1

Risk-Based Approach to Industrial Security

April 2019

2

Agenda

• DiT – Risk-Based Oversight of the NISP

• Where DCSA fits in Protecting Critical Technologies

• What is Critical Technology Protection?

3

DiT - Risk-Based Oversight of the NISP

Concept Implementation• Facilities are prioritized for based on a number

of factors including their involvement with critical technologies

• The facility identifies assets and documents the security controls and protocols they have in place

• Through Security Reviews and other interactions, DSS identifies and mitigates vulnerabilities to top priority DoD technologies and promotes industry readiness through implementation of Tailored Security Plans

• DSS applies new methods to assist industry in implementing effective protection measures via a Tailored Security Plan

• DSS conducts active monitoring to ensure continued protection of critical technologies

Prioritization

Security Baseline

Security Review

Tailored Security

Plan (TSP)

Active Monitoring* DSS

IN TRANSITIONIMPLEMENTATION

* Includes Rating the Security posture on a transactional basis (e.g. FICO score)

4

Where DCSA Fits in Protecting Critical Technologies

DoD Efforts

“Delivered Uncompromised” Task Force

• Maintaining Technological Advantage Cross Functional Team (CFT)

Military Department Counterintelligence Operations (MDCO) Activities

Interagency Collaboration and External Authorities

National Cyber Investigative Joint

Task Force (NCIJTF)

Federal Bureau of Investigation (FBI)

Office of the Director of National Intelligence

(ODNI) and IC

Acquisition Community

National Security

UNCLASSIFIED//FOR OFFICIAL USE ONLY

UNCLASSIFIED//FOR OFFICIAL USE ONLY

PCT Task Force

Defense Counterintelligence& Security Agency

(DCSA)

Critical Technology Protection Cell

(CTPC)

• Risk-Based Industrial Security Oversight (RISO)• CUI• Outreach to Industry• Supply Chain Risk Management (SCRM TAC)• Support to the Committee on Foreign Investment in

the United States (CFIUS) • Support to Export Control Reviews (DTSA)

• Group Led by Maj Gen Murphy

5

Deliver efficient and effective background

investigations, adjudications and

continuous vetting to create a trusted

workforce.

Secure our cleared industrial base against

loss and/or compromise.Demands:

- Cleared personnel, cleared industrial

facilities, and protection of national security

information and associated industry

intellectual property - Oversight to ensure

continuous Identification of threats, and vulnerabilities; and effective mitigation or defeat of the threat in

both physical and cyberspace

UNCLASSIFIED//FOR OFFICIAL USE ONLY 5

Develop and articulate holistic threat picture of risk posed by foreign intelligence entities and hostile insiders. Enable the USG to strengthen our security posture by supporting

the industrial and personnel security missions. Enable action agencies to more effectively counter adversaries.

CounterintelligenceAnalysis

Enterprise Management

Execute enterprise management responsibilities to enable PCT

operations. Serve as the focal point for all physical and personnel security

training and education.

Critical Technology Protection

Personnel Vetting