Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Counterintelligence Awareness and Security Brief Student Guide CI112 1 Counteri

Counterintelligence Awareness and Security Brief Student Guide CI112 1 Counterintelligence Awareness and Security Brief Introduction Opening Every day, United States sensitive and classified technologies and information are targeted and stolen using various collection vectors. As a result, the United States’ technological lead, competitive edge, and strategic military advantage are at risk, and our national security interests could be compromised. Countering this threat requires knowledge of the threat and diligence on the part of all personnel charged with protecting classified information. You play a role. You must be vigilant. Welcome to your initial or annual counterintelligence awareness and security briefing. Welcome I will be guiding you through this briefing. I’m a Facility Security Officer, or FSO, for a cleared defense contractor. I’m responsible for the overall security of my facility. You will also hear from a Defense Counterintelligence and Security Agency, or DCSA, Counterintelligence Special Agent, or CISA. They will let us know how DCSA can help us and how we can help DCSA. Finally, we will also learn from a former agent of a foreign intelligence entity—an FIE. We’ll only take about 25 minutes of your time. As we proceed through this course, keep in mind that additional information is also available to you from the Course Resources page. Let’s get started. Protecting Information and Technology Adversary Targets As members of the national industrial base, both you and I have access to sensitive and classified information in the course of our daily work. We are responsible for protecting that information. We are also responsible for reporting any suspicious activity that may indicate a threat to the security of U.S. technology or systems. Because of our access, we are targets of adversaries seeking to gain information and technology. We may be targeted for what we know and for what we have access to. So what, exactly, should we be protecting? Adversaries target assets, in the form of people, information, equipment, facilities and networks, activities and operations, and suppliers. When targeting people, adversaries employ a wide range of methods and may even look for exploitable weaknesses—such as financial problems, drug and alcohol issues, adultery, and gambling problems. When targeting information, adversaries know that while a single piece of information—classified or not—may not be of critical importance alone, when put Counterintelligence Awareness and Security Brief Student Guide CI112 2 together with other pieces of information, it may reveal sensitive, or even classified, information. Because of this, we must protect not only classified information, but also sensitive, unclassified information and proprietary information. Loss of any of these directly affects not only our companies’ economic viability, but also affects national security. You can find details on how to protect your information in the Resources. Classification Levels Top Secret: Top Secret information is information or material of which unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security that the Original Classification Authority is able to identify or describe. Secret: Secret information is information or material of which unauthorized disclosure could reasonably be expected to cause serious damage to the national security that the Original Classification Authority is able to identify or describe. Confidential: Confidential information is information or material of which unauthorized disclosure could reasonably be expected to cause damage to the national security that the Original Classification Authority is able to identify or describe. Targeted Information and Technologies Let’s talk more specifically about the technology and information targeted by adversaries. As a former foreign intelligence officer, I know a lot about this. While adversaries are interested in anything that will strengthen their advantage— whether it is a military, competitive, or economic advantage—technology assets are the greatest target. Both classified and unclassified technologies are targeted. We also seek out contingency plans, personnel information, and information on programs, deployments, and response procedures. When adversaries are able to collect enough information, they can piece it together and learn things—even classified things—which have serious consequences to U.S. national security. Targeted information and technology includes: • Technology information, classified and unclassified o Critical Technology o Dual Use Technology o Industrial Base Technology List o Emerging Science & Technologies o Proprietary Research and Development • Contingency plans • Personal and personnel information • Programs, deployments, response procedures Counterintelligence Awareness and Security Brief Student Guide CI112 3 Critical Technology • Technology or technologies essential to the design, development, production, operation, application, or maintenance of an article or service that makes or could make a significant contribution to the military potential of any country, including the United States • Includes, but not limited to, design and manufacturing know-how, technical data, software, keystone equipment, and inspection and test equipment • May be export controlled and subject to the International Traffic in Arms Regulations (ITAR) Dual Use Technology • Technology that has both military and commercial use • Export is strictly controlled and enforced under the Export Administration Regulations (EAR) • Illegal export of this technology often results in fines and/or criminal • charges Sources of Threat Threats come in many forms and may materialize in different ways. As a CI Special Agent, I see examples of this every day. For example, some threats are found within your office and look just like you and your coworkers. In fact, they may be your coworkers. Others originate within foreign intelligence entities. Threats may be physical and come in the form of terrorist activity or they may be electronic and carried out by hackers and cyber criminals. Other threats come from those seeking to damage your business while building their own. In order to identify these threats, you must understand what or whom to look for, and must understand how they operate. Collection Methods Consider This Would you consider any of these scenarios to be suspicious?  Your company’s sales department receives a purchase request from an unknown vendor.  A scientist at your facility receives a request to review a research paper.  During a conference overseas, a researcher’s laptop is stolen.  As you arrive at your building early one morning, you encounter a coworker leaving the building. The coworker nervously explains that he sometimes prefers to work overnight without the distraction of others.  Your organization’s network service is disrupted following a denial of service attack. Any of these scenarios might point towards a possible threat. Counterintelligence Awareness and Security Brief Student Guide CI112 4 How is Information Targeted? Examining past cases reveals that adversaries commonly use certain collection methods— some of which are identified here. • Exploitation of Cyber Operations • Request for Information (RFI) / Solicitation • Attempted Acquisition of Technology • Exploitation of Experts • Foreign Visit • Foreign Travel • Insider Threat Note that this list is not all inclusive. Additional methods are identified in the Course Resources. Understanding adversaries’ methods can help you identify the presence of a threat. Let’s take a closer look at the identified collection methods. Exploitation of Cyber Operations Cyber operations and other kinds of suspicious network activity are attempts to carry out intrusions into cleared contractor networks and exfiltrate protected information. This may be done via many different ways, to include: phishing operations; cyber intrusion; malicious network scans; the emplacement of viruses or malware; backdoor attacks; or the acquisition of usernames and passwords to gain access to networks. This is a dangerous and very real threat. An adversary can target you from anywhere, obfuscate their trail, and target multiple assets at a time. It is a low-risk and potentially high- reward method for our adversaries. Here are some indicators you should be aware of. The following is a list of suspicious indicators related to suspicious network activity and cyber operations: • Unauthorized system access attempts • Unauthorized system access to or disclosure of information • Any acts that interrupt or result in a denial of service • Unauthorized data storage or transmission • Unauthorized hardware and software modifications • E-mails received from unknown senders (that include social engineering attempts such as phishing) The following countermeasures can be taken by cleared defense contractors to guard against this collection method: • Comply with the measures in your company’s Technology Control Plan (TCP) • Conduct frequent computer audits • Ideally: Daily • At minimum: Weekly • Do not rely on firewalls to protect against all attacks • Report intrusion attempts • Avoid responding to any unknown request and report these requests Counterintelligence Awareness and Security Brief Student Guide CI112 5 • Disconnect computer system temporarily in the event of a severe attack A Technology Control Plan: • Stipulates how a company will control access to its export-controlled technology • Outlines the specific information that has been authorized for release • May be required by the National Industrial Security Program Operating Manual (NISPOM) and the International Traffic in Arms (ITAR) under certain circumstances • Protects classified and export-controlled information • Controls: o Access by foreign visitors o Access by employees who are foreign persons Information on this collection method is available in the Resources. If you suspect you, a coworker, or your uploads/Litterature/ counterintelligence-awareness-and-security-brief-opening.pdf