Transcript Topics - tri

TRI-SAC Council
Meeting
Michael T. Monroe
Deputy Assistant Director
Naval Criminal Investigative Service
National Security Directorate
02 May 2012
TOPICS
Introduce you to NCIS
Discuss our Challenges
Outline CI in Cyberspace Methods
THE RAPID EVOLUTION OF INFORMATION TECHNOLOGY
• “The sharing of information, using technology as an
enabler, is a culture change that has been fully
embraced by political, military, and the business
communities.”
• “If we do not develop robust capabilities to detect,
expose, and hold accountable individuals and
organizations who use technology to conduct their
dubious trade, we will lose mission, relevance, and
respect. …it is a human problem”
Quote from a Cyber Crime
Investigator in 1998
FIGHTING COMPUTER CRIME IN 1998
•
•
•
•
•
•
Value/Volume of Open Source Data
Foreign Exploitation
Computer Fraud
The Insider Threat
Security of our networks
Training of personnel to secure networks
Cyber Threats in 2012
CRITICAL
INFRASTRUCTURE
SCADA
Transportation
Public Safety
FOREIGN
INTELLIGENCE
ENTITIES
Technology Theft
Espionage
Insider Threat
TERRORISM/
DISRUPTIVE
ACTIVITIES
Denial of Service
Attack
Venue for
communication
Venue for
Information
Collection
Financial
Crimes
WORKPLACE
VIOLENCE
Identity Theft
419 Scams
Theft of
Financial data
Stalking
Communication
of Threats
Self
Radicalization
LEGISLATIVE INITIATIVES
• Comprehensive National Cybersecurity Initiative of 2008
• Cybersecurity Act of 2012
– Leiberman Bill S.2105
• Cybersecurity Information Sharing Act of 2012
– Feinstein/Mikulski Bill S.2102
• Strengthening and Enhancing Cybersecurity by Using
Research, Education, Information, and Technology Act of
2012 (SECURE IT)
– McCain Bill S.2151
BASIC APPROACH TO CYBERSECURITY
• Understand what programs/technologies are critical
to customers
• Identify foreign interest in these focus areas
• Locate information and personnel at high risk to
collection/exploitation
• Work with personnel responsible for information/
networks to protect critical information
BEST PRACTICES IN IDENTIFYING THREAT
• Understanding Open Source Data
– Queries of public-facing websites
– Biography searches of company officials
• Cross-discipline Collaboration
– Computer Network Personnel
– Marketing Personnel
• Program-Cyber-CI/Security Collaboration
• Collaboration with DoD LE/CI/Cyber agencies
CYBERSPACE:
THE NEW FRONTIER FOR FIE
Adversaries use Internet
and social networking
sites (SNS) to obtain
information on DON
personnel for exploitation
through elicitation,
inducements, and
coercion.
Frequently monitored
and exploited SNS:
Online dating
Virtual gaming
Twitter
LinkedIn
Facebook
Google +
YouTube
Blogs
INSIDER THREAT
FORT HOOD
WIKILEAKS
Army MAJ Nidal Malik Hasan
Army PFC Bradley Manning
Accused of
leaking
250,000
classified
documents
Charged with
13 counts of
premeditated
murder and
32 counts of
attempted
murder
GUESS WHO IS THE INSIDER THREAT
INSIDER THREAT
• Cyberspace contacts with Foreign Nationals
– Business relationship
• Management of the interaction
• Unwitting victim of targeting
– Attribution of contact
• Outbound Network Activity
– Large e-mail enclosures
– Network data flow activity at irregular times
• Challenges with Audit tools
ESPIONAGE STATISTICS
Motives:
#1 divided loyalties
#2 disgruntlement
#3 money/debt
67%
volunteer
37% no clearance
26% Secret
20% Top Secret
17% TS/SCI
83% are 30
years old or
older
Increased
reliance on the
Internet
civilian and
military
members
are about
even
More naturalized
citizens, foreign
attachments, foreign
business connections,
or cultural ties
WHAT ARE THE CAUSES?
TRIGGER
•
•
•
•
•
•
•
Divided loyalties
Disgruntlement
Money
Thrills
Ego/Recognition
Coercion
Ideology
MOTIVATION
•
•
•
•
•
•
•
Divorce
Death of a loved one
Money problems/debt
Physical relocation/PCS
New significant
relationship
Medical problems
Work problems
CHARACTERISTICS
•
•
•
•
•
•
•
Anti-social
Narcissistic
Entitled
Vindictive
Paranoid
Impulsive
Risk-seeking
WHERE DO WE GO FROM HERE?
• Issues
– Cross-trained analysts that understand networks and
counterintelligence threats
– Dialogue with owners of the data targeted for exfiltration
– Proactive approach to understanding network anomalies
• Generates investigative leads to anticipate threats
–
–
–
–
Management of Data in Aggregate
Understanding threats across contractor teams
Building CI in Cyberspace requirements into contracts
Maintaining relationships with DoD LE/CI agencies
Questions
Michael T. Monroe
Deputy Assistant Director
(571)305-9830
[email protected]
UNCLASSIFIED
TITLE HERE
19