Can Congress Make Us More Secure?Can Congress Make Us More Secure?Can Congress Make Us More Secure?

NOTE: The material quoted, referenced, used in part or its entirety is for the purpose of this newsletter distribution only.

The commentary herein is attributed to the Subject Matter Expert (s) of Advantage SCI whose opinion is contained in that particular individual writing.

Nothing contained in this newsletter should be construed to be the opinion of Advantage SCI, except as claimed with noted commentary.

Distribution to colleagues and co-workers is allowed with the understanding that content is subject to copyright laws.

Questions, comments, subscription requests, suggestions for articles, etc., call (310) 536-9876 or

send email to info@advantagesci.com .

See See page 3page 3

for a note to for a note to

our our

subscriberssubscribers

It’s a time-honored tradition, after a major unauthorized intelligence revelation, to try to fix the elusive “problem” with a solution that may make one feel better, but which is ultimately ineffective. The process of gaining access to classified information has changed slightly with each espionage conviction. We now sign medical waivers and undergo credit checks and employees in sensitive positions are briefed on how to recognize the overt signs that a trusted colleague is stuffing secrets under a shirt and walking out the door. But the truth is that it is far easier to scrutinize the state of our finances than the state of our minds. And so, in the wake of revelations from Edward Snowden, we find Congress busily crafting more changes designed to deny would-be spies access to sensitive information. The new legislation, Security Clearance Oversight Reform Enhancement (SCORE) Act, is meant to address the freshly discovered system vulnerabilities by clamping down on unscrupulous or even sloppy background investigators and forcing intelligence organizations to ensure employees actually require a security clearance for their duties. Although expelling wayward investigators and halting gratuitous clearances both sound like good ideas, the measures have the feel of caulking cracks rather than tackling serious reconstruction. Perhaps we just don’t know what else to do. The fact, however, that we can never fully predict or prevent espionage, doesn’t mean we shouldn’t try. So in absence of a better idea, Congress is tweaking the system. Here is the quick scoop on SCORE: SCORE is currently in the Senate Homeland Security and Governmental Affairs Committee. According to the official introduction on GovTrack.us, the bill will “increase oversight of the Revolving Fund of the Office of Personnel Management, strengthen the authority to terminate or debar employees and contractors involved in misconduct affecting the integrity of security clearance background investigations, enhance transparency regarding the criteria utilized by Federal departments and agencies to determine when a security clearance is required, and for other purposes.” The language may change as the bill progresses. As the draft now reads, the Office of Personnel Management (OPM) would have the means to terminate an investigator if it determines the individual was involved in misconduct affecting the integrity of the background investigation program, including, but not limited to:

– Falsification of a background investigation report – Fraud relating to a background investigation report – Failure to review a background investigation report – Impersonation of a Federal law enforcement officer

– Abuse of authority relating to the employment or contract by the OPM

Additionally, SCORE requires the Director of National Intelligence to issue guidance for Federal departments and agencies to:

– Determine whether the occupant of a position requires a security clearance for the performance of the duties of such position

– Periodically review and, if necessary, revise the designation of a position as requiring a security clearance for the performance of the duties of such position

You can follow the Security Clearance Oversight Reform Enhancement Act’s progress on GovTrack.us .

YOUYOUYOU cancancan change the worldchange the worldchange the world———FOR GOOD!FOR GOOD!FOR GOOD!

On Veteran’s Day, Monday, November 11,

say “Thanks for Your Service”

to a Vet or current serviceperson

CI Newsletter Volume 2, Issue 3

Fall 2013

CI Newsletter Volume 2, Issue 3, Fall 2013 2

TheThe InsiderInsider ThreatThreat PuzzlePuzzle Oftentimes, the focus of cyber security efforts is centrally concerned with external threats to an organization. However, the desire to protect sensitive information exclusively from outside intrusion is a flawed and narrow-minded security strategy. Indeed, it overlooks a powerful danger—the Inside Threat—those who can access and steal or destroy your assets from the inside.

From our Subject Matter Expert, Elsa Lee, President/CEO of Advantage SCI:

“But the ‘inside threat’ doesn’t always fit a neat profile. It can be a spy who commits espionage, an employee turned terrorist determined to kill employees indiscriminately, or an network employee who sells out and ‘sucks your data bank dry’ without warning. As a Special Agent in counterintelligence operations, the threats we tracked and neutralized (as in arrested or incarcerated) owned psychological profiles that were known and predictable. The motivation for committing espionage by an insider was usually tied to greed or idealism. “Today, someone who is about to inflict serious damage may simply be suffering from an emotional, mental, or psychological disorder. These characteristics are not easily detected and are usually well-hidden, until the individual comes unglued and acts out. There are steps you can take to pre-empt, or mitigate these events. In my book (Homeland

Security and Private Sector Business), I mentioned that our over-reliance on technology has caused us to lose the ability to rely on ‘the human factor’ when your stomach intuitively tells you that something is wrong, well before your head does. We are ill-equipped to deal with people who can instantly go from mentally unbalanced to psychotic, but this is the reality of our world today. “While you can’t just ask co-workers if they took their meds today—your organization/company/agency does have an inherent obligation and right to protect employees from outright intended harm.”

To emphasize Elsa’s observation, on a new survey entitled “Boardroom Cyber Watch 2013,” a survey conducted online by IT Governance, there is an indication that the outside threat-centric focus of an organization fails to provide a holistic security posturing, specifically from the threat within. The survey notes:

– More than half the respondents say the greatest threat to

their company’s data and computer systems, in fact, comes from their own employees

– A quarter of respondents say their organization has received

a concerted cyber attack in the past 12 months. However, the true total may be higher, as more than 20% are unsure if their organization has been subject to any attack.

Understanding the landscape of the insider threat and the

frequency of cyber attacks is only part of the puzzle. Senior management understanding, appreciation, and buy-in remain woefully inadequate to effectively address the issue.

From our Subject Matter Expert, Amel Smith, Director of Government Services of Advantage SCI:

“A majority of decisions made by companies/organizations to allocate or not allocate funding to security programs is based on risk vs. gain. With security programs being expensive and money being tight, the decision to expend funding is often based on the inability to articulate a clear and present danger. Not understanding the true potential threat of an insider or the degree and nature of external threats, decisions tend to be made to accept the risk and not allocate funding to security. Unfortunately, without a security program designed to identify and provide a statistical analysis of the threat, the true picture of the real threat can only be realized after a major security incident occurs. “Bradley Manning and Edward Snowden are prime examples of after-the-fact implementation of an Executive Order, to prevent insider threats. This was even after Robert Hansen’s and Kendal Myers’ cases clearly outlined the need for better insider threat security and analysis.”

Further support of Amel’s keen observations is substantiated in the IT Governance survey mentioned earlier in this article. According to the report, a majority of respondents say their Boards receive ‘regular’ reports on the status of their organization’s IT security; 52% say that such reports are received, at best, annually. Despite cyber threats potentially impacting many mission-critical aspects of a business, only 30% of respondents say an understanding of current IT security threats is a prerequisite for Board-level job candidates. The failure of a true understanding of the cyber threat, both externally and internally, has led organizations to poorly allocate funds. In fact, as the survey purports, “over 40% – of respondents say their company is either making the wrong level of investment in information security or are (sic) unsure if their investment is appropriate.” This misallocation has clear repercussions and implications for an organization’s customer base and primary clientele. The report indicates that nearly 75% of respondents stated that their customers prefer working with suppliers that have a proven track record and have the credentials to ensure information security. Additionally, half of the survey participants stated that their company had been asked by a customer about their information security programs in the past year alone. To read the full report, you can link HERE (Registration required).

“Cyber security is always a business issue, never just an IT one.”

CI Newsletter Volume 2, Issue 3, Fall 2013 3

Are documents marked “Proprietary,” “Confidential,” or worse yet, are more sensitive documents published by your organization readily available on the Internet, and thus, free for the taking by a technically-inclined adversary? The answer to the questions will likely send shivers down your spine, especially if you have to pause and think about it or if you are unsure of the answer. Understanding what information and data are inadvertently leaking onto the Internet is important so efforts can be made to mitigate and implement procedures to prevent such disclosures moving forward. The National Security Agency (NSA) recently declassified and publicly released a document published by NSA’s Center for Digital Content following an April Freedom of Information Act (FOIA) request. The 643-page compendium, entitled Untangling the Web: A Guide to Internet Research, provides an interesting look into open-source research tips and tricks. Specifically, it lays out means and methods that should be used to better understand what your organization’s sensitive digital footprint is revealing or failing to safeguard. What type of data are floating on the Internet one may ask?

Personal and/or financial information. Sensitive government information. User IDs, computer or account logins, passwords. Private, confidential, or proprietary company data. Vulnerabilities in websites and servers that could facilitate breaking into the site.

As the NSA document states: “Nothing I am doing to describe to you is illegal, nor does it in any way involve accessing unauthorized data…[it]…involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” The Internet “is surely a labyrinth, but it is a labyrinth devised by men, a labyrinth destined to be deciphered by men.” Once information is leaked or exposed, it becomes more difficult, if not impossible, to contain or protect it. This reaffirms the notion that an ounce of prevention is clearly the optimal choice. The “Google Hacking” chapter in the NSA document Untangling the Web provides a worthwhile set of tools and step-by-step instructions to enable visibility into the information an adversary may glean. If sensitive information about your organization needs to be protected, the best means of keeping it safe is to keep it off the Internet. Unconventional applications of routine search engine queries can be used to obtain sensitive information. So, if it’s on the Internet or ever was, that data is only a few clicks away.

CYBER SECURITY: BEST DEFENSE IS A GOOD OCYBER SECURITY: BEST DEFENSE IS A GOOD OFFENSEFFENSE

Our newsletter has a new look and streamlined content. We know you are busy professionals so we’ve trimmed the volume

without compromising quality. We’ve also added Subject Matter Expert commentary from our in -house team for greater

insight on key issues of consequence. We hope you enjoy this issue and we welcome your feedback.

As we go about our daily tasks, it’s tempting to become complacent about national security concerns, including

cybersecurity, counterintelligence, and the ever -present insider threat. But we know there is plenty to fret about. What

immediately comes to mind, of course (how can we forget?), is Edward Snowden and his odyssey from self -righteous

“leaker” to desperate asylum seeker. Today, the fugitive from espionage justice is still in Russia with asylum granted and

hoping to forever avoid the consequences of his actions (although his father is being allowed to visit!). We may never know

the full impact of his misdeeds, but we can feel the immediate reverberations. The security clearance background

investigation process is now being scrutinized and we see an elevated level of discussion about cybersecurity. Despite our

best collective efforts, however, government employees and contractors, and even private sector employees, will continue

to decide for themselves which secrets to keep and which to give away. In this newsletter we’ve included more cases so you

can track the scope of the issues. Perhaps they will cause you to wonder if there really is anything we can do to prevent

leaks and, generally just keep our world safe.

CI Newsletter CI Newsletter CI Newsletter : New Look ‘n’ Feel and Streamlined Content : New Look ‘n’ Feel and Streamlined Content : New Look ‘n’ Feel and Streamlined Content

CI Newsletter Volume 2, Issue 3, Fall 2013 4

U.S. Army releases Cybersecurity HandbookU.S. Army releases Cybersecurity HandbookU.S. Army releases Cybersecurity Handbook As part of the effort to curb the cyber threats that both President Barack Obama and Defense Secretary Chuck Hagel have addressed recently, the United States Army released a 16-page handbook recently that outlines security strategies.

http://fcw.com/articles/2013/06/14/army-cyber-handbook.aspx

A new report titled ‘Cyber Threat Intelligence and the Lessons from Law Enforcement’ paints a stark picture of private sector firms’ and organizations’ failures to properly understand the cybersecurity world. This shortcoming has resulted in an inability to address this vitally important vulnerability. The report notes, “As adversary sophistication increases, many organizations react when it is too late— the attack is already underway. Few organizations have the capability to anticipate cyber threats and implement preventative strategies, despite prevention being more cost-effective and customer-focused. Essentially, organizations have a fundamentally flawed approach to cybersecurity and need to heed the lessons learned from law enforcement and intelligence agencies that have been dealing with these types of threats for substantially longer. According to the report, organizations need to stop playing catch-up and “create an intelligence-led mindset.” Following a shift in organizational thinking and threat perception, firms need to develop strategies built on “intelligence operating models” in order to achieve “an intelligence-led decision-making process.”

From Subject Matter Expert, Pete Lee, Advantage SCI Executive Vice President of Operations:

“While we could be talking about foreign intelligence threats ‘with inside access’ or terrorist plotting—cyber threats seem to dominate the news these days. In order to fight the cyber threat in today’s environment, organizations need to change their current mind-set, creating organizational change using executive orders, industry mandates, and well-established frameworks already proven as effective by intelligence and law enforcement organizations. “First, organizations must be able to recognize and admit to the ineffectiveness of the current cyber threat fighting model being used. Due to the fast-paced and changing environment of cyber crime, the reactive and after-the-fact investigative approach is not enough. If there is a lack of intelligence analysis, even though they may be using some semblance of intelligence gathering, many organizations are not effective because the analysis is not included in the decision process. The intelligence or information gathering must allow organizations to better understand the threats, distinguish the vulnerabilities, prioritize and identify resources available to make decisions on a preventive strategy, thus reducing liabilities. Intelligence analysis should be the central focus for decision-making—after all, its intended purpose is to give ‘early warnings” to pre-empt threats/attacks. “Second, another key component, which requires a big change in dealing with cyber threats, is the ability and willingness to share information with other organizations and agencies. If we look at the OODA Loop (Observe, Orient, Decide, Act) used by the military, the key component is the ‘Observe’ (intelligence and information gathering) aspect of the threat and the evolving situation. Observed information must be processed and analyzed for decision making. Whether the people conducting the cyber threat realize it or not, they are probably using the same process unconsciously. It comes down to whom can process through this cycle the quickest to throw the other off guard and win the battle. There is a lot to be learned from the military, government, and law enforcement when dealing with threats and vulnerabilities and making decisions to reduce the likelihood of cyber threats.”

Cybersecurity: The Intelligence Operating ModelCybersecurity: The Intelligence Operating ModelCybersecurity: The Intelligence Operating Model

CI Newsletter Volume 2, Issue 3, Fall 2013 5

United States

Cyber Crime Researchers with U.S. security software maker Symantec Corp said that they have uncovered digital evidence linking cyber attacks on South Korea over the past four years to a single hacking group called the "Dark Seoul Gang."

http://news.yahoo.com/four-hacking-spree-south-korea-033835550.html

Energy Department & Cybersecurity

The U.S. Department of Energy is tackling cybersecurity for its various branches, including the National Nuclear Security Administration (NNSA), with a new Cybersecurity Council tasked with formulating best practices in the security arena.

http://www.infosecurity-magazine.com/view/32953/us-energy-department-creates-Cybersecurity-council/

Extremist groups try to infiltrate U.S. intelligence organizations http://news.yahoo.com/extremist-groups-try-infiltrate-us-intelligence-063534672.html?goback=.gde_1815521_member_270583337#

NATO

Defense Ministers Focus on Cybersecurity NATO defense ministers convened on a few months ago to examine cyber security as a collective defense issue amid mounting concerns over the threat posed by cyber attacks. "We will have our first ministerial discussion dedicated to cyber defense...I believe we can do more to assist individual allies if they come under attack. That would show NATO solidarity," NATO Secretary General Ander Fogh Rasmussen said at his arrival of the two-day meeting.

http://news.xinhuanet.com/english/world/2013-06/04/c_132430485.htm

DID YOU KNOW? You can pocket up to $500,000 for information that leads to the arrest and conviction of a spy or to the prevention of espionage. To report suspicious activities, contact your local FBI Field

Office or submit an anonymous tip.

CI Newsletter Volume 2, Issue 3, Fall 2013 6

China

Accusations Lobbed at U.S. China accused the United States of “double standards” and hypocrisy in the area of cybersecurity as tension flared between Beijing and Washington over the flight of fugitive former spy agency contractor Edward Snowden.

http://www.reuters.com/article/2013/06/27/net-us-usa-security-china-idUSBRE95Q0LR20130627

$4.9B Cybersecurity China Market Double by 2017?

The Chinese market for cybersecurity is rapidly growing, highly lucrative, and potentially vast. ABI Research estimates that market revenues totaled $4.9 billion in 2012 and could potentially double over the next five years. The report analyzes the trends and dynamics of the Internet and mobile security market in China.

http://geeks.broadwayworld.com/article/49-Billion-Cyber-Security-Market-in-China-Could-Double-by-2017-Despite-Significant-Foreign-Barriers-to-Entry-20130626

Cyber threats/leaks spur increased security focus

Increased cyber espionage by China and recent leaks by a contractor working at the National Security Agency have put a sharp focus on cybersecurity for aerospace and defense companies showing off their wares at this year's Paris Airshow.

http://news.yahoo.com/cyber-threats-leaks-spur-increased-security-focus-174807524.html

UAE

Cybersecurity in Abu Dhabi

When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world’s largest and most powerful spy agency in the sands of Abu Dhabi. It was a natural choice: The chief architect of Booz Allen’s cyber strategy is Mike McConnell, who once led the NSA and pushed the United States into a new era of big data espionage. It was McConnell who won the blessing of the American intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians.

http://www.nytimes.com/2013/06/16/us/after-profits-defense-contractor-faces-the-pitfalls-of-Cybersecurity.html?pagewanted=all&_r=0

CI Newsletter Volume 2, Issue 3, Fall 2013 7

Special Agent James Verdi has traveled to Afghanistan, Iraq, and the Horn

of Africa to study battlefield explosives. The FBI bomb technician embedded

with the military and applied his specialized skills there to find signatures

and forensic material on bomb fragments and unexploded devices that

helped the military piece together a clearer picture of its adversaries. Verdi

and his team respond to more than 200 calls a year for incidents or

suspicious packages. Every experience is unique, he said. So it’s important to

share what you learn. Your life—and the lives of your partners—depends on

it.

As a certified bomb technician in the Bureau’s San Diego Field Office,

Verdi is a long way from the battlefield today. But he still rolls out regularly

with a Navy explosive ordnance disposal (EOD) unit—this one based on

Coronado Island, adjacent to San Diego. During training missions, Navy

ships and planes drop live ammo on San Clemente Island 70 miles off the

coast. Clearing the remnants is the job of the EOD technicians. Verdi often

joins them so he can see first-hand how current military technicians operate

in the field and what they are likely to encounter on the ground.

“They invite us along on a lot of their training exercises to do range clearance operations,” said Verdi. “That teaches

us the military ordnance side of the house: what bombs, artillery rounds, and munitions look like, so we can deal with

them better if we see them.”

The working relationship in San Diego started about a decade ago when the wars in Iraq and Afghanistan were

ramping up and the military and FBI saw mutual benefits to sharing their unique skills and knowledge. For the FBI,

which has played a growing investigative role in the war theaters by analyzing improvised explosive devices (IEDs) to

help pinpoint their sources, the relationship is key because the military most frequently encounters IEDs. For EOD

technicians, training with the FBI has opened a window on how explosives can be exploited for evidence at a crime

scene.

“Our jobs are very similar, although we have more experience with military ordnance and they have much more

expertise in the counterterrorism portions of the job, like explosives’ chemical analysis, explosives precursor

knowledge, and so forth,” said Lt. Abe Kim, of the Navy’s EOD detachment on Coronado Island. “We each bring

different things to the table.”

Training together is a rule in the tight community of 468 bomb squads and more than 3,200 non-military bomb

technicians across the country. To ensure consistency, every bomb technician is certified—and recertified every three

years—through the Hazardous Devices School at Redstone Arsenal in Alabama, run by the FBI and the Army. Training

with EOD techs, said Special Agent Steve Diaczyszyn—who supervises all of the Bureau’s special agent bomb

technicians—is a key facet of the job.

“You never know when the public safety bomb techs and the EOD technicians are going to have to work together in

the interest of public safety,” Diaczyszyn said. He said every field office bomb technician knows their EOD counterpart

because the military takes the lead when a case involves ordnance without a terrorism nexus.

“That’s one of the most important things we get out of working and training together with the Navy,” said Verdi.

“You have to earn their trust. And they have to know exactly how you’re going to perform downrange in stressful

environments, especially when you’re in the combat theater. We train regularly so they know exactly how we are going

to react. And they can depend on us when they need to.”

Bomb TechniciansBomb Technicians——An Equitable Partnership Between the FBI and the U.S. NavyAn Equitable Partnership Between the FBI and the U.S. Navy

Source: http://www.fbi.gov/news/stories/2013/july/bomb-technicians-a-partnership-between-fbi-and-navy/bomb-technicians-a-partnership-between-fbi-and-navy

CI Newsletter Volume 2, Issue 3, Fall 2013 8

The Next Wave, the National Security Agency's (NSA) research journal centered on emerging technologies, is now available online to the general public. The quarterly publication highlights significant technical advancements and research activities within NSA's Research Directorate and beyond. Its print readership totals more than 10,000. The Research Directorate creates breakthroughs in mathematics, science, and engineering. These discoveries allow NSA to achieve and sustain intelligence advances against immediate and emerging threats to U.S. national security. As the only “in-house” organization in the Intelligence Community that is dedicated to improving intelligence through science, the directorate provides a consistent advantage over the scientific discoveries of industry, academia, and adversarial nations. “Experts within the Research Directorate have a history of raising the bar with innovative new technology and then sharing it with the world,” said Dr. Michael Wertheimer, Director of Research. “This practice supports our mission to strengthen information security while benefiting both commerce and the nation as a whole. Making The Next Wave more widely available is a perfect example of this practice,” he continued. “The technologies and topics covered address challenges, like Cybersecurity, that affect us all.” Cybersecurity has been on the radar of many at the NSA for several years and in 2012 and again in 2013, several articles in The Next Wave have focused on the federal research and development program and the initiatives needed to emphasize the importance of mitigating Cybersecurity at the federal level. Security challenges now involve more than cryptography and cryptoanalysis, and solutions require collaboration. To that end, public and private partnerships continue to form as research findings and technologies are shared across institutional boundaries. “The Next Wave has inspired a growing audience to think collaboratively,” said Kathleen Prewitt, the journal's Managing Editor. “Our past print readership was over (sic) 10,000 and climbing. Offering The Next Wave online allows us to efficiently share information to spur future partnerships that could be of great benefit to the NSA mission and beyond.”

NSA Debuts NSA Debuts The Next WaveThe Next Wave Journal OnlineJournal Online

Source: www.NSA.gov

The National Security Agency's National Centers of Academic Excellence in Cyber Operations Program, which was designed to cultivate more U.S. cyber professionals in an ever-changing global environment, introduced the selection of four new schools for the 2013-2014 academic year. After a rigorous application and screening process, Air Force Institute of Technology in Ohio; Auburn University, Alabama; Carnegie Mellon University, Pennsylvania; and Mississippi State University will be added to the list of the four 2012 schools that received the CAE-Cyber Operations designation. The program, which now has a total of eight schools, complements more than 100 existing Centers of Academic Excellence (CAEs) in research and information assurance education, jointly overseen by NSA and the Department of Homeland Security. Steven LaFountain, an NSA technical leader, said legal and ethical issues in Cybersecurity are a required and critical part of the effort. “In the application process and in all of its work with selected schools, NSA emphasizes the importance of integrity and compliance,” he said. “Cyber skills are increasingly important in national defense, but it's even more important to operate as responsible citizens in the use of such skills.” Retired Lt. Gen. Ronald L. Burgess, Jr., a former director of the U.S. Defense Intelligence Agency (DIA), now serves as Auburn University's Senior Counsel for National Security Programs, Cyber Programs, and Military Affairs. “The CAE-Cyber Operations project has real merit,” he said. “Auburn has devoted significant resources and interdisciplinary rigor across campus to expand new cyber initiatives and extensive collaboration with external organizations,” he said. “We are extremely pleased that NSA has recognized our efforts by selecting Auburn University for the program. It is important to the nation - and we feel we can contribute to this national need.” Topics covered are routinely taught in colleges and universities, but this initiative seamlessly integrates the material to help students better understand how they could someday help to defend the nation. Summer seminar participants must undergo background checks and obtain temporary, Top Secret security clearances. Participating students and faculty members do not engage in actual U.S. government intelligence activities. An outgrowth of the President's National Initiative for Cybersecurity Education, this program identifies institutions that have a deeply technical, interdisciplinary curriculum centered on fields such as computer science and electrical engineering. The agency has long worked with schools to improve education in science, technology, engineering, and mathematics. In addition, the program offers some participants opportunities to apply their learning or enhance their teaching in summer seminars at NSA. The program was introduced in 2012 at four schools: Dakota State University, South Dakota; the Naval Postgraduate School, California; Northeastern University, Boston, Massachusetts; and the University of Tulsa, Oklahoma. Like the agency's other CAEs, those in the cyber operations program are evaluated annually. Designations are for five years and schools across the country can compete to join each year.

NSA Chooses Four New Schools for Cyber Operations ProgramNSA Chooses Four New Schools for Cyber Operations Program

Source: http://www.nsa.gov/public_info/press_room/2013/new_cyber_schools.shtml

CI Newsletter Volume 2, Issue 3, Fall 2013 9

Economic EspionageEconomic Espionage The Cold War is not over, it has merely moved into a new arena: the global marketplace. The

FBI estimates that every year billions of U.S. dollars are lost to foreign and domestic

competitors who deliberately target economic intelligence in flourishing U.S. industries and

technologies, and who cull intelligence out of shelved technologies by exploiting open source

information and company trade secrets.

Foreign competitors who criminally seek economic intelligence generally operate in three

ways:

– They aggressively target and recruit insiders (often from the same national background) working for U.S. companies and research institutions;

– They conduct economic intelligence through operations like bribery, cyber intrusions, theft, dumpster diving (in search of discarded intellectual property or prototypes), and wiretapping; and,

– They establish seemingly innocent business relationships between foreign companies and U.S. industries to gather economic intelligence, including trade secrets.

Visitors entering your facility could pose a security risk to your intellectual property or

competitive edge. It is an opportunity for competitors to collect information that is not readily

available to them. Some visitors may be trained to verbally elicit information; some may

brazenly ignore the security parameters of a tour; and others may use concealed recording

devices, all in order to obtain restricted information. Some information they collect may seem

innocuous, such as the facility layout, but could be very valuable to them and give them clues

about your products or how to run their own facility better. Do not tell competitors how to

squeeze past you in the economic race, and do not help thieves steal your information.

A visitor played with his wristwatch

in a manner that made the host suspicious

that a micro camera might be in the watch.

Foreign visitors put double-sided tape on the soles of their shoes in order to collect slivers of

metal alloys from the floor of a production plant for U.S. military planes. They later analyzed

the slivers to determine the exact metallic components used in the planes.

Source: For more information on visitor risk mitigation

see www.fbi.gov/about-us/investigate/counterintelligence/risks-mitigations-of-visitors

CI Newsletter Volume 2, Issue 3, Fall 2013 10

Los Alamos Lab Subjected to Violations Los Alamos Lab Subjected to Violations The Justice Department recently announced that a

scientist and his wife, who both previously worked as

contractors at the Los Alamos National Laboratory (LANL)

in New Mexico, pleaded guilty to charges under the Atomic

Energy Act, as well as other charges, relating to their

communication of classified nuclear weapons data to a

person they believed to be a Venezuelan government

official.

The guilty pleas were entered by Pedro Leonardo

Mascheroni, 77, a naturalized U.S. citizen from Argentina,

and Marjorie Roxby Mascheroni, 70, a U.S. citizen, in the

U.S. District Court for the District of New Mexico.

According to court filings, Mascheroni, a Ph.D. physicist,

worked as a scientist at LANL from 1979 to 1988 and held a

security clearance that allowed him access to certain

classified information, including “restricted data.” Roxby

Mascheroni worked at LANL between 1981 and 2010 where

her duties included technical writing and editing. She also

held a security clearance at LANL that allowed her access to

certain classified information, including restricted data.

As defined under the Atomic Energy Act, restricted data

is classified information concerning the design,

manufacture, or use of atomic weapons; the production of

special nuclear material; or the use of special nuclear

material in the production of energy. Pedro Mascheroni

and Roxby Mascheroni were indicted in September 2010

and charged with conspiracy to communicate and

communicating restricted data to an individual with the

intent to secure an advantage to a foreign nation.

The indictment also charged the couple with conspiracy

to convey and conveying classified restricted data. The

indictment also charged Pedro Mascheroni with concealing

and retaining U.S. records with the intent to convert them

to his own use and gain, and both defendants with making

false statements.

Mascheroni admitted that in November 2008 and July

2009, he unlawfully communicated restricted data to

another individual with reason to believe that the data

would be utilized to secure an advantage to Venezuela. He

also admitted unlawfully converting Department of Energy

information to his own use and selling the information in

November 2008 and July 2009 and failing to deliver

classified information relating to the United States’ national

defense to appropriate authorities and, instead,

unlawfully retaining the information in his home.

Finally, Mascheroni admitted making materially false

statements to the FBI when he was interviewed in

October 2009. Roxby Mascheroni admitted that between

October 2007 and October 2009, she conspired with

Pedro Mascheroni to convey restricted data belonging to

the United States to another person with reason to

believe that the information would be used to secure an

advantage to Venezuela. She also admitted making

materially false statements to the FBI when she was

interviewed in October 2009.

The indictment in this case did not allege that the

government of Venezuela or anyone acting on its behalf

sought or was passed any classified information, nor did

it charge any Venezuelan government officials, or anyone

acting on their behalf, with wrongdoing. The indictment

also did not allege any wrongdoing by other individuals

working at LANL. Source: www.FBI.gov

CI Newsletter Volume 2, Issue 3, Fall 2013 11

Act of Terror Averted inAct of Terror Averted inAct of Terror Averted in Chicago; Accused SentencedChicago; Accused SentencedChicago; Accused Sentenced

A federal judge has sentenced an Illinois man to 23 years

in prison for an attempted bombing in 2010, near Chicago’s

Wrigley Field, that was intended to cause mass casualties

and paralyze the community.

On that Saturday evening in September, while a concert

was taking place at the Chicago Cubs baseball stadium,

Sami Samir Hassoun placed a backpack, which he thought

contained a powerful bomb, into a trash can on a nearby

crowded street. The device was a fake—supplied by an FBI

undercover agent—but had it been real, the effects would

have been “horrific,” according to the judge who sentenced

Hassoun yesterday.

A Lebanese citizen legally living in Chicago, Hassoun

never posed a danger to the public, thanks to an

investigation led by our Joint Terrorism Task Force (JTTF)

in Chicago. But the 25-year-old would-be terrorist had

earlier told an accomplice—who was really an FBI

undercover agent—that any casualties from the attack

would be the inevitable result of what he termed

“revolution.”

“We were initially alerted to Hassoun by an informant

who warned that Hassoun was hoping to profit from

committing extreme acts of violent in Chicago. He had no

qualms about potentially killing lots of people,” SA Sam

Hartman said. “And he wanted money in return.”

Hassoun pled guilty to attempted use of a weapon of mass

destruction and attempted use of an explosive device, and

he admitted telling a law enforcement informant that he

suggested bombing the commercial area surrounding

Wrigley Field. The informant later introduced Hassoun to

an undercover FBI operative who posed as an accomplice.

Hassoun also said he was willing to use a car bomb and to

attack Chicago police officers.

On three occasions in August 2010, Hassoun videotaped

potential targets around Wrigley Field, focusing on popular

bars and restaurants. As he filmed, he commented on the

tactical advantages and risks of an attack at the various

locations. On the night of September 18, Hassoun was ready

to set his plan in motion. He took a shopping bag and a

backpack that he thought contained a powerful bomb from

our undercover agents. The agents said the device was

surrounded by ball-bearings and that the blast could

destroy half a city block.

“Hassoun was an example of the so-called lone

offender,” Hartman said. “He had no ties to organized

terror groups, but he was clearly a terrorist—and

potentially an extreme danger to the public. We were

fortunate to have stopped him.”

A former General Motors engineer Shanshan Du and her

husband Yu Qin were found guilty by a federal jury for

conspiring to steal hybrid technology trade secrets from

GM with the intent to use them in a joint venture with an

automotive competitor in China.

Shanshan Du, 54, and her husband, Yu Qin, 52, of Troy,

Michigan, were also convicted of unlawful possession of

trade secrets after a month-long trial before U.S. District

Judge Marianne O. Battani in November 2012. Qin was also

convicted of wire fraud and obstruction of justice.

The evidence at trial showed that from December 2003

through May 2006, the defendants conspired to steal GM’s

trade secret information. Du, while employed with GM’s

hybrid vehicle technology group, provided GM trade secret

information relating to hybrid vehicles to her husband,

Qin, for the benefit of their private company, Millennium

Technology International Inc. (MTI), which the defendants

jointly owned and operated. Approximately five days after

Du was offered a severance agreement by GM in January

2005, she copied more than 16,000 GM files, including

trade secret documents, to an external computer hard

drive used for MTI business. A few months later, Qin

moved forward on a business venture to provide hybrid

vehicle technology to Chery Automobile, an automotive

manufacturer based in China and a competitor of GM.

In May 2006, during the execution of a search warrant,

the FBI recovered multiple computer devices containing

GM trade secret information on several computer and

electronic devices located in the defendants’ residence.

Shortly after the FBI search team left the defendants’

residence, the defendants drove to a dumpster behind a

grocery store, where defendant Qin discarded plastic bags

containing shredded documents, including GM trade

secret information, that were all responsive to federal

grand jury subpoenas seeking information relating to MTI

and hybrid vehicles. Based on preliminary calculations,

GM estimates that the value of the stolen GM documents

is more than $40 million.

GM Trade Secrets Case GM Trade Secrets Case GM Trade Secrets Case

Source: www.fbi.gov

Source: www.fbi.gov

CI Newsletter Volume 2, Issue 3, Fall 2013 12

ADVANTAGE SCI PRODUCTS, SERVICES, AND TRAINING

Advantage SCI offers services supporting the counterintelligence (CI) needs of the cleared defense contractor community, private business, government, utilities, and municipalities with requirements to protect classified information, trade secrets, intellectual property, and other privileged information.

Services include:

Vulnerability Assessments Threat Briefings/Foreign Travel Briefings/Debriefings Counterintelligence Awareness Training/Insider Threat

Training TSCM Services in classified or unclassified spaces Facility Security Officer (FSO) In a Box

Advantage SCI: SERVICE-DISABLED VETERAN-OWNED SMALL BUSINESS (SDVOSB), SMALL BUSINESS ENTITY (SBE), MINORITY-OWNED BUSINESS ENTITY (MBE), SMALL DISADVANTAGED BUSINESS ENTITY (SDB), WOMAN-OWNED BUSINESS ENTITY (WBE)

V IS IT OUR WEBSITE : h t tp : / / a d va nt a g es c i . co m

Advantage SCI ‘s Vision “Educate America’s 300 million people and business leaders on prevention, detection, and response to 21st century threats.”

Securing Tomorrow Today!

1 2 3

4 5

6

7

8

9

Across

1. You should not share this with others

6. A secret mission to fulfill

7. Plant this and listen to every move

8. Freezes moments in time

9. Watches your every move

Down

2. Computerized air defense system during the Cold War

3. Unmanned aircraft

4. You can see behind you when you wear them

5. You can send messages with this

COUNTERINTELLIGENCE CROSSWORDCOUNTERINTELLIGENCE CROSSWORD

Consult With a CI Professional Foreign Travel Briefings and Debriefings Intelligence Analysis/Intelligence Analysts Plans, SOPs, Regulatory-related materials Workplace Violence Prevention and Response Other matters related to improving CI-related

posture

Answers by request when you email info@advantagesci.com