Defense Security Service (DSS) Industrial Security Field ...Clearances Issued 25,000+ Substantive...

DSS Indust r ia l Secur i ty F ie ld Operat ions Partnering with Industry to Protect National Security

Defense Security Service (DSS)Industrial Security Field Operations

IMPACT 2019

Mr. Gus Greene Sr.Director, Industrial Security Field Operations


Agenda

▌ 2018 Lessons and Metrics

▌ Way Ahead and Significant Initiatives

2


DiT Status and Outcomes in FY18

3,028Security

VulnerabilitiesIdentified

1,149 Security Violations Processed

Unauthorized Disclosures Involving Loss/Compromise of Classified Info

Information Systems Authorized to Process Classified Information

790

6,000

800+ Facility

Clearances Issued

25,000+ Substantive CI&S Engagements

Security Reviews2,100+

Comprehensive Security Reviews61

Command Cyber Readiness Inspections2530

TailoredSecurity

Plans


:

DiT Phased Implementation Results (FPGA)

• Lack of user auditing/monitoring• No network incident response procedures• USB devices and ports are not restricted• All users have admin privilege access• Hard drives lack encryption• Lack of port security to limit unauthorized

devices from being added to the network• Individuals (to include visitors) entering office

space have full access to systems and info• Failure to update security patches & anti-

virus on unclass systems supporting program• Foreign nationals provide IT support• Cleaning crew with unescorted facility • Failure to provide user briefings• Weak password requirements

Non-NISPOM Vulnerabilities

• JPAS/Personnel Security• Failure to administer annual security training• Discrepant mailing address for classified• Unresponsive alarms in ceiling in closed area• Failure to update operating system and

software security patches on classified IS

NISPOM Vulnerabilities

Unclassified System

Classified System

End Product

End User

ClassifiedEnvironment

:

4


Top Ten NISPOM Vulnerabilities Identified in CY2018

Blue=Personnel Security

Vulnerability # of Citations

Improper Personnel Security Management

Lack of or Incomplete Self Inspection

Insider Threat Training

NATO Briefings

Refresher Training

Perimeter Controls

FSO Training

Security Reviews

Initial Security Briefings

Change Conditions Affecting the FCL

Red= Training-Related Black=Other process / procedures

288

222172

169

131

75

7163

62

57


Major Lines of Effort for FY19/20

DiT Phase Implementation

Programmatic Reviews (i.e. A-PNT, Universities)

Enhanced SVAs Further Enhanced SVAs

Corporate Reviews

NISP Operations (RMF, CI&S Engagements, FCL Processing, FOCI, Security Violations, etc.)

Refined Comprehensive Security Review Methodology

Risk-Based Industry Security Oversight (RISO) Development

FY2020FY2019

RISO Institutionalized

FY2018

Today

Stand-Up CTP Directorate

1 Oct 2018 1 Oct 2019

3

Phase 2A TransitionPhase 0 Process Reform Phase 1 Transfer


FY19 Security Oversight Strategy Engagement Types

Line of Effort Asset IDSecurity Baseline

MCMO Matrix Rating TSP

ComprehensiveSecurity Review

Enhanced SVA

Counterintelligence & Security Engagement

Active Monitoring


Significant FY19 Initiatives

▌ Insider Threat Program Effectiveness

▌ National Access Elsewhere Security Oversight Center (NAESOC)

▌ CUI

▌ FCL Timelines

8


Questions?

9

Defense Security Service (DSS) Industrial Security Field ...Clearances Issued 25,000+ Substantive...

Documents

Transcript of Defense Security Service (DSS) Industrial Security Field ...Clearances Issued 25,000+ Substantive...