Point(s) of Contact
Pamela Hamilton / FSO
843.327.3273
pamela@appliedsecurityknowledge.com
Richard Carmichael / ITPSO
678.221.7834
rcarmichael@laochservices.com
DoD Hotline
dodig.mil/hotline / 800.424.9098
SOURCE: FedScoop by John Hewitt Jones – February 27, 2023
The White House has issued new guidance to federal agencies requiring them to ensure the video-sharing social media app TikTok is not used on any government devices within 30 days, according to a report.
While the use of the Chinese-owned application is already banned on devices at the White House, the Department of Defense, the Department of Homeland Security and the State Department, the new guidance would expand the mandate to all government agencies.
The new requirements were included in a memo sent out by Office of Management and Budget Director Shalanda Young, according to Reuters.
Federal agencies will be required to adjust information technology contracts to ensure vendors keep U.S. systems safe by eliminating the use of TikTok on their devices and systems.
Congress in December voted to bar federal employees from using the video application on government-owned devices and gave the Biden administration 60 days to issue relevant directives.
SOURCE: Office of the Director of National Intelligence
The ODNI's National Counterintelligence and Security Center provides tips and guidance on how to protect your personal information from being exploited by cyber criminals and foreign intelligence services.
Click image to view or download the PDF file
Click image to view or download the PDF file
SOURCE: Forward Edge
There are laws and policies that govern the maintenance and protection of Personally Identifiable Information (PII). As defense contractors, we are to be prepared to recognize the importance of PII, to identify what PII is and why it is important to protect it. - What is PII?
SOURCE: Office of the Director of National Counterintelligence and Security Center by Dan Payne
The ODNI's National Counterintelligence and Security Center provides tips and guidance on how to protect your personal information from being exploited by cyber criminals and foreign intelligence services.
SOURCE: Office of the Director of National Intelligence
The following document can help you to create a safer profile with Social media DOs and DON'Ts
Many social media and networking applications provide geolocation services to help identify potential matches in a particular area. Adversaries could easily use this capability to track or arrange a meeting with an unsuspecting target individual. To mitigate geolocation issues, almost all Social Networking Sites (SNSs) have a "check-in" component intended to facilitate meeting face-to-face. In most cases, you can disable this function on your device or limit it to sharing with friends or friends of friends.
SOURCE: Nextgov by Edward Graham – February 13, 2023
Increasing geopolitical tensions, vulnerabilities in critical infrastructure and a patchwork of needed regulations are some of the factors contributing to a host of cybersecurity threats facing the public and private sectors in the new year, a panel of experts said during an event hosted by the Bipartisan Policy Center on Monday.
The panel discussion was held to mark the release of a new report from the Washington-based think tank, which examined some of the top cybersecurity risks facing individuals, companies and government in 2023. The report identified eight "macro risks" likely to represent the biggest threats in cyberspace this year, including: an evolving geopolitical environment; a global cyber arms race; vulnerable critical infrastructure; a lack of needed investments in cyber preparedness; regulatory uncertainty; a shortage of cyber talent; insufficient corporate governance; and economic uncertainty.
SOURCE: Trend Micro
As an employee of a defense contracting company, you are at risk of being targeted by a Foreign Intelligence Entity (FIE) simply because YOU have access to classified or sensitive intelligence. FIE aggressive collectors will target anyone with Placement and Access (P&A) to desired information, knowledge of information systems, or awareness of security procedures. A trained Intelligence Officer (IO) elicitor and non-traditional collectors will try to exploit natural human tendencies. All they need is a foot in the door by initiating contact thru any social media portal. – Is your Social Media putting your company at risk – How Cybercriminals Can Use Your Social Media Activity Against You
SOURCE: TechJury by Deyan Georgiev – January 12, 2023
Insider threat is unarguably one of the most underestimated areas of cybersecurity. However, recent development and insider threat reports have indicated a rapid increase in the number of insider attacks. These have forced cybersecurity experts to pay closer attention to the damaging nature of insider threats.
With so many articles - and not to mention movies - about hackers leaking people's data, we've all become more or less paranoid about it.
Now imagine if you're responsible for the data of like 100 employees and clients.
Scary, right?
SOURCE: Help Net Security by Zeljka Zorz, – January 31, 2023
The increasing adoption of multifactor authentication (MFA) has made traditional account takeover techniques such as phishing, password brute-forcing or guessing less effective, so some attackers are resorting to consent phishing campaigns to gain prolonged access to targets' accounts. Via rogue third-party Open Authorization Applications (OAuth Apps), they gain the access and the required permissions to rifle through targets' mailbox, calendar, meetings information, etc.
Malicious third-party OAuth apps with an evident "Publisher identity verified" badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared.
The attacks were first spotted by Proofpoint researchers in early December 2022, and involved three rogue apps impersonating SSO and online meeting apps. Targets in these organizations who have fallen for the trick effectively allowed these rogue apps to access to their O365 email accounts and infiltrate organizations' cloud environments.
SOURCE: military.com by Thomas Novelly – February 1, 2023
A retired Air Force intelligence officer accepted a plea deal with federal prosecutors last year admitting to illegally possessing hundreds of top secret and classified documents, according to court records filed Friday.
Lt. Col. Robert Birchum, whose career stretched from 1986 to 2018, worked in various jobs in intelligence and served as chief of combat intelligence "for a certain Air Force group," according to court documents. Prior to his retirement, he also worked with classified intelligence information at Joint Special Operations Command, Special Operations Command and the Office of the Director of National Intelligence.
But on Jan. 24, 2017, the year before his retirement, the Air Force's Office of Special Investigations received information that Birchum had been storing classified information on a thumb drive at his home in Tampa, Florida, the plea deal details. Investigators raided his home that same day, seizing the thumb drive, a computer, a hard drive and numerous paper documents.
SOURCE: CDSE
All cleared persons are required to be enrolled in Continuous Evaluation (CE) which has made self-reporting a keystone of the clearance system. This has been directed by the Security Executive Agent Directive (SEAD 3). - What is SEAD 3 and does it relate to me?
This video provides an overview of the Security Executive Agent Directive 3, or SEAD 3, reporting requirements for cleared contractors.
