CI Newsletter Volume 2, Issue 3 Fall...
Transcript of CI Newsletter Volume 2, Issue 3 Fall...
Can Congress Make Us More Secure?Can Congress Make Us More Secure?Can Congress Make Us More Secure?
NOTE: The material quoted, referenced, used in part or its entirety is for the purpose of this newsletter distribution only.
The commentary herein is attributed to the Subject Matter Expert (s) of Advantage SCI whose opinion is contained in that particular individual writing.
Nothing contained in this newsletter should be construed to be the opinion of Advantage SCI, except as claimed with noted commentary.
Distribution to colleagues and co-workers is allowed with the understanding that content is subject to copyright laws.
Questions, comments, subscription requests, suggestions for articles, etc., call (310) 536-9876 or
send email to [email protected] .
See See page 3page 3
for a note to for a note to
our our
subscriberssubscribers
It’s a time-honored tradition, after a major unauthorized intelligence revelation, to try to fix the elusive “problem” with a solution that may make one feel better, but which is ultimately ineffective. The process of gaining access to classified information has changed slightly with each espionage conviction. We now sign medical waivers and undergo credit checks and employees in sensitive positions are briefed on how to recognize the overt signs that a trusted colleague is stuffing secrets under a shirt and walking out the door. But the truth is that it is far easier to scrutinize the state of our finances than the state of our minds. And so, in the wake of revelations from Edward Snowden, we find Congress busily crafting more changes designed to deny would-be spies access to sensitive information. The new legislation, Security Clearance Oversight Reform Enhancement (SCORE) Act, is meant to address the freshly discovered system vulnerabilities by clamping down on unscrupulous or even sloppy background investigators and forcing intelligence organizations to ensure employees actually require a security clearance for their duties. Although expelling wayward investigators and halting gratuitous clearances both sound like good ideas, the measures have the feel of caulking cracks rather than tackling serious reconstruction. Perhaps we just don’t know what else to do. The fact, however, that we can never fully predict or prevent espionage, doesn’t mean we shouldn’t try. So in absence of a better idea, Congress is tweaking the system. Here is the quick scoop on SCORE: SCORE is currently in the Senate Homeland Security and Governmental Affairs Committee. According to the official introduction on GovTrack.us, the bill will “increase oversight of the Revolving Fund of the Office of Personnel Management, strengthen the authority to terminate or debar employees and contractors involved in misconduct affecting the integrity of security clearance background investigations, enhance transparency regarding the criteria utilized by Federal departments and agencies to determine when a security clearance is required, and for other purposes.” The language may change as the bill progresses. As the draft now reads, the Office of Personnel Management (OPM) would have the means to terminate an investigator if it determines the individual was involved in misconduct affecting the integrity of the background investigation program, including, but not limited to:
– Falsification of a background investigation report – Fraud relating to a background investigation report – Failure to review a background investigation report – Impersonation of a Federal law enforcement officer
– Abuse of authority relating to the employment or contract by the OPM
Additionally, SCORE requires the Director of National Intelligence to issue guidance for Federal departments and agencies to:
– Determine whether the occupant of a position requires a security clearance for the performance of the duties of such position
– Periodically review and, if necessary, revise the designation of a position as requiring a security clearance for the performance of the duties of such position
You can follow the Security Clearance Oversight Reform Enhancement Act’s progress on GovTrack.us .
YOUYOUYOU cancancan change the worldchange the worldchange the world———FOR GOOD!FOR GOOD!FOR GOOD!
On Veteran’s Day, Monday, November 11,
say “Thanks for Your Service”
to a Vet or current serviceperson
CI Newsletter Volume 2, Issue 3
Fall 2013
CI Newsletter Volume 2, Issue 3, Fall 2013 2
TheThe InsiderInsider ThreatThreat PuzzlePuzzle Oftentimes, the focus of cyber security efforts is centrally concerned with external threats to an organization. However, the desire to protect sensitive information exclusively from outside intrusion is a flawed and narrow-minded security strategy. Indeed, it overlooks a powerful danger—the Inside Threat—those who can access and steal or destroy your assets from the inside.
From our Subject Matter Expert, Elsa Lee, President/CEO of Advantage SCI:
“But the ‘inside threat’ doesn’t always fit a neat profile. It can be a spy who commits espionage, an employee turned terrorist determined to kill employees indiscriminately, or an network employee who sells out and ‘sucks your data bank dry’ without warning. As a Special Agent in counterintelligence operations, the threats we tracked and neutralized (as in arrested or incarcerated) owned psychological profiles that were known and predictable. The motivation for committing espionage by an insider was usually tied to greed or idealism. “Today, someone who is about to inflict serious damage may simply be suffering from an emotional, mental, or psychological disorder. These characteristics are not easily detected and are usually well-hidden, until the individual comes unglued and acts out. There are steps you can take to pre-empt, or mitigate these events. In my book (Homeland
Security and Private Sector Business), I mentioned that our over-reliance on technology has caused us to lose the ability to rely on ‘the human factor’ when your stomach intuitively tells you that something is wrong, well before your head does. We are ill-equipped to deal with people who can instantly go from mentally unbalanced to psychotic, but this is the reality of our world today. “While you can’t just ask co-workers if they took their meds today—your organization/company/agency does have an inherent obligation and right to protect employees from outright intended harm.”
To emphasize Elsa’s observation, on a new survey entitled “Boardroom Cyber Watch 2013,” a survey conducted online by IT Governance, there is an indication that the outside threat-centric focus of an organization fails to provide a holistic security posturing, specifically from the threat within. The survey notes:
– More than half the respondents say the greatest threat to
their company’s data and computer systems, in fact, comes from their own employees
– A quarter of respondents say their organization has received
a concerted cyber attack in the past 12 months. However, the true total may be higher, as more than 20% are unsure if their organization has been subject to any attack.
Understanding the landscape of the insider threat and the
frequency of cyber attacks is only part of the puzzle. Senior management understanding, appreciation, and buy-in remain woefully inadequate to effectively address the issue.
From our Subject Matter Expert, Amel Smith, Director of Government Services of Advantage SCI:
“A majority of decisions made by companies/organizations to allocate or not allocate funding to security programs is based on risk vs. gain. With security programs being expensive and money being tight, the decision to expend funding is often based on the inability to articulate a clear and present danger. Not understanding the true potential threat of an insider or the degree and nature of external threats, decisions tend to be made to accept the risk and not allocate funding to security. Unfortunately, without a security program designed to identify and provide a statistical analysis of the threat, the true picture of the real threat can only be realized after a major security incident occurs. “Bradley Manning and Edward Snowden are prime examples of after-the-fact implementation of an Executive Order, to prevent insider threats. This was even after Robert Hansen’s and Kendal Myers’ cases clearly outlined the need for better insider threat security and analysis.”
Further support of Amel’s keen observations is substantiated in the IT Governance survey mentioned earlier in this article. According to the report, a majority of respondents say their Boards receive ‘regular’ reports on the status of their organization’s IT security; 52% say that such reports are received, at best, annually. Despite cyber threats potentially impacting many mission-critical aspects of a business, only 30% of respondents say an understanding of current IT security threats is a prerequisite for Board-level job candidates. The failure of a true understanding of the cyber threat, both externally and internally, has led organizations to poorly allocate funds. In fact, as the survey purports, “over 40% – of respondents say their company is either making the wrong level of investment in information security or are (sic) unsure if their investment is appropriate.” This misallocation has clear repercussions and implications for an organization’s customer base and primary clientele. The report indicates that nearly 75% of respondents stated that their customers prefer working with suppliers that have a proven track record and have the credentials to ensure information security. Additionally, half of the survey participants stated that their company had been asked by a customer about their information security programs in the past year alone. To read the full report, you can link HERE (Registration required).
“Cyber security is always a business issue, never just an IT one.”
CI Newsletter Volume 2, Issue 3, Fall 2013 3
Are documents marked “Proprietary,” “Confidential,” or worse yet, are more sensitive documents published by your organization readily available on the Internet, and thus, free for the taking by a technically-inclined adversary? The answer to the questions will likely send shivers down your spine, especially if you have to pause and think about it or if you are unsure of the answer. Understanding what information and data are inadvertently leaking onto the Internet is important so efforts can be made to mitigate and implement procedures to prevent such disclosures moving forward. The National Security Agency (NSA) recently declassified and publicly released a document published by NSA’s Center for Digital Content following an April Freedom of Information Act (FOIA) request. The 643-page compendium, entitled Untangling the Web: A Guide to Internet Research, provides an interesting look into open-source research tips and tricks. Specifically, it lays out means and methods that should be used to better understand what your organization’s sensitive digital footprint is revealing or failing to safeguard. What type of data are floating on the Internet one may ask?
Personal and/or financial information. Sensitive government information. User IDs, computer or account logins, passwords. Private, confidential, or proprietary company data. Vulnerabilities in websites and servers that could facilitate breaking into the site.
As the NSA document states: “Nothing I am doing to describe to you is illegal, nor does it in any way involve accessing unauthorized data…[it]…involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” The Internet “is surely a labyrinth, but it is a labyrinth devised by men, a labyrinth destined to be deciphered by men.” Once information is leaked or exposed, it becomes more difficult, if not impossible, to contain or protect it. This reaffirms the notion that an ounce of prevention is clearly the optimal choice. The “Google Hacking” chapter in the NSA document Untangling the Web provides a worthwhile set of tools and step-by-step instructions to enable visibility into the information an adversary may glean. If sensitive information about your organization needs to be protected, the best means of keeping it safe is to keep it off the Internet. Unconventional applications of routine search engine queries can be used to obtain sensitive information. So, if it’s on the Internet or ever was, that data is only a few clicks away.
CYBER SECURITY: BEST DEFENSE IS A GOOD OCYBER SECURITY: BEST DEFENSE IS A GOOD OFFENSEFFENSE
Our newsletter has a new look and streamlined content. We know you are busy professionals so we’ve trimmed the volume
without compromising quality. We’ve also added Subject Matter Expert commentary from our in -house team for greater
insight on key issues of consequence. We hope you enjoy this issue and we welcome your feedback.
As we go about our daily tasks, it’s tempting to become complacent about national security concerns, including
cybersecurity, counterintelligence, and the ever -present insider threat. But we know there is plenty to fret about. What
immediately comes to mind, of course (how can we forget?), is Edward Snowden and his odyssey from self -righteous
“leaker” to desperate asylum seeker. Today, the fugitive from espionage justice is still in Russia with asylum granted and
hoping to forever avoid the consequences of his actions (although his father is being allowed to visit!). We may never know
the full impact of his misdeeds, but we can feel the immediate reverberations. The security clearance background
investigation process is now being scrutinized and we see an elevated level of discussion about cybersecurity. Despite our
best collective efforts, however, government employees and contractors, and even private sector employees, will continue
to decide for themselves which secrets to keep and which to give away. In this newsletter we’ve included more cases so you
can track the scope of the issues. Perhaps they will cause you to wonder if there really is anything we can do to prevent
leaks and, generally just keep our world safe.
CI Newsletter CI Newsletter CI Newsletter : New Look ‘n’ Feel and Streamlined Content : New Look ‘n’ Feel and Streamlined Content : New Look ‘n’ Feel and Streamlined Content
CI Newsletter Volume 2, Issue 3, Fall 2013 4
U.S. Army releases Cybersecurity HandbookU.S. Army releases Cybersecurity HandbookU.S. Army releases Cybersecurity Handbook As part of the effort to curb the cyber threats that both President Barack Obama and Defense Secretary Chuck Hagel have addressed recently, the United States Army released a 16-page handbook recently that outlines security strategies.
http://fcw.com/articles/2013/06/14/army-cyber-handbook.aspx
A new report titled ‘Cyber Threat Intelligence and the Lessons from Law Enforcement’ paints a stark picture of private sector firms’ and organizations’ failures to properly understand the cybersecurity world. This shortcoming has resulted in an inability to address this vitally important vulnerability. The report notes, “As adversary sophistication increases, many organizations react when it is too late— the attack is already underway. Few organizations have the capability to anticipate cyber threats and implement preventative strategies, despite prevention being more cost-effective and customer-focused. Essentially, organizations have a fundamentally flawed approach to cybersecurity and need to heed the lessons learned from law enforcement and intelligence agencies that have been dealing with these types of threats for substantially longer. According to the report, organizations need to stop playing catch-up and “create an intelligence-led mindset.” Following a shift in organizational thinking and threat perception, firms need to develop strategies built on “intelligence operating models” in order to achieve “an intelligence-led decision-making process.”
From Subject Matter Expert, Pete Lee, Advantage SCI Executive Vice President of Operations:
“While we could be talking about foreign intelligence threats ‘with inside access’ or terrorist plotting—cyber threats seem to dominate the news these days. In order to fight the cyber threat in today’s environment, organizations need to change their current mind-set, creating organizational change using executive orders, industry mandates, and well-established frameworks already proven as effective by intelligence and law enforcement organizations. “First, organizations must be able to recognize and admit to the ineffectiveness of the current cyber threat fighting model being used. Due to the fast-paced and changing environment of cyber crime, the reactive and after-the-fact investigative approach is not enough. If there is a lack of intelligence analysis, even though they may be using some semblance of intelligence gathering, many organizations are not effective because the analysis is not included in the decision process. The intelligence or information gathering must allow organizations to better understand the threats, distinguish the vulnerabilities, prioritize and identify resources available to make decisions on a preventive strategy, thus reducing liabilities. Intelligence analysis should be the central focus for decision-making—after all, its intended purpose is to give ‘early warnings” to pre-empt threats/attacks. “Second, another key component, which requires a big change in dealing with cyber threats, is the ability and willingness to share information with other organizations and agencies. If we look at the OODA Loop (Observe, Orient, Decide, Act) used by the military, the key component is the ‘Observe’ (intelligence and information gathering) aspect of the threat and the evolving situation. Observed information must be processed and analyzed for decision making. Whether the people conducting the cyber threat realize it or not, they are probably using the same process unconsciously. It comes down to whom can process through this cycle the quickest to throw the other off guard and win the battle. There is a lot to be learned from the military, government, and law enforcement when dealing with threats and vulnerabilities and making decisions to reduce the likelihood of cyber threats.”
Cybersecurity: The Intelligence Operating ModelCybersecurity: The Intelligence Operating ModelCybersecurity: The Intelligence Operating Model
CI Newsletter Volume 2, Issue 3, Fall 2013 5
United States
Cyber Crime Researchers with U.S. security software maker Symantec Corp said that they have uncovered digital evidence linking cyber attacks on South Korea over the past four years to a single hacking group called the "Dark Seoul Gang."
http://news.yahoo.com/four-hacking-spree-south-korea-033835550.html
Energy Department & Cybersecurity
The U.S. Department of Energy is tackling cybersecurity for its various branches, including the National Nuclear Security Administration (NNSA), with a new Cybersecurity Council tasked with formulating best practices in the security arena.
http://www.infosecurity-magazine.com/view/32953/us-energy-department-creates-Cybersecurity-council/
Extremist groups try to infiltrate U.S. intelligence organizations http://news.yahoo.com/extremist-groups-try-infiltrate-us-intelligence-063534672.html?goback=.gde_1815521_member_270583337#
NATO
Defense Ministers Focus on Cybersecurity NATO defense ministers convened on a few months ago to examine cyber security as a collective defense issue amid mounting concerns over the threat posed by cyber attacks. "We will have our first ministerial discussion dedicated to cyber defense...I believe we can do more to assist individual allies if they come under attack. That would show NATO solidarity," NATO Secretary General Ander Fogh Rasmussen said at his arrival of the two-day meeting.
http://news.xinhuanet.com/english/world/2013-06/04/c_132430485.htm
DID YOU KNOW? You can pocket up to $500,000 for information that leads to the arrest and conviction of a spy or to the prevention of espionage. To report suspicious activities, contact your local FBI Field
Office or submit an anonymous tip.
CI Newsletter Volume 2, Issue 3, Fall 2013 6
China
Accusations Lobbed at U.S. China accused the United States of “double standards” and hypocrisy in the area of cybersecurity as tension flared between Beijing and Washington over the flight of fugitive former spy agency contractor Edward Snowden.
http://www.reuters.com/article/2013/06/27/net-us-usa-security-china-idUSBRE95Q0LR20130627
$4.9B Cybersecurity China Market Double by 2017?
The Chinese market for cybersecurity is rapidly growing, highly lucrative, and potentially vast. ABI Research estimates that market revenues totaled $4.9 billion in 2012 and could potentially double over the next five years. The report analyzes the trends and dynamics of the Internet and mobile security market in China.
http://geeks.broadwayworld.com/article/49-Billion-Cyber-Security-Market-in-China-Could-Double-by-2017-Despite-Significant-Foreign-Barriers-to-Entry-20130626
Cyber threats/leaks spur increased security focus
Increased cyber espionage by China and recent leaks by a contractor working at the National Security Agency have put a sharp focus on cybersecurity for aerospace and defense companies showing off their wares at this year's Paris Airshow.
http://news.yahoo.com/cyber-threats-leaks-spur-increased-security-focus-174807524.html
UAE
Cybersecurity in Abu Dhabi
When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world’s largest and most powerful spy agency in the sands of Abu Dhabi. It was a natural choice: The chief architect of Booz Allen’s cyber strategy is Mike McConnell, who once led the NSA and pushed the United States into a new era of big data espionage. It was McConnell who won the blessing of the American intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians.
http://www.nytimes.com/2013/06/16/us/after-profits-defense-contractor-faces-the-pitfalls-of-Cybersecurity.html?pagewanted=all&_r=0
CI Newsletter Volume 2, Issue 3, Fall 2013 7
Special Agent James Verdi has traveled to Afghanistan, Iraq, and the Horn
of Africa to study battlefield explosives. The FBI bomb technician embedded
with the military and applied his specialized skills there to find signatures
and forensic material on bomb fragments and unexploded devices that
helped the military piece together a clearer picture of its adversaries. Verdi
and his team respond to more than 200 calls a year for incidents or
suspicious packages. Every experience is unique, he said. So it’s important to
share what you learn. Your life—and the lives of your partners—depends on
it.
As a certified bomb technician in the Bureau’s San Diego Field Office,
Verdi is a long way from the battlefield today. But he still rolls out regularly
with a Navy explosive ordnance disposal (EOD) unit—this one based on
Coronado Island, adjacent to San Diego. During training missions, Navy
ships and planes drop live ammo on San Clemente Island 70 miles off the
coast. Clearing the remnants is the job of the EOD technicians. Verdi often
joins them so he can see first-hand how current military technicians operate
in the field and what they are likely to encounter on the ground.
“They invite us along on a lot of their training exercises to do range clearance operations,” said Verdi. “That teaches
us the military ordnance side of the house: what bombs, artillery rounds, and munitions look like, so we can deal with
them better if we see them.”
The working relationship in San Diego started about a decade ago when the wars in Iraq and Afghanistan were
ramping up and the military and FBI saw mutual benefits to sharing their unique skills and knowledge. For the FBI,
which has played a growing investigative role in the war theaters by analyzing improvised explosive devices (IEDs) to
help pinpoint their sources, the relationship is key because the military most frequently encounters IEDs. For EOD
technicians, training with the FBI has opened a window on how explosives can be exploited for evidence at a crime
scene.
“Our jobs are very similar, although we have more experience with military ordnance and they have much more
expertise in the counterterrorism portions of the job, like explosives’ chemical analysis, explosives precursor
knowledge, and so forth,” said Lt. Abe Kim, of the Navy’s EOD detachment on Coronado Island. “We each bring
different things to the table.”
Training together is a rule in the tight community of 468 bomb squads and more than 3,200 non-military bomb
technicians across the country. To ensure consistency, every bomb technician is certified—and recertified every three
years—through the Hazardous Devices School at Redstone Arsenal in Alabama, run by the FBI and the Army. Training
with EOD techs, said Special Agent Steve Diaczyszyn—who supervises all of the Bureau’s special agent bomb
technicians—is a key facet of the job.
“You never know when the public safety bomb techs and the EOD technicians are going to have to work together in
the interest of public safety,” Diaczyszyn said. He said every field office bomb technician knows their EOD counterpart
because the military takes the lead when a case involves ordnance without a terrorism nexus.
“That’s one of the most important things we get out of working and training together with the Navy,” said Verdi.
“You have to earn their trust. And they have to know exactly how you’re going to perform downrange in stressful
environments, especially when you’re in the combat theater. We train regularly so they know exactly how we are going
to react. And they can depend on us when they need to.”
Bomb TechniciansBomb Technicians——An Equitable Partnership Between the FBI and the U.S. NavyAn Equitable Partnership Between the FBI and the U.S. Navy
Source: http://www.fbi.gov/news/stories/2013/july/bomb-technicians-a-partnership-between-fbi-and-navy/bomb-technicians-a-partnership-between-fbi-and-navy
CI Newsletter Volume 2, Issue 3, Fall 2013 8
The Next Wave, the National Security Agency's (NSA) research journal centered on emerging technologies, is now available online to the general public. The quarterly publication highlights significant technical advancements and research activities within NSA's Research Directorate and beyond. Its print readership totals more than 10,000. The Research Directorate creates breakthroughs in mathematics, science, and engineering. These discoveries allow NSA to achieve and sustain intelligence advances against immediate and emerging threats to U.S. national security. As the only “in-house” organization in the Intelligence Community that is dedicated to improving intelligence through science, the directorate provides a consistent advantage over the scientific discoveries of industry, academia, and adversarial nations. “Experts within the Research Directorate have a history of raising the bar with innovative new technology and then sharing it with the world,” said Dr. Michael Wertheimer, Director of Research. “This practice supports our mission to strengthen information security while benefiting both commerce and the nation as a whole. Making The Next Wave more widely available is a perfect example of this practice,” he continued. “The technologies and topics covered address challenges, like Cybersecurity, that affect us all.” Cybersecurity has been on the radar of many at the NSA for several years and in 2012 and again in 2013, several articles in The Next Wave have focused on the federal research and development program and the initiatives needed to emphasize the importance of mitigating Cybersecurity at the federal level. Security challenges now involve more than cryptography and cryptoanalysis, and solutions require collaboration. To that end, public and private partnerships continue to form as research findings and technologies are shared across institutional boundaries. “The Next Wave has inspired a growing audience to think collaboratively,” said Kathleen Prewitt, the journal's Managing Editor. “Our past print readership was over (sic) 10,000 and climbing. Offering The Next Wave online allows us to efficiently share information to spur future partnerships that could be of great benefit to the NSA mission and beyond.”
NSA Debuts NSA Debuts The Next WaveThe Next Wave Journal OnlineJournal Online
Source: www.NSA.gov
The National Security Agency's National Centers of Academic Excellence in Cyber Operations Program, which was designed to cultivate more U.S. cyber professionals in an ever-changing global environment, introduced the selection of four new schools for the 2013-2014 academic year. After a rigorous application and screening process, Air Force Institute of Technology in Ohio; Auburn University, Alabama; Carnegie Mellon University, Pennsylvania; and Mississippi State University will be added to the list of the four 2012 schools that received the CAE-Cyber Operations designation. The program, which now has a total of eight schools, complements more than 100 existing Centers of Academic Excellence (CAEs) in research and information assurance education, jointly overseen by NSA and the Department of Homeland Security. Steven LaFountain, an NSA technical leader, said legal and ethical issues in Cybersecurity are a required and critical part of the effort. “In the application process and in all of its work with selected schools, NSA emphasizes the importance of integrity and compliance,” he said. “Cyber skills are increasingly important in national defense, but it's even more important to operate as responsible citizens in the use of such skills.” Retired Lt. Gen. Ronald L. Burgess, Jr., a former director of the U.S. Defense Intelligence Agency (DIA), now serves as Auburn University's Senior Counsel for National Security Programs, Cyber Programs, and Military Affairs. “The CAE-Cyber Operations project has real merit,” he said. “Auburn has devoted significant resources and interdisciplinary rigor across campus to expand new cyber initiatives and extensive collaboration with external organizations,” he said. “We are extremely pleased that NSA has recognized our efforts by selecting Auburn University for the program. It is important to the nation - and we feel we can contribute to this national need.” Topics covered are routinely taught in colleges and universities, but this initiative seamlessly integrates the material to help students better understand how they could someday help to defend the nation. Summer seminar participants must undergo background checks and obtain temporary, Top Secret security clearances. Participating students and faculty members do not engage in actual U.S. government intelligence activities. An outgrowth of the President's National Initiative for Cybersecurity Education, this program identifies institutions that have a deeply technical, interdisciplinary curriculum centered on fields such as computer science and electrical engineering. The agency has long worked with schools to improve education in science, technology, engineering, and mathematics. In addition, the program offers some participants opportunities to apply their learning or enhance their teaching in summer seminars at NSA. The program was introduced in 2012 at four schools: Dakota State University, South Dakota; the Naval Postgraduate School, California; Northeastern University, Boston, Massachusetts; and the University of Tulsa, Oklahoma. Like the agency's other CAEs, those in the cyber operations program are evaluated annually. Designations are for five years and schools across the country can compete to join each year.
NSA Chooses Four New Schools for Cyber Operations ProgramNSA Chooses Four New Schools for Cyber Operations Program
Source: http://www.nsa.gov/public_info/press_room/2013/new_cyber_schools.shtml
CI Newsletter Volume 2, Issue 3, Fall 2013 9
Economic EspionageEconomic Espionage The Cold War is not over, it has merely moved into a new arena: the global marketplace. The
FBI estimates that every year billions of U.S. dollars are lost to foreign and domestic
competitors who deliberately target economic intelligence in flourishing U.S. industries and
technologies, and who cull intelligence out of shelved technologies by exploiting open source
information and company trade secrets.
Foreign competitors who criminally seek economic intelligence generally operate in three
ways:
– They aggressively target and recruit insiders (often from the same national background) working for U.S. companies and research institutions;
– They conduct economic intelligence through operations like bribery, cyber intrusions, theft, dumpster diving (in search of discarded intellectual property or prototypes), and wiretapping; and,
– They establish seemingly innocent business relationships between foreign companies and U.S. industries to gather economic intelligence, including trade secrets.
Visitors entering your facility could pose a security risk to your intellectual property or
competitive edge. It is an opportunity for competitors to collect information that is not readily
available to them. Some visitors may be trained to verbally elicit information; some may
brazenly ignore the security parameters of a tour; and others may use concealed recording
devices, all in order to obtain restricted information. Some information they collect may seem
innocuous, such as the facility layout, but could be very valuable to them and give them clues
about your products or how to run their own facility better. Do not tell competitors how to
squeeze past you in the economic race, and do not help thieves steal your information.
A visitor played with his wristwatch
in a manner that made the host suspicious
that a micro camera might be in the watch.
Foreign visitors put double-sided tape on the soles of their shoes in order to collect slivers of
metal alloys from the floor of a production plant for U.S. military planes. They later analyzed
the slivers to determine the exact metallic components used in the planes.
Source: For more information on visitor risk mitigation
see www.fbi.gov/about-us/investigate/counterintelligence/risks-mitigations-of-visitors
CI Newsletter Volume 2, Issue 3, Fall 2013 10
Los Alamos Lab Subjected to Violations Los Alamos Lab Subjected to Violations The Justice Department recently announced that a
scientist and his wife, who both previously worked as
contractors at the Los Alamos National Laboratory (LANL)
in New Mexico, pleaded guilty to charges under the Atomic
Energy Act, as well as other charges, relating to their
communication of classified nuclear weapons data to a
person they believed to be a Venezuelan government
official.
The guilty pleas were entered by Pedro Leonardo
Mascheroni, 77, a naturalized U.S. citizen from Argentina,
and Marjorie Roxby Mascheroni, 70, a U.S. citizen, in the
U.S. District Court for the District of New Mexico.
According to court filings, Mascheroni, a Ph.D. physicist,
worked as a scientist at LANL from 1979 to 1988 and held a
security clearance that allowed him access to certain
classified information, including “restricted data.” Roxby
Mascheroni worked at LANL between 1981 and 2010 where
her duties included technical writing and editing. She also
held a security clearance at LANL that allowed her access to
certain classified information, including restricted data.
As defined under the Atomic Energy Act, restricted data
is classified information concerning the design,
manufacture, or use of atomic weapons; the production of
special nuclear material; or the use of special nuclear
material in the production of energy. Pedro Mascheroni
and Roxby Mascheroni were indicted in September 2010
and charged with conspiracy to communicate and
communicating restricted data to an individual with the
intent to secure an advantage to a foreign nation.
The indictment also charged the couple with conspiracy
to convey and conveying classified restricted data. The
indictment also charged Pedro Mascheroni with concealing
and retaining U.S. records with the intent to convert them
to his own use and gain, and both defendants with making
false statements.
Mascheroni admitted that in November 2008 and July
2009, he unlawfully communicated restricted data to
another individual with reason to believe that the data
would be utilized to secure an advantage to Venezuela. He
also admitted unlawfully converting Department of Energy
information to his own use and selling the information in
November 2008 and July 2009 and failing to deliver
classified information relating to the United States’ national
defense to appropriate authorities and, instead,
unlawfully retaining the information in his home.
Finally, Mascheroni admitted making materially false
statements to the FBI when he was interviewed in
October 2009. Roxby Mascheroni admitted that between
October 2007 and October 2009, she conspired with
Pedro Mascheroni to convey restricted data belonging to
the United States to another person with reason to
believe that the information would be used to secure an
advantage to Venezuela. She also admitted making
materially false statements to the FBI when she was
interviewed in October 2009.
The indictment in this case did not allege that the
government of Venezuela or anyone acting on its behalf
sought or was passed any classified information, nor did
it charge any Venezuelan government officials, or anyone
acting on their behalf, with wrongdoing. The indictment
also did not allege any wrongdoing by other individuals
working at LANL. Source: www.FBI.gov
CI Newsletter Volume 2, Issue 3, Fall 2013 11
Act of Terror Averted inAct of Terror Averted inAct of Terror Averted in Chicago; Accused SentencedChicago; Accused SentencedChicago; Accused Sentenced
A federal judge has sentenced an Illinois man to 23 years
in prison for an attempted bombing in 2010, near Chicago’s
Wrigley Field, that was intended to cause mass casualties
and paralyze the community.
On that Saturday evening in September, while a concert
was taking place at the Chicago Cubs baseball stadium,
Sami Samir Hassoun placed a backpack, which he thought
contained a powerful bomb, into a trash can on a nearby
crowded street. The device was a fake—supplied by an FBI
undercover agent—but had it been real, the effects would
have been “horrific,” according to the judge who sentenced
Hassoun yesterday.
A Lebanese citizen legally living in Chicago, Hassoun
never posed a danger to the public, thanks to an
investigation led by our Joint Terrorism Task Force (JTTF)
in Chicago. But the 25-year-old would-be terrorist had
earlier told an accomplice—who was really an FBI
undercover agent—that any casualties from the attack
would be the inevitable result of what he termed
“revolution.”
“We were initially alerted to Hassoun by an informant
who warned that Hassoun was hoping to profit from
committing extreme acts of violent in Chicago. He had no
qualms about potentially killing lots of people,” SA Sam
Hartman said. “And he wanted money in return.”
Hassoun pled guilty to attempted use of a weapon of mass
destruction and attempted use of an explosive device, and
he admitted telling a law enforcement informant that he
suggested bombing the commercial area surrounding
Wrigley Field. The informant later introduced Hassoun to
an undercover FBI operative who posed as an accomplice.
Hassoun also said he was willing to use a car bomb and to
attack Chicago police officers.
On three occasions in August 2010, Hassoun videotaped
potential targets around Wrigley Field, focusing on popular
bars and restaurants. As he filmed, he commented on the
tactical advantages and risks of an attack at the various
locations. On the night of September 18, Hassoun was ready
to set his plan in motion. He took a shopping bag and a
backpack that he thought contained a powerful bomb from
our undercover agents. The agents said the device was
surrounded by ball-bearings and that the blast could
destroy half a city block.
“Hassoun was an example of the so-called lone
offender,” Hartman said. “He had no ties to organized
terror groups, but he was clearly a terrorist—and
potentially an extreme danger to the public. We were
fortunate to have stopped him.”
A former General Motors engineer Shanshan Du and her
husband Yu Qin were found guilty by a federal jury for
conspiring to steal hybrid technology trade secrets from
GM with the intent to use them in a joint venture with an
automotive competitor in China.
Shanshan Du, 54, and her husband, Yu Qin, 52, of Troy,
Michigan, were also convicted of unlawful possession of
trade secrets after a month-long trial before U.S. District
Judge Marianne O. Battani in November 2012. Qin was also
convicted of wire fraud and obstruction of justice.
The evidence at trial showed that from December 2003
through May 2006, the defendants conspired to steal GM’s
trade secret information. Du, while employed with GM’s
hybrid vehicle technology group, provided GM trade secret
information relating to hybrid vehicles to her husband,
Qin, for the benefit of their private company, Millennium
Technology International Inc. (MTI), which the defendants
jointly owned and operated. Approximately five days after
Du was offered a severance agreement by GM in January
2005, she copied more than 16,000 GM files, including
trade secret documents, to an external computer hard
drive used for MTI business. A few months later, Qin
moved forward on a business venture to provide hybrid
vehicle technology to Chery Automobile, an automotive
manufacturer based in China and a competitor of GM.
In May 2006, during the execution of a search warrant,
the FBI recovered multiple computer devices containing
GM trade secret information on several computer and
electronic devices located in the defendants’ residence.
Shortly after the FBI search team left the defendants’
residence, the defendants drove to a dumpster behind a
grocery store, where defendant Qin discarded plastic bags
containing shredded documents, including GM trade
secret information, that were all responsive to federal
grand jury subpoenas seeking information relating to MTI
and hybrid vehicles. Based on preliminary calculations,
GM estimates that the value of the stolen GM documents
is more than $40 million.
GM Trade Secrets Case GM Trade Secrets Case GM Trade Secrets Case
Source: www.fbi.gov
Source: www.fbi.gov
CI Newsletter Volume 2, Issue 3, Fall 2013 12
ADVANTAGE SCI PRODUCTS, SERVICES, AND TRAINING
Advantage SCI offers services supporting the counterintelligence (CI) needs of the cleared defense contractor community, private business, government, utilities, and municipalities with requirements to protect classified information, trade secrets, intellectual property, and other privileged information.
Services include:
Vulnerability Assessments Threat Briefings/Foreign Travel Briefings/Debriefings Counterintelligence Awareness Training/Insider Threat
Training TSCM Services in classified or unclassified spaces Facility Security Officer (FSO) In a Box
Advantage SCI: SERVICE-DISABLED VETERAN-OWNED SMALL BUSINESS (SDVOSB), SMALL BUSINESS ENTITY (SBE), MINORITY-OWNED BUSINESS ENTITY (MBE), SMALL DISADVANTAGED BUSINESS ENTITY (SDB), WOMAN-OWNED BUSINESS ENTITY (WBE)
V IS IT OUR WEBSITE : h t tp : / / a d va nt a g es c i . co m
Advantage SCI ‘s Vision “Educate America’s 300 million people and business leaders on prevention, detection, and response to 21st century threats.”
Securing Tomorrow Today!
1 2 3
4 5
6
7
8
9
Across
1. You should not share this with others
6. A secret mission to fulfill
7. Plant this and listen to every move
8. Freezes moments in time
9. Watches your every move
Down
2. Computerized air defense system during the Cold War
3. Unmanned aircraft
4. You can see behind you when you wear them
5. You can send messages with this
COUNTERINTELLIGENCE CROSSWORDCOUNTERINTELLIGENCE CROSSWORD
Consult With a CI Professional Foreign Travel Briefings and Debriefings Intelligence Analysis/Intelligence Analysts Plans, SOPs, Regulatory-related materials Workplace Violence Prevention and Response Other matters related to improving CI-related
posture
Answers by request when you email [email protected]