FBI Counterintelligence Domain Program Briefing – Dallas, Texas Speaker Background/Introduction
History/Evolution of the Program DECCA Developing Espionage and Counterintelligence Awareness ANSIR Awareness of National Security Issues and Response DOMAIN Outline increasing focus/targeted outreach efforts Domain Program is all about establishing and maintaining RELATIONSHIPS which seek to: Leverage partners Assist us in prioritizing our mission
OPENESS Technology Lifecycle and Counterintelligence Exposure = = Fundamental Research End of Acquisition Life Concept Exploration Foreign Military Sales I N F O R M A T Rapid Prototype A V I L B T Y Universities Technology Development Operational Use OPENESS Labs & Centers System Test/Design System Fielding System Demonstration Contractors System Manufacture The inverted arc depicts the exposure of technology, with National Security nexus, over it's development lifecycle. The multicolored swirl represents the accelerated development push due to war-time demands. The red hook represents the egress of the technology to our foes. The graphic's message is that our opposition is availing themselves of the opportunity to acquire critical technology in the early stages of development, when it has the greatest long term value and the least protection through traditional classification and counterintelligence programs. The Domain program seeks to partner and leverage to address these vulnerabilities. The inverted arc, or upside down curve, a key component, discriminator in our proactive CI strategy and DOD hierarchy of materiel alternatives. The Technology development life cycle time line in the US DOD funding schedule. 6.0-6.7 are paragraphs in the DOD federal acquisition regulations (DFARs), which actually determine how much $ can be spent in each phase of the life cycle of a system or program. From basic and fundamental research through operational use, Foreign military sales, to the end of acquisition life. The curve represents the information availability during the acquisition process. The more openness towards both ends of the curve. Upper left hand of curve, fundamental research at college or university or some persons garage, unclassified basic research where a concept is being explored, may not work at all but the DOD has decided to spend $$ on it. Example is EML, laser technology, nano technology, quiet electric drive, pure research, unclassified, collaborative and fundamental. Further down the curve the prototype hits design and test and makes it to a contractor 6.2-6.3 range, then the govt. says wait a minute this actually works, we better classify it. Least visibility to the public domain in the bottom of the arc. This is the area, systems integration phase which could include SAPs “black” programs where the vast majority of our FBI espionage cases occur. When espionage is committed the secret is already in Moscow or Beijing, it’s a CI or security failure. Our proactive efforts need to focus on the upper left of the curve, before classification, assets, leads, DA ops, IIRs, to detect state directed collection in our universities and labs, etc. 6.3-6.6, DSS has the responsibility to keep the contractors NISP compliant, traditionally the reporting and the cases have been generated in this area. 6.6-6.7 the secret is out anyway. The system is fielded and put into operational use or sold in a FMS where it can be reverse engineered copied or duplicated or purchased in the market place. But wait there’s more, what if it works in the 6.2 area the rapid prototype? It’s fielded, off the shelf, more risk, testing less relevant, more agile innovation and experimentation, straight from 6.2 to 6.6, maybe never even classified, the Good enough technology phase (902nd calls it the just GET.) Make case maybe? Or what if it works and it gets spun out into the open market, red hook area, dual use, patented, profited, with a classified application down the curve? Large majority of foreign national scientists working in this area, this is where our proactive efforts need to be focused, leveraging our strategic partners to point out the most important information and technologies that need to have a CI umbrella in place. Proactive, preventative most impact to a viable CI program and strategy. 6.0-.1 6.2 6.3 6.4 6.5 6.6 6.7 Technology Development Life Cycle Time-Line Low = Classified/SAP Information Military Value of Information = High
Major Strategy Elements Supported By Domain Program Change Behaviors Of most serious foreign threats Of exploited individuals/institutions Reduce Opportunities Of adversaries to collect intelligence and conduct operations Band Field Offices/Partners Together To devise and implement joint operational plans that cross boundaries Transformation to Proactive Program Pursue foreign positive intelligence collection effort
Changing Counterintelligence (CI) Paradigm Shift from reactive to proactive operations Acknowledgement of new business realities (“The World is Flat”) Development and advocacy of risk mitigation strategies vs. threat avoidance Pushing counterintelligence awareness out to the business/academic community Leveraging resources to mutual advantage Seed Change from “Cold-War” strategy in light of World Economy/Interdependency OLD NEW Classified Information Proprietary/IPR CNAs Establishments/IOs –Symmetric Threat Students/Delegations/Unwitting collectors –Asymmetric FISA/Surveillance/Reactive Outreach/Risk Mitigation/Proactive Dead drops/Chalk marks Cyber Collection/Open Source
Holistic Approach to CI Risk Management Insure that all facets of security (physical, IT, personnel) are aware of counterintelligence issues and incorporate risk detection and mitigation into cohesive business strategy. Partnership between USIC and Private Sector to leverage resources to maximum benefit of nation. Getting all the parts to work together Our CI security posture is only as strong as the weakest link CNA program embodies this requirement/approach Emphasize critical need for INTERAGENCY COOPERATION as well!
Pitching Partnership Emphasis on Confluence of Interest CI protection = IPR/Research protection Leveraging finite resources Recognition that we are all short-handed Encouraging ongoing communication Building confidence/trust Subject matter competence No threat posture Confidentiality The prestige and funding that comes with Research is jeopardized by competitors who push your ideas out to the marketplace before you do.
CI Domain Program Initiatives Critical National Assets/Domain Equities Business Alliance Academic Alliance CI Working Groups Program Review Process
Business Alliance FBI-led programmatic outreach to Defense Industry (w/ DoD partnership) Executive level engagement CI and Business confidence-building Seeking strategic shift Corporate volunteerism to change Due-diligence Compel self-governance Self-assessment tool/assistance General Dynamics Raytheon Lockheed Martin Boeing Northrop Grumman L3 Communications BAE Systems CI “Better to know than not know…”
What is the RTP SIG? http://www.infragard.net RTP = Research and Technology Protection SIG = Special Interest Group The RTP SIG is a tool for Domain Coordinators to use to provide information to their Domain representatives http://www.infragard.net Key Points: One of the objectives of the FBI’s Counterintelligence mission is to change the behavior of the targeted institutions and individuals. TELL THEM WHY THEY SHOULD CHANGE BEHAVIOR. In other words, provide those individuals capable of facilitating change within their organization with facts and data that reveal what the vulnerabilities are when it comes to protecting technology and what they can do to make themselves and their company more capable of keeping their intellectual property, trade secrets and other information and technology safe. The Research and Technology Protection Special Interest Group website is a tool available 24 hours a day, 7 days a week that provides relevant information to the members of our domain.
What is the RTP Special Interest Group? The RTP SIG is a tool the FBI utilizes to provide information to cleared Defense Contractors, private industry and academia. Domain Coordinators are your local FBI contacts. Mission: to provide actionable and relevant information to cleared defense contractors, private industry and academia to better enable them to protect their research and technology. The Research and Technology Protection Special Interest Group has one overarching mission: to provide actionable and relevant information to cleared defense contractors, private industry and academia to enable them to better protect their research and technology. This mission will be achieved through posting information on the site that members can use to educate themselves and their co-workers on current issues in protecting research and technology protection as well as suggestions from experts on how to better protect their R&D.
Why we need the RTP SIG To provide information to the targets of foreign intelligence services and economic espionage that will help them become a tougher target. To increase reporting of Counterintelligence events. To really drill down to why we need the RTP SIG, the reason is that the RTP SIG supports the Counterintelligence Domain Program by providing information to organizations who we already know are likely targets of foreign intelligence services and economic espionage so that they can make themselves tougher targets. Because we investigate the cases we should be telling them some things they can do to better protect themselves. An added benefit of creating these relationships where we give something back, is the increase of reporting on counterintelligence relevant events.
InfraGard RTP SIG InfraGard is the FBI’s premiere outreach group. The Domain section chose to partner with InfraGard because of its proven track record in providing actionable and relevant information to the private sector. As of August 15, 2006 there are 15,906 members of InfraGard (to update that statistic, simply go to www.infragard.net), all of whom have passed a background records check conducted by the FBI. The InfraGard website is protected via SSL or Secure Socket Layer. SSL has been the de facto standard for e-commerce transaction security since its introduction in 1994. These two factors: background records checks and a secure website, allow the FBI to post For Official Use Only (FOUO) and Law Enforcement Sensitive (LES) information on this site. Much of the information posted on the InfraGard site and the Special Interest Group (SIG) portions of the site is not available to non-Law Enforcement personnel anywhere else. For further info on SSL: SSL encrypts data from the user’s computer browser to a known computer server that has a verified digital certificate. The user knows they are signing on to a legitimate website based on the verification established by the certificate authority. The user is authenticated by SSL through a username and password that is provided by InfraGard. All data after authentication is confirmed is encrypted and can not be viewed by any potential eavesdroppers. To ensure data privacy using SSL, the user should use only a computer known t be secure using the latest vendor patches, virus protection, anti-spyware, and other personal firewall products.
Membership: the application process for the RTP SIG website Must be a current InfraGard member Must have a need for information on how to protect research and technology Should have the capability to take action on the information provided to them One of the basic tenets of effective information sharing is that the person with whom you are sharing information has the capability to take action on the information you give them. So the type of person we are looking for would essentially be your Domain contacts. The first limiting factor is membership in InfraGard. The reason this is important is because InfraGard members have all passed background records check which gives us a higher level of trust with these individuals. As you can see the CI Domain program is depending on you to properly conduct and document the members’ background record checks. The Domain Coordinator does not redo the background record check. We have to assume that the InfraGard coordinator has conducted it appropriately and documented any findings. The second limiting factor is that the individual must have a need to know the information we post on the site. That simply means that the person must work with information that may be classified, sensitive or related to intellectual property. Lastly, we’d like to limit access to people who can actually take action on the information we provide. An example of someone who can take action is the individual responsible for educating co-workers or the individual may simply change their own behavior to better protect the information they are responsible for or have access to.
How do I access the RTP SIG? By selecting the “I want to join Research and Technology Protection InfraGard” button you will be requested to answer 7 questions: What is your full name and to what InfraGard chapter do you belong? What is you organization and has it been awarded any classified contracts? Do you have a security clearance? Does your company maintain or develop processes, formulas or other things that might be considered intellectual property or trade secrets? What is your title? Please explain how your responsibilities pertain to protecting your company’s research, technology or trade secrets. Would you like to be listed in the SIG directory? Once you click on the “I want to join the RTP SIG” you will be prompted to answer a few questions. These questions are intended to ensure that individuals who are capable of taking action on the information provided on the RTP site are given access. Answering no to any of these questions does not prohibit you from becoming a member of the RTP SIG. The intent is to provide access to the broadest group possible. The SIG directory is simply a listing of all RTP SIG members that will only be available to SIG members.
Academic Alliance Foster spirit of cooperation Establish a dialogue Share information Increase awareness The U.S. spends more money on R&D than any other country in the world. A lot of that research and development takes place at colleges and universities. If you were asked to describe the culture of a college or university, how would you describe it? Likely you’d say that it is open, collaborative, collegial and competitive. University environments support and foster innovation. Innovation is what advances our technology and allows our economy to thrive. But how do you innovate? One of the things you need to do to innovate is collaborate with other researchers and scientists. In order to do that you have to share information. The unique qualities of the college and university environment lead the FBI to create the academic alliance. This tailored approach to academia has resulted a national and local programs.
Academic Alliance National Security Higher Education Advisory Board (NSHEAB) College and University Security Effort (CAUSE) The National Security Higher Education Advisory Board (NSHEAB) is hosted by FBI HQ while the College and University Security Effort consists of outreach conducted at each of our 56 field offices.
National Security Higher Education Advisory Board (NSHEAB) Members include 16 university presidents and chancellors Chaired by Graham Spanier, President of The Pennsylvania State University Three meetings a year Other participants include: National Science Foundation Department of Commerce Central Intelligence Agency Department of Defense The FBI created the National Security Higher Education Advisory Board in October of 2005. It consists of 16 presidents and chancellors from universities and colleges across the United States. This will expand to 20 members. The board meets three times a year in Washington DC. Although the FBI is the lead hosting agency, multiple agencies are involved with the NSHEAB depending upon the topic being addressed. These agencies include the National Science Foundation, the Department of Commerce, CIA and the Department of Defense.
NSHEAB Members The Johns Hopkins University UCLA Carnegie Mellon University of Washington Texas A&M Iowa State University University of Pennsylvania MIT Purdue West Virginia University University of Florida UNC – Chapel Hill University of Maryland The Pennsylvania State University University of Wisconsin These are the members of the NSHEAB. They will serve two to three year terms. The Board is chaired by President Graham Spanier, from Pennsylvania State University. Many of the members were selected based on their university’s heavy R&D involvement. We also wanted diverse geographic representation. The group was kept small enough so that effective dialogue can be maintained.
Mission of the NSHEAB Promote understanding Create a forum for mutual issues Provide advice on the culture of higher education Build on traditions of openness, academic freedom and international collaboration Discuss matters pertaining to national security. This is a partial listing of the mission of the NSHEAB. The Board was designed as an educational forum for the discussion of mutual issues related to national security. In order for us to learn from each other, we had to learn about each other. The Board promotes understanding between all the participants. It also provides us advice on the culture of higher education, so that we can build on the traditions of openness, academic freedom and international collaboration. Information sharing is the most important aspect of this group.
CI Working Groups Develop joint operations/initiatives Share and develop threat assessments Coordinate and with partner OGAs/business/academia as appropriate Push knowledge up from Field to National level as foundation for policy development
CI Program Review Process Qualify and quantify successful implementation of the National CI Strategy Program Reviews use specific metrics Inform FBI management, Congress, OMB, DOJ and the DNI of our progress in reaching goals and objectives Identifying resources needed for success
DETER DETECT DISRUPT