cleansweep technical 2

7/31/2019 CleanSweep Technical 2

1/39

Version FINALUnclassified//Official Use OnlyAugust 2011

Red Team ReportCleanSweep: Technical Details

Prepared for: United States Department of LaborMr. Ed HuglerDeputy Assistant Secretary for Operations

United States Department of LaborFrances Perkins Building200 Constitution AvenueWashington, DC

Prepared by: Scott MaruokaRT Project LeadDepartment 5627Sandia National Laboratories505-P O Box 5800, MS 0620Albuquerque NM 87185-0671

Sandia National Laboratories is a multi-programlaboratory managed and operated by SandiaCorporation, a wholly owned subsidiary of LockheedMartin Corporation, for the U.S. Department of EnergysNational Nuclear Security Administration under contractDE-AC04-94AL85000.

For additional Information, contact:Han Wei Lin, Project ManagerPhone: 505Email @sandia.gov

OFFICIAL USE ONLY

May be exempt from public release under theFreedom of Information Act (5 U.S.C. 552),Exemption 5, Privileged Information.

Department of Labor review required beforepublic release

William AtkinsOrg.0562829 AUG 2011


2/39

OFFICIAL USE ONLYCleanSweep Contents

August 2011 OFFICIAL USE ONLY Page ii

Table of Contents

Table of Contents ............................................................................................................................. iiExecutive Summary......................................................................................................................... 1CleanSweep: Technical Details....................................................................................................... 2Introduction .................................................................................................................................. 2

Objective ...................................................................................................................................... 2Rules of Engagement .................................................................................................................. 3Scope........................................................................................................................................... 4Red Team .................................................................................................................................... 4Analysis Environment .................................................................................................................. 5Methodology................................................................................................................................. 5Threat Model.............................................................................................................................. 15Nightmare Consequences ......................................................................................................... 17Adversary................................................................................................................................... 18Analysis...................................................................................................................................... 20Attack Graph.............................................................................................................................. 21

Summary ....................................................................................................................................... 27Observations.............................................................................................................................. 32Recommendations ..................................................................................................................... 32

Attachment 1: Agenda ................................................................................................................... 33Attachment 2: Cost Estimates ....................................................................................................... 35


3/39

OFFICIAL USE ONLYCleanSweep Executive Summary

August 2011 OFFICIAL USE ONLY Page 1

Executive SummaryOverthecourseofthelastfouryears,theDOL

wasapproachedbyvariousregulatory

authorities(e.g.OIG,SEC,andFBI)concerned

thatkeyeconomicdatawerepotentiallysubjecttounauthorized,prematurerelease.

Theeconomicdatainquestionaresubjecttoan

embargoprocesswherebyDOLcontrolsthe

timingofitsreleasetoreportersandthegeneral

public.TheobjectiveforCleanSweepwasto

identifypotentialvulnerabilitiesintheDOL

PressLockuproomfacilityandassociateddata

embargoandreleaseprocedures,provide

mitigationoptionsforvulnerabilitiesidentified,

andassistinmitigationverificationshouldDOL

decideto

implement

recommended

mitigation

options.

CleanSweepcustomersincludedstakeholders

fromseveralorganizationswithinDOL:

Operations,theOfficeofPublicAffairs(OPA),

andtheBureauofLaborStatistics(BLS).Eachof

theseentitieshaditsownuniqueperspective

regardingthenatureoftheperceivedthreatand

consequently,differingideasonpotential

solutions.Thecommonconcernamongstthese

stakeholdersrevolvedaroundtheunauthorized,

prematurereleaseofembargoeddata.

Likelyadversariesinthisscenarioareprofit

driven,technicallysophisticatedindividualswho

mayhaveconsiderableresourcesattheir

disposal.Theirtechnicalproficiencyenables

implementationofstealthysurveillance

equipment.Thoughtheyarewillingtobendand

potentiallyviolaterulesandlaws,violenceis

unlikelyasanoperationalmethod.

ThoughDOL,BLS,andOPApersonnelaredoing

duediligenceintheireffortstomonitorthe

presslockup

facility,

their

efforts

are

complicatedbythepresenceofnonDOLIT

equipmentandcommunications linesinthis

facility.Theopaquenatureofthisequipmentto

DOL,BLS,andOPAstakeholdersisamajor

impedimenttoensuringthatembargoeddatais

notreleasedpriortoauthorization.

Thepresenceofequipmentownedbypress

organizationsnecessitatesthataccesstoareas

housingDOLcommunications anddata

infrastructureismadeavailabletocontractors

workingforthesepressorganizationsto

conductmaintenance.Thisaccess,though

controlledbyDOLpersonnelescortingsuch

maintenancecontractors,createsopportunities

foradversariestocompromisecriticalDOL

communicationsanddatainfrastructure.

Thefollowing

actions

would

mitigate

against

risksidentifiedduringCleanSweep:

ReplacecomputersandotherITequipmentinthePresslockupfacility

withDOLownedequipmentand

removetheprivatedatalinescurrently

inuse.Thiswouldeliminatetheneed

fortheBlackBoxesaltogether.

ProhibitanyoneotherthanDOLpersonnel(orcontractorsworkingfor

DOL)fromenteringcommunications

closetswithoutatechnically

knowledgeableescort.

Provide/traintechnicallyknowledgeableescorts.

Modifyexistingpolicytorequirepersonalitemsbekeptinlockers

outsideofthePressLockuproom.

Divestmentshouldbeaprerequisite

forroomentry.

ThoughnotdirectlyaddressedintheSNLRed

Teamanalysis,theapparentrootcauseforthe

issuesdrivingthisassessmentisthepresenceof

algorithmictradersinthepresslockupfacility.

ModifyingDOL

policy

on

what

criteria

qualifies

applicantstoattendreleaseeventswouldlikely

beofbenefit.


4/39

OFFICIAL USE ONLYCleanSweep Technical Details


CleanSweep: Technical DetailsThissectionofthereportisintendedforpersonnelinterestedinthedetailsofthe

SandiaRedTeamconclusionsdescribedintheManagementOverview.Someofthe

informationisrepeatedfromprevioussectionstohelpestablishcontextforthose

readerswho

have

chosen

to

begin

with

this

section.

Where

that

information

is

repeated,additionaldetailisprovidedforthetechnicalreader.

IntroductionOverthecourseofthelastfouryears,theDOLwasapproachedbyvariousregulatory

authorities(e.g.OIG,SEC,andFBI)concernedthatkeyeconomicdatawerepotentially

subjecttounauthorized,prematurerelease.Theeconomicdatainquestionaresubject

toanembargoprocesswherebyDOLcontrolsthetimingofitsreleasetoreportersand

thegeneralpublic.ThefocusofDOLmanagementconcernisthephysical,technical,and

proceduralcontrolswhichconstitutethisembargoprocess.

ObjectiveSNLIDARTwastaskedtoidentifypotentialvulnerabilitiesinDOLpresslockuproom

facilitiesandassociateddataembargoandreleaseprocedures,providemitigation

optionsforvulnerabilitiesidentified,andassistinmitigationverificationshouldDOL

decidetoimplementrecommendedmitigationoptions.

InformationsharingwasperformedviaSNLexternalSharePoint(anSSLenabled

collaborationapplication).

SandiasIDARTteamexecutedthefollowingassessmentactivities:

1) DocumentReview Analysisofavailablesecurityprocesses,procedures,rules,

securityequipment

technical

specifications,

floor

plans,

and

other

artifacts

relatingtotheembargoprocess.Conductopensourceresearchonpertinent

subjects.

2) Kickoffmeeting Facetofaceengagementwithkeystakeholdersintheembargoprocesstosetcommonexpectationsfortheassessmentoutcome,andfinalize

scopeandtherulesofengagementforassessmentactivities.

3) VulnerabilityAssessment IDARTTeammembersconductedaninspectionandevaluationofthephysicalattributesofthepresslockupfacilityandsurrounding

areaswithintheFrancesPerkinsBuilding,theinformationtechnologyequipment

containedwithintheLockupFacility,associatedcommunicationsinfrastructure,

technicalsecurity

equipment,

and

conducted

interviews

with

DOL

personnel

taskedwithimplementingtheembargoprocess.

4) SandiaNationalLaboratoriestechnicalspecialistsexecutedexteriorandinteriorsurveysoftheradiofrequency(RF)spectrumintheareaofinterest,and

conductedanotherradiofrequencyspectrumanalysisduringaninformation

embargo/releaseevent.Thesepersonnelusedacombinationofproprietaryand

publiclyavailablebutcontrolledequipmentandapplications.


5/39



a. EstablishbaselineRFreadingsforthetargetarea.

b. ConductRFassessmentofthetargetareaduringapressevent.

c. Compareresults,identifyanomalies.

FindingsfromtheseassessmentactivitieswereanalyzedusingtheIDARTmethodology

describedthroughout

this

document,

and

the

results

are

recorded

in

this

report.

Rules of EngagementSNLIDARTactionswerelimitedtoobservationandassessmentduringCleanSweep no

attemptsweremadetoactivelyexploitpotentialvulnerabilitiesidentified.DOLagreed

toprovideaccessandsupporttoSNLIDARTteammembersduringassessment

activities.TheseRulesofEngagement(ROE)weredevelopedbySNLIDARTpersonnelin

concertwithDOLofficials,andwereformulatedtoensurethattheRedTeam

assessmentactivitieswouldnotadverselyimpactDOLoperationswhileconcurrently

providingresultsusefultoDOLmanagementforformulatingriskbasedcorrective

measures,

if

needed.

OfparticularnoteisthatITsystems(e.g.computers,monitors,I/Odevices,routers,

switches)withinthepresslockupfacilityarenotownedbyDOL,withtheexceptionof

theAirPatrolconsoleandLAN.Eachpressagencywithaccesstothelockupfacilityowns

andmaintainstheirownequipment,includingthecommunicationslinestotheoutside

world.TheSNLIDARTRedTeamwasthereforelimitedtovisualexamination(no

physicalcontact)andobservation(visualandpassiveRF)whenthesystemswereused

bypresspersonnelduringapressrelease.

Notification: SandiapresentedproposedassessmentactivitiesforCleanSweeptoDOL

officialsintheStatementofWork(SOW)createdpriortocommencementofthis

project.Approval

of

the

CleanSweep

SOW

signified

DOL

approval

for

the

assessment

activitiesdocumentedtherein.SNLagreedtonotifyDOLofficialspriortothestartofany

assessmentactivityandobtainDOLapprovalbeforebeginninganysuchactivity.Sandia

willnotifyDOLattheconclusionoftheassessmentandverballyprovidetheresults.SNL

IDARTandDOLpersonnelworkedjointlytodeveloptheassessmentscheduleof

activities,providingconcurrenceonassessmentdates,times,andprocesses.

DOLofficialsweremadeawareofandconsentedtotherequirementthatfederallaw

enforcementbenotifiedshouldSNLIDARTpersonneldiscoversurveillancedevices

duringtheirassessment.

InformationProtection:InformationcollectedduringthecourseofCleanSweepwillbe

retainedby

Sandia

in

electronic

work

papers.

A

final

report

that

includes

notifications

of

findings,recommendationsthatsummarizepreliminaryfindingsbasedonthesedata,

andpossibleremediationactionsforinformationtechnologysecurityweaknessesor

deficiencieswillbeprovidedtoDOLofficialsataresultsbriefing.Sandiawilldestroyall

retainedcopiesoflogsanddataattherequestofDOL.

TechnicalDetailsofthisSandiaassessmentreportcontainsOfficialUseOnlyinformation

describingspecificvulnerabilitiesandattackstepsforpotentialexploits.Noclassified


6/39



informationwasgeneratedduringthecourseofCleanSweepactivities.Sandiawill

protectallcopiesoflogsanddataappropriatetothelevelofsensitivity.AllSNLIDART

personnelagreedtoprotectandholdinconfidenceanyDOLproprietaryinformation

discoveredduringthecourseofCleanSweep,andprovidedwrittenassentofthis

agreementtoDOLofficials.

ScopeIdeally,RedTeamswouldprefertoidentifyeveryweaknessinatargetsystem,explore

andtestallvulnerabilities,andproduceareportprovidingacompletepictureofthe

targetenvironmentssecurityposture.Inreality,aprojectsbudgetandscheduleplacea

limitonthescopeofassessmentactivities.

TheIDARTprocessaddsfurtherlimitstoprojectscopebyspecifyingthethreatmodel

andassociatedadversariesandconstraints.Theselimitsareusedas"realitychecks"on

RedTeamcoursesofactionandrecommendations.ForDOL,thethreatmodeloriginally

specifiedanadversarialupperlimitofmoderatecapability,characterizedby

individualsor

organizations

seeking

to

profit

from

premature

access

to

embargoed

economicdata.AsexplainedbyofficialsrepresentingtheDepartmentofLabor,the

OfficeofPublicAffairs(OPA),andBureauofLaborStatistics(BLS),thescopeofthis

assessmentwaslimitedtohowsuchanadversarymightexfiltrateembargoedeconomic

datafromthepresslockupfacilityduringapressreleaseevent.

TheRedTeamconcentratedonthefollowing:

PhysicalattributesofthepresslockupfacilityandsurroundingareaswithintheFrancesPerkinsBuilding,200ConstitutionAvenueNW,Washington,DC.

Businessprocessesassociatedwithpressembargoandreleaseproceduresasdocumentedbypolicy,andasobservedduringanactualpressreleaseevent

RadioFrequency

(RF)

environment

for

the

area

of

interest

Computerandcommunicationsequipmentinthepresslockupfacility

Communicationsinfrastructureforthepresslockupfacility

TheRedTeamspecificallydidnotconsiderthefollowing:

ThreatsandvulnerabilitiesassociatedwithDOLinsiders

ThreatsandvulnerabilitiesassociatedwithDOLInformationTechnology(IT)systemsusedintheacquisitionofdataandproductionoffinishedeconomic

analysis

Surveillancevulnerabilitiesatotherlocationsassociatedwiththedataembargoand

release

process

Parallelembargo/releasefacilityandprocessfortelevisionjournalists

Red TeamSandia/IDARTcreatedateamwhosememberspossessskillsspecificallychosento

addressthevariousissuespresentedbythisproject,withRedTeammembers

representingseveralSandiaorganizations.Theteamconsistedoffive(5)memberswith


7/39



technicalspecialtiesincludingcybersecurityandthreatassessment,ITsystem

penetrationandexploitation,physicalsecuritydesignandthreatassessment,electronic

surveillance,andriskmanagement.

Analysis Environment

AllCleanSweep

activities

occurred

at

the

United

States

Department

of

Labor

headquarters,locatedintheFrancesPerkinsBuildingat200ConstitutionAvenue,

Washington,DCasdepictedinFigure1.Thesixstorysteelandlimestonebuildingcovers

twosquareblocksnearthebaseofCapitolHill,andwascompletedin1974.1

Figure 1. Frances Perkins Building exterior view from Constitution Avenue.

TheIDARTRedTeamconductedpreliminaryanalysisofinformationacquiredduringthis

assessmentwhileonsite,whichwascommunicatedtoDOLstakeholdersduringanout

briefingattheconclusionofassessmentactivities.AcopyoftheCleanSweepagendais

providedasAttachmentA.

UponreturningtotheSandiaNationalLaboratoriesAlbuquerque,NMfacilitytheRed

TeamandanIDARTsubjectmatterexpert(whodidnotaccompanytheRedTeamto

DOL),conductedfurtheranalysistoidentifyandthenrefinepotentialattackscenarios

andappropriatemitigationstrategies.

MethodologyForthisassessment,theRedTeamusedtheIDARTmethodologyillustratedinFigure2.

TheIDARTmethodologyfollowsthestandardactivitiesshownontheleftofthefigure

byperformingtheworkanddevelopingtheproductsshownontherightofthefigure.


8/39


9/39



placedontheanalysisorontheRedTeam.Theresultsofthisphasearebasedon

customerrequirementsandareusuallyproducedbyajointRedTeam/customerteam,

althoughsometimestheRedTeamdevelopsrecommendationsthataresubmittedto

thecustomerforapproval.

DOLofficialsandSNLmanagementteammembersconductedinitialdiscussionsonthe

issueof

apotential

information

leak

of

sensitive

economic

data

during

the

embargo

and

releaseprocess,resultinginapreliminarysitevisitbySNLpersonnel.Subsequently,SNL

IDARTProjectManager,HanLin,andProjectLead,ScottMaruoka,workedwithDOL

officialstocreateaStatementofWork(SOW)capturinganddocumentingproject

detailsregardingperceivedthreat,nightmarescenarios,associatedmilestonesand

deliverables,andprojectscopeandconstraintstoIDARTactivities.

Data Collection

ThesecondphaseoftheIDARTMethodologyconsistsofdatacollection.Inthisphase,

theRedTeamreviewsallavailableapplicabledocumentation,collectsopensource

material

relevant

to

the

target

system,

and

visits

an

operational

customer

site

if

feasible

andappropriate.ThisphaseservestoprovidetheRedTeamwiththeappropriate

backgroundinformationtomodeltheadversariesidentifiedintheThreatModel.The

RedTeamdevelopsadetaileddescriptionalongwiththemissionandobjectivesofthe

targetsystem.TheRedTeamalsoidentifiesitscriticalsuccessfactorsalistof

objectivesthatwillserveasindicatorsofRedTeamsuccess.Thesubsequentsystem

characterizationandanalysisphasesareverydependentontheaccuracyand

completenessofthesystemdescriptiongeneratedinthisstep.Asnotedpreviously,

IDARTactivitieswerelimitedtoobservationandassessmentduringCleanSweepso

successindicatorswerenotapplicableasnopenetrationandexploittestswere

conducted.

CleanSweepdatacollectionactivitiesconsistedofdocumentreview,interviewsofDOL

Operations,OPA,andBLSpersonnel,physicalinspectionofthepresslockupfacilityand

adjoiningareas,wiringclosetsandtelecommunicationshubrooms,andobservationofa

livepresseventinvolvingdataembargoandrelease.

DOLprovidedthefollowingdata:

1) DOLLockupRoomWirelessDeviceDetectionUserGuide combinedconceptofoperations(CONOP)coversAirPatrolconsole,MantisHandheldBluetooth

detector,andAirCheckWiFitesterequipment.

2) DOLLockupRoomTaskSummary stepbystepCONOPcoveringAirPatrol,AirCheck,

and

Mantis

tools.

3) PressRoomActivitylogs 10JAN201112APR2011 chronologicallyordereddocumentationofPressLockupfacilitymonitoringactivitiesperformedbyBLS

InformationAssurancepersonnel;samplereportform.

4) BlackBoxusersmanualandtechnicalspecifications.

5) EquipmenttoBlackBoxCablingguide.


10/39



6) InventoryofBlackBoxesinuse.

7) AHall/FillichiomemodatedMarch2,2011suggestingvariouschangestosecuritypolicyandproceduresforthePressLockupfacility.

8) EvacuationandshelterinplacepolicyforthePressLockupfacility.

9) Adraft

copy

of

Lockup

facility

rules

for

press

personnel

and

their

employers.

10)AdraftcopyofLockupfacilityresponsibilitiesforDOLstaff.

11)NumerousphotographsofthePressLockupfacilityworkspaces.

12)FloorplansfortheFrancesPerkinsbuildingandthePressLockupfacility.

13)FindingsfrompreviousassessmentsconductedbyBLSIA.

14)Timelineofsecurityissuesandassociatedmitigationmeasureimplementation.

15)May2008letterfromOPAtonewsorganizationsdocumentingsecurityrulesforthePressLockupfacility.

16)Meetingminutesfrom2008incidentresponse.

Characterization

Duringsystemcharacterization,theRedTeamcombinesalltheinputsfromthePlanning

andDataCollectionphaseswithdomainexpertisetogenerateavarietyofdifferent

viewpoints,suchasthoselistedintheIDARTMethodologydiagram.Someviewpoints

maybesimpleasvendorsuppliednetworkmapsorphysicaldiagrams.Othersmayshow

complextiminginteractionsbetweensystemcomponentsandexternalinputsources.

TemporalView

Based

on

interviews

of

OPA

and

BLS

personnel

and

first

hand

observation,

SNL

IDART

producedthetemporalviewillustratedinFigure3,DataEmbargoandReleasetimeline.

Figure 3. Data Embargo and Release timeline.

SNLIDARTpersonnelnotedthatpressattendeesqueuedupoutsidethepresslockup

facilitywaitingfortheroomtoopen.Onceallowedin,thesepresspersonneldispersed

totheirvariousworkareas.Signinandsurrenderofcellphonesoccurredaftertheyhad

beenallowedentry,withsomeindividualsneedingtoberemindedbyOPApersonnelto

signinandturnincellphones.Requiringpresstosigninandsurrendercellphonesprior


11/39


12/39


13/39


14/39



Figure 7. Cluttered press work area, showing what appear to be networking appliances tothe left of the workstation and monitor. Note the two Black Boxes atop the network gear.

Theinteriorofthepresslockupfacilityissomewhatcrowded,andsomeofthework

spacesusedbypresspersonnelareclutteredwithITequipment,asillustratedbyFigures

7and8.MembersoftheSNLRedTeamweresomewhatsurprisedtofindwhat

appearedtobenetworkappliances(e.g.switchesandrouters)capableofsupporting

infrastructurewellbeyondtheworkstationstowhichtheywereconnected.SincethesedevicesarenotDOLownedequipment,theRedTeamwaslimitedtovisualonly

inspection,andcouldnotverifythatcomputerandnetworkappliancecasesandchassis

containedonlystandardequipment.AsexplainedbyOPAandBLSstaff,theelaborate

networkingconfigurationsaremeanttogivetheirownersanadvantageover

neighboringcompetitorsintransmittingdatawhenitisauthorizedforrelease.

Duringthelivepressreleaseevent,IDARTpersonnelinthepresslockupfacilitynoted

theambienttemperaturebecameuncomfortablywarm,likelyduetothehuman

occupantsandtheconsiderableamountofITequipmentpresent.Manyofthework

areasfeaturedmorethanoneBlackBox,whicharesuppliedbyDOL.


15/39



Figure 8. Cluttered press work area, with Black Box under network appliance andobscured by telephone.

RFView

SNLtechnicalpersonnelconductedexternalandinconferenceinspectionsoftheRadio

Frequency(RF)environmentbothpriortoandduringalivepressrelease,todetectthe

presenceofclandestinesurveillancedevicesinthearea.Nosuchdevicesweredetected.

A

breakdown

of

these

activities

consisted

of:

1) SearchandanalysisoftheRFspectruminthetargetareadelineatedasthepresslockupfacility.SeeFigure9.

2) Technicalandphysicalexaminationoffixtures,furnishings,andequipmentlocatedwithinthetargetarea.

3) Technicalandphysicalexaminationofelectronicandelectricalequipment,electricalwiring,andutilitypathways.

4) Technicalandphysicalinspectionoftheinteriorandexteriorsurfacesoftheperimeterwalls,floors,ceilings,andotherstructuralobjectswithinthetarget

area.

5) Physicalinspectionoftheexteriorperimetertoincludeapplicablespacesaboveandbelowthetargetarea.


16/39


17/39



ForRFmonitoringduringthepressrelease,SNLtechnicalpersonnelsetupequipmentin

anofficeadjacenttothetargetarea,withaBLSIArepresentativeobserving.AnRF

contactobservedduringthepressreleaseeventwasdeterminedtohavebeencaused

byasourceoutsidetheLockupfacility,andwasalsoidentifiedbyBLSIApersonnelon

theirequipment.

Analysis

TheAnalysisphaseishighlyvariable,dependingontheproject'sbudgetandschedule,

theThreatModel,andanyconstraintsidentifiedduringthePlanningphase.Thisphase

canrangefromaQuickLookoverview(aswasconductedforCleanSweep),which

identifiespotentialvulnerabilitiesandattackswithoutverificationtesting,toadetailed

analysisinwhichthesystemorportionsofitaresubjectedtoadeepanalysiswithfull

attackdevelopment,validation,andcountermeasuregeneration.

TheintentionallylimitedscopeandrulesofengagementforCleanSweepdictatedthat

nopenetrationtestingandexploitationofidentifiedvulnerabilitiesoccur.Basedupon

information

derived

from

document

review,

interviews,

and

direct

observation

on

site,

theRedTeamconductedatabletopattackbrainstormexerciseresultinginattack

graphsdepictingpotentialattacksthatteammembersthoughthadviablepotentialfor

success.

Threat ModelTheIDARTmethodologybeginsbydevelopingathreatmodeltobeusedforRedTeam

operations.AsthescopeofoperationsforCleanSweepwaslimitedtoobservationand

analysis,noattackexerciseswereconducted.Instead,threatandadversarymodeling

providedthebasisforattackscenariovetting whatwasrealisticintermsofperceived

attackergoalsandcapabilitylimitations.Thismodeldefinestheadversariesalongwith

theirskills,

resources,

and

motivations.

Establishing

an

adversary

model

allows

analysts

topostulatemoreaccuratelyonwhattypesofattacktoolsorweaponswilllikelybe

broughttobearagainstdefenders,andsoinstructastothemostappropriatemitigation

strategiestoemploy.

Threats

Thefirststepindevelopingathreatmodelistoestablishwhichthreatsexisttothe

targetsystemsmissionandwhichthreatsthetargetsystemisintendedtomitigate.

Figure11showsgeneralsystemthreatsastheyrelatetooperationalenvironments.


18/39


19/39


20/39



AdversarySandiahasdevelopeddetailedmodelsthatidentifytheskill,resources,motivationsand

threatsofvariousadversaries.Thatsaid,thesemodelscanrarelybesimplypluggedinto

aproject.Sinceeverysystemthataredteamassesseshasuniquecharacteristics,the

adversarymodelsmustbecustomizedforeachproject.Sandiasadversarymodelsallow

forthat.

TheRedTeamschoiceofadversarymodelsisdrivenbythreefactors:

ThethreatsandnightmareconsequencesidentifiedbytheRedTeamandcustomer:Morecomplexnightmareconsequencesoften,butnotalways,

requiremoresophisticatedadversaries.

Thematurityofthesystem:MorematuresystemscanbenefitfromRedTeamemulationofmoresophisticatedadversaries,aslowerlevelthreatshaveoften

alreadybeenaddressed.Lessmaturesystemsprofitmorefromless

sophisticatedadversarialattack.Sinceeventrivialattacksarelikelytosucceed,

thereis

little

reason

to

show

that

high

level

attacks

are

successful.

ProjectbudgetandscheduleandinformationavailabletotheRedTeam:Highlysophisticatedattackssuchasthoseatthenationstatelevel(Cyberterrorist

organizations,MilitaryInformationOperationsunits,andForeignIntelligence

Services)usuallyrequireindepthknowledgeofthetargetsystem.TheRed

Teamcanacquiresuchinformationintwoways:synthesizeit,limitedbyproject

budgetandschedule,orobtainitfromthecustomerorsystemvendor.Ifthese

optionsarelimitedornotavailable,theRedTeamwillnotbeabletoadequately

emulatethehigherthreatlevelsandwillchoosetoholdadversarycapabilities

toalowerlimit.

DOL Adversary ModelAsnotedpreviouslyinthescopesection,DOLmanagementperceivedthatapotential

threatexistsfromindividualsororganizationswishingtoprofitfrompremature,

unauthorizedaccesstokeyeconomicdata.Advanceknowledgeofsuchdatawouldgive

itspossessoraheadstartadvantageagainstotherfinancialtraderswhotransmitted

theinformationlater,duringtheofficialrelease.

AccordingtoDOLofficialsinterviewedduringthisassessment,concernexistsoverwhich

pressorganizationsareallowedaccesstoinformationalreleaseevents.Attheheartof

thedebateiswhatcriteriashoulddefineapressorganizationvs.abusinessprimarily

interestedinsupplyingdataforalgorithmictrading.Thelinebetweensuchentitiesis

blurredby

organizations

which

provide

both

traditional

journalistic

content

as

well

as

algorithmictradingproductstotheircustomers.InterviewswithDOLofficialsindicate

thisissueisrelevantbecauseorganizationsprimarilyconcernedwithalgorithmictrading

wouldhavesignificantmonetaryincentivetocircumventtheembargoimposedonkey

economicdatapriortoitsofficialrelease.ANewYorkTimesarticleposted

contemporaneouslywiththewritingofthisreportstatedthatHighFrequencyTraders(a

typeofalgorithmictrader)made$12.9billioninprofitsinthelasttwoyears.2


21/39



Withtheassessmentscopelimitedtothepresslockupfacilityandassociateddata

embargoandreleaseprocesses,theSNLIDARTRedTeamfocusedonlyonadversaries

withopportunity,motivationandwillingnesstosubvertsecuritycontrolsspecifically

associatedwiththisfacility.Thiswasanimportantlimitationinthatiteffectively

excludedcommonadversariesusingtheInternetasapreferredattackvector3,4

while

DOLInternet

connected

systems

where

the

key

economic

data

of

interest

is

produced

andstored arenotwithinthedefinedscopeofCleanSweep.Thefullspectrumof

adversariesisillustratedinTable1,theGenericThreatMatrix.

Table 1: Generic Threat Matrix. Foregoing potentially loaded terms such as hacker or

nation state actor, the Generic Threat Matrix provides a qualitative categorization ofadversaries based upon attributes describing their capabilities in terms of technical andorganizational capacity.

Thismatrixprovidesqualitativevaluestokeyadversaryattributes,enablingtheRed

Teamtogaugethecapabilitylevelandattacktools,tactics,andprocessessuchan

adversarywouldbringtobear5.

InformationprovidedbyDOLofficialsandpersonnelandgleanedbytheSNLteam

duringtheirassessmentactivitiesindicatesthefollowingadversarythreatprofileforthe

presslockupfacilityanddataembargoandreleaseprocess:

Intensity:Medium

The

threat

is

moderately

determined

to

pursue

its

goal

and

is

willing

toacceptsomenegativeconsequencesresultingfromthatpursuit.Acceptable

consequencesmayincludeimprisonment,butusuallynotthedeathofgroupmembers

orinnocentbystanders.

Stealth:MediumThethreatismoderatelycapableofmaintaininganecessarylevelof

secrecyinpursuitofitsgoal,butisnotabletocompletelyobscuredetailsaboutthe

threatorganizationoritsinternaloperations.


22/39



Time:WeekstoMonthsThethreatiscapableofdedicatingseveralmonthstoplanning,

developing,anddeployingmethodstoreachanobjective.

TechnicalPersonnel:TensThethreatiscapableofdedicatingasmall,independent

groupofindividualstoprovidethetechnicalcapabilityofbuildinganddeploying

weapons.Thereisfullcommunicationbetweenthemembersofthegroup.

CyberKnowledge:HighThethreatiscapableofusingexpertproficiency both

theoreticalandpractical inpursuitofitsgoal.Thethreatisabletoparticipatein

informationsharingandiscapableofmaintainingatrainingprogram,aswellasa

researchanddevelopmentprogram.

Access:MediumThethreatisabletoplanandplaceagroupmemberwithindirector

limitedaccesswithinarestrictedsystem.

TheKineticKnowledgecategorywasnotusedinthisanalysis,assuchcapabilitywasnot

judgedtobenecessarytocompromisethetargetenvironment.

The

sum

of

these

attributes

fall

between

levels

five

(5)

and

six

(6),

both

within

the

mediumrangeofthreatactor.Theteamassessedtheadversaryherelackedthe

highlevelofintensitybecauseitisunlikelytheywouldemployviolentmeanstomeet

theirgoalofexfiltratingembargoeddatapriortotheofficialreleasetime.Thisadversary

hasahighratingforcyberknowledgecapabilitybecauseofthehighlytechnicalnature

ofalgorithmictrading.

Insummary,likelyadversariesinthisscenarioareprofitdriven,technicallysophisticated

individualswhomayhaveconsiderableresourcesattheirdisposal.Theirtechnical

proficiencyenablesimplementationofstealthysurveillanceequipment.Thoughthey

arewillingtobendandpotentiallyviolaterulesandlaws,therearelimitstowhatthese

adversariesarewillingtodotoachievetheirgoals violenceisunlikelyasanoperational

method.

AnalysisInthissectionwediscusstheattacksthatweredevelopedandrunbyRedTeam

personnel.UsingtheIDARTmethodology,theRedTeambeginsanalysisofthetarget

systemandcreatesthevariousviewpointsdiscussedaboveintheError!Reference

sourcenotfound.section.Next,theteamholdsabrainstormingsession,invitingSandia

employeesthathaveexpertiseintheareasaddressedbythetargetsystem.TheRed

Teamleaddescribesthetargetsystem,presentsandexplainstheviewpoints,and

answersanyquestionsbeforebeginningthebrainstorming.

Duringbrainstorming,

very

little

filtering

is

applied

to

submitted

ideas.

If

an

attack

idea

willobviouslynotworkorviolatestheROE,itmaybefilteredimmediately.Otherwise,

allideasareaddedtotheattackgraphsandwillbefilteredlater.Thisallowsallideasto

inspireotherideasthatmaynotbefiltered.

Theresultofthebrainstormingsessionistheprojectsattackgraphadiagramthat

suggestsstartstates,endstates,andattackpathsconnectingthetwostates.Manyof

theattackstepswillbeinvalidated,andsomewillbefilteredbecausetheyarebeyond


23/39


24/39


25/39



Attacksareratedinseverityfromcritical,denotinganearcertainlikelihoodof

occurrence,tolow,denotinganunlikelyevent.Table2,AttackStepRiskRanking

System,capturesthesemetrics.Noneoftheattackstepswereidentifiedascriticalor

important.

Rating Definition

Critical Anattackstepthathasanearcertainriskofoccurringinthe

futureifithasnotalreadyhappened

Important Anattackstepthatisverylikelytooccurinthefutureand

mayalreadyhavetakenplace

Moderate Anattackstepthatislikelytooccurinthefutureandcould

alreadyhavetakenplace

Low Anattackstepthatisunlikelytooccurinthefutureand

probablyhas

not

yet

occurred

Table 2: Attack Step Risk Ranking System. For each attack step we provide a statement ofwhat was or could be done by an attacker.

Attacks


26/39



MitigationOptions:

Modifyexistingpolicytorequirepersonalitemsbekeptinlockersoutsideofthepresslockuproom.Divestmentshouldbeaprerequisiteforroomentry.Cost:Low.

Metaldetectoratpresslockupfacilityentry.Securitycheckpointsatbuilding

entrancesare

some

distance

away

from

the

Lockup

facility,

and

press

personnel

are

notescortedbetweenpoints.Cost:Medium.

RemodelpresslockupfacilitywithRFshielding.AttenuatingmaterialblocksRFcommunicationsintooroutofthefacility.Cost:Medium/High

ReplacecomputersandotherITequipmentinthepresslockupfacilitywithDOLownedequipmentandremovetheprivatedatalinescurrentlyinuse.Cost:High.

Retainstatusquo.Cost:Nil.

Attacks


27/39



MitigationOptions

ReplacecomputersandotherITequipmentinthepresslockupfacilitywithDOLownedequipmentandremovetheprivatedatalinescurrentlyinuse.Cost:High.

ProhibitanyoneotherthanDOLpersonnelorcontractorsworkingforDOLfromenteringcommunicationsclosetswithoutatechnicallyknowledgeableescort.Cost:

Medium.

Provide/traintechnicallyknowledgeableescorts.Cost:Medium.



28/39



MitigationOptions

LimitthenumberofBlackBoxeseachpressorganizationmayuse.Cost:Nil.

MountBlackBoxestowalloronraisedshelvessothattheequipmentiswithinplainview.Useuniform,colorcoded,DOLissuedcablesbetweenBlackBoxesandIT

equipment.Cost:Low/Medium.

Adopttamperevidentdecalsforinventorytags.Cost:Low.

ReplacecomputersandotherITequipmentinthepresslockupfacilitywithDOLownedequipmentandremovetheprivatedatalinescurrentlyinuse.Thiswould

eliminatetheneedfortheBlackBoxesaltogether.Cost:High.



29/39



SummaryThoughDOL,BLS,andOPApersonnelaredoingduediligenceintheireffortstomonitor

andcontrolthepresslockupfacility,SNLIDARTobservationsindicateopportunitiesfor

securityimprovements,rangingfromrelativelylowcostchangestoexistingpolicyupto

investinginnewITinfrastructureforthepresslockupfacility.Table2Comparisonof

MitigationAlternatives,capturesthecriteriasuchascost,risk,andperformanceforeachoption.AlsoincludedareschedulingrequirementsrelativetoSNLfollowup

activitiestoverify/validateeffectivenessofimplementation.

PolicyIssues

Thedataembargoandreleaseprocessiswellestablished,andenjoysanadvancedlevel

ofmaturity.Requisitedatasecuritypoliciesalreadyexist,butmaylackoptimal

implementation.

Currentpolicyrequirespresspersonneltosurrendercellphonesinthepresslockupfacilitypriortothedistributionofembargoeddata.Animprovementto

thisprudent

rule

would

be

to

collect

cell

phones

and

other

personal

items

such

aspurses,briefcases,totebags,etc.priortograntingentrytothefacility,and

securelystoringtheseitemsoutsideforthedurationofthepressreleaseevent.

1. Cost:Low.Approximately$2,200.00forhardwareandshippingpluslabortoinstall.

2. Risk:Low.Potentialpushbackfrompress;potentialliabilityforlost/damagedpersonalitems.

3. Performance:Mediumvalue.

4. Schedulepriority:Medium.Followupwouldconsistofobservingnew

process

in

action.

AnotherpolicyrequiresthatnonDOLpersonnelbeescortedwhileaccessingwiringclosetsandcommunicationshubs.Ensuringthatonlytechnically

knowledgeablepersonnelaregivenescortingdutieswouldbeasignificant

enhancementtothispractice,aswouldbedocumentingprocessand

procedures,andtrainingassignedescortsinsecurityconcepts(e.g.maintain

visualcontactonchargesforthedurationofeachvisit,limitingthenumberof

visitorsperescort,whotocontactandwhattodoshouldanincidentoccur,

whatconstitutesanincident).

1. Cost:Medium.Personnelwagesassociatedwithassigningtechnicalstaff(vs.nontechnical,whopotentiallyhavelowerhourlycost)and

development,documentation,

and

implementation

of

training.

2. Risk:Medium.PushbackfromDOLemployeesregardingadditionalassignments;lackofqualifiedpersonnel;prioritizingcurrentassignments

vs.escorting;costofhiringnewstaff.

3. Performance:High.


30/39



4. Schedulepriority:High.Multistepsolutionrequiresearlystart;potentialdelaysforcontractnegotiationpertainingtoescortduties;policyand

proceduredevelopment,documentationandimplementationof

training.

Pressorganizationsarecurrentlyallowedtousetheirownequipmentinthe

presslockup

facility,

with

some

parties

implementing

complex

configurations

to

includeinfrastructuregradenetworkingappliancesandutilizingmultiple,DOL

suppliedBlackBoxes.Theresultingclutter,powerconsumption,heat

generation,andgovernmentexpenseforsupplyingBlackBoxescouldbe

reducedbychangingexistingpolicytolimiteachpressworkareatoastandard

equipmentconfiguration(e.g.asinglecomputer,monitor,keyboard&mouse).

1. Cost:None.2. Risk:Medium.Pushbackfrompressorganizations.3. Performance:Medium.Reducesclutter,makingBlackBoxstatus

identificationeasier;reducesheatgeneration,powerconsumption.

4. Schedule

priority:

Medium.

Though

minimal

in

implementation

effort,

SNLprojectperiodperformance(PoP)endisMarch2012.

AnotherpolicyoptionistocompletelydisallownonDOLequipment.Cost,risk,performanceandtechnicalramificationsofthispatharediscussedinthenext

section.

TechnicalIssues

ThepresenceofnonDOLITequipmentandcommunicationslinesinthisfacilityisof

concerntotheRedTeam.TheopaquenatureofthisequipmenttoDOL,BLS,andOPA

stakeholdersisamajorimpedimenttoensuringthatembargoeddataisnotreleased

priortoauthorization,andthepresenceofoutsiderequipmentopensattackvectors

intothe

DOL

environment.

Because

DOL

may

not

conduct

technical

inspection

of

this

equipmentormonitordatatrafficforunauthorizedactivity,thereisnowaytoascertain

withcertaintythatDOLdataisnotbeingexfiltratedwithoutDOLauthorization.

AllowingpressorganizationownedequipmentandcommunicationlinesinthepresslockupfacilitycreatesaneedfornonDOLmaintenancepersonnelto

accessDOLcommunicationsanddatainfrastructure.Replacingpressowned

equipmentanddatalineswithaDOLownedsolutionwouldremove

opportunitiesforadversariestocompromisecriticalDOLcommunicationsand

datainfrastructure.

1. ImplementingaDOL

owned

IT

solution

for

the

press

lockup

facility

wouldentailthepurchasing,configuring,andmaintainingsuch

equipment.

2. Anappropriatesolutioncouldbetailoredtoabarebonesconfigurationtosavecostandreduceattacksurface.Serviceslimitedto

Internetaccessshouldprovideadequatefunctionalityfortraditional

journalists,whileredirectingtheburdenofenhancedcapabilityaway

fromDOLandontothosewhodesireit.Applications(e.g.MSWord,


31/39



algorithmictradingapplications,etc.)wouldresideonpressorganization

servers,andnotbetheresponsibilityofDOLtolicense,maintain,and

patch.

3. Suchasolutionwouldlikelyreduceheatgenerationandenergycostsforthepresslockupfacility.

4. DOLwould

have

complete

control

over

press

lockup

facility

hardware

andsoftwareandtheabilitytomonitoraswellasterminate/enabledata

communications.

5. SuchasolutionwouldbesegregatedfromDOLEnterpriseenvironments. Cost:High.Approximately$66Kforhardwareandsoftware,$3.2K

annuallyforlicenses,andbetween0.51.0FTEfor

maintenance/administration(pleaseseeAttachment2:Cost

Estimatesfordetails).

Risk:High.Pushbackfrompress;futureincreasestolicensingcosts;onusofdefendingnewenvironment;ensuringsegregation

fromDOLenterpriseenvironment.

Performance:High.EliminatesuncertaintiessurroundingnonDOLequipmentcapabilitiesandaccesstowiringclosets;reduces

clutter,heatgeneration,powerconsumption;eliminatesBlack

Boxcosts.

Schedulepriority:High.Complex,multiphaseoptionrequiresimmediatestarttofacilitatecompletionpriortoendofSNLPoP.

1. Cost:High.

Approximately

$40K.

2. Risk:Medium.Aswithanytechnicalproject,unintentionalservicedisruptionsmayoccur,withassociatedcoststoproductivityand

equipmentreplacement;intheeventthatunauthorizedsurveillance

devicesareidentified,lawenforcementmustbenotifiedimmediately.

3. Performance:High.WouldprovideDOLleadershipwithcleanbillofhealthfortheircommunicationsinfrastructure(uptothatpointintime).

4. Schedulepriority:Medium.ShouldonlybedoneafterremovingpressownedITequipmentandcommunicationlinesandimplementing

qualified/trainedescorts.

TheBlack

Box

devices

currently

employed

to

control

the

release

of

embargoed

datainthepresslockupfacilityaresimpleandfairlyrobust.However,the

currentconceptofoperationsgoverningtheirusemakescompromisingor

circumventingthiscontrolmechanismaplausibleoccurrence.Thecluttered

natureofthefacility,plethoraofnonDOLequipment,andmultipleinstancesof

BlackBoxesforsomepressorganizations,createsopportunitiestomask

activitiesdesignedtoneutralizethesecontroldevices.


32/39



1. SealBlackBoxeswithtamperresistant/indicatinginventorylabels.Developandimplementpolicytomonitorlabelsfortampering.

Cost:Low.From$9.00/250basicsealsor$1,200.00/20Kforhologramseals;personneltime/wagesfordeveloping,

documenting,andimplementingprocess;auditing/checkingfor

tamperindications.

Risk:Low/Medium.

Performance:Lowforbasicseals/Mediumforhologramseals.

Schedulepriority:Low.2. MountBlackBoxestowalloronraisedshelvessothattheequipmentis

withinplainview.Useuniform,colorcoded,DOLissuedcablesbetween

BlackBoxesandITequipment.

Cost:Low/Medium.Laborforinstallation;standardizedcabling.

Risk:Low. Performance:Medium.

Schedulepriority:Medium.

Asnotedpreviously,surreptitioususeoftransmittingdeviceswasidentifiedasapotentialvulnerability.InstallingRFshieldinginthepresslockupfacilitywould

mitigateagainstthisvectorbyattenuatingRFsignalstrength.Productssuchas

foilbackedsheetrockarearelativelyinexpensiveimplementation.

1. Cost:Medium.Materials+labor.

2. Risk:Low.

3. Performance:High.Correctlyimplementedshieldingwouldgreatlyreducetheeffectivenessoftransmitterattacksfromwithinthepress

lockupfacility;thisoptionwouldeliminatetheneedforinroomRF

monitoring.

4. Schedulepriority:High.


33/39


34/39



Observations

ROE Constraints of Note

TheSNLIDARTRedTeamwaslimitedtoobservationandassessmentactivities no

activeexploitationexerciseswereperformedduringthecourseofCleanSweep.The

scopeof

allowed

activities

was

limited

to

the

press

lockup

Room

and

associated

data

embargoandreleaseprocesses.

1. Otherareasassociatedwithpreparationofthetargetdatawerenotsubjecttoobservationandassessment.

2. OperationalITsystemsassociatedwithpreparing/producingthetargetdatawerenotsubjecttoobservationandassessment.

3. AdversarymodelingspecificallyexcludedDOLpersonnelinsiderthreat.

Potential Avenues

ThefollowingactivitieswereproposedtoDOLbutnotsanctionedduringthisactivity1.

1. Technicalevaluation

and

assessment

of

BLS

IT

environments.

2. TechnicalevaluationandassessmentofRFenvironmentatBLS.

RecommendationsThereareareasforimprovementinpolicydevelopmentandimplementation,andfor

technicalmitigationstrategiestobettersecurethePressLockupfacility.

ShouldDOLdecidetopursuemitigationoptionsspecifictothePressLockupfacility,the

RedTeamsuggeststhefollowingmeasurestakeprioritystatus:

1. DisallownonDOLownedITequipmentandcommunicationlinesfromthePressLockupfacilityoranywhereelseonDOLpremises.

2. RequiretechnicallycognizantescortsaccompanynonDOLpersonnelintowiringclosetsandcommunicationshubs.

3. RequirenonDOLpersonneltosurrenderpersonalitemspriortoenteringthePressLockupfacility.Externalstoragelockerscouldsecurebelongingsforthe

durationofpressevents.

1Current reporting from open and sensitive sources indicates computer targeted network

exploitation (CNE) as the most prevalent method of unauthorized data exfiltration from a widerange of adversaries. It is the opinion of Red Team Cyber Security subject matter experts that theIT environments where the data are produced are more likely avenues for data loss than is thePress Lockup facility. CNE offers advantages such as anonymity to an adversary due to thedifficulty of conclusively attributing malicious actions over the Internet to specific individuals vs.actions carried out in person in the Press Lockup facility. Compromise of IT systems provides anadversary long-term, unauthorized accesses to potentially valuable information with little chanceof discovery.

1


35/39



Attachment 1: Agenda

Han Lin, Project Manager; Scott Maruoka, Technical

Lead; Will Atkins, Michael Freund, Lyle Hansen,

Technical Team.

7-8 July, 2011

8:30 am Introductions All

9:00 am DOL/BLS Mission & Goals Ed Hugler

Deputy Assistant Secretary for

Operations

Carl Fillichio

Senior Advisor for Communications

and Public Affairs

Michael Levi

Associate Commissioner, BLS Office of

Publications and Special Studies

9:30 am SNL IDART Agenda Han Lin, Michael Freund, Lyle Hansen

Manager, Networked Systems Survey &

Assurance; Technical Team

10:00 am Introduction to IDART Will Atkins & Scott Maruoka

IDART Team

11:00 am Break

11:15 am Introduction to IDART Will Atkins & Scott Maruoka

IDART Team12:00 pm Lunch

1:00 pm Technical Team setup. Michael Freund, Lyle Hansen

1:00 pm Facility Wireless System Assessment Will Atkins

1:00 pm Interview with Jermaine Pegues. Han Lin, Scott Maruoka

1:30 pm Interview with Gary Steinberg. Han Lin, Scott Maruoka


36/39



2:00 pm Interview with Rick Vaughn. Han Lin, Scott Maruoka

2:30 pm Interview with Anthony Ferreira. Han Lin, Scott Maruoka

3:00 pm Interviews with Carl Fillichio. Han Lin, Scott Maruoka

4:00 pm SNL Team Members depart All

6:30 am Briefing Preparation SNL Technical Team

8:00 am Press Briefing SNL Technical Team

9:00 am Interview with Jennifer Kaplan Han Lin, Scott Maruoka

9:30 am SNL Team Discussion & Analysis SNL Technical Team

12:00 pm Lunch

1:00 pm Presentation of Initial Findings SNL Technical Team

3:00 pm SNL Team Members depart All


37/39


38/39



Vanguard Metal QS Assembly : AssembledVanguard Metal QS Color : GreyCost: $1,279.92; shipping: $880.00; Total: $2,159.92

Lockers and Storage Catalog: http://lockerscatalog.com/items.asp?Cc=LLOCK-QSW&iTpStatus=0Hallowell Wall Mounted Premium Box LockerProduct ID: L236-1095Weight: 50 LBDimensions: 48 W X 18 D X 12 HColor: GreyUnassembledCost: $1,440.00; shipping: $880; Total: $2,320.00

Lockers.com: http://www.lockersupply.com/Penco Quick Ship: Vanguard Unit Packaged Lockers - Four-Wide Wall Mount - 68242SKU #: PN1122Dimensions: 13.625" H x 45" W x 18" D 43.0 lbs.UnassembledCost: $1,463.92; shipping: 116.19; Total: $1,580.11

Tamper-evident Labels

Tamperco: http://www.tamperco.com/Tamper Void Tamper Evident Labels s/22.htmTampervoid labels: $9.00/250Hologram labels: $1,200.00/20K


39/39


References

1Eugene Register-Guard (no author attributed),Labor building named for Madame Secretary,

April 11, 1980,http://news.google.com/newspapers?id=jIMRAAAAIBAJ&sjid=3eEDAAAAIBAJ&pg=5679,2910817&dq=frances-perkins-building&hl=en2

New York Times (no author attributed), High Frequency Trading, August 9, 2011,http://topics.nytimes.com/topics/reference/timestopics/subjects/h/high frequency algorithmic trading/index.html?scp=1-spot&sq=High%20Frequency%20Trading&st=cse 3

Cisco, Cisco 2010 Annual Security Report,http://www.cisco.com/en/US/prod/collateral/vpndevc/security annual report 2010.pdf4

Alperovitch, D. Revealed: Operation Shady Rat, McAfee Blog Central,http://home.mcafee.com/AdviceCenter/ExternalContent.aspx?id=cm malb5

Dugan et al, Sandia National Laboratories, Categorizing Threat: Building and Using a GenericThreat Matrix, September 2007.

cleansweep technical 2

Documents