Presentation on theme: "FBI Counterintelligence Domain Program Briefing – Dallas, Texas"— Presentation transcript:
1FBI Counterintelligence Domain Program Briefing – Dallas, Texas Speaker Background/Introduction
2History/Evolution of the Program DECCADeveloping Espionage and Counterintelligence AwarenessANSIRAwareness of National Security Issues and ResponseDOMAINOutline increasing focus/targeted outreach effortsDomain Program is all about establishing and maintaining RELATIONSHIPS which seek to:Leverage partnersAssist us in prioritizing our mission
3OPENESS Technology Lifecycle and Counterintelligence Exposure = = Fundamental ResearchEnd of Acquisition LifeConcept ExplorationForeign Military SalesINFORMATRapid PrototypeAVILBTYUniversitiesTechnology DevelopmentOperational UseOPENESSLabs & CentersSystem Test/DesignSystem FieldingSystem DemonstrationContractorsSystem ManufactureThe inverted arc depicts the exposure of technology, with National Security nexus, over it's development lifecycle. The multicolored swirl represents the accelerated development push due to war-time demands. The red hook represents the egress of the technology to our foes. The graphic's message is that our opposition is availing themselves of the opportunity to acquire critical technology in the early stages of development, when it has the greatest long term value and the least protection through traditional classification and counterintelligence programs. The Domain program seeks to partner and leverage to address these vulnerabilities. The inverted arc, or upside down curve, a key component, discriminator in our proactive CI strategy and DOD hierarchy of materiel alternatives. The Technology development life cycle time line in the US DOD funding schedule are paragraphs in the DOD federal acquisition regulations (DFARs), which actually determine how much $ can be spent in each phase of the life cycle of a system or program. From basic and fundamental research through operational use, Foreign military sales, to the end of acquisition life. The curve represents the information availability during the acquisition process. The more openness towards both ends of the curve. Upper left hand of curve, fundamental research at college or university or some persons garage, unclassified basic research where a concept is being explored, may not work at all but the DOD has decided to spend $$ on it. Example is EML, laser technology, nano technology, quiet electric drive, pure research, unclassified, collaborative and fundamental. Further down the curve the prototype hits design and test and makes it to a contractor range, then the govt. says wait a minute this actually works, we better classify it. Least visibility to the public domain in the bottom of the arc. This is the area, systems integration phase which could include SAPs “black” programs where the vast majority of our FBI espionage cases occur. When espionage is committed the secret is already in Moscow or Beijing, it’s a CI or security failure. Our proactive efforts need to focus on the upper left of the curve, before classification, assets, leads, DA ops, IIRs, to detect state directed collection in our universities and labs, etc , DSS has the responsibility to keep the contractors NISP compliant, traditionally the reporting and the cases have been generated in this area the secret is out anyway. The system is fielded and put into operational use or sold in a FMS where it can be reverse engineered copied or duplicated or purchased in the market place. But wait there’s more, what if it works in the 6.2 area the rapid prototype? It’s fielded, off the shelf, more risk, testing less relevant, more agile innovation and experimentation, straight from 6.2 to 6.6, maybe never even classified, the Good enough technology phase (902nd calls it the just GET.) Make case maybe? Or what if it works and it gets spun out into the open market, red hook area, dual use, patented, profited, with a classified application down the curve? Large majority of foreign national scientists working in this area, this is where our proactive efforts need to be focused, leveraging our strategic partners to point out the most important information and technologies that need to have a CI umbrella in place. Proactive, preventative most impact to a viable CI program and strategy.Technology Development Life Cycle Time-LineLow=Classified/SAP InformationMilitary Value of Information=High
4Major Strategy Elements Supported By Domain Program Change BehaviorsOf most serious foreign threatsOf exploited individuals/institutionsReduce OpportunitiesOf adversaries to collect intelligence and conduct operationsBand Field Offices/Partners TogetherTo devise and implement joint operational plans that cross boundariesTransformation to Proactive ProgramPursue foreign positive intelligence collection effort
5Changing Counterintelligence (CI) Paradigm Shift from reactive to proactive operationsAcknowledgement of new business realities (“The World is Flat”)Development and advocacy of risk mitigation strategies vs. threat avoidancePushing counterintelligence awareness out to the business/academic communityLeveraging resources to mutual advantageSeed Change from “Cold-War” strategy in light of World Economy/InterdependencyOLD NEWClassified Information Proprietary/IPR CNAsEstablishments/IOs –Symmetric Threat Students/Delegations/Unwitting collectors –AsymmetricFISA/Surveillance/Reactive Outreach/Risk Mitigation/ProactiveDead drops/Chalk marks Cyber Collection/Open Source
6Holistic Approach to CI Risk Management Insure that all facets of security (physical, IT, personnel) are aware of counterintelligence issues and incorporate risk detection and mitigation into cohesive business strategy.Partnership between USIC and Private Sector to leverage resources to maximum benefit of nation.Getting all the parts to work togetherOur CI security posture is only as strong as the weakest linkCNA program embodies this requirement/approachEmphasize critical need for INTERAGENCY COOPERATION as well!
7Pitching Partnership Emphasis on Confluence of Interest CI protection = IPR/Research protectionLeveraging finite resourcesRecognition that we are all short-handedEncouraging ongoing communicationBuilding confidence/trustSubject matter competenceNo threat postureConfidentialityThe prestige and funding that comes with Research is jeopardized by competitors who push your ideas out to the marketplace before you do.
8CI Domain Program Initiatives Critical National Assets/Domain EquitiesBusiness AllianceAcademic AllianceCI Working GroupsProgram Review Process
9Business AllianceFBI-led programmatic outreach to Defense Industry (w/ DoD partnership)Executive level engagementCI and Business confidence-buildingSeeking strategic shiftCorporate volunteerism to changeDue-diligenceCompel self-governanceSelf-assessment tool/assistanceGeneral DynamicsRaytheonLockheed MartinBoeingNorthrop GrummanL3 CommunicationsBAE SystemsCI“Better to know than not know…”
10What is the RTP SIG? http://www.infragard.net RTP = Research and Technology ProtectionSIG = Special Interest GroupThe RTP SIG is a tool for Domain Coordinators to use to provide information to their Domain representativesKey Points:One of the objectives of the FBI’s Counterintelligence mission is to change the behavior of the targeted institutions and individuals. TELL THEM WHY THEY SHOULD CHANGE BEHAVIOR.In other words, provide those individuals capable of facilitating change within their organization with facts and data that reveal what the vulnerabilities are when it comes to protecting technology and what they can do to make themselves and their company more capable of keeping their intellectual property, trade secrets and other information and technology safe.The Research and Technology Protection Special Interest Group website is a tool available 24 hours a day, 7 days a week that provides relevant information to the members of our domain.
11What is the RTP Special Interest Group? The RTP SIG is a tool the FBI utilizes to provide information to cleared Defense Contractors, private industry and academia. Domain Coordinators are your local FBI contacts.Mission: to provide actionable and relevant information to cleared defense contractors, private industry and academia to better enable them to protect their research and technology.The Research and Technology Protection Special Interest Group has one overarching mission: to provide actionable and relevant information to cleared defense contractors, private industry and academia to enable them to better protect their research and technology.This mission will be achieved through posting information on the site that members can use to educate themselves and their co-workers on current issues in protecting research and technology protection as well as suggestions from experts on how to better protect their R&D.
12Why we need the RTP SIGTo provide information to the targets of foreign intelligence services and economic espionage that will help them become a tougher target.To increase reporting of Counterintelligence events.To really drill down to why we need the RTP SIG, the reason is that the RTP SIG supports the Counterintelligence Domain Program by providing information to organizations who we already know are likely targets of foreign intelligence services and economic espionage so that they can make themselves tougher targets. Because we investigate the cases we should be telling them some things they can do to better protect themselves. An added benefit of creating these relationships where we give something back, is the increase of reporting on counterintelligence relevant events.
13InfraGard RTP SIG InfraGard is the FBI’s premiere outreach group. The Domain section chose to partner with InfraGard because of its proven track record in providing actionable and relevant information to the private sector.As of August 15, 2006 there are 15,906 members of InfraGard (to update that statistic, simply go to all of whom have passed a background records check conducted by the FBI.The InfraGard website is protected via SSL or Secure Socket Layer. SSL has been the de facto standard for e-commerce transaction security since its introduction in 1994.These two factors: background records checks and a secure website, allow the FBI to post For Official Use Only (FOUO) and Law Enforcement Sensitive (LES) information on this site. Much of the information posted on the InfraGard site and the Special Interest Group (SIG) portions of the site is not available to non-Law Enforcement personnel anywhere else.For further info on SSL:SSL encrypts data from the user’s computer browser to a known computer server that has a verified digital certificate. The user knows they are signing on to a legitimate website based on the verification established by the certificate authority. The user is authenticated by SSL through a username and password that is provided by InfraGard. All data after authentication is confirmed is encrypted and can not be viewed by any potential eavesdroppers. To ensure data privacy using SSL, the user should use only a computer known t be secure using the latest vendor patches, virus protection, anti-spyware, and other personal firewall products.
16Membership: the application process for the RTP SIG website Must be a current InfraGard memberMust have a need for information on how to protect research and technologyShould have the capability to take action on the information provided to themOne of the basic tenets of effective information sharing is that the person with whom you are sharing information has the capability to take action on the information you give them. So the type of person we are looking for would essentially be your Domain contacts.The first limiting factor is membership in InfraGard. The reason this is important is because InfraGard members have all passed background records check which gives us a higher level of trust with these individuals. As you can see the CI Domain program is depending on you to properly conduct and document the members’ background record checks. The Domain Coordinator does not redo the background record check. We have to assume that the InfraGard coordinator has conducted it appropriately and documented any findings. The second limiting factor is that the individual must have a need to know the information we post on the site. That simply means that the person must work with information that may be classified, sensitive or related to intellectual property. Lastly, we’d like to limit access to people who can actually take action on the information we provide. An example of someone who can take action is the individual responsible for educating co-workers or the individual may simply change their own behavior to better protect the information they are responsible for or have access to.
17How do I access the RTP SIG? By selecting the “I want to join Research and Technology Protection InfraGard” button you will be requested to answer 7 questions:What is your full name and to what InfraGard chapter do you belong?What is you organization and has it been awarded any classified contracts?Do you have a security clearance?Does your company maintain or develop processes, formulas or other things that might be considered intellectual property or trade secrets?What is your title?Please explain how your responsibilities pertain to protecting your company’s research, technology or trade secrets.Would you like to be listed in the SIG directory?Once you click on the “I want to join the RTP SIG” you will be prompted to answer a few questions. These questions are intended to ensure that individuals who are capable of taking action on the information provided on the RTP site are given access. Answering no to any of these questions does not prohibit you from becoming a member of the RTP SIG. The intent is to provide access to the broadest group possible. The SIG directory is simply a listing of all RTP SIG members that will only be available to SIG members.
18Academic Alliance Foster spirit of cooperation Establish a dialogue Share informationIncrease awarenessThe U.S. spends more money on R&D than any other country in the world. A lot of that research and development takes place at colleges and universities. If you were asked to describe the culture of a college or university, how would you describe it?Likely you’d say that it is open, collaborative, collegial and competitive. University environments support and foster innovation. Innovation is what advances our technology and allows our economy to thrive. But how do you innovate? One of the things you need to do to innovate is collaborate with other researchers and scientists. In order to do that you have to share information.The unique qualities of the college and university environment lead the FBI to create the academic alliance. This tailored approach to academia has resulted a national and local programs.
19Academic AllianceNational Security Higher Education Advisory Board (NSHEAB)College and University Security Effort (CAUSE)The National Security Higher Education Advisory Board (NSHEAB) is hosted by FBI HQ while the College and University Security Effort consists of outreach conducted at each of our 56 field offices.
20National Security Higher Education Advisory Board (NSHEAB) Members include 16 university presidents and chancellorsChaired by Graham Spanier, President of The Pennsylvania State UniversityThree meetings a yearOther participants include:National Science FoundationDepartment of CommerceCentral Intelligence AgencyDepartment of DefenseThe FBI created the National Security Higher Education Advisory Board in October of It consists of 16 presidents and chancellors from universities and colleges across the United States. This will expand to 20 members. The board meets three times a year in Washington DC. Although the FBI is the lead hosting agency, multiple agencies are involved with the NSHEAB depending upon the topic being addressed. These agencies include the National Science Foundation, the Department of Commerce, CIA and the Department of Defense.
21NSHEAB Members The Johns Hopkins University UCLA Carnegie Mellon University of WashingtonTexas A&MIowa State UniversityUniversity of PennsylvaniaMITPurdueWest Virginia UniversityUniversity of FloridaUNC – Chapel HillUniversity of MarylandThe Pennsylvania State UniversityUniversity of WisconsinThese are the members of the NSHEAB. They will serve two to three year terms. The Board is chaired by President Graham Spanier, from Pennsylvania State University. Many of the members were selected based on their university’s heavy R&D involvement. We also wanted diverse geographic representation. The group was kept small enough so that effective dialogue can be maintained.
22Mission of the NSHEAB Promote understanding Create a forum for mutual issuesProvide advice on the culture of higher educationBuild on traditions of openness, academic freedom and international collaborationDiscuss matters pertaining to national security.This is a partial listing of the mission of the NSHEAB. The Board was designed as an educational forum for the discussion of mutual issues related to national security. In order for us to learn from each other, we had to learn about each other. The Board promotes understanding between all the participants. It also provides us advice on the culture of higher education, so that we can build on the traditions of openness, academic freedom and international collaboration.Information sharing is the most important aspect of this group.
23CI Working Groups Develop joint operations/initiatives Share and develop threat assessmentsCoordinate and with partner OGAs/business/academia as appropriatePush knowledge up from Field to National level as foundation for policy development
24CI Program Review Process Qualify and quantify successful implementation of the National CI StrategyProgram Reviews use specific metricsInform FBI management, Congress, OMB, DOJ and the DNI of our progress in reaching goals and objectivesIdentifying resources needed for success