NSI IMPACT Session Summaries
Monday, April 22 — 8:00am - 8:45am
Keynote Address:
Cyber Security Threats… The New Reality
Lt. Gen. Michael T. Flynn, Director, Defense Intelligence Agency
President Obama has called the cyber threat to the U.S. “one of the most serious economic and national security challenges we face.” The U.S. federal government is a frequent target, but the corporate world is also under siege. Foreign actors are probing the networks of key government and U.S. companies in an attempt to access critical technology secrets. In this informative keynote address, DIA Director Lt. Gen. Michael Flynn will highlight the latest developments surrounding cyber threats to the nation’s security and real world strategies to protect the United States from emerging security threats. As one of the highest ranking intelligence officials in the country, Gen. Flynn’s insights will focus on the biggest threats facing the U.S. in the cyber realm, including cyberterrorism, cyberwar, cyberespionage and emerging areas of vulnerability to vital government and defense industry systems.
Monday, April 22 — 8:45am - 9:40am
Inside the New Threat Matrix of Digital Espionage, Crime and Warfare
Joel F. Brenner, of Counsel Cooley, LLP
Shortly after 9/11, Joel Brenner entered the inner sanctum of American espionage, first as the inspector general of the National Security Agency, then as the head of counterintelligence for the director of national intelligence. He saw at close range the battleground on which our adversaries are now attacking us—cyberspace. We are at the mercy of a new generation of spies who operate remotely from China, the Middle East, Russia, even France, among many other places. These operatives have already shown their ability to penetrate our power plants, steal our latest submarine technology, rob our banks, and invade the Pentagon's secret communications systems. This session will examine the new frontier of digital espionage and and how to defend against it.
You Will Learn:
➢ Current attacks—who, how, and what our adversaries are after
➢ What you need to do to protect your organization
Monday, April 22 — 10:40am - 11:25am
Cyber Security In An Age Of Mobility
Dr. Robert “Rocky” Young Director of Cybersecurity, OCIO, DoD
The revolution in mobile computing has changed the information security threat landscape. The latest security threat plaguing the corporate office is actually clipped to the belts and purses of a company's mobile workforce. New mobile devices have the functionality of desktop or laptop computers running a typical operating system making them vulnerable to the traditional risks–malware, Trojan software, and insecure mobile apps. As mobile adoption spreads at a record rate, and BYOD (“bring your own device”) becomes the new norm, controlling risks to sensitive government and corporate information becomes increasingly important. This presentation will give an update on current trends of cyber attacks on mobile devices and provide practices to prevent your organization from becoming a victim.
Key Issues:
➢ Understanding the mobile phone threat vectors
➢ Steps to combat mobile device security threats
Monday, April 22 — 11:25am - 12:25pm
DSS 2013: Key Security Challenges For the Year Ahead
Stanley L. Sims, Director, Defense Security Service
The pace of change in the National Industrial Security Program continues to accelerate with no signs of slowing down. Amid new and emerging risk factors, it is critical to be up to speed on the latest compliance requirements for preventing loss or compromise of classified information. In this annual state of the DSS briefing, you’ll hear about important DSS plans and priorities that will affect the way you do your job in 2013. Highlights include: looming mandate for Secure Web Fingerprint Transmission (SWFT) program; mitigating FOCI issues; progress report on DSS security rating matrix; Counterintelligence reporting; and future changes to NISPOM. This extended session provides an important learning opportunity plus the ability to have all of your questions answered.
You Will Learn:
➢ Patterns of security deficiencies cited
➢ Compliance strategies to protect your facility clearance
➢ Anticipated changes to NISP
Monday, April 22 — 2:00 - 3:15pm
Track I — Cyber OPSEC: Defending Against Social Media, Net Threats
Chris Cox, Deputy CIO and OPSEC Manager, U.S. Army’s National Training Center
While social media use is common practice at many government and contractor workplaces, these tools don’t come without risk. As social media’s adoption increases, so does the risk of critical information loss. Never before has the need for Operations Security (OPSEC) been greater. In an era of Facebook, LinkedIn, YouTube, Twitter and blogs, your employees may inadvertantly be opening the door to data leaks and cyberattacks. Despite the risks, many organizations are ill-prepared. To safeguard critical information, mitigate data leakage and protect classified information, security pracitioners must adopt an effective cyber OPSEC strategy. This workshop will teach you some of the common vulnerabilities of cyberspace and what countermeasures you can implement to handle them.
Key Benefits:
➢ Cyber OPSEC best practice tool kit
➢ How to minimize security risks while using social media
➢ Tips to implement an effective cyber OPSEC policy
Monday, April 22 — 2:00 - 3:15pm
Track II — How to Achieve a ‘Superior’ Rating On Your Next DSS Inspection
Richard Lawhorn, Dir., Industrial Security Field Ops Defense Security Service
For security managers, the prospect of a DSS vulnerability assessment can be intimidating. With the advent of DSS’ Rating System, achieving a “superior” rating can seem like an onerous task. Achieving excellence requires a systematic approach to analyzing and developing best practices to safeguard people, information, equipment, facilities, activities and operations. This workshop will help you pass your next inspection with flying colors and prepare you with the knowledge necessary to achieve superior inspection results. Topics covered include: understanding the Security Rating Matrix tool; vulnerabilities and corrective actions; key NISP enhancements to boost your score; best practices for NISPOM compliance; managing each element of an inspection; developing your ongoing self-inspection program.
You Will Learn:
➢ Proven ways to prepare for the vulnerability assessment
➢ Compliance strategies and inspection initiatives for 2013
➢ Best practices to enhance your security program
Monday, April 22 — 3:45 - 5:00pm
Track I — Security Clearance Panel: Issues and Answers
Peregrine Russell-Hunter, Dep. Dir., DOHA; Colleen Crowley, Exec. Dir. OPM Fed. Invest. Svc.
The federal government has earned praise for its efforts to bring greater efficiency, speed and reciprocity to the security clearance process. However, with some 4.8 million federal government and contractor employees holding or eligible for a security clearance, and with the number of investigations growing each day, there’s still work to be done to further streamline the process. In this informative Q&A panel session you’ll hear from key government players in the security clearance regime about what they’re doing to improve the timeliness, reciprocity and adjudication of security clearances. This is your chance to get up to speed on one of the most critical aspects of your security program.
You Will Leave With:
➢ Trend analysis for clearance processing times
➢ Adjudication hot button issues
➢ Proactive steps to head off clearance problems
Monday, April 22 — 3:45pm - 5:00pm
Track II — Habits of Highly Successful Security Awareness Programs
Steven Rients, Manager, Security Training BAE Systems, Inc.
Security awareness is a never-ending process. It’s far more than just annual refresher briefings and a few wall posters — it’s about education, culture and structure. One of the greatest challenges facing organizations in building a security awareness program is where to start, how do you plan, develop, deploy and maintain an effective awareness program? This workshop reveals straightforward “habits” that taken together, will help you build and maintain a high-impact awareness program that engages your employees and focuses on reducing risk by changing their behaviors. You’ll learn how to overcome challenges, gain management support, tailor a program to the needs of your workforce, and keep your security message fresh.
Learn How To:
➢ Avoid common mistakes in security awareness programs
➢ How to talk security so people will listen
➢ Develop a Security awareness action plan
Tuesday, April 23 — 8:10am - 8:55am
Terrorism 2013: Combating Threats In the Cyber World
Philip Mudd, Sr. Research Fellow, New America Foundation
More than a decade after the 9/11 attacks, the United States faces a more diverse, yet no less formidable, terrorist threat. Experts warn that in 2013 terrorists will continue to seek to harm the United States and its people. While U.S. counterterrorism officials develop and implement strategies and systems to address the threats of today, terrorists are planning the threats of tomorrow. To cope with this reality, security professionals must take greater care in planning and protecting their people, information and physical assets from the direct and indirect impact of the heightened terrorist threat. As terrorists become more creative, resourceful, and technology savvy, their approaches will become more sophisticated. Much like every other multi-national organization, they are using the Internet to grow their business and to connect with like-minded individuals. This timely threat briefing will examine the changing landscape of the terrorist threat to America’s security and offer recommendations for meaningful protections against growing dangers.
Key Benefits:
➢ Changing face of terrorism and top threats for 2013
➢ Effective and practical counterterrorism measures
➢ Emerging threats from high-tech terrorism and e-Jihad
Tuesday, April 23 — 8:55am - 9:40am
Defending Against Today’s Targeted Attacks on U.S. Networks
Robert E. Joyce, Deputy Director, Information Assurance Directorate, NSA
Hackers are stepping up the intensity of their attacks, moving from "disruption" to "destruction" of key U.S. computer systems, according to government officials. The sources of these cyberthreats include criminal groups, hackers, terrorists, organizational insiders, and foreign nations. The magnitude of the threat is compounded by the ever-increasing sophistication of cyberattack methods. Threats to cyber security show no signs of slowing down in 2013 as foreign adversaries ramp up efforts to penetratate sensitive and classified national security information systems. This session will discuss emerging threats to DoD networks including; vectors of attack; proliferation of networked devices and mobile workers; cybersecurity initiatives, collaboration between public and private sector.
You Will Learn:
➢ Biggest cybersecurity threats for 2013
➢ How to mitigate security risks
➢ Industry’s vital role in national cybersecurity
Tuesday, April 23 — 10:00am - 10:45 am
Understanding and Assessing the Chinese Cyber Threat
Scott Borg, Director, U.S. Cyber Consequences Unit
China’s government carried out numerous cyber attacks against United States government and private sector computers last year and has emerged as the most significant threat in cyberspace, according to a congressional commission report. Cybersecurity experts say the computer-based attacks emanating from China continue unabated, and in fact are expanding and focusing more intently on critical American military, defense, technology, and economic secrets. At least one expert has said that all major U.S. companies have had their networks penetrated at some point by hackers in China. This session will examine key threats and countermeasures security managers and their employees can take that will go a long way toward stemming the flow of stolen information.
You Will Learn:
➢ Scope of Chinese cyber threat to U.S.
➢ Specific case studies of cyber attacks by the PRC
➢ Top targets, tactics and methods used
Tuesday, April 23 — 10:45am - 11:45am
How to Market Security to Gain Influence and Secure Budget
Dee Dee Collins, Exec. VP, Special Aerospace Security Services, Inc.
Facing threats of defense budget cuts, corporate and government bean counters are forcing security professionals to communicate a better value proposition. In this demanding climate, new skills will be needed to become a security standout and secure needed funds for your program. If you want to have any chance of getting your budget approved, you need to justify it in terms of the benefit to the organization. Hard times require soft skills. Building a business case for security requires not only hard skills like ROI but soft skills such as marketing and communicating security’s contribution. Take heart, noted communications expert Dee Dee Collins, will share lessons learned for gaining the support — and respect—required to be successful in today’s challenging environment.
You Will Learn:
➢ Key skills needed to perform in this new era of security
➢ How to gain buy-in for your ideas
➢Career-boosting soft skills you need to succeed
Tuesday, April 23 — 1:45pm - 3:00pm
Track I — Targeting U.S. Defense Technologies In the Cyber Realm
William D. Stephens, Director, CI, Defense Security Service
Espionage targeting U.S. military technology and defense industry trade secrets is on a relentless upward trend, according to the Pentagon. Foreign spies are increasingly launching digital assaults against our nation in order to steal sensitive and classified economic and technology secrets. According to the Defense Security Service, reports of espionage skyrocketed 65% in 2011 when compared to the previous year, while the number of “suspicious contact” reports grew even more—75%. This session will examine the findings from the annual DSS report of “suspicious activity” incidents submitted by cleared defense contractors and discuss the current trends, targets and tools of choice being deployed by our adversaries.
You Will Learn:
➢ Top technologies being targeted
➢ Current exploitation methods being used
➢ Countermeasures to protect technology secrets
Tuesday, April 23 — 1:45pm - 3:00pm
Track II — AIS Security: Practical Strategies and Best Practices
Deborah Hutchins, ISSP, ODAA, Defense Security Service
The path to compliance with security requirements for Automated Information Systems can seem like a long and winding road. With technology continually spurring changes to the National Industrial Security Program Operating Manual, how do you ensure protection of classified information in your AIS systems? This session will guide you through the complex implementation issues and help you navigate the maze of AIS security requirements for processing classified data at various protection levels. Detailed instruction and practical exercises gives you greater understanding of ever-changing requirements for information systems security and best practices for avoiding potential compromise of classified data.
You Will Learn:
➢ How to avoid the biggest AIS security landmines
➢ Guidance on NISPOM Chapter 8 implementation
➢ System Security Plan best practices
Tuesday, April 23 — 3:20pm - 4:35pm
Track I — Economic Espionage Countermeasures: Street Smarts for Security Pros
David G. Major, President, CI Centre
The FBI estimates that economic espionage has cost American companies some $13 billion a year due to attacks on their intellectual property by foreign countries. Sensitive U.S. economic information and technology are targeted by intelligence services, private-sector companies, academic research institutions, and citizens of dozens of countries. Economic spies sell everything from chemical secrets to military technology—with China being the most persistent perpetrator. In the new cyber threat environment, sensitive information has become more difficult for organizations to control and much easier for adversaries to exploit. A robust Counterintelligence program can help defend against these vulnerabilities. This session addresses a multitude of tactics used to gain trade secrets and how to defend against them.
What You'll Learn:
➢ How to recognize espionage warning signs
➢ Steps to protect against insider/outsider threats
➢ How to develop a counterespionage program
Tuesday, April 23 — 3:20pm - 4:35pm
Track II — JPAS, JCAVS Solutions Clinic
Quinton L. Wilkes, Corp. Security Mgr., L-3 Communications; Representatives from Army, Navy and Air Force
Successfully navigating your way around the Joint Personnel Adjudication System (JPAS) and its related interfaces can be a time consuming and oftentimes stressful experience. It is, however, one of the most important tasks you will undertake as the government’s e-Clearance initiative advances. Bring your questions, first-hand experiences and frustrations to this problem-solving workshop where you can get answers from knowledgeable security experts who understand the ins and outs of JPAS. An expert security panel comprised of both government and industry JPAS Program Officers will lead you in this highly interactive session. You’ll receive practical instructions for effectively using the system.
You Will Learn:
➢ How to minimize problems and avoid delays
➢ New features and enhancements to JPAS
➢ Best practices for using JPAS, JCAVS and e-QIP
Wednesday, April 24 — 8:10am - 8:55am
Cyber Espionage: Emerging Threats to Economic, National Security
Roger Cressey, Sr. VP, Booz, Allen, Hamilton
Foreign spies, including some working for U.S. allies, are increasingly launching digital assaults against our nation in order to steal sensitive and classified economic and technology secrets. Dozens of countries are known to have active cyber espionage capabilities. Their victim’s range from U.S. government networks to cleared defense contractors to private businesses that increasingly see their sensitive intellectual property stolen via the network. U.S. officials say that companies are losing hundreds of billions to cyber- espionage amounting to the greatest transfer of wealth in history. To properly protect your organization against attacks, it’s imperative that you know the threat landscape. This session will examine how cyber-spies operate when seeking confidential data and key strategies to prevent the loss of secrets.
Key Benefits:
➢ Identify, prevent and counter cyber spying
➢ New threat vectors and modes of attack
➢ Understand latest trends used by cyber spies
Wednesday, April 24 — 8:55am - 9:40am
Changing NISP Requirements: Staying One Step Ahead
John P. Fitzpatrick, Director, Information Security Oversight Office
The National Industrial Security Program is undergoing changes as a result of a variety of forces. Major changes in the pipeline include a new rule for handling Controlled Unclassified Information; strategies for managing the explosive growth of classified information in all its varieties; and the role of technology in changing the classification and declassification system. This timely session will bring you up to speed on the latest and most important issues affecting government security and the National Industrial Security Program, including: NISPOM re-writes; DoD Insider Threat Program; CUI implementation; and more. Staying up to date with these critical issues should be a key part of your security strategy this year.
You Will Learn:
➢ Recent and upcoming policy changes
➢ Structural reforms to improve security
➢ NISPPAC working group’s agenda for 2013
Wednesday, April 24 — 10:00am - 10:45am
The Accidental Insider Threat: Is Your Organization Prepared?
Dr. Shawn P. Murray, Sr. Info Assurance Officer, Defense Missile Agency
Insiders are among the leading causes of data breaches for both government organizations and businesses in the U.S. The greatest risks aren't from rogue employees looking to cause damage, but rather from inadvertent breaches caused by staffers who simply stumble into costly mistakes. Between the widespread acceptance of bring-your-own-device (BYOD) policies in the workplace and the use of removable media, more information can be carried out an office door in minutes than the sum total of what was given to our enemies in hardcopy throughout U.S. history. This session will explore the threats posed by “accidental insiders”— individuals who are not maliciously trying to cause harm, but can unknowingly present a major risk to your organization and its sensitive information.
Key Issues:
➢ How to identify and mitigate insider threats
➢ Different types of threats — accidental & malicious
➢ Security strategies to reduce risk
Wednesday, April 24 — 10:45am - 11:45am
Situational Awareness: The Key to Better Security
Ray Semko, The DICEman
Situational awareness is the ability to identify, process, and comprehend threats to your critical information and assets. More simply, it’s knowing what’s going on around you. As threats to classified data intensify, security professionals must ramp up their situational awareness to safeguard government and corporate secrets. Ray Semko, well-known in the defense and intelligence communities as The DICE Man will use his high-energy, high-impact presentation to show us why we can’t be passive, helpless observers in this world, but need to be active participants who make a difference in keeping our people, facilities and critical information safe. Nationally known for his motivational presentations, Ray will offer the latest threat information and advice to help protect your organization and strengthen your security program. This security conscious-raising session will equip you with the latest tools and techniques to educate yourself and your workforce on the growing threats to national security.
You Will Learn:
➢ Why awareness is more important that ever
➢ How to sharpen your situational awareness skills