NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — May 1, 2019

  • Army Veteran Charged with Plotting to Bomb White Nationalist Rally
  • FBI Building Relationships with Private Sector to Improve Cybersecurity Responses
  • Intel Chiefs: ‘Naming and Shaming’ Nations that Launch Cyberattacks Is Effective
  • Trump Commits to Transferring Entire Clearance Process to Pentagon
  • Judge Cites State Secrets Risk in Dismissing Warrantless Wiretapping Suit
  • Selling Secrets to China: Former State Department Employee Pleads Guilty to Conspiracy
  • Coast Guard Lieutenant Accused of Terrorism Granted Release
  • Insider Threats: Manufacturing’s Silent Scourge
  • Top Cyber Diplomat: U.S. Needs Allies’ Help to Punish Cyberattacks
  • FEMA ‘Stabilizing Core Infrastructure’ to Prevent Perfect Storm of Cyber Calamities

Army Veteran Charged with Plotting to Bomb White Nationalist Rally (Reuters, 4/30/19)
 
A U.S. combat veteran of the war in Afghanistan who prosecutors say plotted to detonate multiple nail bombs at a Los Angeles-area white nationalist rally, seeking to cause mass casualties, was arrested in an FBI sting operation, federal prosecutors said on Monday.  Mark Steven Domingo, 26, a U.S. Army infantryman who recently converted to Islam, was taken into custody on Friday after undercover FBI operatives furnished him with what he thought were live bombs to be used in the attack, law enforcement officials said.
 
Authorities said Domingo, who had no prior criminal record, came to their attention because of a series of violent extremist messages he posted in online chat rooms, one of which called for "retribution" for the massacre of 50 people at mosques in Christchurch, New Zealand, by a gunman in March.  "Often we are asked what keeps us up at night.  This is a case that keeps us up at night," Ryan Young, special agent in charge of the FBI's Joint Terrorism Task Force, told a news conference in Los Angeles.  Domingo, who had purchased several hundred long nails to serve as shrapnel in the homemade pressure-cooker bombs, had also suggested attacks on Jews, police officers, churches, a military facility, Southern California freeways and the Santa Monica Pier during internet conversations with the FBI operatives, Young said.  More


FBI Building Relationships with Private Sector to Improve Cybersecurity Responses (Fed News Network, 4/29/19)
 
Federal cybersecurity efforts can often seem like one long campaign to prevent another Office of Personnel Management cyber breach, or Edward Snowden leak.  But that’s only half the story.  There’s also a significant effort to keep nation states, insider threats and other bad actors from causing similar incidents in the private sector.
 
“Ninety-five percent of the country’s infrastructure is controlled by or in the hands of the private sector,” said Amy Hess, executive assistant director of the FBI.  “And that’s significant.  The things that these individuals are after, are highly sought after and controlled, owned by private industry.  And we have to develop those relationships from a government perspective with private sector to ensure that for number one, for starters, that were notified when it is happens, because the sooner we can get involved, the sooner we can identify who it is, the sooner we can identify their [tactics, techniques and procedures], and the sooner we can stop them, hopefully from doing it again.”  That’s why the FBI is working to build relationships with the private sector, and help companies understand both the threats, and how they should respond to an incident.  In some cases, that’s happening on a very local level, Hess said, with field offices reaching out to companies in the vicinity and providing briefings and building rapport. More


Intel Chiefs: ‘Naming and Shaming’ Nations that Launch Cyberattacks Is Effective (ZDnet, 4/26/19)
 
Western countries are increasingly calling out malicious cyber activity by other nation states, and this naming and shaming can deter attacks and spur potential victims into improving their security planning, according to intelligence chiefs.  Intelligence experts from the Five Eyes intelligence grouping – made up of the UK, the U.S., Canada, Australia, and New Zealand – were all speaking as part of a panel session at CYBERUK 19, the National Cyber Security Centre's (NCSC) cybersecurity conference in Glasgow, Scotland, in a rare instance of public discussion by the alliance.
 
In recent years, the five countries have often come together to call out cyberattacks that have been attributed to nation states, including pointing the finger at North Korea for WannaCry and accusing Russia of being behind NotPetya.  The group of countries have also attributed malicious activity to campaigns backed by the Iranian and Chinese governments.  More

******************************************************************************************

Help Your Employees Connect to the “Why” in Security

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them. Many employees are not invested in the process because they don’t understand what’s in it for them. 

What you can do about it: A simple, proven approach.
Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html

******************************************************************************************

Trump Commits to Transferring Entire Clearance Process to Pentagon (FedScoop, 4/25/19)
 
President Trump issued an executive order last week making background investigations for security clearances the job of the Pentagon.  Previously under the purview of the Office of Personnel Management — which the Trump administration wants to shutter in fall 2019 — all background checks will be phased into DoD duties.  Starting June 24, the rebranded Defense Counterintelligence and Security Agency will become the chief security clearance distributor and take on National Background Investigations Bureau staff and resources.
 
Sept. 30 is the deadline for the transfer.  NBIS was already moved over to DCSA, when it was still known as the Defense Security Service, earlier this year.  NBIS is currently working on expediting the issuance and review of security clearances with the help of artificial intelligence.  The administration argues the National Defense Authorization Act of 2018 — which charged DoD with meeting its own clearance needs — justifies the move, rather than allowing NBIB and OPM to continue handling their own investigations. More

Judge Cites State Secrets Risk in Dismissing Warrantless Wiretapping Suit (Politico, 4/25/19)
 
A federal judge has dismissed a long-running lawsuit over President George W. Bush’s warrantless wiretapping program, ruling that allowing the case to go forward would create an unacceptable and exceptionally grave danger to the country.  “The Court cannot issue any determinative finding on the issue of whether or not Plaintiffs have standing without taking the risk that such a ruling may result in potentially devastating national security consequences,” U.S. District Court Judge Jeffrey White wrote in his ruling last week.
 
The suit, filed in 2008, alleged that the snooping — eventually named the Terrorist Surveillance Program by the Bush administration — violated the Fourth Amendment of the Constitution as well as the Foreign Intelligence Surveillance Act.  The effort is known to have included a massive database of telephone calls placed and received by Americans, although the full scope of the surveillance remains classified.  The Bush, Obama, and now Trump administrations have all invoked state-secrets claims to try to shut down the litigation. More


Selling Secrets to China: Former State Department Employee Pleads Guilty to Conspiracy (ClearanceJobs.com, 4/25/19)
 
The Department of Justice last week said Candace Marie Claiborne, a former employee of the State Department, pleaded guilty to having a clandestine relationship with Chinese intelligence operatives.  The plea deal charges Claiborne with the lesser charge of conspiracy and not espionage.  Claiborne served as an office management specialist.  She had unfettered access to classified information during her career, which began in 1999.
 
Her overseas assignments included Baghdad, Khartoum, and both Beijing and Shanghai.  It was during her assignments in China that Chinese intelligence made their approach to the State Department insider, befriending her and ultimately recruiting her to provide classified and non-public information.  Claiborne was arrested in March 2017.  The DOJ noted she received “gifts and benefits [that] included cash wired to Claiborne’s USAA account, Chinese New Year’s gifts, international travel and vacations, tuition at a Chinese fashion school, a fully furnished apartment, a monthly stipend, and numerous cash payments.” More


Coast Guard Lieutenant Accused of Terrorism Granted Release (AP, 4/25/19)
 
A federal magistrate has agreed to the pre-trial release of a Coast Guard lieutenant accused of being a domestic terrorist.  U.S. Magistrate Judge Paul Day noted last week that 50-year-old Christopher Hasson hasn't been charged with any terrorism related offenses.  Hasson was arrested Feb. 15 and is awaiting trial on firearms and drug charges.  Prosecutors say he created a hit list of prominent Democrats, two Supreme Court justices, network TV journalists and social media company executives.
 
Day says he still has "grave concerns" about Hasson based on information prosecutors have presented.  The magistrate says Hasson is "going to have to have a whole lot of supervision."  Day planned to order home confinement and electronic monitoring for Hasson.  It's not clear where Hasson will be confined or when he'll be released. More


Insider Threats: Manufacturing’s Silent Scourge (Industry Week, 4/25/19)
 
Like many industries, manufacturing is becoming more digitized and automated, with companies consistently creating new technology to stay one step ahead of competitors.  This type of innovation can reap many rewards, but also comes with inherent risks—from major impacts to the bottom line to employees accidentally or maliciously leaking coveted information.
 
Manufacturing is among the five industries with the highest percentages of insider threat incidents and privilege misuse, according to the Insider Threat Report recently published by Verizon.  The average cost of insider threats is $8.86 million annually for a single manufacturing organization with more than 1,000 employees.  Bottom of Form
Insiders—whether they are employees working on the shop floor or in the corner office, users with security clearance, or third-party partners—require access to critical applications, systems, and data to do their jobs effectively.  While necessary, this access presents major risk to sensitive company information.  More


Top Cyber Diplomat: U.S. Needs Allies’ Help to Punish Cyberattacks (DefebseOne, 4/24/19)
 
The U.S. could do a better job deterring cyberattacks if international allies were on board to punish the perpetrators, the nation’s top cyber diplomat said last week.  In recent years, the U.S. and its allies have gotten less afraid of attributing cyberattacks to adversaries like Russia, Iran and North Korea, but their attempts to punish those online aggressions are far less united, according to Rob Strayer, the State Department’s deputy assistant secretary for cyber and international communications and information policy.
 
To prevent those countries from launching attacks in the first place, the international community needs to make it clear that the costs of such actions outweigh the benefits.  According to Strayer, that calculation is a lot easier when multiple countries are threatening retaliation.  “We all know that we share common values about human rights and fundamental freedoms that can be expressed online,” he said.  “If we don’t stand together to continue to defend our vision and our values online, then [they] will continue to be undermined by nation-state actors.”  More

FEMA ‘Stabilizing Core Infrastructure’ to Prevent Perfect Storm of Cyber Calamities (Homeland Security Today, 4/24/19)
 
The Federal Emergency Management Agency is focused on “stabilizing the core infrastructure and the core environment” to keep the agency and its partners securely connected during a crisis, including upgrading aging infrastructure to support the latest security controls, said the agency’s acting deputy chief information officer for disaster operations.  “The biggest concern and the biggest issue as we move to the cloud is to ensure it’s a secure move, that the data is secure, that the environment is secure… ensuring that we have a secure connection is critical,” Scott Bowman, who has more than two decades of experience at FEMA, said last week.
 
“Ensuring that we have scalability in that connectivity – we need to ensure that we just don’t have a very scalable, elastic cloud that has infinite compute capability, but we’re limited on the network side of the house,” he said.  “So an area of focus is ensuring the bandwidth and connectivity to the cloud is through a secure connection that is adequate to meet the need.”  This spring, hackers were responsible for blaring tornado emergency warning sirens in Texas, and one Illinois city said it planned to pull its sirens after multiple hacks.  Bowman said the vulnerability of systems such as these underscores how FEMA must be “building in security with everything, considering everything we do on a daily basis.”
More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button