|
Industrial Security & You: Threat Awareness Promotes Change |
Greetings!
Sun Tzu said:
A commander who takes advantage of war to gain personal fame and wealth, but does not spend money for information about the enemy, is inhumane. The reason enlightened rulers and competent commanders win victories, achieve outstanding successes, and surpass ordinary people is that they know critical information in advance. Intelligence comes only from people who know the enemy from personal experience. There are five types of intelligence activities: local intelligence, internal intelligence, counter intelligence, misleading intelligence, and continuing intelligence. The Art of War for Executives. Using Spies. Donald G. Krause. February 1995.
How do you combat intelligence gathering? Have you briefed your employees and consultants on how to recognize elicitation techniques? Do they realize that espionage is alive and flourishing? Are your staff prepared and knowledgeable in OPSEC?
Management and staff (both cleared and uncleared) should be trained on the threats to and the vulnerabilities of your facility and themselves. Keeping up-to-date with threat analysis from DSS, the FBI, or posting articles about the latest spy caught or the high-tech equipment and/or methods that can be used to steal information are ways to educate your team.
This month's issue is devoted to recognizing the threat and (if possible) promoting behaviorial change. |
|
|
Threats to JPAS |
If you have not accessed JPAS this month, you probably have not seen the latest changes in JPAS ( Release Notes 3.10.0.0). Revision 3.10.0.0 modifies Existing JCAVS Features by changing SIOP values from 1-10 to A-E.
- Accessing JPAS via an unsecured public system (i.e., Starbucks, airport, etc.)
- "Sharing" of usernames and passwords with unauthorized or ineligible users (over 100 incidents)
- JPAS username and password distributed via illegal means
Violations recorded during the 90 days prior to July 20, 2010 --
- Invalid unauthorized user accessing JPAS with an authorized user's login and password
- Invalid unauthorized user accessing JPAS via authorized user's login and password to initiate own investigation
- Invalid unauthorized user contacted Help Desk for assistance in indoctrinating a subject
- Hostile actor accessing JPAS with a valid user login and password
- JPAS user approaching and coercing individuals found in JPAS
Unauthorized or accidental access to Personally Identifiable Information (PII) and security clearance data is a threat to EVERYONE in JPAS.
- Unauthorized and/or hostile actors with access to classified data and facilities
- Creating backdoors for future use
- Creating Account Manager and User accounts
- Granting Interim Secret Clearances
- Authorizing Visit Requests to secure facilities
Interfere with the Defense & Intelligence Community (IC) by
- Threatening data integrity and validity of clearances
- Identifying IC personnel working on special access programs
Threaten cleared personnel's identity -- Identity Theft
Hostile actors approaching cleared personnel for possible bribery and coercion
The behaviors indicated above are necessitating JPAS changes including more auditing of users and requiring CAC cards to login to JPAS. Look for implementation of these changes and additional training and policy memorandums on both the DSS website and the JPAS login page.
Require more information regarding JPAS changes, requirements, or tips?
Register for a Got JPAS Access -- Now What? webinar or for either the JPAS & e-QIP Immersion training or the JPAS & e-QIP Proficiency & Troubleshooting training. If you would like On-Demand JPAS Support, please email ajsconsulting@earthlink.net for more information. |
|
Benefits of On-Demand Support |  Have you considered the benefits of On-Demand Support? Whether it is On-Demand Support for JPAS, for NISPOM Compliance, System Security Plans, or your very own FSO surrogate, On-Demand support is available to you.
Available when you need it -- during the work day, after hours, on weekends, and during holidays -- that is On-Demand Support. Customized to your specific needs and including tidbits that are of particular interest to you and your facility. Do you need part-time support or just on-going access to a subject matter expert? Contracts with negotiable terms and rates are available -- Call (512-650-4819) or email ajsconsulting@earthlink.net to see how I may assist you today. |
|
Threat Awareness |  How threat aware are your staff and consultants? How do you keep up with the latest threats? Do you send out mini-briefings or emails regarding local and national threats that could concern your company or have an effect on your company's bottom line? Have you documentation to add to your list of exceeding NISPOM requirements? Recommended Threat Awareness Resources to assist you include -- - CSOOnline website and subscription to alerts
- Subscription to various news outlets for alerts in the areas of security, national, local, crime, government, etc. (see Articles of Interest on the Right)
- Memberships in professional organizations like ASIS International and NCMS, Inc.
- participation in local chapters
- networking with other professionals
- receiving training at both the chapter and national level
- receiving publications like Security Management and the NCMS Bulletin
Subscription to several email newsletters
Join security professionals on the Extranet for Security Professionals -- lots of resources and chances to network and find answers to challenging questions. Remember the mobile phone gun? Do your staff? Airport security asks us to put our cell phones through the scanners so that they can have a chance at finding these. The mobile phone gun is only slightly heavier than a regular phone. These are being found all over Europe and are considered a very real threat. (provided by Dean Wright, Mid-Atlantic NCMS member)
Once you begin accumulating information like the articles and mobile phone gun from varied sources, you may want to set up topic files so that you can put the articles, resources, and any ideas inspired for retrieval during briefing preparation. Or you may wish to cull some of the information, especially if it is not currently relevant or of a nature compatible with your company's culture.
If I can be of assistance in developing or customizing your defensive briefings, please do not hesitate to call (512) 650-4819 or email me at ajsconsulting@earthlink.net. |
|
Recent DSS & JPAS Postings |  Best ways to keep up with the latest and greatest information is to network with local and national colleagues at NCMS meetings, local Brown Bags, seminars, and newsletters like this one (Industrial Security & You). Of course occasionally checking the DSS website (www.dss.mil) and the JPAS Application screen for the latest postings and news is also recommended. Recent postings have included: Please do not hesitate to call (512) 650-4819, email, or visit AJ's Consulting's website for more information and resources. |
|
iPhone App Threat or Feature? |  How worried are you about iPhones? Some of the applications available may change your mind like the Security Cam app pictured to the Right. I just recently received the June 11th issue of The CI Shield: Your Counterintelligence News Source (New Mexico Counterintelligence Working Group) recently and it was discussing this very app and others like it on Page 4. |
|
|
Thank you for reading my newsletter and passing it on to others who may benefit. What I do best is assist you with solutions to challenging industrial security challenges. How may I assist you today?
Sincerely,
Ann J. Martick, ISP
AJ's Consulting
P.S. Remember that the registration deadline for the August 17th JPAS & e-QIP Immersion training is this Friday, 08/13/10. |
Best money spent on consulting services in my career.
Current Customer
|
|
|
This [JPAS & e-QIP Immersion training] was incredibly helpful and provided great information. It was well worth the time & cost.
Karen Gardner
Austin, TX |
Your newsletters are always great, and I just wanted you to know that I thoroughly enjoyed this past one! Thank you for putting together such helpful information!
Debra Hula
West Lafayette, IN
|
|
Newsletter Sponsors | |
| |
|
One on One training is the bomb!!! :)
Lab time was very informative and All questions plus ones that I was thinking of were answered clearly. Really enjoyed the whole process.
Linda Wilson
San Antonio, TX |
She's fabulous! I'm so thankful to have had this training. I would highly recommend her to anyone.
Jennifer Schulmeier
San Antonio, TX |
|
Training | |
|
Providing training for Industrial Security Professionals, and NISP Contractors.
This is hands-on training, which is customized for the individual attendees. Training sessions and Webinars are available for as few as 1 and as many as 30.
Call or email now to get your preferred dates of training for:
- Webinars
- Got JPAS Access -- Now What?
- NISPOM Compliance -- Reporting Responsibilities
Full & 1/2 Day Sessions
JPAS & e-QIP Proficiency & Troubleshooting
FSO/SSO Personnel Security Administration
- Advancing Beyond Personnel Security
- Customized -- Combined JPAS & Personnel Security Training
|
...Tailored the training to the areas I needed and provided me with updated Information. Awesome continuity book! Thanks for the great class!
Erin O'Connor
Peterson AFB, CO |
|
Acronyms | |
| |
Without definition all acronyms are meaningless.
AIARG -- Austin Information Awareness Resource Group (ISSM Brown Bag)
CAF -- Central Adjudication Facility (Navy, Army, Air Force, Marines, DSS, etc.) CSO -- Cognizant Security Office (DSS, Navy, Army, Air Force, Marines, etc.) CT-G2ASP -- Central Texas Greater Austin Area Security Professionals (FSO Brown Bag) DCII -- Defense Center Investigations Index
DEERS -- Defense Enrollment Eligibility Reporting System DHS -- Department of Homeland Security DISCO -- Defense Security Clearance Office
DMDC -- Defense Manpower Data Center
DOHA -- Department of Hearings and Appeals DSS -- Defense Security Service FCL -- Facility Security Clearance Level FSO -- Facility Security Officer
e-QIP -- Electronic Questionnaire for Investigations Processing ENROL -- Electronic Network Registration and On-Line Learning
ISFD -- Industrial Security Facility Database
ISP -- Industrial Security Professional (certification) IS Reps -- Industrial Security Representatives of DSS
ISL -- Industrial Security Letter
ISSM -- Information System Security Manager
ISSO -- Information System Security Officer
JAMS -- Joint Adjudication Management System
JCAVS -- Joint Clearance and Access Verification System
JPAS -- Joint Personnel Adjudication System
OPM -- Office of Personnel Management (contractor for many CAFs)
SIOP -- Single Integrated Operational Plan
Acronym(s) not listed? Contact Ann Martick and she may be able to identify and/or add your contributions to the list above.
|
 |
|
Keychain Spy Camera | |
|
Can you imagine a keychan that is a threat?
Any Place without notification. Dimension: 5.0 x 3.0 x 1.2 cm. Specifications: Pinhole Lens; Image Resolution: 1280 x 960 pixel; Color Video Resolution: 640 x 480 pixels; FPS: 29 frames per second; Image file format: JPEG; Video file format: AVI; Color Video and Audio; Built-in 2GB Memory; Rechargeable Li-ion battery. Price: 2GB US$66.00 or 4GB US$77.00. Mentioned in one of the The CI Shield: Your Counterintelligence News Source issues. |
|
|
