TRI-SAC CouncilMeeting

Michael T. MonroeDeputy Assistant Director

Naval Criminal Investigative ServiceNational Security Directorate

02 May 2012

TOPICS

Introduce you to NCIS

Discuss our Challenges

Outline CI in Cyberspace Methods

THE RAPID EVOLUTION OF INFORMATION TECHNOLOGY

• “The sharing of information, using technology as an enabler, is a culture change that has been fully embraced by political, military, and the business

communities.”• “If we do not develop robust capabilities to detect,

expose, and hold accountable individuals and organizations who use technology to conduct their dubious trade, we will lose mission, relevance, and respect. …it is a human problem”

Quote from a Cyber Crime Investigator in 1998

FIGHTING COMPUTER CRIME IN 1998

• Value/Volume of Open Source Data• Foreign Exploitation• Computer Fraud• The Insider Threat• Security of our networks• Training of personnel to secure networks

Cyber Threats in 2012FOREIGN INTELLIGENCE ENTITIES

Technology Theft

Espionage

Insider Threat

TERRORISM/DISRUPTIVE ACTIVITIES

Denial of Service AttackVenue for communication

Venue for Information Collection

Financial Crimes

Identity Theft419 Scams

Theft of Financial data

WORKPLACE VIOLENCE

StalkingCommunication of Threats

Self RadicalizationCRITICAL

INFRASTRUCTURE

SCADA

Transportation

Public Safety

LEGISLATIVE INITIATIVES

• Comprehensive National Cybersecurity Initiative of 2008• Cybersecurity Act of 2012

– Leiberman Bill S.2105

• Cybersecurity Information Sharing Act of 2012– Feinstein/Mikulski Bill S.2102

• Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT)

– McCain Bill S.2151

BASIC APPROACH TO CYBERSECURITY

• Understand what programs/technologies are critical to customers

• Identify foreign interest in these focus areas

• Locate information and personnel at high risk to collection/exploitation

• Work with personnel responsible for information/ networks to protect critical information

BEST PRACTICES IN IDENTIFYING THREAT

• Understanding Open Source Data– Queries of public-facing websites– Biography searches of company officials

• Cross-discipline Collaboration – Computer Network Personnel– Marketing Personnel

• Program-Cyber-CI/Security Collaboration• Collaboration with DoD LE/CI/Cyber agencies

CYBERSPACE: THE NEW FRONTIER FOR FIEAdversaries use Internet

and social networking

sites (SNS) to obtain

information on DON

personnel for exploitation

through elicitation,

inducements, and

coercion.

Frequently monitored and exploited SNS: Online datingVirtual gamingTwitterLinkedInFacebookGoogle +YouTubeBlogs

INSIDER THREATWIKILEAKSArmy PFC Bradley Manning

Accused of leaking 250,000

classified documents Charged with

13 counts of premeditated murder and 32 counts of attempted murder

FORT HOODArmy MAJ Nidal Malik Hasan

GUESS WHO IS THE INS IDER THREAT

INSIDER THREAT

• Cyberspace contacts with Foreign Nationals– Business relationship

• Management of the interaction• Unwitting victim of targeting

– Attribution of contact

• Outbound Network Activity– Large e-mail enclosures– Network data flow activity at irregular times

• Challenges with Audit tools

ESPIONAGE STATISTICS

67% volunteer

Motives:#1 divided loyalties#2 disgruntlement

#3 money/debt

37% no clearance26% Secret

20% Top Secret17% TS/SCI

More naturalized citizens, foreign

attachments, foreign business connections,

or cultural ties

83% are 30 years old or

older

civilian and military

members are about

even

Increased reliance on the

Internet

WHAT ARE THE CAUSES?

• Divided loyalties• Disgruntlement• Money• Thrills• Ego/Recognition• Coercion• Ideology

TRIGGER

CHARACTERISTICSMOTIVATION

• Divorce• Death of a loved one• Money problems/debt• Physical relocation/PCS• New significant

relationship• Medical problems• Work problems

• Anti-social• Narcissistic• Entitled• Vindictive• Paranoid• Impulsive• Risk-seeking

WHERE DO WE GO FROM HERE?

• Issues– Cross-trained analysts that understand networks and

counterintelligence threats– Dialogue with owners of the data targeted for exfiltration– Proactive approach to understanding network anomalies

• Generates investigative leads to anticipate threats

– Management of Data in Aggregate– Understanding threats across contractor teams– Building CI in Cyberspace requirements into contracts– Maintaining relationships with DoD LE/CI agencies

Questions

Michael T. MonroeDeputy Assistant Director

(571)305-9830

michael.t.monroe@navy.mil

UNCLASSIFIED TITLE HERE 19