Trade shows and conferences are resourceful venues for like-minded individuals across multiple industries to meet and discuss forward-leaning ideas, technologies, or strategies. However, they also are a hotbed for foreign intelligence activity, with adversarial actors conducting nefarious behavior, as well as spotting and assessing - leaving attendees vulnerable to being targeted.
Trade Show Risks and Vulnerabilities
Foreign adversaries attend trade shows and industry conferences because they bring together like-minded individuals, including subject matter experts, at a single venue to discuss critical and emerging technologies of interest. Many of these technologies have dual uses in military applications that are of high interest to foreign adversaries. Other technologies, if acquired, would allow foreign adversaries to gain a competitive edge in the market and grow economic might.
Foreign intelligence services seek to acquire both classified and unclassified information, including corporate trade secrets, proprietary information, intellectual property, and other critical research. The researchers, scientists, and engineers attending trade shows and industry conferences have access to that information. Foreign intelligence agencies often use these events as opportunities to identify potential targets of recruitment based on an individual’s placement, access, and subject matter expertise.
Indicators:
The following activities may indicate an individual is potentially involved in foreign intelligence collection efforts. These activities may also be observed in legitimate circumstances and any observance should be evaluated in context and totality, not individually.
- Specific and probing questions regarding sensitive or otherwise internal or proprietary information.
- Recruitment of company officials and technical experts to accept positions, financial incentives, or travel to a foreign country in exchange for internal, non-public, or propriety information.
- Unsolicited offers to establish a joint venture between a US military defense supplier and a foreign company with ties to a foreign government or state-owned enterprise (SOE).
- Follow-up contact is being requested through end-to-end encrypted communication applications.
- Unsolicited e-mails from unknown foreign entities regarding cooperation, in-person follow-up meetings, or follow-up regarding sensitive information.
- Suspicious cyber activity originating from unknown, foreign entities.
- Requests received to visit company facilities, including cleared spaces.
- Overt approach by attendees affiliated with foreign law enforcement, military, or intelligence agencies.
Mitigation Tactics for conference or tradeshow events:
To protect yourself and your organization from being a target of foreign intelligence collection while attending a show or conference, consider taking the following measures:
Before the conference or tradeshow event to prevent foreign intelligence collection efforts:
- Educate your company’s attendees about the potential risks before the event.
- Prepare a digitally clean computer, void of any internal or personal information that could be stolen physically or digitally.
During the event
- Demonstrate situational awareness, taking note of who is around you or maybe following you.
- Ensure your personal belongings are in your possession or secure in your hotel room.
- Be mindful when using local public Wi-Fi networks (hotels, conference centers, restaurants, coffee shops, etc.) and conducting company business and/or logging into company systems.
- Research individuals and organizations you’re communicating with before collaboration.
- Share only information that is relevant to the individual or organization you are engaging with.
- Be conscious of who may be in earshot when engaging in any private/sensitive discussions.
After the conference or tradeshow event to prevent foreign intelligence collection efforts:
- If something seems out of place with an interaction with a foreign entity, notify your company’s security office and local FBI field office to further discuss means of addressing the issue.
- Do not plug any flash drives or storage devices you receive into computers containing internal, non-public, or sensitive data.