NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — June 24, 2020

  • Army to Allow Users to Access Classified Info from Home
  • DHS Expands Insider Threat Program
  • ‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
  • 3 Bills Focused on Securing Tech Superiority over China
  • Agencies Recommend Blocking Hong Kong-U.S. Undersea Cable
  • NSA Revises Guidance on Teleworking Services for Government Users
  • Ex-Pentagon Analyst Sentenced to 30 Months in Leak Case
  • CIA Report Slammed Agency’s Security as ‘Woefully Lax’
  • Secretive Russian Disinformation Op Discovered; Dates Back to 2014
  • Pushing for a Cyber 9/11, Al-Qaeda Recruits for ‘E-Jihad’ to ‘Ruthlessly Exploit’ Vulnerabilities
  • White House: U.S. Firms Can Work with Huawei on 5G Standards

Army to Allow Users to Access Classified Info from Home (C4ISRNET, 6/22/20)

The Army is expected to roll out a capability that will allow employees to remotely access sensitive and classified information in the next 30 days.  The decision to establish remote classified access comes as the COVID-19 pandemic continues to keep Americans working from home and military leaders prep for a second wave of the virus in the fall.

The new capability will allow remote users to access non-classified but sensitive information as well as classified information up to the secret level from remote locations, including at home, Maj. Gen. Maria Barrett, the commander of Network Enterprise Technology Command, said.  The Army will be onboarding the first 500 users in the next 30 days, and it plans to eventually scale up to 2,000 users, according to Barrett.  NETCOM is working with the Army CIO/G-6 and 7th Signal Command — which is responsible for defending Army networks in the United States — to gather “user requests for prioritization,” Barrett said. More


DHS Expands Insider Threat Program (GCN, 6/22/20)

The Department of Homeland Security is expanding its insider threat program (ITP) to go beyond scrutinizing individual with access to classified materials to encompass "all those with past or current access to DHS facilities, information, equipment, networks, or systems," according to a Privacy Impact Assessment.  When the ITP was originally set up in 2011 through an executive order, it required agencies that operate or access classified computer networks to implement an insider threat detection and prevention program that would safeguard classified national security information.

The effort was expanded in January 2017 to focus on threats posed by all individuals who have or had access to DHS facilities, information, equipment, networks or systems, essentially identifying a new category of insider threat outside the classified environment.  The new impact statement, which accounts for ITP’s expanded scope, says that DHS’ data collection efforts will now include employment and performance information, personnel files, clearance status and more. More


'BlueLeaks’ Exposes Files from Hundreds of Police Departments (Krebs, 6/20/20)

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week.  The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.

The collection is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.  In a Twitter post, DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”  Fusion centers are state-owned and operated entities that gather and disseminate law enforcement and public safety information between state, local, tribal and territorial, federal and private-sector partners.   More

******************************************************************************************

NISPOM and Insider Threat awareness compliance just got a little easier

Protecting classified and sensitive information depends more than ever on the human element of security — employees. They can either make or break your security program. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. An Ernst & Young study reveals that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them.

Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: https://nsi.org/es-connection.html

******************************************************************************************

3 Bills Focused on Securing Tech Superiority over China (Nextgov, 6/19/20)

Bipartisan bills introduced in the House and Senate promote tech talent increases in the government ranks—especially the DoD—and call for more transparency among Chinese-funded investments and gifts made by China to U.S. academic institutions.  Sens. Rob Portman, R-Ohio, and Martin Heinrich, D-N.M., introduced the AI for the Armed Forces Act.  The bill further elevates the importance of AI across the DoD, ensuring the director of the Joint Artificial Intelligence Center is a three-star equivalent and reports directly to the defense secretary.

The bill would also require the defense secretary to “develop a training and certification program to better enable” the department’s human resources workforce to recruit AI and cybersecurity talent.  Lastly, the bill calls for the defense secretary to issue guidance regarding how the Pentagon and sub-agencies could make better use of existing direct hire authorities to onboard AI talent. More


Agencies Recommend Blocking Hong Kong-U.S. Undersea Cable over National Security Concerns (Cyber Scoop, 6/18/20)

The DoD, DOJ, and DHS last week urged U.S. regulators to block an application for an undersea cable connection between Hong Kong and the U.S. over concerns that it could expose sensitive communications to the Chinese government.  The federal agencies, known as Team Telecom or the Telecom Committee, recommended the FCC deny the Pacific Light Cable Network (PLCN) undersea cable connection between the U.S. and Hong Kong amid concerns surrounding the Chinese government-linked ownership of the PLCN. 

A significant investor in the PLCN, Pacific Light Data Co. Ltd., is a subsidiary of the fourth largest telecommunications services provider in China, Dr. Peng Telecom & Media Group Co. Ltd., according to the DOJ.  Intelligence officials have maintained that Chinese intelligence laws can make it compulsory for companies in China to comply with Beijing’s intelligence requests. More


NSA Revises Guidance on Teleworking Services for Government Users (Nextgov, 6/18/20)

The NSA updated guidance to help federal agencies choose secure collaboration services, changing its determination of whether a number of products offered end-to-end encryption and other security features.  Changes to the NSA’s guidance, along with comments from some of the vendors, highlight the big-picture political fight over end-to-end encryption and an enduring disconnect among various government officials, industry representatives and privacy advocates on what the term means.

NSA examined the policies of 15 companies in the June 4 version of its guidance, including Zoom, Microsoft Teams, Google G Suite, Slack, Skype for Business and Wickr, all of which NSA changed its designations for regarding factors such as whether the service offered certain kinds of encryption, or allowed users to control invitations to virtual meetings.  Microsoft Teams, for example, is noted as generally offering end-to-end encryption in the new guidance, while the April 24 version of the document concluded the collaboration service generally doesn’t do this.  More


Ex-Pentagon Analyst Sentenced to 30 Months in Leak Case (NYT, 6/18/20)

A former Pentagon counterterrorism analyst was sentenced by a federal judge last week to more than two years in prison for sharing national security secrets with a pair of reporters and a consultant.  The former Defense Intelligence Agency analyst, Henry Kyle Frese, 32, had pleaded this year in federal court in Alexandria, Va., to willful transmission of top-secret national defense information, namely about foreign countries’ weapons systems.  He had faced up to 10 years in prison.

“Frese repeatedly passed classified information to a reporter, sometimes in response to her requests, all for personal gain,” John C. Demers, the top national security official at the DOJ, said.  The arrest of Frese was part of the Trump administration’s effort to crack down on illegal leaks of classified information, a push that dates to the second half of the George W. Bush administration and intensified under former President Barack Obama. More


CIA Report Slammed Agency’s Security as ‘Woefully Lax’ (Info Security, 6/17/20)

A senator is demanding to know why the CIA is still not following the government’s advice on best practices after he obtained a 2017 report describing the agency’s day-to-day cybersecurity as “woefully lax.”  The internal report was written by the CIA’s WikiLeaks Task Force in the wake of the Vault 7 disclosures to the whistleblowing site, which amounted to the “largest data loss” in its history.  At least 180GB and potentially as much as 32TB of information, including data on a range of cyber-weapons, was stolen by an insider in 2016.  

The CIA said it didn’t know how much data was taken because there were no safeguards such as user monitoring on the Center for Cyber Intelligence software development network, where much of it was stored.  Democrat senator Ron Wyden last week wrote to the director of national intelligence, John Ratcliffe, warning that the agency was still lagging on implementing basic cybersecurity used widely elsewhere in federal government. More


Secretive Russian Disinformation Op Discovered; Dates Back to 2014 (ZD Net, 6/16/20)

Social media research group Graphika last week published a 120-page report unmasking a new Russian information operation of which very little has been known so far.  Codenamed Secondary Infektion, the group is different from the Internet Research Agency, the “troll farm” that interfered in the 2016 presidential election.

Graphika says this new and separate group has been operating since 2014 and has been relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America.  The research team says it first learned of the group from published reports and research.  Graphika says that based on previous research, they've now tracked down more than 2,500 pieces of content Secondary Infektion has posted online since early 2014. More


Pushing for a Cyber 9/11, Al-Qaeda Recruits for ‘E-Jihad’ to ‘Ruthlessly Exploit’ Vulnerabilities (HS Today, 6/16/20)

In line with their longstanding mantra that war against America needs to be centered on striking the economy, al-Qaeda lauded the coronavirus and racial injustice for spurring unrest, unemployment, and other maladies that have put the country on “the verge of an implosion” imperiling the existence of “the entire Western World.”

And in line with the terror group’s focus on economic attacks, al-Qaeda declared the need to recruit and train for “e-jihad” — even taking advantage of Amazon’s broadband expansion project — in order to “ruthlessly” target infrastructure and financial systems like never before.  The first issue of al-Qaeda’s English-language One Ummah magazine, published last September to coincide with the 9/11 anniversary, included articles predicting and hoping that the national debt would lead to a recession (and seeking recruits in the financial sector to “find new ways of exploiting America’s economic vulnerabilities”) and warning jihadists against being sloppy with their phone and online communications. More



Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 

Impact 2020 Announcement

*****************************

Help Your Employees Become Cyber Aware

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button