Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO.

Slides:



Advertisements
Similar presentations
Department of Homeland Security Site Assistance Visit (SAV)
Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Defense Security Service Facility Clearance Branch (FCB)
Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Introduction to Information Operations Attaché Corps- SEP 09
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
David A. Brown Chief Information Security Officer State of Ohio
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
DHS, National Cyber Security Division Overview
South Carolina Cyber.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© 2011 Delmar, Cengage Learning Part I The Nature and Setting of Police Administration Chapter 3 Police Administration and Homeland Security.
11 Karen Atkins 12 September 2013 The Importance of New Hire Orientation - FISWG.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
COUNTERINTELLIGENCE TRENDS
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
United States Army Combined Arms Center
NSF Cyber Security Conference FBI Counterintelligence Domain Program Briefing.
SEC835 Database and Web application security Information Security Architecture.
Maureen B. Higgins Assistant Director, Agency Support & Technical Assistance Office of Personnel Management December 8, 2010.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Seán Paul McGurk National Cybersecurity and Communications
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
THREAT AWARENESS. 1 What is “Threat”? Adversary with intent and capability to act against friendly interests. Other countries Business competitors Criminals.
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Cyber Security Nevada Businesses Overview June, 2014.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Andrew Staniforth Chapter 17 - Securing Cyberspace: Strategic Responses for a Digital Age, Pg. 213.
1 Ch. 4 Outline Introduction to Planning 1.Planning Fundamentals 2.Levels of Planning 3.Strategic Planning.
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
Creating an Insider Threat Program.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Created by: Ashley Spivey For Department of Homeland Security All information from:
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Intelligence and Counterintelligence and Terrorism CHAPTER 8.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.
How To Conduct An Administrative Inquiry (AI) Due To A Security Violation
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Argonne Office of Counterintelligence Intelligence Analysis Division Argonne National Laboratory.
1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.
With the ARNG’s vital role in providing support for homeland defense and the war on terrorism, the nature and types of threats against us have become.
Proactive Incident Response
Safeguarding CDI - compliance with DFARS
Security Risk Profiles – Tips and Tricks
Panel Discussion: C4I Solutions for Combating
Cybersecurity Awareness
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
Network Intrusion Responder Program
IS4550 Security Policies and Implementation Unit 5 User Policies
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Strategic threat assessment
Cybersecurity Simplified: Phishing
Presentation transcript:

Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO

Defense Security Service DSS Mission DSS Supports national security and the warfighter, secures the nation’s technological base, and oversees the protection of U.S. and foreign classified information in the hands of Industry DSS Mission DSS Supports national security and the warfighter, secures the nation’s technological base, and oversees the protection of U.S. and foreign classified information in the hands of Industry CI Mission DSS CI identifies unlawful penetrators of cleared U.S. defense industry and articulates the threat for industry and government leaders CI Mission DSS CI identifies unlawful penetrators of cleared U.S. defense industry and articulates the threat for industry and government leaders Scope -10K+ firms; 13K+ facilities; 1.2m personnel -1 CI professional / 261 facilities -10.5% of facilities report Scope -10K+ firms; 13K+ facilities; 1.2m personnel -1 CI professional / 261 facilities -10.5% of facilities report Capability (U) 11 personnel conducting analysis, liaison, field support, strategic development and program management (U) Wide range of skill sets – CI, CT, LE, Cyber, Security, Intel, IA, CNO and more (U) Direct access to cleared industry across 25 DSS field offices nationwide (U) Large roles at U.S. Cyber Command, National Security Agency, National Cyber Investigative Joint Task Force and the Department of Homeland Security UNCLASSIFIED

Challenges (U) Secure sharing of threat information with industry partners (U) Identifying and reporting suspicious network activity (U) Limited resources to execute for an quickly expanding mission area Significant Achievements and Notable Events (U) Since September, 2009 – Assessed over 3,000 cyber-related suspicious contact reports from Industry and the Intelligence Community; facilitating action on over 170 federal investigations/operations (U) Developed four benchmark product lines for Industry and the Intelligence Community to include the 3rd edition of the DSS Cyber Trends (U) Briefed at 24 venues and over 1,000 personnel in FY12 on the cyber threat (U) In FY12, delivered over 350 threat notifications to industry, detailing adversary activity occurring on their networks. Defense Security Service UNCLASSIFIED

SCR Assessment Life Cycle Threat Collect Report Analyze Refer Exploit Educate SCR Assessment Life Cycle UNCLASSIFIED Suspicious Contact Report (U) Fundamental building block of industry intelligence analysis (U) Highlights various methods of contact and approach (U) Provides vital insight to military programs and key facility programs

Evaluating Suspicious Contacts Method of Operation Attempted Acquisition of Technology Conferences, Conventions, Trade Shows Criminal Exploitation of Relationships Seeking Employment Solicitation or Marketing Services Student Requests – Academic Solicitation Suspicious Network Activity Collector Affiliation Commercial, Government, Government Associated, Individual Technologies and Programs Targeted Military Critical Technology List UNCLASSIFIED

UNCLASSIFIED//FOUO Way Ahead (U) Continue to grow and expand DSS’s cyber capability (U) Increase Opportunities for sharing of timely threat information and actionable data (U) Continue to build partnerships throughout cleared industry, intelligence and federal government communities

BREAK

Defense Security Service (U) Cyber Threats to the Defense Industrial Base UNCLASSIFIED//FOUO

(U) Agenda (U) Fiscal Year 2012 Industry Cyber Reporting (U) Threat Overview (U) Where We Are Vulnerable (U) Methods of Operation (U) A New Approach to Threat Modeling (U) Reporting (U) Getting Ahead UNCLASSIFIED

(U) FY12 Industry Cyber Reporting (U//FOUO) 1,678 suspicious contact reports (SCR) categorized as cyber incidents (+102% from FY11) (U//FOUO) 1,322 of these were assessed as having a counterintelligence (CI) nexus or were of some positive intelligence (PI) value (+186% increase from FY11) (U//FOUO) 263 were categorized as successful intrusions (+78% increase from FY11) (U//FOUO) 82 SCRs resulted in an official investigation or operation by an action agency (+37% increase from FY11 ) UNCLASSIFIED//FOUO

(U) FY12 Technologies Targeted by Cyber UNCLASSIFIED//FOUO

(U) FY12 Cyber Incident by Category UNCLASSIFIED//FOUO

(U) Threat Overview (U) A variety of adversaries have demonstrated the capability and intent to do harm to Department of Defense (DoD) systems and networks UNCLASSIFIED Threat = Capability + Intent

(U) Cyber Threats (U) Nation states (foreign governments) (U) Terrorist groups/extremists/sympathizers (U) Insiders (U) Recruited (U) Disgruntled Employee (U) Hackers/criminals (U) Organized/individuals UNCLASSIFIED

(U) Where We Are Vulnerable (U) Bottom Line Up-Front: Everywhere (U) Application vulnerabilities (e.g., Internet Explorer, Adobe) (U) Operating systems (U) Web-based applications (e.g., JavaScript, Flash) (U) Removable media (U) Network-enabled devices (U) The end user UNCLASSIFIED

(U) Methods of Operation (U) Open source research (U) Passive collection (U) Vulnerabilities and exploits (U) Socially engineered attacks (U) 0-Day (Zero Day) application vulnerabilities (U) Credentials (U) Exploitation of trusted relationships (IT) (U) Poor security practices/configurations (U) Lack of end user education UNCLASSIFIED

Threat Modeling (U) The model for handling threats MUST change “Conventional incident response methods fail to mitigate the risk posed by APTs because they make two flawed assumptions: response should happen after the point of compromise, and the compromise was the result of a fixable flaw” (U) Intelligence-driven computer network defense is a necessity (U) Address the threat component of risk, incorporating adversary analysis, their capabilities, objectives, doctrine and limitations UNCLASSIFIED

Threat Modeling (U) Intrusions must be studied from the adversary’s perspective – analyzing the “kill chain” to inform actionable security intelligence (U) An adversary must progress successfully through each stage of the chain before it can achieve its desired objective (U) Just one mitigation disrupts the chain and the adversary Recon Weapon DeliveryExploitInstall Command and Control Actions on Objectives UNCLASSIFIED

Threat Modeling UNCLASSIFIED//FOUO Recon Weapon DeliveryExploitInstall Command and Control Actions on Objectives (U) Moving detection and mitigation to earlier phases of the kill chain is essential in defending today’s networks

(U) Emerging Threats (U) Mobile devices (U) iOS (U) Android (U) Blackberry (U) Social Networking Sites (U) Facebook (U) Linked In (U) Cloud Computing (U) Offers great potential for cost reduction through optimized and efficient computing (U) Poor or inadequate implementations of cloud computing security and policy can provide actors with opportunities for exploitation. UNCLASSIFIED

(U) Reporting (U) DoD M (NISPOM) Section 3. Ch b (U) Industrial Security Letter (Feb 22, 2010) (U) DoDD , May 17, 2011, Encl. 4, Table 1 & 3 (U) Actual or attempted unauthorized access into automated information systems or networks (U) Password cracking, key logging, encryption, hacking activities, and account masquerading (U) Use of account credentials by unauthorized parties (U) Data exfiltrated to unauthorized domains (U) Social engineering, electronic elicitation, spoofing or spear phishing UNCLASSIFIED

Why Your Reporting Matters (U//FOUO) Reporting establishes and/or confirms Foreign Intelligence Entities activities throughout Industry (U//FOUO) Provides leads for investigations and operations (U//FOUO) Provides high quality information to the Intelligence Community (U//FOUO) Provides valuable information that aides the Intelligence Community in articulating the threat to the highest levels of the U.S. Government (U//FOUO) Stolen unclassified DoD/U.S. Government data aids the adversary: strategically, operationally, tactically, diplomatically, economically, research and development, etc., etc… UNCLASSIFIED//FOUO

Getting Ahead (U) Your DSS Community - ISR, ISSP, FCIS (U) Community Partnerships (U) Analytical Products (U) SCR Responses, Cyber Activity Bulletin, Cyber Threat Advisories, Cyber Special Assessments, Crimson Shield, Scarlet Sentinel, Annual Cyber Trends (U) Homeland Security Information Network (HSIN) (U) DSS Cyber Security web-based training UNCLASSIFIED

BREAK

Defense Security Service (U) Spear Phishing and Malware Submissions UNCLASSIFIED//FOUO

(U) Spear Phishing Sample #1 UNCLASSIFIED

(U) Spear Phishing Sample #2 UNCLASSIFIED

(U) Spear Phishing Sample #3 UNCLASSIFIED

(U) Malware Submission Website - AMRDEC UNCLASSIFIED//FOUO

(U) Malware Submission Website- AMRDEC UNCLASSIFIED//FOUO

(U) AMRDEC Safe Usage Policy Agreement UNCLASSIFIED//FOUO

(U) Verify Address UNCLASSIFIED//FOUO

(U) Malware – Link to Verify Address UNCLASSIFIED//FOUO

(U) Malware – Verify to Submit File UNCLASSIFIED//FOUO 1 2 3

(U) Malware – Submission Confirmation UNCLASSIFIED//FOUO

Questions? Jon Stevenson UNCLASSIFIED//FOUO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.