cleansweep redteam report 5
TRANSCRIPT
-
7/31/2019 CleanSweep RedTeam Report 5
1/18
UNCLASSIFIED//OUO
UNCLASSIFIED//OUO
SANDIA REPORTSAND2011-xxxxUnclassified//OUOPrinted August 2011
CleanSweep Red Team Report
Prepared for:
Mr. Ed HuglerDeputy Assistant Secretary for OperationsUnited States Department of Labor
Frances Perkins Building200 Constitution AvenueWashington, DC
Prepared by:
Scott MaruokaRed Team Project LeadSandia National LaboratoriesP.O. Box 5800 MS 0620
Albuquerque, NM 87185-0620
For additional Information, contact:
Han Wei LinProject Manager(505)
@sandia.gov
OFFICIAL USE ONLY
May be exempt from public release under the
Freedom of Information Act (5 U.S.C. 552),Exemption 5, Privileged Information.
Department of Energy review requiredbefore public release
William AtkinsOrg.0562829 AUG 2011
Sandia National Laboratories is a multi-program laboratory managed andoperated by Sandia Corporation, a wholly owned subsidiary of LockheedMartin Corporation, for the U.S. Department of Energys National NuclearSecurity Administration under contract DE-AC04-94AL85000.
-
7/31/2019 CleanSweep RedTeam Report 5
2/18
CleanSweep UNCLASSIFIED//OUO Contents
August 2011 UNCLASSIFIED//OUO Page 2
Table of Contents
Executive Summary......................................................................................................................... 3Management Overview.................................................................................................................... 5
Introduction .................................................................................................................................. 5Objective ...................................................................................................................................... 5Rules of Engagement .................................................................................................................. 6Scope........................................................................................................................................... 6Red Team Composition ............................................................................................................... 7Analysis Environment .................................................................................................................. 7Methodology................................................................................................................................. 7Threat Model................................................................................................................................ 8Nightmare Consequences ......................................................................................................... 11Boundaries and Constraints....................................................................................................... 12Results ....................................................................................................................................... 12Attack Diagram Description ....................................................................................................... 12Management Results Summary................................................................................................. 16
-
7/31/2019 CleanSweep RedTeam Report 5
3/18
CleanSweep UNCLASSIFIED//OUO Executive Summary
August 2011 UNCLASSIFIED//OUO Page 3
Executive SummaryOverthecourseofthelastfouryears,the
DepartmentofLabor(DOL)wasapproachedby
variousregulatoryauthoritiesconcernedthat
keyeconomicdatawerepotentiallysubjectto
unauthorized,premature
release.
Theeconomicdatainquestionaresubjecttoan
embargoprocesswherebyDOLcontrolsthe
timingofitsreleasetomediareportersandthe
generalpublic.TheobjectiveforCleanSweep
wastoidentifypotentialvulnerabilitiesinthe
DOLpresslockupfacilityandassociateddata
embargoandreleaseprocedures,provide
mitigationoptionsforvulnerabilitiesidentified,
andassistinmitigationverificationshouldDOL
decidetoimplementrecommendedmitigation
options.
CleanSweepcustomersincludedstakeholders
fromseveralorganizationswithinDOL:
Operations,theOfficeofPublicAffairs(OPA),
andtheBureauofLaborStatistics(BLS).Eachof
theseentitieshasitsownuniqueperspective
regardingthenatureoftheperceivedthreat
and,consequently,differingideasonpotential
solutions.Thecommonconcernamongstthese
stakeholdersrevolvesaroundtheunauthorized,
prematurereleaseofembargoeddata.
Likelyadversaries
in
this
scenario
are
profit
driven,technicallysophisticatedindividualsor
organizationswhomayhaveconsiderable
resourcesattheirdisposal.Theirtechnical
proficiencyenablesimplementationofstealthy
surveillanceequipment.Althoughtheyare
willingtobendandpotentiallyviolaterulesand
laws,violenceisunlikelyasanoperational
method.
AlthoughDOL,BLS,andOPApersonnelare
doingduediligenceintheireffortstomonitor
thepresslockupfacility,theireffortsare
complicatedby
the
presence
of
non
DOL
IT
equipmentandcommunications linesinthis
facility.Theopaquenatureofthisequipmentto
DOL,BLS,andOPAstakeholdersisamajor
impedimenttoensuringthatembargoeddata
arenotreleasedpriortoauthorization.
Thepresenceofequipmentownedbypress
organizationsnecessitatesthataccesstoareas
housingDOLcommunications anddata
infrastructureismadeavailabletoemployees
andcontractorsworkingforthesepress
organizationstoconductmaintenance.This
access,thoughcontrolledbyDOLpersonnel
escortingsuchoutsiders,createsopportunities
foradversariestocompromisecriticalDOL
communicationsanddatainfrastructure.
Thefollowingactionscouldmitigateagainst
risksidentified
during
CleanSweep:
ReplacecomputersandotherIT
equipmentinthepresslockupfacility
withDOLownedequipmentand
removetheprivatedatalinescurrently
inuse.
ProhibitanyoneotherthanDOL
personnel(orcontractorsworkingfor
DOL)fromenteringcommunications
closetswithoutatechnically
knowledgeableescort.
Provide/traintechnically
knowledgeableescorts.
Modifyexistingpolicytorequire
personalitemsbekeptinlockers
outsideofthepresslockupfacility.
Divestmentshouldbeaprerequisitefor
entry.
AlthoughnotdirectlyaddressedintheSandia
NationalLaboratories(SNL)RedTeamanalysis,
theapparentrootcausefortheissuesdriving
thisassessmentisthepossiblepresenceof
algorithmictradersand/ortheiragentsinthe
presslockupfacility.ModifyingDOLpolicyon
whatcriteriaqualifiesapplicantstoattend
releaseeventswouldlikelybeofbenefit.
-
7/31/2019 CleanSweep RedTeam Report 5
4/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 4
How to Use This ReportThisreportdocumentsSandiaNationalLaboratories(Sandia's)InformationDesign
AssuranceRedTeam(IDART)securityanalysisoftheUnitedStatesDepartmentofLabor
(DOL)presslockupfacility.Thefirstsection,theManagementOverview,isintendedfor
membersofDOLmanagementandprovidesanoverviewoftheactivitywithout
technicaldetails.
Readers
interested
in
knowing
at
ahigh
level
the
threats
to
DOL
informationsystems,andhowtoprotectagainstthosethreats,shouldexaminethe
AttackDiagramDescriptionpresentedintheresultssectionoftheManagement
Overview.ReaderswhowanttoknowhowtheRedTeamconducteditsassessment
shouldreadtheManagementOverviewinitsentirety.
ItisworthytonotethatbecauseSandiasanalysisrevealedverifiedvulnerabilitiesin
processes,procedures,andsystemsusedtoprotectDOLembargoeddata,thepublic
versionofSandiasreporttoDOL(thisdocument)isintentionallykeptatagenerallevel.
RepresentativesfromDOLhaveencouragedthereleaseofthissummarytothepublic.
-
7/31/2019 CleanSweep RedTeam Report 5
5/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 5
Management Overview
TheanalysisdescribedinthisreportdesignatedprojectCleanSweepwasconducted
attherequestoftheUnitedStatesDepartmentofLabor(DOL).Thissectionisorganized
aroundthesimplifiedattackdiagram(Figure2.PresslockupFacilityAttackDiagram)
developedbytheRedTeam,describingthemostplausibleattacksagainstdata
confidentialityin
the
press
lockup
facility.
The
descriptions
of
steps
in
each
attack
provideahighlevelviewoftheattack,animpactestimateforasuccessfulattack,and
therecommendedmitigationstopreventthatattackstep.Thefollowingsections
providebackgroundfortheattackdiagram.
Introduction
Overthecourseofthelastfouryears,theDOLwasapproachedbyvariousregulatory
authorities(e.g.OIG,SEC,andFBI)concernedthatkeyeconomicdatawerepotentially
subjecttounauthorized,prematurerelease.Theeconomicdatainquestionaresubject
toanembargoprocesswherebyDOLcontrolsthetimingofitsreleasetomedia
reportersandthegeneralpublic.ThefocusofDOLmanagementconcernisthephysical,
technical,and
procedural
controls
which
constitute
this
embargo
process.
Objective
TheprimaryobjectivesofCleanSweepweretoidentifypotentialvulnerabilitiesinDOL
presslockupfacilitiesandassociateddataembargoandreleaseprocedures,provide
mitigationoptionsforvulnerabilitiesidentified,andassistinmitigationverification
shouldDOLdecidetoimplementrecommendedmitigationoptions.
SandiasIDARTteamexecutedthefollowingassessmentactivities:
1) Analysisofavailablesecurityprocesses,procedures,rules,securityequipmenttechnicalspecifications,floorplans,andotherartifactsrelatingtothepress
lockupfacility
and
embargo
process.
2) Facetofaceengagementwithkeystakeholdersintheembargoprocesstoset
commonexpectationsfortheassessmentoutcome,andfinalizescopeandthe
rulesofengagement(ROE)forassessmentactivities.
3) Inspectionandevaluationofthephysicalattributesofthepresslockupfacility
andsurroundingareaswithintheFrancesPerkinsBuilding,theinformation
technologyequipmentcontainedwithinthepresslockupfacility,associated
communicationsinfrastructure,andtechnicalsecurityequipment.IDARTteam
membersalsoconductedinterviewswithDOLpersonneltaskedwith
implementingand
executing
the
embargo
process.
4) SNLtechnicalspecialistsexecutedexteriorandinteriorsurveysoftheradio
frequency(RF)spectrumintheareaofinterest,andconductedanotherRF
spectrumanalysisduringaninformationembargo/releaseevent.
FindingsfromtheseassessmentactivitieswereanalyzedusingtheIDART
methodologydescribedthroughoutthisdocument,andasubsetoftheresultsare
recordedinthisreport.
-
7/31/2019 CleanSweep RedTeam Report 5
6/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 6
Rules of Engagement
SNLIDARTactionswerelimitedtoobservationandassessmentduringCleanSweepno
attemptsweremadetoactivelyexploitpotentialvulnerabilities.DOLagreedtoprovide
accessandsupporttoSNLIDARTteammembersduringassessmentactivities.TheROE
weredevelopedbySNLIDARTpersonnelinconcertwithDOLofficials,andwere
formulatedto
ensure
that
Red
Team
assessment
activities
would
not
adversely
impact
DOLoperationswhileconcurrentlyprovidingresultsusefultoDOLmanagementfor
formulatingriskbasedcorrectivemeasures,ifneeded.
OfparticularnoteisthatITsystems(e.g.,computers,monitors,I/Odevices,routers,
switches)withinthepresslockupfacilityarenotownedbyDOL.Eachpressagencywith
accesstothefacilityownsandmaintainsitsownequipment,includingthe
communicationslinestotheoutsideworld.TheIDARTteamwasthereforelimitedto
visualexamination(nophysicalcontact)andobservation(visualandpassiveRF)when
thesystemswereusedbypresspersonnelduringtheJuly8,2011pressrelease.
Scope
Ideally,redteamswouldprefertoidentifyeveryweaknessinatargetsystem,explore
andtestallvulnerabilities,andproduceareportprovidingacompletepictureofthe
securitypostureforthetargetenvironment.Inreality,projectbudgetandschedule
alwaysplacealimitonthescopeofassessmentactivities.
TheIDARTprocessaddsfurtherlimitstoprojectscopebyspecifyingthethreatmodel
andassociatedadversariesandconstraints.Theselimitsareusedas"realitychecks"on
redteamcoursesofactionandrecommendations.ForDOL,thethreatmodeloriginally
specifiedanadversarialupperlimitofmoderatecapability,characterizedby
individualsororganizationsseekingtoprofitfromprematureaccesstoembargoed
economic
data.
As
explained
by
officials
representing
DOL,
the
DOL
Office
of
Public
Affairs(OPA),andBureauofLaborStatistics(BLS),thescopeofthisassessmentwas
limitedtohowsuchanadversarymightexfiltrateembargoedeconomicdatafromthe
presslockupfacilityduringapressreleaseevent.
TheIDARTteamconcentratedonthefollowing:
PhysicalattributesofthePressLockupfacilityandsurroundingareaswithinthe
FrancesPerkinsBuilding,200ConstitutionAvenueNW,Washington,DC.
Businessprocessesassociatedwithpressembargoandreleaseproceduresas
documentedbypolicyandasobservedduringanactualpressreleaseevent.
RFenvironmentfortheareaofinterest.
Computerand
communications
equipment
in
the
press
lockup
facility.
Communicationsinfrastructureforthepresslockupfacility.
TheIDARTteamspecificallydidnotconsiderthefollowing:
Threatsandvulnerabilitiesassociatedwithpersonspossiblyactingasinsiders
atDOL.
-
7/31/2019 CleanSweep RedTeam Report 5
7/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 7
ThreatsandvulnerabilitiesassociatedwithDOLITsystemsusedinthe
acquisitionofdataandproductionoffinishedeconomicanalysis.
Surveillancevulnerabilitiesatlocationsotherthanthepresslockupfacilitybut
associatedwiththedataembargoandreleaseprocess.
Theparalleltelevisionmediaembargo/releasefacilityanditsassociated
processes.
Red Team Composition
Sandia/IDARTcreatedateamwhosememberspossessskillsspecificallyapplicableto
addressingthevariousissuespresentedbythisproject.Theteamconsistedoffive(5)
memberswithtechnicalspecialtiesincludingcybersecurityandthreatassessment,
adversarymodeling,physicalsecuritydesignandthreatassessment,electronic
surveillance,andriskmanagement.
Analysis Environment
TheIDARTteamconductedpreliminaryanalysisofinformationacquiredduringits
assessmentwhile
at
DOL,
which
was
communicated
to
DOL
stakeholders
during
an
out
briefingattheconclusionofassessmentactivities.UponreturningtotheSandia,the
IDARTteamandanIDARTsubjectmatterexpert(whodidnotaccompanytheteamto
DOL)conductedfurtheranalysistoidentifyandthenrefinepotentialattackscenarios
andappropriatemitigationstrategies.
Methodology
ForProjectCleanSweep,theIDARTteamusedasubsetoftheIDARTmethodology
illustratedinFigure1.Thismethodologyfollowsthestandardactivitiesshownonthe
leftofthefigurebyperformingtheworkanddevelopingtheproductsshownonthe
rightofthefigure.IDARTallowsaredteamtotailoramature,repeatableassessment
frameworkto
the
needs
of
acustomer
and
to
the
budgetary
and
scheduling
realities
of
aproject.Weacceptthatcompleteunderstandingofahighlycomplexsystemor
environmentisimpracticalformostprojects,andweusetheIDARTprocesstogenerate
meaningfulassumptionsandrealistic,simplifiedrepresentationsforthetarget
environment.Thisapproachallowsustocapturetheprincipalfeaturesandgenerate
customviewpointsthatareusedtounderstandprocessesandinteractionsandto
identifycriticalinterfacesandcomponents.Combiningthisunderstandingwithdomain
expertknowledge,wecanthenidentifysystemandsubsystemvulnerabilitiesand
predicttheireffectonbothsystemcomponentsandthesystemasawhole.
Notethatthematurityofthetargetsystem/environmentaffectstheapplicabilityofthe
IDARTprocess.
Targets
must
have
areasonable
level
of
maturitybe
it
in
the
operationalordesignphaseinordertosupportanIDARTmethodologyassessment.
-
7/31/2019 CleanSweep RedTeam Report 5
8/18
-
7/31/2019 CleanSweep RedTeam Report 5
9/18
-
7/31/2019 CleanSweep RedTeam Report 5
10/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 10
Table 1: Generic Threat Matrix. Foregoing potentially loaded terms such as hacker ornation state actor, the Generic Threat Matrix provides a qualitative categorization ofadversaries based upon attributes describing their capabilities in terms of technical andorganizational capacity.
Thismatrixprovidesqualitativevaluestokeyadversaryattributes,enablingthered
teamtogaugethecapabilitylevelandattacktools,techniques,andprocedures(TTPs)
suchanadversarywouldbringtobear.
InformationprovidedbyDOLofficialsandpersonnelandgleanedbytheIDARTteam
duringtheirassessmentactivitiesindicatesthefollowingadversarythreatprofileforthe
presslockupfacilityanddataembargoandreleaseprocess:
Intensity:MediumThethreatismoderatelydeterminedtopursueitsgoalandiswillingtoacceptsomenegativeconsequencesresultingfromthatpursuit.
Acceptableconsequencesmayincludeimprisonment,butusuallynotthedeath
ofgroupmembersorinnocentbystanders.
Stealth:MediumThethreatismoderatelycapableofmaintaininganecessarylevel
of
secrecy
in
pursuit
of
its
goal,
but
is
not
able
to
completely
obscure
details
aboutthethreatorganizationoritsinternaloperations.
Time:WeekstoMonthsThethreatiscapableofdedicatingseveralmonthstoplanning,developing,anddeployingmethodstoreachanobjective.
TechnicalPersonnel:TensThethreatiscapableofdedicatingasmall,independentgroupofindividualstoprovidethetechnicalcapabilityofbuilding
-
7/31/2019 CleanSweep RedTeam Report 5
11/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 11
anddeployingTTPs.Thereisfullcommunicationbetweenthemembersofthe
group.
CyberKnowledge:HighThethreatiscapableofusingexpertproficiency,boththeoreticalandpractical,inpursuitofitsgoal.Thethreatisabletoparticipatein
informationsharingandiscapableofmaintainingatrainingprogram,aswellasa
researchand
development
program.
Access:MediumThethreatisabletoplanandplaceagroupmemberwithindirectorlimitedaccesswithinarestrictedsystem.
TheKineticKnowledgecategorywasnotusedinthisanalysis,assuchcapabilitywasnot
judgedtobenecessarytocompromisethetargetenvironment.
Thesumoftheseattributesfallbetweenlevelsfive(5)andsix(6)intheGenericThreat
Matrix(Table1),bothwithinthemediumrangeofthreatactor.Theteamassessed
theadversaryherelackedthehighlevelofintensitybecauseitisunlikelytheywould
employviolentmeanstomeettheirgoalofexfiltratingembargoeddatapriortothe
officialrelease
time.
This
adversary
has
ahigh
rating
for
cyber
knowledge
capability
becauseofthehighlytechnicalnatureofalgorithmictrading.
Insummary,likelyadversariesinthisscenarioareprofitdriven,technicallysophisticated
individualsororganizationswhomayhaveconsiderableresourcesattheirdisposal.
Theirtechnicalproficiencyenablesimplementationofstealthysurveillanceequipment.
Althoughtheyarewillingtobendandpotentiallyviolaterulesandlaws,violenceis
unlikelyasanoperationalmethod.
Nightmare Consequences
Nightmareconsequencesareworstcasescenariosinvolvingcompromiseormisuseof
informationand
perhaps
the
systems
which
produce
and/or
store
such.
In
the
formal
IDARTmethodology,theseconsequencesaremissionorientedhowwillcompromise
ofinformationandassociatedITsystemsadverselyimpactthetargetorganizations
mission,itsabilitytodobusiness?Afternightmareconsequencesareidentified,thered
teamattemptstofindawaytoachievethemwithinthelimitationsoftheidentified
adversaryscapabilities.SinceCleanSweepactivitieswerelimitedtoassessmentand
observation,redteamactivitieswerenecessarilylimitedtotabletopexercises.
CleanSweepcustomersincludedstakeholdersfromDOLOperations,theDOLOfficeof
PublicAffairs(OPA),andtheBureauofLaborStatistics(BLS).Eachoftheseentitieshad
itsownuniqueperspectiveregardingthenatureoftheperceivedthreatand,
consequently,
differing
ideas
on
potential
solutions.
The
common
concern
amongst
thesestakeholdersrevolvedaroundtheunauthorized,prematurereleaseofembargoed
data.
Nightmare Consequences for CleanSweep Stakeholders
AllDataleakresultsinnegativepress,lossofreputation
OPAAlgorithmictraderssubvertpressreleaseprocess,supplantreal
journalists
-
7/31/2019 CleanSweep RedTeam Report 5
12/18
-
7/31/2019 CleanSweep RedTeam Report 5
13/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 13
Attacksareratedinseverityfromcritical,denotinganearcertainlikelihoodof
occurrence,tolow,denotinganunlikelyevent.Figure2capturesthesemetrics.
Table 2: Attack step risk rankings. For each attack step we provide a statement of whatwas or could be done by an attacker.
Rating DefinitionCritical Anattackstepthathasanearcertainriskofoccurringinthe
futureifithasnotalreadyhappened
Important Anattackstepthatisverylikelytooccurinthefutureand
mayalreadyhavetakenplace
Moderate Anattackstepthatislikelytooccurinthefutureandcould
alreadyhavetakenplace
Low Anattackstepthatisunlikelytooccurinthefutureand
probablyhasnotyetoccurred
Attacks
-
7/31/2019 CleanSweep RedTeam Report 5
14/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 14
Mitigation Options
Modifyexistingpolicytorequirepersonalitemsbekeptinlockersoutsideofthe
presslockupfacility.Divestmentshouldbeaprerequisiteforroomentry.Cost:Low.
Metaldetectoratpresslockupfacilityentry.Securitycheckpointsatbuilding
entrancesare
some
distance
away
from
the
Lockup
facility,
and
press
personnel
are
notescortedbetweenpoints.Cost:Medium.
ReplacecomputersandotherITequipmentinthepresslockupfacilitywithDOL
ownedequipmentandremovetheprivatedatalinescurrentlyinuse.Cost:High.
RemodelpresslockupfacilitywithRFshielding.AttenuatingmaterialblocksRF
communicationsintooroutofthefacility.Cost:Medium
Retainstatusquo.Cost:Nil.
Attacks
.
-
7/31/2019 CleanSweep RedTeam Report 5
15/18
-
7/31/2019 CleanSweep RedTeam Report 5
16/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 16
Mitigation Options
LimitthenumberofBlackBoxeseachpressorganizationmayuse.Cost:Nil. MountBlackBoxestowalloronraisedshelvessothattheequipmentiswithinplain
view.Useuniform,colorcoded,DOLissuedcablesbetweenBlackBoxesandIT
equipment.Cost:Low/Medium. Adopttamperevidentdecalsforinventorytags.Cost:Low. ReplacecomputersandotherITequipmentinthepresslockupfacilitywithDOL
ownedequipmentandremovetheprivatedatalinescurrentlyinuse.Thiswould
eliminatetheneedfortheBlackBoxesaltogether.Cost:High.
Management Results Summary
TheresultsofIDARTsassessmentareasfollows:
AlthoughDOL,BLS,andOPApersonnelaredoingduediligenceintheireffortsto
monitor
the
press
lockup
facility,
their
efforts
are
complicated
by
the
presence
of
nonDOLITequipmentandcommunicationslinesinthisfacility.Theopaque
natureofthisequipmenttoDOL,BLS,andOPAstakeholdersisamajor
impedimenttoensuringthatembargoeddataisnotreleasedpriorto
authorization.BecauseDOLmaynotconducttechnicalinspectionofthis
equipmentormonitordatatrafficforunauthorizedactivity,thereisnowayto
ascertainwithcertaintythatDOLdataisnotbeingexfiltratedwithoutDOL
authorization.
DOLcommunicationsanddatainfrastructureaccesstopressorganizations
maintenancecontractorsisanissue.Thisaccess,thoughcontrolledbyDOL
personnelescortingsuchmaintenancepersonnel,createsopportunitiesfor
adversariesto
compromise
critical
communications
and
data
infrastructure.
TheBlackBoxdevicescurrentlyemployedtocontrolthereleaseofembargoed
datainthePressLockupfacilityaresimpleandfairlyrobust.However,the
currentconceptofoperationsgoverningtheirusemakescompromisingor
circumventingthiscontrolmechanismaplausibleoccurrence.Thecluttered
natureofthefacility,plethoraofnonDOLequipment,andmultipleinstancesof
BlackBoxesforsomepressorganizationscreatesopportunitiestomaskactivities
designedtoneutralizethesecontroldevices.
Asaresultoftheassessmentactivity,theIDARTteammadeseveralrecommendations
to
improve
the
security
of
DOL
systems.
The
most
important
of
these
recommendations
includethefollowing:
ReplacecomputersandotherITequipmentinthepresslockupfacilitywithDOL
ownedequipmentandremovetheprivatedatalinescurrentlyinuse.Thiswould
eliminatetheneedfortheBlackBoxesaltogether.
ProhibitanyoneotherthanDOLpersonnel(orcontractorsworkingforDOL)from
enteringcommunicationsclosetswithoutatechnicallyknowledgeableescort.
-
7/31/2019 CleanSweep RedTeam Report 5
17/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 17
Provide/traintechnicallyknowledgeableescorts.
Modifyexistingpolicytorequirepersonalitemsbekeptinlockersoutsideofthe
presslockupfacility.Divestmentshouldbeaprerequisiteforroomentry.
AlthoughnotdirectlyaddressedintheIDARTanalysis,theapparentrootcausefor
theissues
driving
this
assessment
is
the
possible
presence
of
algorithmic
traders
and/ortheiragentsinthepresslockupfacility.ModifyingDOLpolicyonwhat
criteriaqualifiesapplicantstoattendreleaseeventswouldlikelybeofbenefit.
-
7/31/2019 CleanSweep RedTeam Report 5
18/18
CleanSweep UNCLASSIFIED//OUO
August 2011 UNCLASSIFIED//OUO Page 18
References
iNew York Times (no author attributed), High Frequency Trading, August 9, 2011
iiCisco, Cisco 2010 Annual Security Report,
http://www.cisco.com/en/US/prod/collateral/vpndevc/security annual report 2010.pdfiii
Alperovitch, D. Revealed: Operation Shady Rat, McAfee Blog Central,
http://home.mcafee.com/AdviceCenter/ExternalContent.aspx?id=cm malbiv
Duggan, David P., Thomas, Sherry R., Veitch, Cynthia K. K., Woodard, Laura. CategorizingThreat: Building and Using a Generic Threat Matrix. SAND2007-5791. Available:http://energy.gov/oe/downloads/categorizing-threat-building-and-using-generic-threat-matrix v
Black Box
Network Services (BBOX). http://www.blackbox.com/