NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — February 12, 2020

  • U.S. Counterintelligence Chief Warns of Broadening Spy Threat
  • U.S. Says Chinese Military Stole Masses of Americans' Data
  • How the JPL Works to Secure Missions from Nation-State Adversaries 
  • Powerful Cyberattack Takes Down 25% of Iranian Internet
  • IS Remains at Center of Transnational Terror Threat: UN
  • Officials Warn Chinese Espionage an 'Existential Threat'
  • Why the Iranian Cyberthreat Has Become ‘More Dynamic’
  • To Counter Huawei, U.S. Could Take 'Controlling Stake' in Ericsson, Nokia
  • Report Criticizes Defense Industrial Base; Cites Workforce Shrinkage, IP Theft
  • Russian Spacecraft Stalking U.S. Spy Satellite Sparks Espionage Fears

U.S. Counterintelligence Chief Warns of Broadening Spy Threat (CBS News, 2/10/20)

The United States faces espionage threats from a growing range of adversaries that are employing new technologies to undermine the country's interests, according to a new document released Monday by the National Counterintelligence and Security Center (NCSC). Threats from "foreign intelligence entities are becoming more complex, diverse, and harmful to U.S. interests," the National Counterintelligence Strategy for 2020-2022 says. "Foreign threat actors have become more dangerous because, with ready access to advanced technology, they are threatening a broader range of targets at lower risk."

"With the private sector and democratic institutions increasingly under attack, this is no longer a problem the U.S. government can address alone," said NCSC Director William Evanina in a statement accompanying the report. "It requires a whole-of-society response involving the private sector, an informed American public, as well as our allies."  More

Note: NCSC Director William Evanina will deliver the keynote address at the upcoming NSI IMPACT ’20  Forum to be held on April 20-22 at the Westfields Marriott in Chantilly, VA.  He will be joined by a top-flight faculty of speakers and trainers who will provide valuable threat briefings, training workshops, case studies and practical take-home tools to improve your security program and prepare you for the road ahead.

For more information and to register, go to: https://www.nsi.org/impact-2020.html

U.S. Says Chinese Military Stole Masses of Americans' Data (AP, 2/10/20)

Four members of the Chinese military have been charged with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history to target consumer data.  The hackers in the 2017 breach stole the personal information of roughly 145 million Americans, collecting names, addresses, Social Security and driver's license numbers and other data stored in the company's databases. 

The intrusion damaged the company's reputation and underscored China's increasingly aggressive and sophisticated intelligence-gathering methods.  “The scale of the theft was staggering," Attorney General William Barr said in announcing the indictment.  “This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft.” More

The War Against Space Hackers: How the JPL Works to Secure Missions from Nation-State Adversaries (TechCrunch, 2/9/20)

NASA's Jet Propulsion Laboratory designs, builds and operates billion-dollar spacecraft.  That makes it a target.  What the infosec world calls Advanced Persistent Threats -- meaning, generally, nation-state adversaries -- hover outside its online borders, constantly seeking access to its "ground data systems," its networks on Earth, which, in turn, connect to the ground relay stations through which those spacecraft are operated.

Their presumptive goal is to exfiltrate secret data and proprietary technology, but the risk of sabotaging a billion-dollar mission also exists.  In the wake of multiple breaches, including APTs infiltrating their systems for months on end, the JPL has begun to invest heavily in cybersecurity.  Arun Viswanathan, a key NASA cybersecurity researcher, said that work is "totally representative of infosec today" and "unique to the JPL's highly unusual concerns."  The key message is firmly in the former category, though: information security has to be proactive, not reactive. More


Help Your Employees Be More Security Conscious in 2020

Protecting classified information depends, today more than ever, on the security awareness of employees.   They can literally make or break your security program.  And the stakes have been raised even higher with the Security Rating Matrix, which puts heightened emphasis on employee education and awareness.  In fact, one of the top three deficiencies cited by IS Reps around the country is a “weak security education program.”

So, how can you achieve a “Superior” inspection rating and avoid having to answer for negligent employee behavior?  The secret lies in just three little words: EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next security audit.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve “superior” inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html


IS Remains at Center of Transnational Terror Threat: UN (Xinhua.net, 2/8/20)

The UN counterterrorism chief last week said the Islamic State (IS) remains at the center of the transnational terrorism threat, despite its defeat in Syria last March and the death of its longtime leader in October.  Undersecretary-General of the UN Counter-Terrorism Office Vladimir Voronkov told the Security Council that IS has continued to seek resurgence and global relevance online and offline, aspiring to re-establish its capacity for complex international operations.

Moreover, he said IS's regional affiliates continue to pursue a strategy of entrenchment in conflict zones by exploiting local grievances.  Foreign terrorist fighters (FTFs) who traveled to Iraq and Syria are expected to continue to pose an acute short, medium and long-term threat due to their high number, with estimates of those alive ranging from 20,000 to almost 27,000, he added. More

Officials Warn Chinese Espionage an 'Existential Threat' (AP, 2/6/20)

The number of FBI arrests in cases related to Chinese espionage has risen sharply in the last five years, corresponding with what the U.S. government sees as an urgent threat to American economic prosperity and intellectual property, federal law enforcement officials said last week.  There were 24 China-related arrests in the last fiscal year, up from 15 five years earlier, and there have been 19 this year, according to DOJ figures presented at a conference on Chinese data theft from corporations and universities.

Officials described urgent law enforcement and intelligence efforts to counter China's targeting of corporate trade secrets and academic research, including defense information, software for wind turbines, and high-end medical technology.  In recent years, China has relied not only on hacking to steal information but also on recruitment of scientists and other individuals.  “The long-term existential threat to the security of our nation is real," said Bill Evanina, the government's top counterintelligence official. More

Why the Iranian Cyberthreat Has Become ‘More Dynamic’ (Fifth Domain, 2/6/20)

Following the drone strike the killed Iranian Maj. Gen. Qassem Soleimani in early January, one top military leader said a retaliatory cyberthreat has become more dynamic.  Gregg Kendrick, executive director of Marine Corps Forces Cyberspace Command, said that the Iranian regime will likely have to demonstrate to their people that they are still doing something for the drone strike, even if externally they deny any operations.

The Iranians will also likely need to help their economy, Kendrick said at an event hosted by the Institute for Critical Infrastructure Technology.  This means they’ll likely target the energy sector to drive up the price of oil to help their illicit oil sales.  Additionally, other actors may take advantage of the renewed U.S.-Iran rift.  “It might not be Iran, but I do think [Russia’s president Vladimir] Putin — he’s a wily cat and an enemy of us — and/or Xi [Jinping, China’s president], who is a long thinker, or some criminal element ... [someone] will use Iranian infrastructure and/or tools,” Kendrick said. More

To Counter Huawei, U.S. Could Take 'Controlling Stake' in Ericsson, Nokia: AG (Reuters, 2/6/20)

U.S. Attorney General William Barr said last week the United States and its allies should consider the highly unusual step of taking a “controlling stake” in Finland’s Nokia and Sweden’s Ericsson to counter China-based Huawei’s dominance in next-generation 5G wireless technology.  In a remarkable statement underscoring how far the U.S. may be willing to go to counter Huawei Technologies Co, Barr disclosed in a speech at a conference on Chinese economic espionage that there had been proposals to meet the concerns “by the United States aligning itself with Nokia and/or Ericsson.”

Barr said the alignment could take place “through American ownership of a controlling stake, either directly or through a consortium of private American and allied companies.”  He added, “Putting our large market and financial muscle behind one or both of these firms would make it a far more formidable competitor and eliminate concerns over its staying power, or their staying power.” More

Report Criticizes Defense Industrial Base; Cites Workforce Shrinkage, IP Theft (Seapower, 2/5/20)

The health and readiness of the U.S. defense industrial base, plagued by intellectual property theft and a shrunken workforce, rates a barely passing grade on a report card issued on Feb. 5 by the sector’s largest industry group.  The report, compiled by the National Defense Industry Association (NDIA) and data analytic firm Govini, raises concerns about an industry challenged by cyber threats and industrial espionage. 

Securing sensitive material against spies and data breaches earned a failing grade, 63 out of 100, the lowest among eight areas analyzed by Govini and NDIA.  In the foreword to the report, Govini CEO Tara Murphy Dougherty noted the new era of “great power competition” is different from the Cold War.  China is a rival economic power, rapidly closing the technological gap, she wrote, adding, “China’s efforts to exploit technological advancements made by others for its own benefit threaten the security of the defense industrial base.” More

Russian Spacecraft Stalking U.S. Spy Satellite Sparks Espionage Fears (Forbes, 2/5/20)

In a strange twist that could come straight from a movie, it appears a Russian satellite is stalking a U.S. spy satellite in space.  Named Kosmos 2542 and launched in November 2019, the Russian satellite is designed to inspect other Russian spacecraft.

However, that remit might have just expanded.  Satellite enthusiasts who have been tracking the Russian satellite’s moves during January found its behavior was increasingly strange.  It has been orbiting in the same plane as a U.S. spy satellite called USA-245–which itself has been in operation since 2013–and it is getting closer all the time.  Michael Thompson, a graduate teaching assistant at Purdue University who specializes in satellites and astrodynamics, detailed the move in a tweet.  “Something to potentially watch: Cosmos 2542, a Russian inspection satellite, has recently synchronized its orbit with USA 245, an NRO KH11.” More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Impact 2020 Banner


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button