign Visitors.

Technical Expertise: Foreign visitors to sensitive U.S. facilities are often among their nation's leading experts in their fields. Specialists know their countries' or companies' specific technological gaps and can focus collection efforts to target critical missing information. They are in a position to recognize and exploit information that may be inadvertently exposed during visits. The foreign scientists or other specialists sometimes seek out their knowledgeable U.S. counterparts and engage them in discussions even when such contact is explicitly forbidden under the approved terms of the visit. This is successful too often, as Americans don't want to appear to be rude to a visitor.1

Hidden Agendas - Visitors sometimes pursue an agenda different  from the stated purpose of the visit. That is, they arrive to discuss program X but do everything possible to discuss, observe, or meet with personnel who work with program Y. They exploit our natural habit of being courteous to visitors. They often take advantage of careless escorts by asking questions outside the scope of the approved visit, hoping to get a courteous or spontaneous response.

For example: A representative from a company in a friendly country contacted an employee of a U.S. defense contractor in northern Virginia by phone and e-mail. The representative indicated he had studied the company's web site, which contained information on its products and services. He sought to arrange a visit by three company representatives to the U.S. contractor's site to observe a demonstration of various electronic systems. A meeting was arranged. The two other individuals who accompanied the representative were actually members of the country's intelligence service.

After their arrival, the head of the delegation openly expressed an interest in seeing the company's classified projects. When told this was only possible through official government-to-government channels, he retreated by expressing that his interest was facetious. He then indicated more interest in the things the company might be selling to the U.S. Customs Service or the Drug Enforcement Agency.3

Wandering Visitors - A foreign visitor separates from the escorted party and strays "accidentally" into other areas of the facility. Here are two of many, many examples that could be cited:

During a visit to an aeronautics facility, a foreign delegation of 10 people was provided only one escort. The visiting delegation recognized the opportunity and during a restroom break split the delegation into two groups. Half the delegation succeeded in roaming unescorted in an area with export-controlled technology.4

Visiting scientists who claimed to speak no English wandered off into clearly marked restricted areas and were observed taking pictures. When confronted, they apologized profusely and blamed a lack of English language skills. Later, at social gatherings, these same foreign scientists were observed speaking English with near native proficiency.6

Escorts must be able to control visitors at all times.

Creation of Embarrassing Incidents - When confronted about attempts to wander from the escorted party or to elicit information beyond the approved scope of the visit, visitors sometimes feign indignation and deliberately create an embarrassing scene. Too often, the host attempts to be conciliatory, giving the visitors opportunities to fulfill collection objectives. For example:

A foreign military representative was found to have been wandering away from his visitor escort. As a result, the president of the cleared facility confronted the foreign officer regarding this behavior. The representative responded by saying, "What do you think we are, criminals? Do you expect that we be escorted to the rest room?" The president responded by saying "Yes." The representative asked what authority the president has to require his being escorted. The company official said it was his facility and he was responsible for protecting government and proprietary information."7

Unannounced Changes to the Visiting Party - Last minute or unannounced changes to add personnel or substitute personnel may be an attempt to sneak an intelligence officer or technical expert (in a technical area that is not supposed to be a subject of the visit) into the visiting party.

Unannounced Visitors - Foreign military attaches frequently arrive at a defense contractor facility unannounced in a three-piece suit with a business card. The civilian business attire makes the military attaché appear less threatening to the facility personnel. The ploy is to arrive "unannounced" and rely on the courtesy of the company's management to permit the attaché access to the facility. On several occasions, and at separate facilities within the Washington, D.C. area, military attaches solicited unclassified papers and brochures and engaged in conversations to identify other sources of information. Company personnel may not have realized that most foreign military attaches are either trained intelligence officers or acting in the capacity of intelligence officers.

Arriving unannounced is particularly effective when the foreign visitor represents a company or organization that is negotiating for some kind of major business arrangement with the U.S. entity. The U.S. hosts have, at times, been reluctant to threaten a potentially lucrative sale by turning away visitors until a formal visit can be scheduled and required security arrangements made.1

Exploiting the Foreign Visits System - The U.S. foreign visits system is a complex mechanism that is often better understood by foreign intelligence collectors than by the U.S. companies that participate in the system. One way to exploit the system is to make multiple requests to different U.S. agencies. Another is to take advantage of different procedures depending upon whether the visit can be described as government sponsored, non-sponsored, or commercial in nature. For example, if a classified visit is disapproved, the foreign group may seek to arrange a commercial visit through a different U.S. Government agency. That's what happened in the following case:

Representatives of a foreign country attempted to schedule a classified visit to a cleared contractor. The responsible U.S. Government agency that must approve the foreign visit did not offer sponsorship. The same representatives made a second request through commercial channels to visit the same facility, but the request was denied because the visit required an export license that was not available. Several weeks later, several engineers in the company who worked on the technology the foreign representatives wanted to discuss started receiving faxes about a conference in the foreign country. Along with the conference invitation was an offer of three days of sightseeing.7

Exploiting Misinterpretations - U.S. personnel often fail to understand the limitations of government sponsored and non-sponsored foreign visits. For government-sponsored visits, the contractor personnel may be under the impression that any inquiry by the foreign visitor is legitimate. For non-sponsored visits, the fact that the U.S. Government did not forbid the visit and the foreign visitors forwarded security clearances may give the U.S. contractor personnel the mistaken impression that it is okay to discuss classified information.

Foreign Video Film Crews - Requests for foreign film crews to make documentary films are not uncommon, and a number of these requests have been quite suspect.

For example, a foreign film crew made a documentary on the U.S. biotechnology industry. As they did so, they systematically filmed all company documents that were made available to them in company after company. Said one company security chief, "They ran a vacuum cleaner over the U.S. biotech industry." Oddly enough, while cleared facilities often prohibit U.S. employees from bringing cameras onto the grounds, these same facilities all too frequently allow foreign video film crews into their facilities.5

In another incident, a foreign film crew requested and obtained permission to visit a U.S. firm to film a documentary on cancer research. While filming the video, the crew asked questions, collected information, and sought access to sensitive areas. It soon became obvious that the group possessed a technical understanding of the industry far beyond that expected of television professionals. Company technicians called Security, who escorted the crew from the facility.6

Security Countermeasures

The following countermeasures are recommended:

• There should be a Technology Control Plan that identifies what technical information needs to be protected and how this should be accomplished. See Long-Term Foreign Visitors for discussion of what to include in a Technology Control Plan.
• All employees likely to meet the foreign visitors should be briefed on the threat.
• Ensure that all appropriate personnel, both escorts and those meeting with visitors, are briefed on the scope of the visit and how to handle contingencies that may arise.
• The number of escorts per visitor group should be adequate to properly control movement and conduct of visitors.
• If a visitor becomes offended when confronted during a security incident, recognize that the confrontation is a deliberate ploy and ask the visitor to leave the facility if he or she cannot abide by the rules.

Related Topic: Long-Term Foreign Visitors.

References
1. National Counterintelligence Executive. Annual Report to Congress on Foreign Economic Collection and Industrial Espionage - 2004, p. 6.
2. Most information is from Defense Investigative Service brochure, Suspicious Indicators and Security Countermeasures for Foreign Collection Activities Directed Against the U.S. Defense Industry, April 2003.
3. "CI Incident Log," Counterintelligence News and Developments, November 1996, National Counterintelligence Center.
4. "Foreign Visits: What is Inappropriate?" Counterintelligence News and Developments, September 1997, National Counterintelligence Center.
5. "Foreign Video Crews: A Multidiscipline Threat," Counterintelligence News and Developments, November 1996, National Counterintelligence Center.
6. Rusty Capps, "The Spy Who Came to Work," Security Management, February 1997.
7. James Norvell, "Assessing Foreign Collection Trends," Security Awareness Bulletin, Number 1-98, Department of Defense Security Institute.

HOME   |   METHODS OF OPERATION CONTENTS   |   TOP OF PAGE   |   HELP

INFORMATION | CONDUCT | THREATS | TECH VULNERABILITY | ASSISTANCE
SPY STORIES | TREASON 101