Defense Security Service (DSS) Industrial Security Field ...Clearances Issued 25,000+ Substantive...
Transcript of Defense Security Service (DSS) Industrial Security Field ...Clearances Issued 25,000+ Substantive...
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
Defense Security Service (DSS)Industrial Security Field Operations
IMPACT 2019
Mr. Gus Greene Sr.Director, Industrial Security Field Operations
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
Agenda
▌ 2018 Lessons and Metrics
▌ Way Ahead and Significant Initiatives
2
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
DiT Status and Outcomes in FY18
3,028Security
VulnerabilitiesIdentified
1,149 Security Violations Processed
Unauthorized Disclosures Involving Loss/Compromise of Classified Info
Information Systems Authorized to Process Classified Information
790
6,000
800+ Facility
Clearances Issued
25,000+ Substantive CI&S Engagements
Security Reviews2,100+
Comprehensive Security Reviews61
Command Cyber Readiness Inspections2530
TailoredSecurity
Plans
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
:
DiT Phased Implementation Results (FPGA)
• Lack of user auditing/monitoring• No network incident response procedures• USB devices and ports are not restricted• All users have admin privilege access• Hard drives lack encryption• Lack of port security to limit unauthorized
devices from being added to the network• Individuals (to include visitors) entering office
space have full access to systems and info• Failure to update security patches & anti-
virus on unclass systems supporting program• Foreign nationals provide IT support• Cleaning crew with unescorted facility • Failure to provide user briefings• Weak password requirements
Non-NISPOM Vulnerabilities
• JPAS/Personnel Security• Failure to administer annual security training• Discrepant mailing address for classified• Unresponsive alarms in ceiling in closed area• Failure to update operating system and
software security patches on classified IS
NISPOM Vulnerabilities
Unclassified System
Classified System
End Product
End User
ClassifiedEnvironment
:
4
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
Top Ten NISPOM Vulnerabilities Identified in CY2018
Blue=Personnel Security
Vulnerability # of Citations
Improper Personnel Security Management
Lack of or Incomplete Self Inspection
Insider Threat Training
NATO Briefings
Refresher Training
Perimeter Controls
FSO Training
Security Reviews
Initial Security Briefings
Change Conditions Affecting the FCL
Red= Training-Related Black=Other process / procedures
288
222172
169
131
75
7163
62
57
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
Major Lines of Effort for FY19/20
DiT Phase Implementation
Programmatic Reviews (i.e. A-PNT, Universities)
Enhanced SVAs Further Enhanced SVAs
Corporate Reviews
NISP Operations (RMF, CI&S Engagements, FCL Processing, FOCI, Security Violations, etc.)
Refined Comprehensive Security Review Methodology
Risk-Based Industry Security Oversight (RISO) Development
FY2020FY2019
RISO Institutionalized
FY2018
Today
Stand-Up CTP Directorate
1 Oct 2018 1 Oct 2019
3
Phase 2A TransitionPhase 0 Process Reform Phase 1 Transfer
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
FY19 Security Oversight Strategy Engagement Types
Line of Effort Asset IDSecurity Baseline
MCMO Matrix Rating TSP
ComprehensiveSecurity Review
Enhanced SVA
Counterintelligence & Security Engagement
Active Monitoring
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
Significant FY19 Initiatives
▌ Insider Threat Program Effectiveness
▌ National Access Elsewhere Security Oversight Center (NAESOC)
▌ CUI
▌ FCL Timelines
8
DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security
Questions?
9