Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Information security wikipedia , lookup
Information privacy law wikipedia , lookup
Cyberwarfare wikipedia , lookup
International cybercrime wikipedia , lookup
Cyberattack wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Computer security wikipedia , lookup
TRI-SAC Council Meeting Michael T. Monroe Deputy Assistant Director Naval Criminal Investigative Service National Security Directorate 02 May 2012 TOPICS Introduce you to NCIS Discuss our Challenges Outline CI in Cyberspace Methods THE RAPID EVOLUTION OF INFORMATION TECHNOLOGY • “The sharing of information, using technology as an enabler, is a culture change that has been fully embraced by political, military, and the business communities.” • “If we do not develop robust capabilities to detect, expose, and hold accountable individuals and organizations who use technology to conduct their dubious trade, we will lose mission, relevance, and respect. …it is a human problem” Quote from a Cyber Crime Investigator in 1998 FIGHTING COMPUTER CRIME IN 1998 • • • • • • Value/Volume of Open Source Data Foreign Exploitation Computer Fraud The Insider Threat Security of our networks Training of personnel to secure networks Cyber Threats in 2012 CRITICAL INFRASTRUCTURE SCADA Transportation Public Safety FOREIGN INTELLIGENCE ENTITIES Technology Theft Espionage Insider Threat TERRORISM / DISRUPTIVE ACTIVITIES Denial of Service Attack Venue for communicatio n Venue for Information Collection Financial Crimes Identity Theft 419 Scams Theft of Financial data WORKPLA CE VIOLENCE Stalking Communicati on of Threats Self Radicalizatio n LEGISLATIVE INITIATIVES • Comprehensive National Cybersecurity Initiative of 2008 • Cybersecurity Act of 2012 – Leiberman Bill S.2105 • Cybersecurity Information Sharing Act of 2012 – Feinstein/Mikulski Bill S.2102 • Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT) – McCain Bill S.2151 BASIC APPROACH TO CYBERSECURITY • Understand what programs/technologies are critical to customers • Identify foreign interest in these focus areas • Locate information and personnel at high risk to collection/exploitation • Work with personnel responsible for information/ networks to protect critical information BEST PRACTICES IN IDENTIFYING THREAT • Understanding Open Source Data – Queries of public-facing websites – Biography searches of company officials • Cross-discipline Collaboration – Computer Network Personnel – Marketing Personnel • Program-Cyber-CI/Security Collaboration • Collaboration with DoD LE/CI/Cyber agencies CYBERSPACE: THE NEW FRONTIER FOR FIE Adversaries use Internet and social networking sites (SNS) to obtain information on DON personnel for exploitation through elicitation, inducements, and coercion. Frequently monitored and exploited SNS: Online dating Virtual gaming Twitter LinkedIn Facebook Google + YouTube Blogs INSIDER THREAT FORT HOOD WIKILEAKS Army MAJ Nidal Malik Hasan Army PFC Bradley Manning Accused of leaking 250,000 classified documents Charged with 13 counts of premeditated murder and 32 counts of attempted murder GUESS WHO IS THE INSIDER THREAT INSIDER THREAT • Cyberspace contacts with Foreign Nationals – Business relationship • Management of the interaction • Unwitting victim of targeting – Attribution of contact • Outbound Network Activity – Large e-mail enclosures – Network data flow activity at irregular times • Challenges with Audit tools ESPIONAGE STATISTICS civilian and Motives: #1 divided loyalties #2 disgruntlement #3 money/debt 67% volunteer 37% no clearance 26% Secret 20% Top Secret 17% TS/SCI 83% are 30 years old or older Increased reliance on the Internet military members are about even More naturalized citizens, foreign attachments, foreign business connections, or cultural ties • • • • • WHAT ARE THE CAUSES? TRIGGER • • • • • • • Divided loyalties Disgruntlement Money Thrills Ego/Recognition Coercion Ideology MOTIVATION • • Divorce Death of a loved one Money problems/debt Physical relocation/PCS New significant relationship Medical problems Work problems CHARACTERISTICS • • • • • • • Anti-social Narcissistic Entitled Vindictive Paranoid Impulsive Risk-seeking WHERE DO WE GO FROM HERE? • Issues – Cross-trained analysts that understand networks and counterintelligence threats – Dialogue with owners of the data targeted for exfiltration – Proactive approach to understanding network anomalies • Generates investigative leads to anticipate threats – – – – Management of Data in Aggregate Understanding threats across contractor teams Building CI in Cyberspace requirements into contracts Maintaining relationships with DoD LE/CI agencies Questions Michael T. Monroe Deputy Assistant Director (571)305-9830 [email protected] UNCLASSIFIED TITLE HERE 19