NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — June 26, 2019

  • DoD changes name of security clearance agency, appoints new leadership
  • Huawei Could Pose Threat to International Intel Community
  • Former Cop Caught in Terrorism Sting Fails to Win Lighter Sentence
  • Belgium Arrests Man for Plotting Terror Attack Against U.S. Embassy
  • NIST Releases Draft Guidance for Sensitive Contractor-Held CUI
  • Iranian Hackers Launch a U.S.-Targeted Campaign as Tensions Mount
  • IG Says DHS Employees Aren’t Disciplined Consistently for Misconduct
  • Report: Leaked Hacking Tools Used in Wide Ranging Espionage Campaign
  • Chinese Drone Manufacturers Pose Huawei-Like Threats, Expert Says
  • Cyber Weaknesses that Led to Breaches at NASA’s JPL Persist, Says IG

DoD changes name of security clearance agency, appoints new leadership (Fed News Network, 6/24/19)

The Defense Department’s security clearance agency officially has a new name — and new acting leadership. The Defense Counterintelligence and Security Agency — formerly the Defense Security Service — will be led by acting Director Charlie Phalen, currently director of the National Background Investigations Bureau, the NBIB confirmed to Federal News Network.

The DCSA will subsume NBIB and will serve as the governmentwide security clearance provider. Phalen’s appointment begins July 1 and he will lead both NBIB and the DCSA until the two agencies merge by Oct. 1. Patrick Shanahan, in one of his last acts as acting Defense secretary, made the name change official in a June 20 memo. Kernan said the new name reflects both the DSS and NBIB’s missions. The announcement comes as the Trump administration officially recognized DoD as having primary responsibility for security clearances across much of government. A long-awaited executive order, which President Donald Trump signed back in April, made this move official and set two major timelines. It gave both DoD and OPM until June 24 to finalize the details of the security clearance transfer and sign an agreement that codifies how NBIB and OPM authorities, resources and personnel will move to the Pentagon’s newly rebranded security clearance agency. The transfer itself won’t be final until Oct. 1, the start of the new fiscal year.  More

Former Counterterrorism Official: Huawei Could Pose Threat to International Intel Community (The Hill, 6/24/19)
A former senior counterterrorism official in the Obama administration is calling on the U.S. to initiate a dialogue with allies about the potential threats of Chinese telecom giant Huawei.  Nate Synder warned Monday that Huawei’s ties to the Chinese government pose security concerns to the international intelligence community as the telecom giant looks to help build 5G wireless networks in the U.S. and abroad.  “Huawei’s not just interested in the U.S. — they’re looking at a global scale,” Synder said.
“This goes into not only our national security but theirs in also the way we share intelligence and information with these partners as well,” Synder added.  “We wouldn’t want to share critical sensitive information on a network that we somebody’s more than likely listening in on.”  The Trump administration has already taken steps to crack down on use of the company’s equipment.  The Commerce Department recently blacklisted five more Chinese tech groups due to national security concerns.  U.S. firms will now need government approval in order to sell technology equipment to Chinese organizations. More

Former Cop Caught in Terrorism Sting Fails to Win Lighter Sentence (Homeland Security News, 6/24/19)
A former Washington, D.C., Metro police officer who sent money to a man he thought had joined the Islamic State failed to win a lighter sentence last week and will spend another 10 years behind bars.  “One small moment has come to define the rest of my life,” Nicholas Young told Judge Leonie M. Brinkema in court.  He said “illusions of ties of friendship and brotherhood” led him to do something “catastrophically wrong.”  Brinkema was unmoved, again sentencing Young to 15 years in prison.  She questioned whether he “genuinely believed” what he did was “all that wrong.”
Young, 39, was found guilty nearly two years ago of attempting to support a terrorist group and attempting to obstruct justice.  He told FBI agents he did not know where his friend “Mo” was, when in reality he believed the man was in Syria fighting for the Islamic State.  He ultimately sent Mo $245 in Google Play gift cards for terrorists to communicate with recruits.  In fact, Mo was first an FBI informant and then an undercover agent.  After sending the gift card passwords, Young was arrested.  More


Help Your Employees Connect to the “Why” in Security

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them. Many employees are not invested in the process because they don’t understand what’s in it for them.  

What you can do about it: A simple, proven approach.
Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html


Belgium Arrests Man for Plotting Terror Attack Against U.S. Embassy (Reuters, 6/24/19)
Belgian police have arrested and charged a man with planning a terrorism attack against the U.S. embassy in Brussels, prosecutors said on Monday.  The man, identified only by his initials M.G., was arrested on Saturday.  He denies accusations, the prosecutors said in a statement.
Prosecutors said they had “converging indications” that led them to believe the man was plotting an attack.  To protect the ongoing investigation, no more details will be released at this stage, the statement said. More

NIST Releases Draft Guidance for Sensitive Contractor-Held CUI (MeriTalk, 6/20/19)
The National Institute of Standards and Technology released a draft of a new publication offering additional guidance for securing Controlled Unclassified Information (CUI) in non-Federal systems, aimed at protecting high-value assets from foreign adversaries.  Special Publication 800-171B is a companion publication to the existing SP 800-171 guidance, and offers additional recommendations for CUI at risk of an advanced persistent threat, especially in the defense industrial base.
“When CUI is part of a critical program or a high-value asset – such as a weapons system – it can become a significant target for high-end, sophisticated adversaries.  In recent years, these programs and assets have been subjected to an ongoing barrage of serious cyberattacks, prompting the Department of Defense to request additional guidance from NIST,” the agency said in a news release.  The guidance includes 33 recommended requirements for information at the moderate level or above that may need additional protection. More

Iranian Hackers Launch a U.S.-Targeted Campaign as Tensions Mount (Wired, 6/20/19)
When two countries begin to threaten war in 2019, it's a safe bet that they've already been hacking each other's networks.  Right on schedule, three different cybersecurity firms now say they've watched Iran's hackers try to gain access to a wide array of U.S. organizations over the past few weeks, just as military tensions between the countries rise to a breaking point—though it's not yet clear whether those hacker intrusions are aimed at intelligence gathering, laying the groundwork for a more disruptive cyberattack, or both.
Analysts at two security firms, Crowdstrike and Dragos, said they've seen a new campaign of targeted phishing emails sent to a variety of U.S. targets last week from a hacker group known as APT33, Magnallium, or Refined Kitten and widely believed to be working in the service of the Iranian government.  Dragos named the Department of Energy and U.S. national labs as some of the half-dozen targeted organizations.  A third security firm, FireEye, independently confirmed that it's seen a broad Iranian phishing campaign targeting both government agencies and private sector companies in the U.S. and Europe, without naming APT33 specifically. More

IG Says DHS Employees Aren’t Disciplined Consistently for Misconduct (Gov’t Executive, 6/20/19)
Misconduct at the varied agencies within the massive Homeland Security Department—from sexual harassment to discrimination, to absences without leave, to credit card fraud to sleeping on the job—is not being addressed consistently, according to results of a large-scale employee survey released last week.  The policy of the department created by merging 22 agencies following the Sept. 11, 2001, terrorist attacks “does not include procedures for reporting allegations of misconduct, clear and specific supervisor roles and expectations, or clearly defined key discipline terms,” said the report from acting DHS Inspector General Jennifer Costello.

The department also lacks “data monitoring and metrics to gauge program performance,” the report said.  It analyzed an online survey that went out to 192,495 employees in 2017 and garnered 54,108 responses.  “These deficiencies occurred because DHS’ Employee Relations office has limited staff, who do not believe they are responsible for managing the allegation process,” the report said.  The overall results of the employee survey were “favorable,” the IG stressed, though they suggest a need for improved training and improved behavior by leaders. More

Report: Leaked Hacking Tools Used in Wide Ranging Espionage Campaign (Washington Times, 6/20/19)
Cyber spies conducting an international hacking campaign have leveraged several leaked tools likely created by the U.S. government, a security firm warned last week.  Symantec reported that Waterbug, an espionage group previously linked to Russia, was recently caught deploying specialized software created by combining four previously leaked exploits allegedly stolen from the NSA.
Symantec said the group, which is also known by the name Turla, had developed a “custom hacking tool that combines four leaked Equation Group tools … into a single executable.”  Equation Group is the name used by cybersecurity companies to refer to a different espionage group widely suspected of being a division of the NSA.  Each of the four tools was leaked online in 2017 by The Shadow Brokers, a mysterious entity that claimed to have hacked Equation Group and stolen several of its “cyber weapons.”  More

Chinese Drone Manufacturers Pose Huawei-Like Threats, Expert Says (NextGov, 6/19/19)
The government needs to spur a “Manhattan Project-style investment” in America’s unmanned aircraft industry to combat the economic and national security threats posed by Chinese drone manufacturers, a cybersecurity expert told lawmakers.  “These foreign drones are exploiting us and putting ... our American businesses and government organizations at risk,” National Defense University Professor Harry Wingo said last week.  “These threats should not and cannot be ignored.”
Roughly 80% of the drones in the U.S. are made by Chinese companies, and the Chinese government is using that foothold to collect “an unprecedented level” of intelligence on America’s physical and economic infrastructure, Wingo told the Senate Commerce Security subcommittee.  That intimate understanding of America’s inner workings could potentially give the Chinese an economic and military edge, he said, and creates “significant cybersecurity risks” for U.S. businesses and government agencies. More

Cyber Weaknesses that Led to Breaches at NASA’s JPL Persist, Says IG (NextGov, 6/18/19)
The NASA Jet Propulsion Laboratory—a federally-funded research center managed by the California Institute of Technology and best known for the Mars rover and other extraplanetary explorations—has lax cybersecurity controls that have led to several breaches and continue to be unresolved, according to a federal watchdog.  In a report last week, the NASA inspector general highlighted several ongoing weaknesses that put JPL and NASA as a whole at risk of intrusion, data leakage, or worse.
“Over the past 10 years, JPL has experienced several notable cybersecurity incidents that have compromised major segments of its IT network,” the report states.  “For example, in 2011 cyber intruders gained full access to 18 servers supporting key JPL missions and stole 87 gigabytes of data.  More recently, in April 2018 JPL discovered an account belonging to an external user had been compromised and used to steal approximately 500 megabytes of data from one of its major mission systems.”  In the report, NASA auditors present a laundry list of outstanding weaknesses, some of which have been identified previously but remained unresolved as of the most recent review. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button