MathCraft Newsletter Issue Q3 2022 – Associate Member of NCMS
Thank you, NCMS!
We had a fantastic time at the NCMS 58th Annual Training Seminar in June. For all of you who stopped by our booth and grabbed a pen or two (and a bag), thank you! It was so good to see everyone in person again!! And, in case you missed the announcement of our AirPods Pro raffle winner, it was Lamont Dodson of Iron Mountain. 😁
Do you know what theme emerged during the show? Burnout. FSOs (like you) are feeling both overworked and overwhelmed. Unfortunately, the better you do your job, the harder it gets to convince upper management that you need help. It’s a catch-22. We get it, and we actually hear it all the time. Remember – you aren’t alone. There are resources out there that can help, from NCMS discussion boards and award-winning consultants to technology solutions tailored expressly to your needs.
Industrial security is tough. Just remember that help is out there.
- FBI: Stolen PII and deepfakes used to apply for remote tech jobs – “The targeted remote jobs include positions in the tech field that would allow the malicious actors to gain access to company and customer confidential information after being hired.” Read More
- Some Technical Issues for DoD’s New Personnel Security System – “In addition to issues with status reporting for individuals who have their access to SCI denied or revoked, one reported problem involves civilian and military clearance-holders and applicants who are appealing an unfavorable DoD CAF decision to their respective Personnel Security Appeals Board with a personal appearance before a Defense Office of Hearings and Appeals (DOHA) judge.” Read More
- Impactful ways to augment security awareness training – “When Defense Counterintelligence and Security Agency (DCSA) conduct reviews of cleared defense contractor facilities, they go with a purpose. Their first priority may be to conduct a risk assessment of classified information in the contractor’s possession. However, they are also looking at above and beyond metrics that demonstrate the commitment to national security.” Read More
- Building Visibility into Hybrid Workplaces: Tips for Minimizing Employee Burnout – “… fully remote workers have been experiencing more burnout than onsite workers since 2020 and we identified in our 2022 Insider Risk Report that 75% of insider threat-related criminal prosecutions were the result of remote workers in 2021.” Read More
- Pentagon’s classification system lacks consistency, IG finds – “The Defense Department did not adequately develop or maintain security classification guides based on existing policies which could lead to inconsistency and over- or under-classification of similar information across programs, according to a recent inspector general report.” Read More
- The Three Ways to “Fail” a Polygraph – “U.S. intelligence and law enforcement communities continue to use the polygraph as the great arbiter of security-worthiness. Accordingly, anyone who may be taking a polygraph examination should understand that there are three ways they can ‘fail’ it.” Read More
- The Great Resignation: 3 Steps to Help CISOs Secure Critical Data During Offboarding – “If offboarding is not properly handled and reviewed, individuals could still gain access to intelligence that they should not be able to. This data could be misused by the individual themselves—maliciously or negligently—or be passed off/sold to a malicious actor looking to expose corporate data.” Read More
- How confident are IT pros in the security of their organization’s supply chain? – “The report received responses from more than 1,300 IT professionals with supply chain insight, 25 percent of whom note that their organization experienced a supply chain attack in the last 12 months.” Read More
The FSO’s Role in Zero Trust
Though cybersecurity and Zero Trust could be exclusively something a CISO would handle, an FSO plays a critical role on the facility management side of data security and defending against cyber attacks. With that said, FSOs should be well-versed in the concepts of Zero Trust and the technology and procedures they need to implement to achieve this architecture.
Principle by principle, an FSO can assist on a contractor’s journey to Zero Trust through:
- Never Trust, Always Verify: Assume all people on the premise are possible threats to your resource security. Use consistent verification measures through ID scanners, signature pads, and badge printers to prevent unauthorized access.
- Principle of Least Privilege: Follow the idea of minimizing location, system, and resource access only to those who need it for their role AND have the proper credentials and clearances.
- Micro-Segmentation: Use segmentation as a security mechanism that divides the premise into various checkpoints that require authentication at each point — ensuring threats or incidents can be isolated at any time.
- Continuous Visibility and Data Collection: Keep high levels of facility visibility by using controls such as visitor pre-registration, check-in/check-out points, access management software, and robust data analysis systems to easily track who is in your facility at any given time, what their intentions are, and their potential threat levels.
During adoption, FSOs should be coordinating with CISOs and other information-security leaders to ensure that the strategic goals, timelines, and plans to achieve Zero Trust Security Architecture are consistent and agreed upon. The physical side of data security is an essential piece of a firm’s entire security program and demands cross-departmental collaboration amongst cybersecurity, facility security, and IT management teams.
To learn more, check out What is the Zero Trust Security Model…
Change to DoD Foreign Travel Reporting
Arguably the most important implication of the recent Industrial Security Letter (ISL) is the amendment made to the NISPOM rule that extends the compliance date of (unofficial) foreign travel reporting. Beginning August 24th, 2022, reporting of foreign travel for the non-work-related activity of cleared personnel will be required as part of SEAD 3.
While cleared contractors under the DoD umbrella are currently and have already been required to disclose foreign travel to FSOs, the August 24th date will be when they must inform the DCSA. Some critical items of DoD foreign travel reporting include the following:
- Unofficial foreign travel with an itinerary
- Any deviations from the original itinerary
- Unplanned or spontaneous day trips to Canada or Mexico
- Travel outside of the resided country (if the individual resides abroad)
There was also information in the ISL regarding pre-approval before unofficial foreign travel and which circumstances would trigger an approved trip. For example, if an individual notifies an FSO or other designee before the trip takes place or the cleared contractor gives the individual the National Counterintelligence and Security Center (NCSC) safe travel resource, it counts as an approved trip.
Additionally, guidance was provided for utilizing specific resources, coordinating with DCSA, and submitting aggregated travel reports. Per the ISL, reporting official or work-related foreign travel is not required as part of these changes.
To learn more, check out Federal Contractors: How SEAD 3 Helps with New Reporting Guidance…
Our Latest Blogs
- What is the Zero Trust Security Model – “Zero Trust isn’t a simple turnkey solution to protecting data and technology assets. It’s a status companies and government agencies have to work for years to achieve — with each journey varying depending on the security controls, policies, and processes they already have in place.”
- Federal Contractors: How SEAD 3 Helps with New Reporting Guidance – “the recent Industrial Security Letter (ISL) 2021-02 from August 12th, 2021, with reporting guidance, clarification, and amended changes, shook the defense contracting industry quite a bit. So what exactly did that letter entail and what does it mean for the future of SEAD 3?”
- How FSOs Can Manage Cybersecurity – “The merging of cybersecurity and facility security management has evolved into a holistic organizational function that requires collaboration between various departments. FSOs, now more than ever, must be knowledgeable in the cyber threat landscape and solutions to protect sensitive data in their control.”
- Infographic: The Story of MathCraft – How did we get to where we are today? Take a look at our industrial security journey is this fun infographic!
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with 32 CFR Part 117, NISPOM Rule and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.