MathCraft Newsletter Issue Q1 2023 – Associate Member of NCMS
Reshaping how we approach security:
It's the beginning of 2023, and we've already witnessed an array of groundbreaking events reshaping how we approach security. For example, the skies are no longer off-limits as spy balloons take flight, introducing a new dimension of aerial surveillance that demands innovative countermeasures. Meanwhile, cyber-attacks continue to evolve on the digital frontier, with AI-driven threats posing significant challenges to critical infrastructures.
We share the latest news and strategies to help you stay ahead of the curve in this ever-changing security landscape.
April is the start of the busy traveling season for us. We hope to see you at one of the many Industrial Security events. Be sure to look for us, and stop by. We have fantastic goodies and hope to see familiar faces and make new friends. To see our 2023 schedule, please visit our website's events page.
- NSA Gives Guidance on Working Remotely and Securing Home Networks - “In the age of telework, your home network can be used as an access point for nation-state actors and cybercriminals to steal sensitive information. We can minimize this risk by securing our devices and networks, and through safe online behavior.” Read More
- Murky Self-Reporting Requirements Causing Confusion for Clearance Holders - “Two of the most common examples I’ve seen create problems surround the issues of marriage and who constitutes a reportable foreign contact. The latter was already an enormous source of confusion for applicants and has consistently been at issue in security clearance denial and revocation cases. But SEAD-3 further complicates things by diverging from the SF-86 in how it defines a reportable foreign contact.” Read More
- U.S. ‘No Fly List’ Leaks After Being Left in an Unsecured Airline Server -“A copy of the U.S. No Fly List has leaked after being stored on an unsecure server connected to a commercial airline. The No Fly List is an official list maintained by the U.S. government of people it has banned from traveling in or out of the United States on commercial flights.” Read More
- CUI: The New Trap for Security Clearance Holders- “The idea behind CUI was initially a good one: eliminate the alphabet soup of FOUO and related designators being applied to unclassified documents by different agencies and unify everything under one label. Unfortunately, the same bureaucracy that gave us the widely-known over-classification problem quickly got its teeth into the fledgling CUI program. Now, we have yet another unwieldy system that some critics argue is being used primarily to hide information from public scrutiny.” Read More
- The Growing Threat to Critical Infrastructure - “Companies actively disabled authentication protocols on machines to make access more convenient for remote employees. However, this shift in the nature of OT environments leaves the door open to hackers who use other tactics, techniques and procedures (TTP) to infiltrate a network.” Read More
- Insights on HR and Recruiting Trends for Transitioning Military - “Helping veterans fight this newer battle of transitioning from the military, on a battlefield that looks much different from the war they have come to know is something that Misty Moreno has dedicated herself to after serving her country herself.” Read More
- CISA Tells Agencies What to Prioritize to Meet Cybersecurity Log Mandate - “Agencies should make risk-informed decisions about where log collection is most beneficial for improving cybersecurity incident detection and investigation,” the document states. “CISA recommends that agencies prioritize high value asset (HVA) systems, high impact systems, and the enterprise IT network.” Read More
- Warnings from Russia: Stop Being Lazy or Cocky About Your Insider Risk Programs - “What we do know and every FSO should take on board is that Russia isn’t a one-trick pony and they will and are continuing to target western entities, including those entities supporting western intelligence and defense sectors.” Read More
- Changes Coming to the Security Clearance Application Process - "The Office of Personnel Management released proposed changes to the standard forms used to process security clearance eligibility. The updated Personnel Vetting Questionnaire replaces the SF-86 and SF-85 forms, and provides an updated process consisting of a single form with different segments. Sections on drug use are clarified and mental health are sectioned out, creating what is hopefully a more clear and better to understand process for the average applicant." Read More
Why FSOs Are Becoming Even More Essential to Defense Contracting
"Between federal budget increases, escalating conflicts overseas, and a massive push to enhance our nation’s cybersecurity posture, the defense contracting industry will rapidly grow over the next few years. By default, so will one of the most crucial positions within a defense contractor’s organization — the Facility Security Officer (FSO)."
So how exactly is the defense contracting industry changing, and what does it mean for the FSO role? Read all about it here.
Top 5 Security Industry Trends for 2023.
What to Expect for Industrial Security Professionals, FSO’s, and Cleared Personnel.
The world of industrial security is a dynamically evolving machine that never seems to rest. Between added and updated compliance requirements, emerging cybersecurity threats, and exponential advancement of technology capabilities, Facility Security Officers (FSOs) and their teams of cleared personnel can always expect that change will always be on the horizon.
As we enter the new year, it’s crucial to stay ahead of the curve on security industry trends like regulatory updates, cybersecurity predictions, and security and infrastructure technology developments. Failure to do so could put defense contractors and security professionals at risk of noncompliance while opening them up to a wide range of security vulnerabilities. They could also miss out on digital transformation opportunities to improve productivity, security, and cross-functional collaboration — ultimately optimizing the entire operation.
With the consequences laid out, here are five major security industry trends we expect in 2023 for FSOs and cleared personnel:
1. Modernizing Industrial Security Digital Assets
First and foremost, we expect significant digital transformations in the defense industry. The release of Microsoft 365 Government Community Cloud High (GCC High) just a few years back changed the way Department of Defense (DoD) contractors could access applications and resources. Industrial security professionals have and will continue their efforts to migrate data into a compliant, cloud-based, or hybrid system.
Additionally, to adapt to labor shortages for physical security positions, we expect a rise in automation and intelligent technology within facilities. For example, Internet of Things (IoT) devices can help FSOs collect premise and activity data, support surveillance efforts, and monitor access control systems.
On top of that, artificial intelligence (AI) tools powered by machine learning (ML) technology are prominent in data analysis to identify security anomalies or potential threats to a cleared facility. ML programs are becoming more sophisticated daily and developing additional use cases within the industrial security world.
2. Continuing the Focus on Cybersecurity
Industrial security is no longer just about protecting facilities or physical assets. There are emerging cybersecurity trends for 2023, including threat actors focusing on compromising cloud security vulnerabilities and the broader attack surface caused by increased IoT devices installed in cleared facilities.
We also expect to see more and more insider attacks from within contractor organizations. It’s why the National Institute of Standards and Technology (NIST) published SP 800-207, the framework for deploying Zero Trust Architecture to account for perimeter-less networks and insider threats. Ultimately, these trends will further substantiate the FSO’s role in managing cybersecurity functions.
3. Adjusting to Legacy System Sunsetting
A significant change for defense contractors was the announcement in 2020 that the Defense Information System for Security (DISS) would phase out for the National Background Investigation Services (NBIS) database. This meant that contractors could manage background checks, personnel vetting, adjudication cases, and employee screening on one centralized system that offers better security, processing speeds, and user experiences.
The DISS legacy system expects to be entirely decommissioned by the end of this year (2023). That begs the question, what other legacy systems could we see “get the boot” from DoD, the Defense Counter and Security Agency (DISA), and other government agencies?
4. Managing New Compliance Requirements for Cleared Personnel
Whether it’s for cybersecurity management, new reporting guidance, or handling cleared personnel, compliance changes create enormous headaches for FSOs and defense contractors. Even though we know new ones will either become announced or take effect every year, they still add an undesired challenge, even as we start 2023.
Some of these new changes include the highly-likely announcement that civilian contractors will get held to the same standard as DoD contractors and must adhere to the NIST 800-171 when handling controlled unclassified information (CUI). The Cybersecurity Maturity Model Certification (CMMC) program is also likely to see some adjustments to who falls under its umbrella as it simultaneously rolls out its new assessment process for the 2023 first quarter.
Additionally, the Department of Homeland Security (DHS) expects to release new requirements for handling CUI and reporting security incidents. These adjustments and the many more in the pipeline will continue forcing FSOs to dedicate valuable time and resources toward compliance management in 2023.
5. Removing Silos Between IT, Cybersecurity, and Industrial Security
Last but certainly not least, there’s the trend of contractors boosting synergy between all departments through shared objectives, centralized database systems, and increased collaboration. Based on cybersecurity predictions and technology changes, it’s clear that industrial security professionals must work closely with other organizational functions.
IT support teams are essential for FSOs to execute their digital transformation strategies by implementing and managing the new cloud infrastructure, IoT devices, and AI analytics tools. FSOs also must work closely with the cybersecurity teams to ensure compliance and maintain the same levels of security hygiene in their data, applications, and network as they do in the facility.
Where Are We in the DISS to NBIS Transition? What Security Professionals Need to Know -
“Despite the many updates, however, we remain in a holding pattern for the complete NBIS adoption. After DCSA took over the project, they expected all data systems fed into DISS to be fully decommissioned by the start of 2023. Of course, we are already in March 2023, and the transition is not yet finalized. This begs the question that all Facility Security Officers (FSOs) and contractors are asking: “Where are we now?””
What FSOs Should Know About AI
“When evaluating how AI will impact the industrial security space, defense contracting, and clearance world, it’s essential first to understand the purpose and functions of the technology. Whether used in sales, customer service, IT operations, or security management, AI automates workflows and analyzes information. It’s like having extra personnel on staff to handle tasks for you but without the HR costs.”
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with 32 CFR Part 117, NISPOM Rule and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.
© 2023 MathCraft Security Technologies, Inc. All Rights Reserved.
44121 Harry Byrd Highway, Suite 200, Ashburn, Virginia 20147
703-729-9022 | email@example.com
MathCraft offers the most comprehensive industrial security software in the industry. Our products are compliant with 32 CFR Part 117, NISPOM Rule, and are available on-premise or in the cloud!