Point(s) of Contact
Pamela Hamilton / FSO
843.327.3273
pamela@appliedsecurityknowledge.com
Richard Carmichael / ITPSO
678.221.7834
rcarmichael@laochservices.com
DoD Hotline
dodig.mil/hotline / 800.424.9098
SOURCE: FEDweek - Press Release – February 8, 2021
A key House member on security clearance issues has backed scrutiny of social media postings for purposes of obtaining or renewing a security clearance, which is necessary to hold many federal jobs.
Rep. Jackie Spier, D-Calif., head of the Armed Services subcommittee on personnel, said that social media channels are often "used by domestic terrorist groups" but are not sufficiently reviewed in clearance investigations "despite collection and reporting of other intrusive, private data, such as financial and behavioral health information" on individuals being screened.
In a letter to the White House, DoD and Office of the Director of National Intelligence, she called for "identifying white supremacy and violent extremism as a critical threat that must be considered as part of the security clearance adjudication process and directing all relevant agencies to update the background investigation process to incorporate a review of social media information to identify white-supremacist or violent-extremist ties."
"This would involve, at a minimum, updating the Office of Personnel Management's Standard Form 86 to ask applicants for national security positions to disclose all social media platforms on which they participate and all social media handles used and to grant permission to share nonpublic social media information with investigators," she wrote.
SOURCE: US Department of Justice by U.S. Attorney's Office Northern District of Florida – December 17, 2020
PENSACOLA, FLORIDA – United States Attorney Lawrence Keefe, of the Northern District of Florida, today announced that Colin Fisher, a citizen of the United Kingdom, was sentenced to two and a half years in federal prison on charges related to his attempt to export power generating equipment to Iran. He was also fined $5000. Fisher was arrested by federal agents earlier this year when he arrived at the Pensacola airport from the United Arab Emirates in order to complete the illegal transaction and obtain equipment for a buyer in Iran.
Fisher pled guilty in September to violating the International Emergency Economic Powers Act ("IEEPA") and attempted smuggling. Between 2017 and the time of his arrest in August, Fisher, 45, worked to violate the Iranian embargo by attempting to export a Solar Mars 90 S turbine core engine and parts from the United States for delivery to an end user in Iran. This included participating in fraudulent invoicing and using coded language with conspirators to communicate about the illegal transactions. Despite these efforts, law enforcement authorities discovered the plan and were able to seize the turbine before its transatlantic journey to the end user, a conspirator in Iran who is linked to an Iranian energy company. The turbine, which was valued at half a million dollars, could have been used to provide energy to the oil fields of Iran.
James Meharg, CEO and president of Turbine Resources International, LLC, in Pensacola, was previously convicted of conspiring with Fisher to export the turbine and parts from the United States to an Iranian recipient, in violation of the Iranian Transactions and Sanctions Regulations. Meharg is currently serving a 3½-year sentence in federal prison.
SOURCE: International Business Times by R. Ghosh - February 16, 2021
Chinese intelligence officers are reportedly creating fake business profiles on LinkedIn and making lucrative offers to former government workers with access to classified information.
The Chinese Communist Party (CCP) is reportedly recruiting spies to create fake business profiles on professional networking platform LinkedIn to identify targets and extract state secrets. According to a report in the Times, these spies are offering lucrative business opportunities to the targets, who are generally former government and private sector workers who have access to classified information.
In the process, highly sensitive information from other countries is being passed on the Chinese government without even the targets realizing it. So much so that many governments, including the UK, are planning to launch a campaign to warn its citizens of the new national security risks being posed by LinkedIn and opportunistic Chinese Communist Party assets.
The new threat to national security comes to light following a report in the Times, where a 56-year-old Phillip Ingram was made similar approaches by Chinese spies posing as a business associate. Ingram is a former colonel, who specializes in cyber intelligence work and has knowledge of chemical, biological, radiological and nuclear weapons, and became an ideal target as he had access to classified government information.
Complete Article
SOURCE: Tripwire by David Bisson – October 20, 2020
Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat action variety in security incidents and the topmost threat action variety in data breaches. It therefore comes as no surprise that more than a fifth (22%) of data breaches analyzed by Verizon Enterprise's researchers involved phishing in some way.
Digital fraudsters show no signs of slowing down their phishing activity in 2020, either. On the contrary, a report from Google found that phishing websites increased by 350% from 149,195 in January 2020 to 522,495 just two months later. Many of these websites likely used coronavirus 2019 (COVID-19) as a lure. Indeed, Barracuda Networks observed that phishing emails using the pandemic as a theme increased from 137 in January 2020 to 9,116 by the end of March—a growth rate of over 600%.
The rise of phishing attacks poses a significant threat to all organizations. It's important that all companies know how to spot some of the most common phishing scams if they are to protect their corporate information. It's also crucial that they are familiar with some of the most common types of techniques that malicious actors use to pull off these scams.
Towards that end, we at The State of Security will discuss six of the most common types of phishing attacks as well as provide useful tips on how organizations can defend themselves.
SOURCE: Netflix, 1 Season –2021
Nonfiction series about the tools of the trade. Based upon the book by Henry R. Schlesinger. The spy game is a serious business, and throughout history, the tools and technologies developed for it have mattered as much as the spies themselves.
The 8-part docuseries series features:
SOURCE: DCSA
Are you familiar with Cyber Terms and Tech? Complete the online crossword puzzle to find out.
SOURCE: National law Review by Townsend L. Bourne and Nikole Snyder – January 28, 2021
On December 21, 2020, the Department of Defense ("DoD") published a final rule in the Federal Register that codifies the National Industrial Security Program Operating Manual ("NISPOM") in the Code of Federal Regulations ("CFR") at 32 CFR part 117. The rule will become effective on February 24, 2021, giving contractors six months from the effective date to comply with the changes. Comments on the proposed change are due by February 19, 2021.[1]
The NISPOM establishes various requirements and standard procedures for the protection of classified information disclosed to or developed by government contractors. It was first published in 1995 as DoD Manual 5220.22, and was intermittently updated through the years including (most recently) via Conforming Change 1 on March 28, 2013, and NISPOM Change 2 on May 21, 2016. In addition to adding the NISPOM to the CFR, the new rule will incorporate the requirements of Security Executive Agent Directive ("SEAD") 3, "Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position" (available here), and will implement the provisions of Section 842 of the 2019 National Defense Authorization Act ("NDAA") (Public Law 115-232)
