Upload
joanna-shanna-perkins
View
214
Download
1
Tags:
Embed Size (px)
Citation preview
TRI-SAC CouncilMeeting
Michael T. MonroeDeputy Assistant Director
Naval Criminal Investigative ServiceNational Security Directorate
02 May 2012
TOPICS
Introduce you to NCIS
Discuss our Challenges
Outline CI in Cyberspace Methods
THE RAPID EVOLUTION OF INFORMATION TECHNOLOGY
• “The sharing of information, using technology as an enabler, is a culture change that has been fully embraced by political, military, and the business
communities.”• “If we do not develop robust capabilities to detect,
expose, and hold accountable individuals and organizations who use technology to conduct their dubious trade, we will lose mission, relevance, and respect. …it is a human problem”
Quote from a Cyber Crime Investigator in 1998
FIGHTING COMPUTER CRIME IN 1998
• Value/Volume of Open Source Data• Foreign Exploitation• Computer Fraud• The Insider Threat• Security of our networks• Training of personnel to secure networks
Cyber Threats in 2012FOREIGN INTELLIGENCE ENTITIES
Technology Theft
Espionage
Insider Threat
TERRORISM/DISRUPTIVE ACTIVITIES
Denial of Service AttackVenue for communication
Venue for Information Collection
Financial Crimes
Identity Theft419 Scams
Theft of Financial data
WORKPLACE VIOLENCE
StalkingCommunication of Threats
Self RadicalizationCRITICAL
INFRASTRUCTURE
SCADA
Transportation
Public Safety
LEGISLATIVE INITIATIVES
• Comprehensive National Cybersecurity Initiative of 2008• Cybersecurity Act of 2012
– Leiberman Bill S.2105
• Cybersecurity Information Sharing Act of 2012– Feinstein/Mikulski Bill S.2102
• Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT)
– McCain Bill S.2151
BASIC APPROACH TO CYBERSECURITY
• Understand what programs/technologies are critical to customers
• Identify foreign interest in these focus areas
• Locate information and personnel at high risk to collection/exploitation
• Work with personnel responsible for information/ networks to protect critical information
BEST PRACTICES IN IDENTIFYING THREAT
• Understanding Open Source Data– Queries of public-facing websites– Biography searches of company officials
• Cross-discipline Collaboration – Computer Network Personnel– Marketing Personnel
• Program-Cyber-CI/Security Collaboration• Collaboration with DoD LE/CI/Cyber agencies
CYBERSPACE: THE NEW FRONTIER FOR FIEAdversaries use Internet
and social networking
sites (SNS) to obtain
information on DON
personnel for exploitation
through elicitation,
inducements, and
coercion.
Frequently monitored and exploited SNS: Online datingVirtual gamingTwitterLinkedInFacebookGoogle +YouTubeBlogs
INSIDER THREATWIKILEAKSArmy PFC Bradley Manning
Accused of leaking 250,000
classified documents Charged with
13 counts of premeditated murder and 32 counts of attempted murder
FORT HOODArmy MAJ Nidal Malik Hasan
GUESS WHO IS THE INS IDER THREAT
INSIDER THREAT
• Cyberspace contacts with Foreign Nationals– Business relationship
• Management of the interaction• Unwitting victim of targeting
– Attribution of contact
• Outbound Network Activity– Large e-mail enclosures– Network data flow activity at irregular times
• Challenges with Audit tools
ESPIONAGE STATISTICS
67% volunteer
Motives:#1 divided loyalties#2 disgruntlement
#3 money/debt
37% no clearance26% Secret
20% Top Secret17% TS/SCI
More naturalized citizens, foreign
attachments, foreign business connections,
or cultural ties
83% are 30 years old or
older
civilian and military
members are about
even
Increased reliance on the
Internet
WHAT ARE THE CAUSES?
• Divided loyalties• Disgruntlement• Money• Thrills• Ego/Recognition• Coercion• Ideology
TRIGGER
CHARACTERISTICSMOTIVATION
• Divorce• Death of a loved one• Money problems/debt• Physical relocation/PCS• New significant
relationship• Medical problems• Work problems
• Anti-social• Narcissistic• Entitled• Vindictive• Paranoid• Impulsive• Risk-seeking
WHERE DO WE GO FROM HERE?
• Issues– Cross-trained analysts that understand networks and
counterintelligence threats– Dialogue with owners of the data targeted for exfiltration– Proactive approach to understanding network anomalies
• Generates investigative leads to anticipate threats
– Management of Data in Aggregate– Understanding threats across contractor teams– Building CI in Cyberspace requirements into contracts– Maintaining relationships with DoD LE/CI agencies
Questions
Michael T. MonroeDeputy Assistant Director
(571)305-9830
UNCLASSIFIED TITLE HERE 19