I came across a GAO publication the other day: “Iranian Commercial Activities Update: Foreign Firms Reported to Have Engaged in Iran’s Energy or Communications Sectors”

This is a recurring report the GAO issues on foreign firms that could be helping Iran with energy or communications infrastructure projects.

I found it interesting from two angles.

First, the report relies exclusively on OSINT to make its determinations:

We searched for the names of firms identified in our January 2014 report as well as for key terms such as “Iran” that appeared within 25 words from “explore,” “drill,” “refinery,” “natural gas,” or “petroleum.” We also searched for locations in Iran where oil, gas, and petrochemical activities were being conducted. In addition, we reviewed company publications, including annual reports; U.S. Securities and Exchange Commission (SEC) filings, if available; firms’ press releases and corporate statements that publicly reported their commercial activities in Iran; and corrected information that had been publicly reported. We excluded firms that reported purchasing crude oil or natural gas from Iran, because these purchases did not meet our definition of commercial activity in Iran’s oil, gas, or petrochemical sectors. We identified firms that were reported as having contracts, agreements, and memorandums of understanding to conduct commercial activity in Iran.

 

Second, the report reads like a first-pass targeting list.

Maybe I am imagining too much here. But I can envision this report’s message as: “Here’s what these companies are saying about themselves on the public Internet. Now, let’s pass this thing off to the heavy dudes (for CNE), and see what’s really going on.”

There could even be an implicit threat — something like “You help our adversaries, we will help ourselves to your networks, your data, and the infrastructure you helped build.”