Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Risk-Based Approach to Industrial Security
April 2019
2
Agenda
• DiT – Risk-Based Oversight of the NISP
• Where DCSA fits in Protecting Critical Technologies
• What is Critical Technology Protection?
3
DiT - Risk-Based Oversight of the NISP
Concept Implementation• Facilities are prioritized for based on a number
of factors including their involvement with critical technologies
• The facility identifies assets and documents the security controls and protocols they have in place
• Through Security Reviews and other interactions, DSS identifies and mitigates vulnerabilities to top priority DoD technologies and promotes industry readiness through implementation of Tailored Security Plans
• DSS applies new methods to assist industry in implementing effective protection measures via a Tailored Security Plan
• DSS conducts active monitoring to ensure continued protection of critical technologies
Prioritization
Security Baseline
Security Review
Tailored Security
Plan (TSP)
Active Monitoring* DSS
IN TRANSITIONIMPLEMENTATION
* Includes Rating the Security posture on a transactional basis (e.g. FICO score)
4
Where DCSA Fits in Protecting Critical Technologies
DoD Efforts
“Delivered Uncompromised” Task Force
• Maintaining Technological Advantage Cross Functional Team (CFT)
Military Department Counterintelligence Operations (MDCO) Activities
Interagency Collaboration and External Authorities
National Cyber Investigative Joint
Task Force (NCIJTF)
Federal Bureau of Investigation (FBI)
Office of the Director of National Intelligence
(ODNI) and IC
Acquisition Community
National Security
UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY
PCT Task Force
Defense Counterintelligence& Security Agency
(DCSA)
Critical Technology Protection Cell
(CTPC)
• Risk-Based Industrial Security Oversight (RISO)• CUI• Outreach to Industry• Supply Chain Risk Management (SCRM TAC)• Support to the Committee on Foreign Investment in
the United States (CFIUS) • Support to Export Control Reviews (DTSA)
• Group Led by Maj Gen Murphy
5
Deliver efficient and effective background
investigations, adjudications and
continuous vetting to create a trusted
workforce.
Secure our cleared industrial base against
loss and/or compromise.Demands:
- Cleared personnel, cleared industrial
facilities, and protection of national security
information and associated industry
intellectual property - Oversight to ensure
continuous Identification of threats, and vulnerabilities; and effective mitigation or defeat of the threat in
both physical and cyberspace
UNCLASSIFIED//FOR OFFICIAL USE ONLY 5
Develop and articulate holistic threat picture of risk posed by foreign intelligence entities and hostile insiders. Enable the USG to strengthen our security posture by supporting
the industrial and personnel security missions. Enable action agencies to more effectively counter adversaries.
CounterintelligenceAnalysis
Enterprise Management
Execute enterprise management responsibilities to enable PCT
operations. Serve as the focal point for all physical and personnel security
training and education.
Critical Technology Protection
Personnel Vetting