NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — March 14, 2019

  • State Department Warning: Citizens Traveling to India Could Fall Victim to Terrorism, Assault
  • Man Convicted of Supporting Terrorism Says Propaganda Convinced Him ISIS Was Good
  • Arrests in Domestic Terror Probes Outpace Those Inspired by Islamic Extremists
  • Elon Musk’s Security Clearance Under Review Over Pot Use
  • Iranian Hackers Caused Losses in Hundreds of Millions: Report
  • Managing Cyber Risk in the Nation’s Oil and Gas Pipeline Systems
  • Three Small Explosives Found at London Airports, Train Station
  • NSA Official: No ‘Smoking Gun’ Evidence Coming on Huawei
  • Key Background Investigations Team Reassigned from DISA to DSS
  • Researcher: West Not Ready for the Coming Wave of Chinese Misinformation
  • FBI’s Wray Addresses China’s Counter-Intel Capabilities   

State Department Warning: Citizens Traveling to India Could Fall Victim to Terrorism, Assault (Business Insider, 3/12/19)
The State Department updated a travel warning to India during violent escalation in fighting along the border between nuclear rivals India and Pakistan.  The State Department warned women against a troubling rise in sexual violence and all travelers against potential terror attacks.
India and Pakistan, bitter rivals for decades, have been fighting inside Kashmir, a disputed border region which each country administers in part.  The fighting kicked off after a February 16 terror attack killed 40 Indian security forces.  Air battles, shelling, and ground fighting have followed sporadically since that attack, with planes being shot down and Pakistan temporarily closing its airspace.  The State Department has called for "increased caution in India due to crime and terrorism," and for U.S. citizens to stay at least 10 kilometers away from the disputed border region, and not to enter Kashmir at all. More

Man Convicted of Supporting Terrorism Says Propaganda Convinced Him ISIS Was Good (Cincinnati.com, 3/11/19)
Laith Alebbini admits he tried to travel to Syria to meet with ISIS, but he says he only did it because he wanted to fight Syria's Bashar al-Assad and help the Syrian people.  Now, he is trying to avoid decades in prison.  Alebbini was arrested in April 2017 at the Cincinnati/Northern Kentucky International Airport.  He's been in jail ever since.  In December, the Dayton, Ohio, man pleaded guilty to attempting to provide material support and resources to a terrorist group.
Federal prosecutors have asked for a sentence of 40 years in prison, but Alebbini and his lawyers would like his sentence to be the time he has already served.  In a 27-page memorandum, Alebbini's lawyers called what he did a "thought crime," and said he operated under the "erroneous belief that the Islamic State were not evil terrorists."  The document explained that Alebbini, a Jordan-born U.S. legal permanent resident, became obsessed with the conflict in Syria and felt compelled to do something about it, going so far as applying to join the U.S. Army in 2016. More

Arrests in Domestic Terror Probes Outpace Those Inspired by Islamic Extremists (Chicago Tribune, 3/9/19)
Most people arrested as the result of FBI terrorism investigations are charged with non-terrorism offenses, and more domestic terror suspects were arrested last year than those allegedly inspired by international terror groups, according to internal FBI figures.  As government officials and activists debate the best way to pursue violent extremists, the figures show how much of counterterrorism work goes undeclared and unnoticed.  Thousands are investigated each year.  Hundreds are charged with crimes.  But the public and the media see only dozens.
The debate centers on whether law enforcement is too focused on Islamic terrorism and not paying enough attention to the rise in far right-wing extremism.  In fact, according to the data, more domestic terrorist targets are being charged, and in both categories, law enforcement often leverage simpler crimes, such as violations of gun or drug laws, to prevent violence.  More

Security Clearance Program Transition: What to Expect (NSI.org, 3/11/19)

The security clearance process is about to get its biggest overhaul in the past 50 years. The National Background Investigations Bureau (NBIB) is in the midst of planning to transition their facilities, workloads and 2,000 employees to the Defense Security Service by Oct. 1, 2019, pending a presidential executive order. The consolidation will help ensure the continuing progress being made to reduce the security clearance backlog. Several transformation initiatives are in the works including new initiatives to implement continuous evaluation, reducing the need for periodic reinvestigations. Find out what’s in store for the security clearance process and hear from the nation’s top security officials at the upcoming NSI IMPACT ’19 Forum on April 15-17 at the Westfields Marriott in Chantilly, VA.  Charles Phalen, Director NBIB; Perry Russell-Hunter, Director, DOHA; and Tricia Stokes, Director of the new Defense Vetting Directorate at DSS will examine these historical changes and how they will affect your security program. 

For more information and to register, go to https://www.nsi.org/impact-registration.html


Help Your Employees Connect to the “Why” in Security

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them. Many employees are not invested in the process because they don’t understand what’s in it for them. 

What you can do about it: A simple, proven approach.
Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html


Elon Musk’s Security Clearance Under Review Over Pot Use (Bloomberg, 3/7/19)
The Pentagon is reviewing Elon Musk’s federal security clearance following the billionaire’s marijuana toke on a California comedian’s podcast in September, according to a U.S. official.  Musk has refiled his SF-86 security form, which requires a federal employee or contractor seeking a clearance to acknowledge any illegal drug use over the previous seven years, according to the official, who asked not to be identified.  The entrepreneur has a secret-level clearance because of his role as founder and CEO of Space Exploration Technologies Corp., which is certified to launch military spy satellites.
A SpaceX official, who asked not to be identified, said the review hasn’t had an impact on the company.  The company has won contracts for national security space launches since Musk’s podcast incident.  But the refiling and review underscore the continuing ramifications from the CEO’s decision to smoke marijuana on the podcast, which quickly went viral.  And it highlights the legal discrepancies between federal and state policy on marijuana use: While about three dozen states have taken steps to decriminalize pot, its use remains a federal crime. More

Iranian Hackers Caused Losses in Hundreds of Millions: Report (Security Week, 3/7/19)
Iranian hackers working to penetrate systems, businesses and governments around the world have caused hundreds of millions of dollars in damages, a report said last week.  Researchers for tech giant Microsoft said the attackers stole secrets and wiped data from computer networks after targeting thousands of people at some 200 companies over the past two years.
Reports said Microsoft traced the attacks to Holmium, a group linked to Iran, and that some of the hacking was done for Holmium by another Iranian group known as APT33.  John Lambert, the head of Microsoft's Threat Intelligence Center, said the attacks were "massively destabilizing events."  Reports said the hackers notably targeted oil-and-gas companies, heavy-machinery manufacturers and international conglomerates in Saudi Arabia, Germany, Britain, India and the United States.  In 2017, the security firm FireEye blamed APT33 for destructive malware that targeted organizations in the Middle East and elsewhere. More

Managing Cyber Risk in the Nation’s Oil and Gas Pipeline Systems (Homeland Security Today, 3/7/19)
What does the federal government need to do to better help the oil and gas industry secure the vital national infrastructure it owns and operates?  That was the question weighed by panelists at a discussion last week on the sidelines of the annual RSA cybersecurity conference.  The panel was put together by the American Petroleum Institute and the University of Chicago Cyber Policy Initiative.
Recent reports, like the Director of National Intelligence’s Worldwide Threat Assessment, have painted a dire picture of the threats facing American critical infrastructure.  And a recent House Committee on Homeland Security hearing aired criticism of how the TSA has handled its responsibilities to help ensure the cybersecurity of the nation’s pipeline system.  The panel brought together former and current officials, such as retired Brig. Gen. Francis X. Taylor, the former undersecretary for intelligence and analysis at DHS, and Bob Kolasky, the director of the new National Risk Management Center at DHS.  The panelists concluded that there needs to be more, and better, information sharing regarding cybersecurity vulnerabilities and intelligence between government and industry, and within government itself. More

Three Small Explosives Found at London Airports, Train Station (Homeland Security News, 3/7/19)
London police foiled a terrorist plot involving three small explosive devices sent to major transportation hubs in the UK capital last week.  The devices were delivered in white postal bags with heart-emblazoned stamps to London Waterloo train station, and locations near Heathrow Airport and London City Airport.
Just before 10 a.m., the city’s Metropolitan Police got a call about a suspicious package near Heathrow.  After being opened by staff at the building, part of the package burned, according to cops.  The building was evacuated and officers worked on the device until it was safe.  At 11:40 a.m., calls to British Transport Police came in for a suspicious package in the post room at Waterloo station, and at 12:10 p.m., police were called about a package delivered near City Airport.  Neither package was opened and no one was injured.  No flights were impacted by the incidents, and transportation services at the hubs were operating as normal.  More

NSA Official: No ‘Smoking Gun’ Evidence Coming on Huawei (Cyber Scoop, 3/7/19)
Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop.  “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview.  “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.”
U.S. officials have long accused Chinese tech companies Huawei and ZTE of being potential vessels for spying.  One reason is that under Chinese law, companies are required to cooperate with national intelligence activities.  Huawei and ZTE strenuously deny the allegations, saying they operate as competitive companies in the global economy.  More

Key Background Investigations Team Reassigned from DISA to DSS (NextGov, 3/7/19)
As several federal agencies work to overhaul the security clearance process, the DoD is shuffling its technical team under a new office.  The 40 employees working on the National Background Investigations Service, or NBIS, the IT system that will become the backbone of all background investigations work once fully deployed, will be moving from their current office in the Defense Information Systems Agency in Fort Meade, Maryland, to the Defense Security Service headquartered in Quantico, Virginia. 
The latter office has been at the center of DoD efforts to reimagine the security clearance process, and will be the lead office for investigations work once that mission is transferred from the civilian National Background Investigations Bureau.  That transfer is not yet official, pending a presidential executive order, but defense and NBIB officials are preparing to make the switch by Oct. 1.  The NBIS employees are also on track to migrate over to the Security Service by Oct. 1, though the move might occur sooner. More

Researcher: West Not Ready for the Coming Wave of Chinese Misinformation (DefenseOne, 3/7/19)
China’s offensive social-media operations are a sleeping giant, different from Russia’s in ways that Western social-media firms are unprepared to counter, a new report says.  The report, unveiled last week by cybersecurity research firm Recorded Future, compares Russian and Chinese disinformation operations.  Up to 18% of social media posts in China are government propaganda aimed at its own citizens.  And there are a lot of people working that job. 
How many?  First, recall that the Internet Research Agency, the Russian troll farm that attempted to sway U.S. voters before and after the 2016 election, employed at most 600 people.  Estimates of the size of the Chinese operation vary, according to research from different academic institutions cited by the Recorded Future report.  One study put the estimate at above half a million people.  But this saturation attack on its own people isn’t necessarily how Beijing tries to influence the West.  Priscilla Moriuchi, a researcher at Recorded Future, said the Chinese government’s near-total control over its internet space enables “techniques that are relatively unique to their own domestic information environment.  They don’t use those techniques when targeting Americans in English on U.S. platforms.  The goals they have for targeting Americans are different.” More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org




Impact 2019 Banner

Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button