Category Archives: Burgess writes for Clearance Jobs

Articles crafted by Christopher Burgess which appeared in ClearanceJobs.com

Prevendra - Gregory Allen Justice - arrest

Selling secrets to Russia? It’s a bad idea

The headline read:  Selling Secrets to the Russians? Jason Bourne Fan arrested in spy drama of his own.  Thus implying the motivation for Gregory Allen Justice was his sick wife, a job at which he felt unappreciated and a fascination with cinematic secret operatives such as Jason Bourne and James Bond. There’s more to the story.

When he was arrested for what the Federal Bureau of Investigation called in their filed criminal complaint: probable cause of Economic Espionage, violation of the Arms Export Control Act, and violation of the International Trafficking in Arms Regulations (ITAR),  Justice found out just how adroit the FBI, working with the Air Force Office of Special Investigations (AFOSI), can be when working an espionage case.

BREAKING TRUST

Justice allegedly broke trust with his employer, a cleared defense contractor (who, according to his father is Boeing Satellite Systems). He is alleged to have reached out to the Russian Embassy in Washington, DC to volunteer his services in late 2015.

His first attempt at contact involved sending a letter, followed by a brief phone call to the Russian Naval Attaché within the Russian Embassy (Military attaches in embassies, are on occasion associated with military intelligence). This letter, according to the criminal complaint filed in the United States District Court, Central District of California, contained a “technical schematic.”

On February 10, 2016, Justice again called the Russian Naval Attache’s office at the Russian Embassy and asked if there was interest in maintaining contact and obtaining similar things. At that point, the FBI does what the FBI does … then stepped in and provided Justice with all the rope he needed to hang himself.

FBI COVERTLY ENGAGES  GREGORY ALLEN JUSTICE

Justice was contacted two days later by an undercover FBI special agent (S/A) who posed as a member of the Russian external intelligence service, the SVR. The S/A picked up the conversation and arranged to meet with Justice.  Over the course of the next few months (February – May 2016), Justice would meet the S/A face-to-face on five occasions. On each of the last four occasions, Justice brought information which was either proprietary or in violation of US export regulations, signed a receipt for cash received from the S/A and volunteer to expand his collection efforts in support of what he believed to the Russian SVR.  (NB: It is not revealed if the Russian intelligence apparatus acted upon Justice’s attempt to volunteer, or if they took a pass.)

Justice explained how all of the information he was providing was “ITAR.” And went on to compare his collaboration with the S/A as just like the “spy movies” of Jason Bourne, James Bond and “The Americans.”  Furthermore, Justice claimed to need money to fund his wife’s medical bills. Readers of the entire criminal complaint will see, while his motivation was financial, it was to fund his relationship with a woman other than his wife, and narcotics distribution. Furthermore, he provided information to the S/A on 16-gigabyte USB thumb drives.

INSIDER THREAT PROGRAM

The cleared defense contractor had in place a robust insider threat program. The program detected in November 2015, Justice coping a number of files to an external device, and then provided confirmatory information to the FBI/AFOSI on the information which Justice would purloin prior to each meeting with the S/A.

WHAT WAS AT RISK

While Justice did not have access to classified programs, he did have access to the following satellite system programs:

  • Wideband Global Satellite Communication (WGS)
  • Global Positioning System (GPS)
  • Geostationary Operational Environmental Satellites (GOES)
  • Tracking and Data Relay Satellite (TDRS)
  • Milstar Communications Satellite (MILSTAR)
  • Tangential access to additional programs
    • INMARSAT
    • MEXSAT
    • GPS IIF

INFOSEC TRAINING

Furthermore, as a cleared defense contractor, one would expect there to be a comprehensive cyber and counterintelligence briefing and training program, and there was.  Justice’s training folio showed he had taken a variety of courses.

  • Information Security 2015 (July 10, 2015)
  • Intellectual Property for Engineers and Technologists (July 10, 2015)
  • Threat Management Training for Employees (July 9, 2015)
  • Trade Secrets and Proprietary Information (July 9, 2015)
  • Enterprise US Export Awareness Overview (July 9, 2015)
  • Information Security 2014 (June 25, 2014)
  • 2014 Ethics Recommitment Training (May 6, 2014)
  • Enterprise US Export Awareness Overview (November 27, 2013)

CONTROLS TO PREVENT A LEAK

The cleared defense contractor had in place a data loss prevention (DLP) monitoring program and as noted above, found Justice downloading data to a USB device. In addition, the resident DLP monitoring program captures screenshots of Justice’s computer, at a cadence of approximately every six seconds. In addition, when an external medium, such as an USB drive is inserted into a laptop/desktop, the system prompts to encrypt the data.

Physical access procedures were also in place at the cleared defense contractor’s facility.  To enter the building, Justice is required to display a badge to a guard or enter through a badge-controlled gate. In addition, access controls exist at Justice’s specific work area, via a badge swipe.  In order to access his work station, Justice was required to insert his badge and enter a pin (description fits that of a Common Access Card functionality). Access controls on specific data sets required a re-authentication by Justice in order to garner access. Furthermore, within the contractor’s IT system, when entering the collaborative data sets environment, all data is clearly marked and delineated as proprietary and/or requiring compliance with export controls.

SUMMATION – TRUST BUT VERIFY

Justice broke trust. The contractor’s DLP system identified his accessing and copying files to external devices. It is unclear from the criminal complaint if this actionable information was of sufficient caliber to warrant action or if the action occurred only after the FBI/AFOSI arrived on the scene post-Justice’s volunteering his services to the Russian intelligence apparatus.

Entities with insider threat programs are challenged with both the potential for a mountain of false-positives, as well as determination of what level of activity warrants action.  Each program will be different, but having access to the data, for archival review should be mandatory. The rationale, today’s actions may appear mundane and low-risk, but when added to additional pieces of data, which may also appear to be innocuous and of low-risk, creates a more complete picture of the mosaic of the risk being presented by the employee breaking trust.

 

 


A version of the above, written by Christopher Burgess, was original posted in Clearance Jobs in July 2016: Profile in Espionage – Curtailing a Satellite Spy with an Insider Threat Program

Prevendra's Email Updates
Get the latest content first.
100% Privacy. We don't spam.

Travel with a USG security clearance? 5 tips for a secure trip

[text_output]Foreign TravelTravel security for the cleared professional is incredibly important, both for personal safety as well as the protection of classified information.

One of the first briefings an individual receives after being informed that they have been granted a security clearance, is the counterintelligence brief. Included in the counterintelligence brief will be multiple references to foreign and hostile intelligence services and their interest in individuals who have been granted a security clearance and enjoy the trust of the U.S. government. This is reinforced during the foreign travel security brief which the cleared individual will receive from their Facility Security Officer.

Both the Federal Bureau of Investigation and the Defense Security Services have issued counterintelligence guidance (see below) to prep the foreign traveler, and it should be a mainstay of the pre-travel preparation by any traveler.[/text_output][feature_headline type=”left” level=”h1″ looks_like=”h1″ icon=”adjust”]5 travel tips[/feature_headline]

[text_output]

[icon_list_item type=”laptop”][/icon_list_item]     Tip #1:

Travel with “designated” travel devices. Ensure the device(s) which are being used are “designated” travel devices, that is devices which are sanitized prior to travel, loaded only with data required for the trip. It is no doubt difficult for the traveling executive to want access to every email and all their electronic files when on the road, as productivity may drop. Security concerns, however, make it prudent to only travel with information specific to the trip.[/text_output][line][text_output]

[icon_list_item type=”globe”][/icon_list_item]     Tip #3:

Register your itinerary with the U.S. Department of State. The Department of State’s Smart Traveler Enrollment Program is designed specifically to alert the U.S. Embassy or Consulate where one is traveling. Enrollment is free, and the traveler can update itinerary via the website. In the event of a natural catastrophe or civil disturbance, the Embassy/Consulate will have your contact data and if warnings or alerts are provided to U.S. persons in the consular zone, the traveler will be included.[/text_output][text_output]

[icon_list_item type=”credit-card”][/icon_list_item]     Tip #5:

Avoid illegal activities. Avoid any activities which could be construed as provocative by the local security services. From time to time, travelers in foreign locales lose their inhibitions, avoid such. Nothing makes the foreign intelligence officer’s job easier than a traveler who chooses to place themselves in a compromising position. This could take the form of taking an envelope from a stranger; engaging in black-market currency exchange; purchase of illegal substances; etc.[/text_output][line]

[text_output]

[icon_list_item type=”bank”][/icon_list_item]     Tip #2:

Maintain 24/7 possession of these devices. As detailed in the counterintelligence pamphlets, foreign intelligence services delight in being allowed physical access to cleared U.S. personnel’s electronic devices. Maintaining 24/7 possession, increases the level of difficulty considerably. Try not to allow convenience to trump security, and use the hotel room safe to secure the electronic devices. While the safe may slow down the casual thief, they are accessible by the aforementioned foreign intelligence service in seconds, using the same technology the hotel will use when you call and advise you have forgotten the 4-6 digit pin and your passport is inside.[/text_output][line][text_output]

[icon_list_item type=”search”][/icon_list_item]     Tip #4:

Have no expectation of privacy. While privacy is fleeting in many locales due to population density and cultural norms, the privacy discussion here is more along the lines of privacy for sensitive conversations or meetings. Hotel rooms, restaurants, elevators, cafes, lobby’s etc., should all be considered hostile environments where no sensitive conversations should take place.[/text_output][line][text_output]Prevendra-Logo-Final-01-90Need to help putting together a travel security program for your company?

We can help.

Contact us directly via our contact page.[/text_output]

[text_output]The above first appeared under the byline of Christopher Burgess on ClearanceJobs.com

Prevendra - Clearance Jobs[/text_output]

Prevendra - Facility Security Officer - Cognizant Security Authority

National Security – Facility Security Officer & Cognizant Security Authority

Prevendra - Clearance JobsWorking within the Defense contractor environment, the roles and responsibilities of the facility security officer are of critical importance.

Thinking of entering the defense contractor market place or wish to provide services to a classified government customer, Department of Defense, intelligence community or other government agency or department? You will want to familiarize yourself with the National Industrial Security Program Operating Manual (NISPOM) and the Director of Central Intelligence Directives (DCIDs). The NISPOM is your security operational bible, containing the many parameters surrounding the defense classified engagement, while the DCIDs serve the same purpose from engagement within the intelligence community.

Fair warning, engaging within the classified community you will encounter acronym overload, the manual contains over 103 of these. That said, there are acronyms which every entity supporting a classified government engagement will want to know. The CSA, CSO, and FSO are three of the most important.

CSA = COGNIZANT SECURITY AUTHORITY

Within the NISPOM/DCIDs parlance, Cognizant Security Authority (CSA) denotes the department or agency which has security administrative responsibility for the classified activities and contracts under their remit. The CSA serves as the ultimate arbiter with respect to interpretation of the NISPOM or DCIDs, whichever is applicable. Inquiries are forwarded to the CSA either through the Cognizant Security Offices (CSO) for contractor facilities or the commander or head of facility for U.S. Government facilities. If a contractor is to utilize a CSO, the CSA will identify the entity to the contractor. In addition to providing interpretation of the operating manuals, the CSA also serves as the decision point with respect to obtaining a waiver.

FSO = FACILITY SECURITY OFFICER

Within Defense contractor facilities, sits the Facility Security Officer (FSO). The FSO must be a US Citizen employee, who is cleared to work within the cleared facility. The FSO is appointed by his/her employer – the contractor – as the FSO. The FSO will “supervise and direct security measures” within the facility. Thankfully, one is not simply appointed FSO and cut loose, the FSO is required to take applicable training courses in order to understand fully the complexity of the requirements levied by the CSA and outlined within the NISPOM/DCIDs.

For those who enjoy the trust of their government, and are working within a classified environment, they can expect the FSO to provide a facility specific standard operating procedures (SOP). The SOP will include those portions of the NISPOM/DCIDs applicable, as well as any unique requirements levied by the CSA or the contracting government agency.

Reference: NISPOM February 2006 (Incorporating Change 1 – March 28, 2013)


 

This article was originally crafted for ClearanceJobs.com in January 2014 and has been updated prior to being posted here.

Prevendra - rejected - NISPOM

Top 10 reasons your employee’s security clearance was rejected

We’ve all been there. The Defense Industrial Security Clearance Office (DISCO) or the Office of Personnel Management (OPM) rejects your applicant’s application package. What went wrong? Your employee dutifully filled out all the necessary paperwork you thought the application package was complete and tight. But here you are, reading, “We are sorry to advise that your application package for John Doe has been rejected, please address the following issue and resubmit.”

In this day and age of a highly mobile society, where residence and job change occur more frequently than in the past, the need to have your data complete helps the applicant tremendously – with respect to DISCO – their number one identified issue is incomplete or missing employment information.

DISCO admonishes:

List all employment; include the company which is submitting the clearance request as current employer. Applicant should list all full-time work, paid or unpaid,
consulting/contracting work, all military service duty locations, temporary military duty locations (TDY) over 90 days, self-employment, other paid work, and all periods of
unemployment.”

Whereas, OPM notes their number one identified issue is the fingerprint cards aren’t being submitted in a timely manner.

OPM admonishes:

“Fingerprint cards must be provided to OPM within 14 days of approval by DISCO”

The good news is, both DISCO and OPM have shared with us their top ten reasons for application rejections (current as of July 2012)

DISCO – THESE TEN ITEMS ACCOUNT FOR 96% OF ALL DISCO REJECTIONS

  1. Missing employment information
  2. Missing social security number of spouse or adult co-habitant
  3. Missing relatives information
  4. Missing Selective Service registration information
  5. Incomplete information concerning debts or bankruptcy
  6. Missing education reference information
  7. Missing employment reference information
  8. Incomplete explanation of employment record
  9. Missing personal reference information
  10. Missing explanation of drug usage

OPM – THESE TEN ITEMS ACCOUNT FOR 98% OF ALL OPM REJECTIONS

  1. Fingerprint cards not submitted within the required timeframe
  2. Certification/Release forms information illegible or missing
  3. Certification/Release forms not meeting date requirements
  4. Discrepancy of place and date of birth information
  5. Missing references (character, residential, employment or educational)
  6. Discrepancy of e-QIP Request ID Number
  7. Missing employment information
  8. Certification/Release forms not submitted
  9. Missing education information
  10. Missing residence information

Using the above two lists as a final checklist will significantly reduce the likelihood the applicant’s application will be rejected based on a missing or incomplete item. Remember, it is both the applicant’s and security officer’ responsibility to ensure the packages submitted to DISCO/OPM are complete.

As the adage goes, the devil is in the details.


This piece by Christopher Burgess originally appeared on  the ClearanceJobs blog.

Prevendra - Clearance Jobs

Resume Security – Know what and where your are posting

Prevendra - Clearance JobsResume Security – The security risks associated with resumes, including candidate provision of content and employer’s processes and checks and balances.

RESUME SECURITY

There are two sides of the coin surrounding the security aspects of the job hunt. On one side of the coin we have the individual and the risks which the individual jobseeker is exposed during their job hunt and on the other we have the employer, who is sifting and sorting for the best candidate while also managing the risks of making decisions based on resume content.

THE JOB HUNTER:

What are your risks?

The resume: Identity theft comes in many forms, from something as mundane has having your content lifted and used by another person. How can you protect against the identity theft dynamic? Some items shouldn’t appear on a resume, including your Social Security Number (SSN) or your physical address. A telephone number or an email to a unique, one-off, email should be sufficient for an interested employer to reach out and engage. Only when an offer is to be made or when the interview process has advanced to the background check step should these key identity items be provided.

The job search process: It is important you know to whom you are sharing your resume and the bonafides of the recruiter or that blind position requirement you see on a job board. There have been documented cases of individuals with access to Human Resource systems culling through the personnel and applicant files, lifting a sufficient amount of information to craft a parallel identity and then obtaining credit cards and loans under the duplicate persona. The aforementioned steps will go a long way toward lowering the identity theft risk.

THE EMPLOYER:

What are your responsibilities?

The employer is challenged to ensure the candidate is who they claim to be and the information they are providing is accurate. The risk of fraudulent data finding its way onto a resume is not insignificant. According to a recent survey conducted by HireRight, two out of three employers have encountered an applicant lying on their resume (which may indicate that number is actually higher, as the likelihood of 100% of those engaging in this fraudulent practice being identified is slim). Reviewing social networks is a low-cost, high return methodology of validating the candidate’s bona fides. Call references and evolve secondary level references during your due back ground check. And do yourself a favor and use a secure, niche site such as ClearanceJobs.com.

The employer also must remember to protect their job applicant’s information from various types of exploitation to include – financial identity theft (Loans/credit cards/bank accounts); social security identity theft, a market for social security numbers exists to help document those who are ineligible for social security numbers; and use of an applicant’s identity when confronted by law enforcement.

In sum, if you are looking for your next position, when you are posting or submitting resume, you are placing your information into the hands of anther to protect, take a moment and ensure that you are not giving away too much personal information. And for those who are accepting resumes, remember you are being entrusted with the personal information of an applicant – protect it.

Source: http://news.clearancejobs.com