Session Summaries
NSI IMPACT 2008 Session Descriptions________________________________
Monday, April 7 8:00am-8:45am
Keynote Address:
Threat Forecast: The Top Security Challenges for 2008
Dr. Joel F. Brenner
National Counterintelligence Executive
Office of the Director of National Intelligence
With America engaged in a high-stakes war against jihad, effective counterintelligence—the process of identifying and catching foreign spies—is more important than at any time since the Cold War. In this timely keynote address, America’s top counterintelligence official will reveal how foreign governments and terrorist organizations are actively spying within the United States and stealing our most vital secrets—on our nuclear weapons, missile defenses, intelligence sources and methods, cryptographic codes, sensitive technologies, and much more.
A key player in the U.S. counterintelligence community, Dr. Brenner answers these compelling questions: Where will the greatest security threats come from in 2008? What is on the horizon? How can government and the private sector come together to implement safeguards? What steps can—and must—be taken to counter the threats? By looking into this crystal ball of potential threats, security managers will gain a clearer understanding of how the risk landscape is shifting so they can better prepare.
_____________________________
Monday, April 7 8:45am-9:40am
The Right Stuff: Achieving Excellence in Security Management
Deedee Collins, Executive Director
National Security Training Institute, Inc.
The government/industry security field has come a long way from “gates, guns and guards,” and 21st century practitioners need 21st century skills to be effective as strategic partners in their organizations. In this highly demanding climate, what are the skills needed to become a security standout? What separates an exceptional security manager from a merely competent security manager? “What is the right stuff? Noted security motivational speaker Dee Dee Collins will show you what steps you can take toward a more fulfilling career by redirecting yourself to a few core principles: an ongoing commitment to learning, a willingness to improve your interpersonal and business skills, and a deliberate effort to establish yourself as a leader.
You Will Learn:
• Key skills needed to perform in this new era of security
• Tools and techniques for becoming a security standout
• Best practices for advancing your career
• Steps to sharpen your communications skills
_____________________________
Monday, April 7 10:40am-11:25am
Cyber-Security: Emerging Threats And Countermeasures
Eddie Schwartz, VP/Chief Security Officer
NetWitness Corporation
Cyber threats against the U.S. are growing with more than 100 countries developing cyber-war techniques, using the Internet for military or economic espionage. U.S. officials and security experts warn that cybercriminals are using increasingly sophisticated methods to attack military and government computers. U.S. Department of Homeland Security statistics reveal that 37,000 attempted breaches of government and private computer systems were reported in fiscal 2007, marking a dramatic increase from the 24,000 reported a year earlier. Against this backdrop, a Government Accountability Office report said terrorists may become a larger threat on the cyberbattleground as younger, more tech-savvy recruits join the organizations. This session will discuss growing threats on the virtual horizon and how to defend against them.
You Will Learn:
• What the government is doing to prevent a cyber 9/11
• How government and industry can work together to combat cyber threats
• Where the greatest cyber threats will come from
_____________________________
Monday, April 2 11:25am-12:25pm
Security Clearance Panel: What’s Working, What’s Not
Kathy L. Dillaman, Assoc. Director, OPM Federal Investigative Services
Perregrine Russell-Hunter, Dep. Director, DOHA
John Faulkner, Director, DISCO
Still waiting for security clearances in the pipeline? Well, there’s good news and bad news. Good news first: The Office of Personnel Management and Budget is continuing to shave days off the protracted security clearance process. The bad news: adequate funding and broader use of technology will be needed to continue improving the background investigation screening process. In this informative panel Q&A session you’ll hear from all of the key players in the security clearance regime—from OPM to DISCO to DOHA— and what each agency is doing to streamline the security clearance process. This session will help you better understand the adjudication process and explain the factors involved in granting a timely clearance decision. This is your chance to get up to speed on one of the most critical aspects of your personnel security program.
You Will Learn:
• Status report on the current clearance backlog
• Where bottlenecks in the process are occurring
• How to ensure timely clearance processing for your employees
___________________________
Monday, April 7 2:00-3:15pm Track I
Understanding and Implementing AIS Best Practices
Gregory L. Welch, Sr. Information Assurance Analyst
Cynergy Group of Baltimore, Inc.
Navigating the AIS security landscape can be dizzying. Simply identifying the vast array of requirements can be time consuming and overwhelming—never mind determining which plan or procedure best fits your needs. With technology continually spurring changes to the rules, how do you protect classified information in AIS systems? This session will guide you through the complex implementation issues and help you navigate the maze of AIS security requirements for processing classified data at various protection levels. In this workshop, you’ll learn how to effectively manage and implement NISPOM chapter 8 requirements and get your automated systems accredited with minimal hassle. This interactive session will explore best practices and what other leading organizations are doing to effectively manage AIS security.
Key Benefits:
• Tips to avoid the biggest AIS security landmines
• Best practices for implementing NISPOM requirements
• Heads up on changes to AIS security
________________________________
Monday, April 7 2:00-3:15pm Track II
Security Presentation Skills Workshop
William R. Kotapish, Professor
National Security Training Institute
As a security manager, much of your work involves interacting with others and putting your best foot forward. How we communicate and get our security message out to our constituents is vital to the success of our security programs. In this session, you’ll be given practical instruction and guidance on preparing and delivering security presentations. You’ll hear from an expert on best practices in communications and presentation skills. You’ll learn how to get your message across, whether you’re presenting a security proposal to top management, training your staff or conducting a security briefing for your employees. This power-packed workshop will stimulate your interest and motivate you to seek new paths to improve your communications skills.
You Will Learn:
• Tips for developing and delivering a speech
• Techniques to motivate your audience
• How to overcome anxiety
________________________________
Monday, April 7 3:45-5:00pm Track I
JPAS Solutions Clinic for Government and Industry
Joseph J. Jessop, JPAS Corp. Acct. Mgr.,Lockheed Martin Corp.
Quinton Wilkes, Corporate Security Manager, L-3 Communications Corp.
Air Force, Army, Navy and Defense Security Service — TBD
Successfully navigating your way around the Joint Personnel Adjudication System (JPAS) and its related interfaces can be a time consuming and oftentimes stressful experience. It is, however, one of the most important tasks you will undertake as the government’s e-Clearance initiative advances. Bring your questions, first-hand experiences and frustrations to this problem-solving workshop where you can get answers from knowledgeable security experts who understand the ins and outs of JPAS. An expert security panel comprised of both government and industry JPAS Program Officers will lead you in this highly interactive session. You’ll receive practical instructions for effectively using the system; avoid timely errors that can slow the clearance process down; and get a heads up on where the glitches are occurring and what to do about it.
You Will Leave With:
• Working knowledge of current JPAS operating procedures
• Best practices for using JPAS, JCAVS and e-QIP
• Steps to minimize problems and where to get help
__________________________________
Monday, April 7 3:45pm-5:00pm Track II
OPSEC 360°: How to Conduct a Vulnerability Assessment
Wesley H. Latchford, LCDR, U.S. Navy, Chief of Security
Global Innovation and Strategy Center
An increasingly popular approach to vulnerability assessment is to think like the bad guys. Unfortunately, many security practitioners are often far less creative in identifying vulnerabilities than are the individuals who exploit them. An adversarial vulnerability assessment can help overcome these limitations, but it requires a completely different mindset. This workshop, taught by a leading operations security expert, provides you with a methodical and practical approach in identifying assets most attractive to attack by an adversary. This session will guide you in the analysis and examination of the interrelationships between assets, threats, vulnerabilities and countermeasures that protect a facility.
You Will Learn:
• How to identify critical assets, single points of failure
• How to evaluate security effectiveness against adversary capabilities
• Essential steps to securing sensitive unclassified information
• How to prepare a Vulnerability Assessment report
//////////////////////////////////////////////////////////////////////////////////////
_____________________________
Tuesday, April 8 8:10am-8:55am
Economic Espionage: Meeting the Threat
Thomas Mahlik, Domain Section Chief,
Counterintelligence Division, FBI
The United States is a prime target of foreign spies seeking to steal away critical information — not only military plans and national security secrets but also valuable technological and business trade secrets. At last count, businesses, scientists, students and intelligence agents from nearly 100 countries were trying to get this information. The FBI is pursuing 143 economic espionage cases, up from 122 the previous year, according to its most recent statistics. As part of its drive to boost corporate awareness, the FBI is spearheading efforts to help businesses and universities assess their vulnerability to intellectual property theft and then take action to plug any potential leaks. The agency’s top priority is protecting new weapons systems and other technology with national security implications. In this timely briefing, the FBI’s espionage chief provides an overview and assessment of the state of economic espionage activities directed against the United States and how to defend against it.
You Will Learn:
• Up to date analysis of foreign spying capabilities and targets
• Better understanding of your role in counterintelligence
• Heightened awareness of your potential vulnerabilities
_____________________________
Tuesday, April 8 8:55am-9:40am
Preventing Insider Threats: Lessons Learned from Actual Attacks
Dawn Cappelli, Senior Member, CERT Technical Staff
Carnegie Mellon University
An unhappy systems administrator who may want to teach a seemingly unappreciative boss a lesson. An employee who is passed over for a promotion or a raise. A disgruntled worker who, for the right price, is willing to sabotage his employer or country. Each of these nightmare scenarios represents a situation in which an employee has privileged access to information and the ability to thwart an organization’s weak internal security controls. While most employees are trustworthy, insiders are often at the center of security breaches and incidents of data theft. Protecting your organization against insider threats requires careful planning and foresight to develop a layered defense that reduces the scope of the risk. Attend this session to learn about the latest trends on insider threats, how to spot devious actions of social engineers, and best practices to thwart the efforts of those once-good office workers who’ve gone bad.
CERT's insider threat team, which was formed in 2001, has gathered and analyzed over 250 casefiles for actual insider cyber crimes, including theft of confidential or sensitive information, espionage, IT sabotage, fraud, and potential threats to our nation's critical infrastructures. All CERT insider threat research focuses on both the technical and behavioral aspects of actual compromises. Dawn Cappelli, leader of the CERT insider threat team, will present findings regarding those 250 cases, including the motivation behind the crimes, methods of carrying out the attacks, precursors that could have served as indicators to the organization in preventing the incident or detecting it earlier, and best practices for mitigating insider incidents.
Key Results:
• Best practices for combating the insider threat
• Latest research in ongoing insider threats
• Key elements of the insider risk profile
_____________________________
Tuesday, April 8 10:00am-10:45 am
Defense Security Service — Moving Forward Together
Kathleen Watson, Director
Defense Security Service
Defense Security Service Director Kathleen Watson will present the annual State of the DSS address. Find out how the agency plans to carry out its mission in 2008 as it administers and implements the defense portion of the National Industrial Security Program. Discussion will cover key changes taking place in the industrial security program and its impact on cleared defense contractors. In this informative session, you'll hear about DSS’ plans for the year ahead and how they affect your security program. Receive important updates in all areas of DSS coverage including: security inspections, automation/modernization efforts, counterintelligence awareness, security training, personnel security investigation projections, and foreign ownership, control and influence countermeasures.
You Will Learn:
• Specific DSS program initiatives for 2008
• What security discrepancies are being cited by IS reps
• How to best resolve NISP-related issues with DSS
_____________________________
Tuesday, April 8 10:45am-11:45am
Spy Wars ’08: China Poses ‘Single Greatest Risk’
Dr. Larry M. Wortzel, Chairman
United States-China Economic and Security Review Commission
China's aggressive spying, technology theft and computer attacks pose the most significant threats to U.S. national security, a congressional panel warns. Security experts say that there’s little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases. The Chinese intelligence services use a variety of methods to spy, including traditional intelligence operations targeting U.S. government agencies and defense contractors. This session will examine the growing threat from Chinese spying; why 2008 may be the year of cyberespionage; intelligence-gathering methods used by the Chinese (both open and illicit), as well as organizations, collectors, and technologies being targeted.
Key Benefits:
• Valuable lessons from the security trenches
• Scope of Chinese spying activities in the U.S.
• Lessons learned from recent spy cases
__________________________________
Tuesday, April 8 1:45pm-3:00pm Track I
Security Awareness: Overcoming Complacency in Your Organization
Martin D. McNair, Corporate Security Specialist
Science Applications International Corporation
What does it mean when 90% of employees can remember the name of the performer from the last Super Bowl half-time show, but only 60% know the rules for protecting sensitive or classified information? Security awareness is not where it should be. With today’s concerns about budgets, resources, and visibility, organizations cannot let their security awareness programs be ineffective (or fail altogether). This session presents a common-sense approach to building—or enhancing—a first class security awareness program and mastering the art of persuasion. At the completion of this session attendees will have an understanding of how to motivate people to perform the security-related aspects of their jobs.
You Will Learn How to:
• Identify the key ingredients in a successful security awareness and training program
• Gather and organize a wide variety of techniques and materials for maximum impact
• Create effective awareness delivery techniques
__________________________________
Tuesday, April 8 1:45pm-3:00pm Track II
How to Steer Clear of Export Control Security Violations
Deed L. Vest, Director Security and Technology Protection
United Space Alliance
Export analysts predict a record year of monetary penalties this year and even criminal prosecutions for various U.S. export violations. Given the ease with which controlled technical data may be improperly exported, as well as the possible consequences for violating export controls, it’s critical that security managers know and comply with the rules for protecting export-controlled technology and information. Failure to comply, even unintentionally, can be costly both to your company and national security. Learning the ropes is difficult because the various U.S. agencies and departments that administer export controls have different laws and regulations. Still, there are certain principles common to all export controls. This workshop will provide you with a working knowledge of your security obligations and bring you up to speed on export compliance issues.
Key Benefits:
• Export control primer on “Deemed Exports” FOCI, foreign nationals at U.S. facilities, and dual-use technologies
• Avoid the biggest and most common mistakes
• Security resources, contacts and where to go for help
__________________________________
Tuesday, April 8 3:20pm-4:35pm Track I
How Not to Have Your Information Systems Control Plan Rejected
Michael Farley, Deputy Director ODAA
Defense Security Service
Navigating your way through the DSS certification and accreditation process for classified systems can be a challenging experience. A written plan may not strike security managers as the first weapon for countering the threat to classified data, but it is the same as having a well-planned strategy for an army. A good systems security plan will provide a number of benefits to the security staff, including improved operational effectiveness and management controls. In this interactive workshop, you’ll learn about the best practices in preparing your information systems control plan. DSS’ Michael Farley will walk you through the ODAA process and provide critical implementation rules of the road for 2008.
What You’ll Learn:
• Common pitfalls and problem areas to avoid when preparing security plans
• Key tips for an effective systems security plan
• Update on eFAST pilot program and ODAA plans
__________________________________
Tuesday, April 8 3:20pm-4:35pm Track II
Best Practices for Protecting Your Employees Overseas
David S. Katz, Founder/CEO
Global Security Group
As more U.S. corporations enter the global business arena and face increasing security threats as a result of terrorist activities, theft of intellectual property and natural disasters, security managers are taking a closer look at their responsibilities to employees who work or travel in hot spots around the world. This timely session addresses key corporate security concerns in international operations, focusing on threat assessment, prevention, and intervention. It will also provide real-life case examples, personal insights and practical advice on how to protect your company’s assets and operations in an increasingly dangerous world. You’ll learn the proven techniques and principles for helping your employees survive in high-threat areas.
You Will Learn:
• Recent trends, hot spots, and emerging threats
• Key elements of a defensive foreign travel briefing
• Best practices for mitigating risks
//////////////////////////////////////////////////////////////////////////////////////
__________________________________
Wednesday, April 9 8:10am-8:55am
Future Directions in Terrorism and Counterterrorism
Russell E. Travers, Deputy Director for Information Sharing
and Knowledge Development, National Counterterrorism Center
Experts warn that the threat of terrorism and its related groups will persist throughout 2008. As we develop and implement strategies and systems to address the threats of today, terrorists are planning the threats of tomorrow. To cope with this new reality, security managers must take greater care in planning and protecting their people, information and physical assets from the direct and indirect impact of the heightened terrorist threat. While it’s not possible to know where terrorists are going to strike, it is possible to forecast trends. This timely threat briefing will discuss the changing landscape of the terrorist threat to American security and offer recommendations for meaningful protections against growing dangers.
Key Issues:
• Changing face of terrorism and top threats for 2008
• New threats from high-tech terrorism and e-jihad
• Effective and practical counterterrorism measures
__________________________________
Wednesday, April 9 8:55am-9:40am
Building a Dynamic and Viable Security Program
Robert W. Rogalski, Corporate Director of Security & Safety
RAND Corporation
In the rapidly evolving world of business, what is true today may not have been true yesterday. So even the most carefully considered security strategies may be based on a foundation that no longer exists. As a result, it's pretty easy for security operations—even the best ones—to go astray without ever changing course. Meeting these challenges requires new thinking; a new model for security management that aligns security with business needs. Rob Rogalski, who has seen security from both the government side as director of security at the Pentagon and the private sector, as current security director with Rand Corp., will provide key strategies and building blocks needed to develop a successful 21st century security program.
You Will Learn:
• How to present security as a business enabler
• How to keep pace with expanding responsibilities
• Proven practices for managing the security function
__________________________________
Wednesday, April 9 10:00am-10:45am
Securing the Mobile Workforce: Closing the Virtual Barn Door
James P. Litchko, President/CEO
Litchko & Associates
As today’s workforce becomes increasingly mobile, the risk to sensitive information has never been greater. Laptop and mobile gadgets like cell phones, PDAs, and USB flash drives have become a necessity in many business settings. And such equipment now spends more time than ever outside the office, as employees work at home or in the nearest Starbucks—creating a huge opportunity for information theft or loss. This informative session will bring emerging security vulnerability and liability issues to light in a manner that is easy to comprehend, even for those having less-technical subject knowledge. Topics addressed include: security considerations regarding Blogs, Instant Messaging, wireless and remote server access, as well as authorized and unauthorized transferences of sensitive data.
Key Issues:
• Security implications of corporate vs. employee handhelds
• How to stop laptop theft
• How to tackle the threat from portable storage devices
_________________________________
Wednesday, April 9 10:45am-11:45am
D*I*C*E 2008: The Path to Heightened Security
Ray Semko, Professor
The Centre for Counterintelligence and Security Studies
As the nation faces a continued and more far-reaching threat from espionage, terrorism and information warfare, the need for security vigilance at all levels of the organization is greater than ever before. Ray Semko (a.k.a. The D*I*C*E Man), nationally known for his motivational presentations, will provide a guided tour of the latest risks and advice to help protect your organization and strengthen your security program.From the threats beyond our borders, to those festering within, Mr. Semko’s objective is to help you recognize America’s adversaries, their targets and methods of operation and how to prevent these adversaries from exploiting our nation’s security by effectively protecting classified, proprietary and sensitive information. The D*I*C*E Man’s goal is to raise your awareness level and give you the tools you need to get your employees on the road to improved security.
You Will Learn:
• How to build awareness of critical security issues
• Key ingredients in a successful CI awareness program
• How to motivate employees to practice good security
Gold Sponsors
