NSI IMPACT Session Summaries

Monday, April 30 — 8:00am - 8:45am
Keynote Address:
Top National Security Threats to Watch in 2018
Lt. Gen. Robert P. Ashley, Jr., Director,
Defense Intelligence Agency

Nation-state espionage…terrorism…insider threats…cyber attacks…any of these could change “just another day at the office” into your worst nightmare.  And today, security professionals grapple with a wide diversity of threats from all across the world.  The U.S. will face a complex, global intelligence threat environment in 2018 with the targeting of national security information from a host of adversaries. The information technology revolution has allowed even smaller nations—and even terrorist groups—to compete in the intelligence game. The insider threat posed by trusted insiders will remain a significant threat in 2018 and beyond. Developing and implementing effective mitigation strategies for these issues is critical to reducing the threat to an acceptable level. The threats we face as a nation have never been greater or more diverse and the expectations placed on security professionals have never been higher. In this scene-setting keynote address, DIA Director Lt. General Robert Ashley, will discuss the changing landscape of threats to American security and offer recommendations for meaningful protections against growing risks. He will examine the clear and present dangers to national security and actionable strategies to counter them.

Monday, April 30 8:45am - 9:30am
Combating Economic Espionage: Staying Ahead of the Threat
E.W. “Bill” Priestap, Asst. Director,
FBI Counterintelligence Division

As industry has shifted from the physical to the digital, so too has the world of economic espionage.  It’s increasingly a digital battleground.  From foreign intelligence services to company insiders, government and corporate secrets are at risk from a number of threats on a number of fronts. Officials and experts believe more foreign spies than ever are targeting U.S. secrets.  While the U.S. focus has been primarily on protecting military and state secrets from spying, a new battle is being waged in which corporate computers and the valuable intellectual property they hold have become as much a target of foreign governments as those run by the Pentagon. Counterintelligence experts expect no decline in foreign demand for sensitive U.S. technologies in 2018 and beyond.

You Will Learn:
➢ Vital intelligence about latest trends in espionage
➢ Espionage actors, tactics and targets
➢ Effective and practical countermeasures


Monday, April 30 10:30am - 11:30am
Phishing, Social Engineering: Inside the New Attacks
Ira Winkler, President
Secure Mentem

Phishing and Social Engineering attacks have now become the no. 1 attack vector for cybercriminals. These attacks are not only becoming more common against defense contractors and government agencies, but they're also increasingly sophisticated. With hackers devising ever-more clever methods for fooling your employees into handing over valuable data, security professionals must redouble their efforts to stay one step ahead of cyber criminals. With the understanding that technology alone cannot fix social engineering issues, organizations should know how to identify current social engineering attacks, what to do if an attack occurs, what to do when someone is let in, why malicious people use these types of attacks and the best ways of communicating risk to your organization.  This session will provide a deep dive into the latest phishing trends and social engineering threats.

You Will Learn:
➢ Real life examples of socially engineered attacks
➢ How to mobilize your employees as first line of defense
➢ Proactive measures to fend off attacks


Monday, April 30 11:30am - 12:30am
DSS: Leading a 360° Security Transition
James J. Kren, Deputy Director
Defense Security Service

The world is rapidly changing and DSS is changing too. Where the agency once concentrated on schedule-driven National Industrial Security Program Operating Manual (NISPOM) compliance, DSS is now moving to an intelligence-led, asset-focused, and threat-driven approach to industrial security oversight.  This comes at a time when DSS is poised to take on a bigger role in security clearance background investigations. Find out what’s in store for DSS (and FSOs) in 2018, and how it will impact the changing compliance requirements of the National Industrial Security Program. In this annual state of the DSS briefing, you’ll get a chance to hear about important plans and priorities that will affect the way DSS continues to accomplish its industrial security mission. Highlights include such vital topics as: security vulnerability assessments; insider threat program requirements; continuous evaluation; security clearance processing and timelines; CI reporting; FOCI and critical NISPOM revisions.  

You Will Learn:
➢ Security policy and program initiatives for 2018
➢ Compliance strategies to safeguard classified information
➢ New NISPOM imple­mentation requirements


Monday, April 30 2:00 - 3:15pm
Track I — Rethinking Your Approach to Security Awareness Training
Steven Rients, Mgr., Security Training
BAE Systems

Security awareness training is a reliable way to reduce the insider threat and alter employee behaviors.  It's not a silver bullet, but it will help reduce organizational risk, which-—after all — should always be the goal of security defenses. If you’ve come to the realization that your security awareness program just isn’t doing its job, it may be time to rethink your approach. Changing employee behavior to do the right thing is one of the key factors for an organization to improve their security posture. An effective approach is to provide targeted awareness training, where employees at every level — from the top down — understand the potential negative impact that their actions can have on their employer and how it relates to their day to day activities.

You Will Learn:
➢ Keys to make awareness training relevant and motivational
➢ How to fine-tune your security awareness program
➢ Ways to empower your employees to practice good security


Track II — Defense Information System for Security: Issues and Answers
Quinton Wilkes, Corp. Security Mgr., L-3 Com
Nick Levasseur, CEO, Personnel Security Professionals, LLC

The Pentagon’s new Defense Information System for Security (DISS), promises to transform how personnel security, and clearance suitability data are collected, reviewed, and shared.  It replaces the legacy Joint Personnel Adjudication System (JPAS) system with a more secure, end-to-end IT system.  DISS is designed to meet several requirements of security clearance reform efforts, including reciprocity, automated record checks, and continuous evaluation. DISS is undergoing a phased deployment and is set to launch for Industry in May 2018. Once DISS has been fully deployed, there will be a 90-day period before JPAS is shut down and DISS becomes the official system of record. Successfully navigating your way around the DISS will not come without some growing pains.  This comprehensive workshop will explore problems and resolutions and provide an extended opportunity for you to have all of your questions answered.

You Will Learn:
➢ Rules of the road to navigate the new DISS
➢ Steps to minimize problems and get help
➢ How to obtain timely access to automated records

Monday, April 30 3:35pm - 4:50pm
Track I —Cybersecurity 101: What You Absolutely Must Know
Robby Ann Carter, Instructor, National Security Training Institute

Organizations need security professionals at all levels—not just in the IT department—who understand the technical, legal, and compliance aspects of cybersecurity, as well as how to safeguard classified and sensitive information that increasingly resides on government and corporate networks.  Acquiring a basic cybersecurity literacy should be high on your list of things to learn in 2018.  In this workshop, you’ll be introduced to the variety of cyber threats that exists within the cleared defense contractor environment. It will include an outline of the role of the security professional in protecting information in the cyber environment and an overview of the specific IT issues/tasks you are responsible for complying with. You’ll also gain a basic knowledge of information systems and their security requirements along with the tools you need to perform your job.

You Will Learn:
➢ Fundamental cybersecurity concepts and principles
➢ Identify required physical, personnel, and procedural security
➢ Security countermeasures to minimize vulnerabilities

Track II —CUI Compliance: Bridging the Gap Between Govt. and Industry
Devin Casey, Program Analyst, ISOO
Vicki Michetti, Dir., DIB Cybersecurity Program, DoD

The CUI Program is a Government-wide program that standardizes the way the executive branch manages unclassified information that requires safeguarding or dissemination controls required by law, Federal regulation, and Government-wide policy. This Program replaces existing agency programs like For Official Use Only (FOUO), Sensitive But Unclassified (SBU), Official Use Only (OUO), and others. The CUI Program addresses the current inefficient and confusing patchwork of over 100 agency-specific policies throughout the executive branch that lead to inconsistent marking and safeguarding as well as restrictive dissemination policies. Companies supporting the defense industry are scrambling to understand how to classify and protect unclassified information. This workshop will help you get out in front of this compliance issue and develop a baseline of knowledge to create a plan to properly protect controlled, unclassified information.

You Will Learn:
➢ Develop a CUI compliance plan
➢ Special marking and handling requirements
➢ CUI milestones and timeline

Tuesday, May 1 8:00am - 8:45am
Assessing the Risk to Classified Information in a Changing World
William Evanina, Director, National Counterintelligence and Security Center

It’s alarming, but no exaggeration, to say the nation is facing the most challenging and significant foreign intelligence entity threat in its history. The foreign spying threat is increasing in both scale and sophistication, according to intelligence experts. Meanwhile, the insider threat is growing, with more than half (53%) of organizations confirming insider attacks in the past 12 months and 27% stating they have become more frequent, according to a new study. Today’s spy threat includes both cyber operations and influence activities, in addition to traditional spying by nations such as China and Russia.  Every day U.S. government and defense contractors are targeted by nation-state actors for espionage and theft, resulting in huge losses of national security information and technology secrets. Staying ahead of the threat requires constant vigilance.  In this presentation from the nation’s top counterintelligence official, you’ll gain valuable advice on how your organization can better prepare for, defend against, and respond to the changing security threat landscape.

You Will Learn:
➢ CI Initiatives to counter the threat
➢ Countermeasures to protect secrets
➢ Current exploitation methods being used


Tuesday, May 1 8:45am - 9:30am
Cybersecurity: Proactive Defenses for Today’s Threats
Curtis W. Dukes, Exec. VP
Center for Internet Security

Cyber threats are growing more complex, and the stakes are higher than ever. The bad guys are bigger, badder and better organized than ever. Cyberspace has become the new battlefield for modern warfare, providing state-sponsored malicious actors with an inexpensive, highly effective and globally accessible platform to steal sensitive data and wreak havoc. In the year ahead, organizations of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected and high impact cybersecurity threats. There will be continuous cyberattacks on organizations, government entities and critical infrastructure, and we will see new types of state-sponsored attacks in 2018. While your organization utilizes more mobile IoT and emerging technologies, attackers simply focus on more ways to exploit them. In this presentation, Curtis Dukes, the former Director of Information Assurance at NSA will examine the constantly changing cybersecurity threat landscape including proven methods to stop a new era of cyber attacks.

You Will Learn:
➢ Biggest cyber security threats in 2018
➢ Attack vectors and how to mitigate them
➢ Cyber threats every employee should understand

Tuesday, May 1 9:50am - 10:50 am
Security Clearance Reform: What You Need to Know
Charles Phalen, Director, NBIB
Perry Russell-Hunter, Director, DOHA

There are seismic changes taking place in the security clearance regime. The National Background Investigations Bureau is barely a year old, but already the agency charged with background checks governmentwide is losing the bulk of its responsibilities to the U.S. Department of Defense, and contractors are sure to feel the fallout. President Trump ensured the shakeup when he signed the National Defense Authorization Act for Fiscal Year 2018. Section 925 of that legislation requires the Defense Security Service to eventually take over all DOD-related background checks. Amidst this backdrop, personnel security investigation and adjudication are being strengthened to ensure that clearance processing addresses insider threats.  In this informative Q&A panel session, you’ll hear from two of the key government players involved in the security clearance process and ongoing reform efforts.

You Will Learn:
➢ Current reforms underway and what they mean to you
➢ Best practices to resolve clearance problems
➢ Plans to alleviate the clearance backlog


Tuesday, May 1 11:50am - 12:50pm
How Does Your Insider Threat Program Stack Up?
Dennis Keith, VP, Global Security, Harris Corp.
Keith Minard, Asst. Dir. NISP Policy & Admin., DSS

An insider threat is one of the greatest dangers you can face at your company or agency. Yet, knowing whether your insider threat program is strong enough to mitigate and manage so many evolving threats is difficult to determine, especially if you don’t have any successful models to compare your own program against. Although technology can play an important role in identifying potential insider threats, it is not just an IT issue. It takes an enterprise-wide approach — including many human elements — to plan for, prevent, detect, respond to and recover from insider threats. Managing insider threat risk should be part of a holistic corporate security program, from both information security and physical security perspectives. This session offers a behind-the-scenes look at what it takes to build a successful insider threat program.

You Will Learn:
➢ Identify the steps to building an insider threat program
➢ How to obtain buy-in from key stakeholders
➢ Lessons learned from the experts


Tuesday, May 1 1:30pm - 2:45pm
Track I — Navigating the New Risk Management Framework Process
Karl Hellman, Asst. Dep. Director
NISP Authorization Office, DSS

Beginning this year, all newly accredited information systems will be required to use the NIST Risk Management Framework system controls. A new DSS Assessment and Authorization (A&A) process is an integral part of RMF and represents a major shift in the way System Security Plans (SSPs) are processed at DSS.  This new accreditation process provides a complex challenge to industry through new approaches to system categorization, assessment and continuous monitoring. Understanding these requirements along with the RMF process is key to getting your information systems approved. This timely workshop will help you successfully navigate the requirements of the Risk Management Framework and ensure that you’re in compliance with the new standards. If your organization is struggling with getting through the process of obtaining approval of your classified information systems, then this session is for you.

You Will Learn:
➢ How to obtain timely authorizations
➢ Key missteps to avoid
➢ Steps and tools in the RMF process


Tuesday, May 1 1:30pm - 2:45pm
Track II — Communications: The Must-Have Skills for Security Pros
Mitchell Lawrence, Instructor
National Security Training Institute

Of all the qualities that a security professional must possess, effective communication is hands down one of the most important.  It’s one of those “soft skills” that is critical to both personal and professional success.  As a security professional, much of your work involves interacting with others and putting your best foot forward.  How you communicate and get your message across is vital to your success — whether you’re presenting a security proposal to top management, training your staff or conducting security briefings for employees. In this session, you’ll be given practical instruction and guidance on preparing and delivering effective security presentations.  This power-packed workshop will stimulate your interest and motivate you to seek new paths to improve your communications skills.

You Will Learn:
➢ How to improve your communications skills
➢ How to gain buy-in for your ideas
➢ Ensure your presentations don’t miss the mark


Tuesday, May 1 3:05pm - 4:20pm
Track I —Inside DSS’ Changing Approach to Industrial Security
Michael Halter, Deputy Director, Industrial Security
Defense Security Service

Sweeping changes in the National Industrial Security Program mean that FSOs will have more compliance issues to contend with in 2018.  DSS vulnerability assessments will broaden their scope to include insider threat programs and new information system security mandates.   Keeping up with changing requirements and knowing where potential problems lie is critical to avoid security compliance issues and safeguard classified information. Maintaining an effective security program and achieving a “superior” rating should be a key element of your security strategy.  This interactive Q&A session features key personnel from the Defense Security Service who will guide you through the compliance issues you face in meeting NISPOM requirements.  You’ll also find out what red flags IS reps are encountering during their contractor assessment visits so you can avoid any potential problems in your security program and help you on your path to compliance.

What You'll Learn:
➢ Hands-on advice for keeping your program in compliance
➢ Industrial security program initiatives for 2018
➢ How to achieve security excellence

Tuesday, May 1 3:05pm - 4:20pm
Track II — Preparing for an Active Shooter Emergency
Peter J. Lapp, Special Agent, FBI

Given today's ever-changing threat environment, preparing for and training employees to cope with active threats and workplace violence should be a key piece of an organization's incidence response plan.  The FBI’s “Study of Active Shooter Incidents in the United States Between 2000 and 2013” report shows that 160 active shooter incidents occurred in that 14-year period, resulting in 1,043 casualties.  Since then, incidents such as the Las Vegas massacre and the Texas church shootings combined to make 2017 the deadliest year of mass shootings in modern U.S. history. It’s a simple truth that today, security managers and others need a game plan for dealing with active shooters —including those bent on acts of domestic terrorism.  In this workshop, you’ll learn how to compose an action plan and the importance of preparedness which could make all the difference.

You Will Learn:
➢ Ways to prevent and survive an attack
➢ Lessons learned from previous attacks
➢ Preparedness, response and recovery


Wednesday, May 2 8:00am - 8:45am
Counterterrorism 2018: Mitigating Domestic and Global Threats
Michael C. McGarrity, Asst. Director, Counterterrorism Division, FBI

The terrorist threat to the United States remains persistent and acute. Terror attacks are likely to increase in 2018, as the destruction of the Islamic State's physical stronghold in Iraq and Syria will strengthen its will to strike out abroad, experts say. The FBI has designated the Islamic State of Iraq and ash-Sham (ISIS) and homegrown violent extremists as the main terrorism threats to the homeland. Given the loss of its safe havens, ISIS has shifted its attention toward cyberspace to recruit, radicalize, and provide guidance and instructions for carrying out attacks. Currently, the FBI is investigating about 1,000 ISIS-related threats across the nation. This timely threat briefing will examine the changing face of terrorism and offer recommendations for meaningful protections against growing dangers.

You Will Learn:
➢ Latest intel, strategies to combat terrorism
➢ How terrorists use social media to recruit
➢ Threat forecast for 2018


Wednesday, May 2 8:45am - 9:30am
The Psychology of Espionage and Leaking in the Digital Age
Stephanie L. Jaros, Project Dir., PERSEREC
Office of People Analytics 

Technology is turning  government and industry — long a safe box for information — into something more like a sieve, unable to contain all its data. As America has shifted from the physical to the digital, so too has the world of espionage.  It is a digital battleground. The scope of the threat is only likely to grow as the pace of technology continues to advance making it even harder to suppress leaks of classified information. As long as there are government secrets there will always be the risk of leaks–whether inadvertently or purposefully with intent to harm the United States. Understanding the psychology behind those who would commit espionage or leak classified information provides a critical window into the mind-set of a spy or leaker and an invaluable weapon when fighting back.

You Will Learn:
➢ What causes someone to spy or leak?
➢ Warning signs that a person might be vulnerable
➢ Proactive measures to reduce the risk


Wednesday, May 2 9:50am - 10:35am
State of the NISP: Changes, Challenges and Collaboration
Mark Bradley, Director
Information Security Oversight Office

The National Industrial Security Program (NISP) is undergoing significant changes in several key areas that will dictate future requirements for the protection of classified and sensitive unclassified information. The Information Security Oversight Office (ISOO), which oversees the government-wide security classification system and the National Industrial Security Program, is at the forefront of these efforts. As changes to industrial security policy advance, security practitioners can take a number of steps now to address changing requirements and stay ahead of coming reforms. This timely presentation will bring you up to speed on key areas of government security that will affect the way you do your job.  Among the issues to be examined are:  NISPOM re-write, classification management; Controlled Unclassified Information (CUI); Insider Threat program requirements; security policy implementation; new reporting requirements; and much more — all designed to help you navigate the security compliance landscape in 2018.

Key Issues:
➢ Understand changing security policies
➢ NISPOM revision and update
➢ What’s on the NISPPAC agenda for 2018

Wednesday, May 2 10:35am - 11:35am
DICE 2018: We’re All in This Together
Ray Semko, The DICEman

It’s alarming, but no exaggeration, to say the nation is facing the most challenging and significant foreign intelligence entity threat in its history. Today’s adversaries continue to find new ways to operate. They move with speed and agility to evade detection and continually evolve their strategies.  Attacks have increased, and odds are things will get worse, not better, in the foreseeable future. So, security professionals and employees at all levels must be more vigilant than ever.  After all, we’re all in this together. Ray Semko, security expert and creator of the well-known DICE Program, will wrap up IMPACT with a high-energy briefing on the 2018 threat environment and advice to help protect your organization and strengthen your security culture.  This security consciousness-raising session will equip you with tools to educate your workforce on the growing threats to national security.

You Will Learn:
➢ Understanding the role of the individual
➢ Why security is more vital than ever
➢ How to go from awareness to action