What is a threat

• Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service.

• Current and perceived capability, intention, or attack directed to cause denial of service, corruption, compromise, or fraud, waste, and abuse to an information system.

Categories of Threats

• Technical- hardware, software, or

design deficiency- often vulnerable right out of the box

• Administrative- inadequate or incorrect

implementation of existing security features- not a design flaw but rather poor policy, process or procedure.

What are the types of threats?• Unintentional Threats

- spilled food or liquid

- downloaded game or software

- disabled anti-virus software

- unattended computer

with no locked keyboards

or screensavers

- accidental deletion or modification of files

Types of Threats..cont

• Intentional Treats- The insider threat

- Social engineering

- Elicitation

- Computer Network attack

Intentional Threats con’t

- Internet…perhaps our largest daily threat

--Cookies

--Mobile code, Malicious code & Spy-ware

--Use of home internet service provider

--OPSEC…or lack of it

--Distributed Denial of Service

--Hoaxes

--Spam

Would insiders really steal information?

Famous Turncoats

• Benedict Arnold-Appointed by George Washington to position in continental congress- He was in a trusted position- He was caught trying to smuggle classified documents to the British in 1780- His partner in crime Andre’ was sentenced to death while Arnold escaped to Canada

Famous Turncoats• The Rosenburgs-Controversial case;

convicted of spying for the Soviet Union

• Passed the secret of the “A” bomb to the Soviets (from the Manhattan Project)

• Judge Irving Kaufman found them guilty of espionage and said “ they contributed to the communist aggression and 50,000 deaths of the Korean War

Famous Turncoats

• Both were executed in 1953 for Conspiracy to Commit Espionage

• In 1995 NSA released de-crypted evidence of their involvement

• In his memoirs posthumously published in 1990 Nitkita Khrushchev praised both of them for their “very significant help in the production of the atomic bomb”

Famous Turncoats

• Aldrich Ames…The Chief of Counterintelligence in Eastern Europe and the Soviet Union

• CIA employee for 31 years

• Sold the names of all his co-worker spies to the Soviet Union for $50,000.

• “The most damaging spy case in the history of this country”…….NSI, 1995… NSI . org

Famous Turncoats

• Ultimately betrayed more than 100 operations and received $3 million

• His betrayal led to the execution of 10 KGB (Soviet) double agents and 11 US agents.

CIA IG report 1994

Famous Turncoats A little close to home…….

• Brian P. Regan…worked for the super- secret National Reconnaissance

Office; They design and operate spy satellites

• Had access to Top Secret information (information that could do exceptionally grave damage if divulged)

• Was arrested Aug 23, 2002 with classified information on his person

• Stole, copied and buried over 20,000 pages of documents classified as Top Secret or higher…

Brian Regan

• Buried documents in 19 locations, many in state parks. Contained detailed information on US satellites, early warning systems, missile site coordinates, and WMD.

• Wrote letter to Saddam Hussein offering to sell Top secret information for 13 million . Identical letters on his computer to China, Iran, and Libya

• Regan was bitter over “the small pension received for years of service”…..who was the service with?

A little close to home………………

Brian P. Regan

Master Sergeant, USAF, Retired

38 year old, Father of 4, deeply in debt and in 2003 sentenced to life in prison…

lost his “small pension”

What can I do to help?What are my Responsibilities?

• Fight the insider threat

- protect your access to information (physical access)…keys/doors, personnel rosters ...physical security

-protect your electronic access.. don’t share passwords, access cards, codes ...

-report shoulder surfers or suspicious activity

What are my Responsibilities?

• Use your virus software– Run on start up and weekly minimum

– Scan all removable media (disks, DVDs,CDs) before each use

– Save and scan all attachments (especially all high risk)

What are my Responsibilities?• Don’t load software/programs on government

computer without permission-including freeware

• Load virus protection on your home computer…its free from the government if you are using the computer to do any government production (contact your workgroup manager)

• Don’t talk about government issues or business in open chat rooms or forums

What are my Responsibilities?

• Don’t post your email address in chat rooms, forums, or message boards.

• Report violations or suspicious activity

-pornography

-loading personal software

-revealing sensitive information

-failure to take security measures

Military Critical Technology

CountriesTargeting The U.S.

 

Number Reported Incidents

  

  FY 2003 FY 2002

FY 2003 FY 2002

Information Systems 25 22 63 47

Sensors & Lasers 17 17 40 46

Electronics 9 12 32 37

Armaments & Energetic Material

9 8 44 26

Aeronautics 10 9 36 36

Marine Systems 6 4 32 24

Guidance & Navigation Technologies

4 4 26 15

Space Systems Technologies

5 3 22 19

Power Systems 3 2

Annual Report to Congress 2003

13 13

“ The truth is that there’s an enemy that still lurks out there. And we must continue to work together to protect our country…the most solemn duty of government is to protect American people.”George W. Bush, January 23, 2004