NSI IMPACT Session Summaries

Monday, August 31— 8:00am - 8:45am
Keynote Address:
Assessing the National Security Threat Landscape for 2020
William Evanina, Director, National Counterintelligence & Security Center

The rapidly evolving national security landscape proves that threat actors remain undeterred from seeking classified information and technology. From nation-state espionage to cyberattacks and insider threats, the security risks we face as a nation have never been greater or more diverse.  As today’s threat-intensive environment becomes more hostile with each passing day, it is vital for you to be equipped with the tools, techniques and knowledge needed to safeguard national security information from damaging breaches.  In this scene-setting keynote address, find out what threats are on the horizon for 2020 and how to safeguard your organization’s critical information.


Monday, August 31 8:45am - 9:30am
Confronting the Cyber Security Challenge: What More Can You Do?
Bryan S. Ware, Assistant Director, Cybersecurity & Infrastructure Security Agency(CISA), DHS

Cyber-attacks against government networks are growing more sophisticated, frequent and dynamic. The cyber espionage threat from nation-states—including China and Russia — calls for a new mode of collaboration with the private companies that are now on the front lines. To tackle the constantly evolving challenge of protecting the United States from these attacks, DHS established the Cybersecurity & Infrastructure Security Agency to protect the nation’s critical assets and infrastructure from physical and cyber threats.

You Will Learn:
➢ Latest trends in nation-state hacking
➢ What (and who) is being targeted
➢ Effective and practical countermeasures


Monday, August 31 10:30am - 11:30am
Insider Threat: Defending Against The Next Snowden
Steven Bay, Dir. of Threat Intelligence, Security On-Demand

Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a time, he was the boss of Edward Snowden, the infamous leaker who stole highly classified information from the National Security Agency. In this presentation you will hear the inside story of the Snowden affair from his former boss and the lessons we learn from it. You will develop a better understanding of who insiders are, why they do what they do, and strategies you can deploy to better protect yourself from them.  

You Will Learn:
➢ Lessons learned in a post-Snowden world
➢ Strategies for spotting insider threats
➢ Best practices for insider threat mitigation

 

Monday, August 31 11:30am - 12:30am
New DCSA’s Expanded Mission And Priorities for 2020
Charles Phelan, Director, Defense Counterintelligence and Security Agency

The Defense Counterintelligence and Security Agency is now responsible for conducting 95% of the government’s background investigations. Along with its new name and expanded mission, DCSA is also rolling out improvements to the security clearance process; refining internal operations and IT systems; changing how it evaluates defense contractor security programs; updating requirements to better secure defense technology; adopting a risk-based approach to security; and much more. Find out what’s in store for DCSA (and FSOs) in 2020 and how it will impact your security program. 

You Will Learn:
➢ New security requirements in the pipeline
➢ Transitioning to Tailored Security Plans
➢ Security policy changes and impacts

 

Monday, August 31 2:00 - 3:15pm
Track I — Cybersecurity Essentials for FSOs
Robby Ann Carter, CEO, SASSI/NSTI

In the modern workplace, there are many challenges that security teams need to be prepared for — whether it’s phishing, BYOD, IoT, the list is long.  Complicating matters? The growing use of unauthorized apps and the added obstacle of Shadow IT.  While today’s workforce is increasingly technology savvy, their understanding of the risks they introduce has not kept pace. Keeping your organization safe from cyber risk is everyone’s job, not just the IT Department. 

You Will Learn:
➢ How to identify and mitigate the risk of Shadow IT
➢ Actionable recommendations to address vulnerabilities
➢ Cybersecurity awareness best practices

 

Track II — NISPPAC: Hot Button Issues for 2020
Heather Sims, NISPPAC Industry Spokesperson, General Dynamics, CHQ

The National Industrial Security Program Policy Advisory Committee (NISPPAC), comprised of both Government and industry representatives, is responsible for recommending changes in industrial security policy. The group also advises the Information Security Oversight Office on all matters related to the National Industrial Security Program (NISP). In 2020 they’ll be working to create a new path forward on a number of security fronts.  Attend this workshop to find out what’s on the NISPPAC agenda and how you can help shape the future of the NISP.

You Will Learn:
➢ Security policy changes on their radar
➢ Risk based industrial security oversight
➢ Industry engagement and top issues


Monday, August 31 3:35pm - 4:50pm
Track I —Roadmap: Risk Management Framework and eMASS
Karl Hellmann, Asst. Dep. Director, NISP Authorization Office, DCSA

DCSA has adopted the NIST Risk Management Framework (RMF) standards as a common set of guidelines for the assessment and authorization of information systems to support contractors processing classified information. Information systems must be authorized prior to processing classified information.  All requests for authorizations or reauthorization must be submitted through eMASS.  This workshop will take you through the various steps to IS authorization and security plan approval.  Navigating the RMF process can be confusing so come prepared to learn.

You Will Learn:
➢ Comprehensive RMF process walk through
➢ How to complete required eMASS tasks
➢ Key missteps to avoid

 

Track II —Improving Security Awareness Using Marketing Techniques
Mitch Lawrence, CEO, Lawrence Solutions

Security awareness and training is a critical element in the security practitioner’s toolbox that helps organizations respond better to security threats and prevent security robbing behaviors.  With just a few adjustments to how your organization plans, creates and manages awareness activities, it can build awareness campaigns that are more engaging and perform better. By adapting the techniques that marketing teams use to gauge their brand awareness and interactions with potential customers, your company or agency can get increased buy-in from employees and maximize your security awareness results.

You Will Learn:
➢ Ways to increase security motivation
➢ How to create effective messaging
➢ Key marketing techniques you can leverage


 

Tuesday, September 1 8:00am - 8:45am
Defending Against Economic Espionage In 2020 and Beyond
Senior Official, FBI, National Security Branch

Heading into 2020, we should expect nation-state actors to continue their multi-pronged espionage efforts against the United States. The FBI has over a 1,000 open cases of attempted theft of U.S. intellectual property, across a range of industries and spanning its 56 field offices around the country. U.S. intelligence officials warn that the foreign spying threat is increasing in both scale and sophistication. Every day, U.S. government and defense contractors are targeted by hostile nations for espionage and theft, resulting in huge losses of national security information and technology secrets. Staying ahead of the threat requires constant vigilance.

You Will Learn:
➢ Paradigm shift in the threat landscape
➢ Whole-of-society approach to counter threats
➢ Spy tactics and exploitation methods

 

Tuesday, September 1 8:45am - 9:30am
Countering Terrorism in the 2020s: Examining the Evolving Threat
TBA

Threats to U.S. national security will expand and diversify in the coming decade, with technology playing an increasing role.  As the contemporary terrorist threat changes, it is being amplified by technological advances that are making extremist groups more connected, more resilient and more capable than ever before. Although we have become much more capable at detecting terror threats, our enemies are determined and ingenious. This session will examine current trends in counterterrorism along with the changing face of terrorism—both domestic and international—in the new decade.

You Will Learn:
➢ Terrorism trends to watch in 2020
➢ Changing nature of the threat
➢ Risk mitigation strategies


Tuesday, September 1 9:50am - 10:50 am
Managing the Human Side of Cyber Security
Shayla Treadwell, Director, Cybersecurity-Organizational Psychologist, ESC Federal

Media reports on the cyber threat frequently cite high-profile, high-impact cyber attacks carried out by organized, sophisticated and deliberate cyber criminals. However, research shows that the everyday behavior of employees presents one of the greatest risks to your organization.  While technical defenses are important, they have limited effect if they are undermined either intentionally or unintentionally by employees. A critical part of your security strategy must be to focus on the human element of your organization.

You Will Learn:
➢ Cyber behaviors that undermine security
➢ Challenges of multi-generational workforce
➢ Keys to creating a positive security culture

 

Tuesday, September 1 11:50am - 12:50pm
Future of Security Clearance Vetting, Adjudication & Appeals
Tricia Stokes, Dir. of Defense Vetting, DCSA
Perry Russell-Hunter, Director, DOHA

Several initiatives designed to bring the security clearance process out of the 20th century are actively underway or soon to be deployed. Everything from the type of security clearances themselves to the standards used to investigate and adjudicate clearance holders are evolving. Among the new process reforms are: ramping up continuous vetting of security clearance holders, reviewing existing standards used to establish trust with an employee or contractor and migrating from the five current investigative tiers to three.  Attend this session to see where clearance reforms are headed and how it impacts your organization.

You Will Learn:
➢ Security clearance plans and reforms
➢ Key goals and timelines for 2020 and beyond
➢ Trends in adjudications and appeals

 

Tuesday, September 1 1:30pm - 2:45pm
Track I — Keys to Creating a Risk-Based, Tailored Security Plan
Karl Hellmann, Asst. Dep. Director, NISP Authorization Office, DCSA

The United States is now facing the most significant foreign intelligence threat it has ever encountered. Adversaries are successfully attacking cleared industry at an unprecedented rate, according to the Defense Counterintelligence and Security Agency. To counter this threat, DCSA is partnering with U.S. industry to design, develop, and pilot an intelligence-led, asset-focused, and threat-driven approach to industrial security called Risk-based Industrial Security Oversight, or RISO.  Defense industry partners working on critical technologies have or will undergo the RISO Comprehensive Security Review (CSR), which results in a Tailored Security Plan.

You Will Learn:
➢ Actions you can take now to prepare
➢ Key elements of a Tailored Security Plan
➢ Strategies to protect critical assets

 

Tuesday, September 1 1:30pm - 2:45pm
Track II — Personnel Clearance Innovation: The VROC & CAF
Heather Green, Dir., VROC, DCSA Vetting Directorate
Marianne Martineau, Director, DoD CAF

DCSA’s Vetting Risk Operations Center (VROC) is growing as the department continues to enroll more cleared individuals into Continuous Evaluation. The VROC currently oversees personnel security within the National Industrial Security Program as well as Continuous Evaluation (CE) across the entire Department of Defense.  Along with the DoD’s Consolidated Adjudication Facility, the VROC acts as the central nervous system for the security clearance process where initial applications pass through all phases of the vetting process to final eligibility approval at the CAF. Find  out how these two vital clearance processes intersect and how automation will improve quality and timeliness of clearance decisions.

You Will Learn:
➢ Common VROC e-Qip reject reasons
➢ Industry’s average timeliness trends
➢ Adjudication priorities for 2020

 

Tuesday, September 1 3:05pm - 4:20pm
Track I —DCSA Industrial Security Program Issues and Answers
Gus E. Greene, Director, Industrial Security, DCSA

DCSA’s vision to change the way it oversees industrial security is being ramped up for 2020. The agency wants to move from a compliance-based “check the box” inspection mentality to one that prioritizes cleared industry’s most important technology first.  The agency is implementing a new methodology that is based on knowing the assets at each facility, analyzing threats to those assets, identifying vulnerabilities, and applying appropriate countermeasures. This new methodology couples NISPOM compliance with an intelligence-led, asset-focused, and threat-driven approach. Keeping up with changing requirements is critical to avoid security compliance issues and safeguard classified information.

What You'll Learn:
➢ Strategies for keeping your program in compliance
➢ Industrial security program oversight priorities
➢ New Security Rating Score model


Tuesday, September 1 3:05pm - 4:20pm
Track II — Solution for Implementing CUI Requirements
Devin Casey, Program Analyst, Information Security Oversight Office

Because there are fewer controls over Controlled Unclassified Information (CUI) as compared to classified information, CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting the protection and lethality of our warfighters. As a starting point for CUI oversight, DoD has elected to begin conducting assessments of major defense contractors that are contractually obligated to protect this information.  Learn about the CUI program, how it impacts you, and the steps you can take to be prepared for implementation in your organization.

You Will Learn:
➢ Key elements of the CUI program
➢Update on agency implementation efforts
➢ CUI best practices


 

Wednesday, September 2 8:00am - 8:45am
Defending Against Growing Cyber Threats to Classified Networks
Clint McKay, Technical Dir., NSA’s Information Assurance Directorate

Cyber threats against classified Pentagon and defense industry computers are increasing in frequency, sophistication and impact, opening up to attack vast amounts of critical data that is housed on government IT systems. These threats often pose a greater threat than physical attacks on our nation and are incredibly difficult to identify. Each day, the Department of Defense, which protects our national security and terabytes of some of the country’s most sensitive data, thwarts 36 million email breach attempts. With new threats every day and criminals who regularly diversify their attacks, experts predict cyberattacks will get worse before getting better.

You Will Learn:
➢ Top cyber threats for 2020
➢ How adversaries are targeting defense networks
➢ Intelligence sharing initiatives

 

Wednesday, September 2 8:45am - 9:45am
Threats to U.S. Supply Chain and New Cybersecurity Certification
William Stephens, Dir. Counterintelligence, DCSA
* Stacy Bostjanick, Director, CMMC Policy, OUSD (A&S)

Supply chains have become the gift that keeps on giving for cyber spies and information thieves. Experts estimate losses of about $600 billion per year in the transfer of wealth, expertise and trade secrets. Adversaries and bad actors specifically target the defense industrial base, using the pilfered data to close capability gaps with the United States. A new DoD initiative aims to protect critical technology from cradle-to-grave by establishing security as the foundation of the acquisition process. In a bid to stem the loss of controlled, unclassified information, the Pentagon is rolling out the Cybersecurity Maturity Model Certification (CMMC) program to better protect defense data and networks.

You Will Learn:
➢ Why supply chain risk belongs on your radar
➢ All DoD contractors will require security certification
➢ New contract awards will be based on CMMC

 

Wednesday, September 2 10:05am - 10:50am
Annual State of the National Industrial Security Program
Mark Bradley, Director, Information Security Oversight Office

The National Industrial Security Program is undergoing significant changes in several key areas that will dictate future requirements for the protection of classified and controlled unclassified information. The Information Security Oversight Office (ISOO), which oversees the government-wide security classification system and the National Industrial Security Program, is at the forefront of these efforts. As changes to industrial security policy advance, security practitioners can take a number of steps now to address changing requirements and stay ahead of coming reforms. This timely presentation will bring you up to speed on key areas of government security that will affect the way you do your job.

Key Issues:
➢ CUI: Key implementation challenges
➢ NISPOM policy revisions and updates
➢ Agency self-inspection report highlights


Wednesday, September 2 10:50am - 11:35am
Leadership Through Security: The Changing Role of the FSO
Evan Lesser, Co-Founder & Managing Dir., ClearanceJobs.com

“Change is the only constant”—This time-worn phrase has special significance for security professionals in the National Industrial Security Program. We all know our role as FSO is constantly morphing as sweeping policy changes and technological advances now require us to wear many hats. The problem is these hats aren’t necessarily the ones we want to wear, or signed up to wear.  But to be successful in the new decade, FSOs must evolve into advisors, educators and business enablers who can communicate the value of security to both management and employees.  This session will show you how to adapt and thrive in this new environment.

You Will Learn:
➢ FSOs new playbook for 2020
➢ Best practices to become an effective leader
➢ New tools you must add to your arsenal