Unhappy With U.S. Foreign Policy? Pentagon Says You Might Be A ‘High Threat’ : “Hema”

Matt Sledge

Posted: 08/07/2013 11:36 am EDT  |  Updated: 08/07/2013  5:19 pm EDT

Watch out for “Hema.”

A security training test created by a Defense Department agency warns federal workers that they should consider the hypothetical Indian-American woman a “high threat” because she frequently visits family abroad, has money troubles and “speaks openly of unhappiness with U.S. foreign policy.”

That slide, from the Defense Information Systems Agency (DISA), is a startling demonstration of the Obama administration’s obsession with leakers and other “insider threats.” One goal of its broader “Insider Threat” program is to stop the next Bradley Manning or Edward Snowden from spilling classified or sensitive information.

But critics have charged that the Insider Threat program, as McClatchy first reported, treats leakers acting in the public interest as traitors — and may not even accomplish its goal of preventing classified leaks.

insider threat

 

DISA’s test, dubbed the “CyberAwareness Challenge,” was produced in October 2012, a month before the Obama administration finalized its Insider Threat policy. The slide about Hema is included in a section of the training about “insider threats,” which are defined by an accompanying guide as “threats from people who have access to the organization’s information systems and may cause loss of physical inventory, data, and other security risks.”

Both Hema’s travel abroad and her political dissatisfaction are treated as threat “indicators.” Versions of the training for Defense Department and other federal employees are unclassified and available for anyone to play online.

“Catch me if you can,” the training dares.

In a statement to The Huffington Post, Pentagon spokesman Lt. Col. Damien Pickart said, “DISA was sensitive to any civil liberty concerns that might arise from any portion of the curriculum, which is why it coordinated with 26 federal agencies to ensure the maximum amount of input was received before going live.”

“When considering personnel for a position of trust that requires a security clearance, there are many potential indicators that must be considered when evaluating for insider threat concerns,” he explained. “The department takes these variables into consideration based on past examples of personnel who engaged in spying or treasonous acts.”

Several million people across the federal government have taken the training since it was released, Pickart said, and there has been only one complaint. He added that the next version of the security awareness training, to be released in October, is being updated so that its insider-threat test focuses more on behavior, “not personal characteristics or beliefs.”

Notably, the CyberAwareness Challenge is given to a wide range of federal employees whose roles have far less to do with security threats than that of a National Security Agency contractor like Snowden. The Department of Housing and Urban Development even requires its private business partners accessing a tenant rental assistance database to complete the training.

The Defense Department version of the “CyberAwareness Challenge” shows a healthy familiarity with Manning’s disclosures to WikiLeaks: In one training slide, the user is asked what to do when contacted by a reporter from “WikiSpills.”

 

Identifying “WikiSpills,” even hypothetically, as a legitimate journalist organization is quite different from how military prosecutors have approached the real WikiLeaks in the trial of Manning. There the military has suggested that WikiLeaks founder Julian Assange took few steps to verify the leaks he received before publication and acted as a virtual co-conspirator with his source.

Steven Aftergood, an expert on government secrecy at the Federation of American Scientists, said the DISA training slide was “ignorant and clumsy.”

“The item ‘speaks openly of unhappiness with U.S. foreign policy’ simply does not belong on the list,” Aftergood wrote in an email to HuffPost. “It is not a threat indicator. It could apply to most members of Congress, if not to most Americans. By presenting the matter this way, the slide suggests that overt dissent is a security concern. That is an error.”

READERS: Have you taken this security awareness training or another “insider threat” test? The Huffington Post would like to hear from you. Email Matt Sledge at sledge@huffingtonpost.com, or call 347-927-9877.

http://www.huffingtonpost.com/2013/08/07/insider-threat-training_n_3714333.html

US army blocks access to Guardian website to preserve ‘network hygiene’

Military admits to filtering reports and content relating to government surveillance programs for thousands of personnel

 

cyberwarfare

The Pentagon insisted the Department of Defense was only seeking to restrict access to certain content. Photograph: Rick Wilking/Reuters

The US army has admitted to blocking access to parts of the Guardian website for thousands of defence personnel across the country.

A spokesman said the military was filtering out reports and content relating to government surveillance programs to preserve “network hygiene” and prevent any classified material appearing on unclassified parts of its computer systems.

The confirmation follows reports in the Monterey Herald that staff at the Presidio military base south of San Francisco had complained of not being able to access the Guardian’s UK site at all, and had only partial access to the US site, following publication of leaks from whistleblower Edward Snowden.

The Pentagon insisted the Department of Defense was not seeking to block the whole website, merely taking steps to restrict access to certain content.

But a spokesman for the Army’s Network Enterprise Technology Command (Netcom) in Arizona confirmed that this was a widespread policy, likely to be affecting hundreds of defence facilities.

“In response to your question about access to the guardian.co.uk website, the army is filtering some access to press coverage and online content about the NSA leaks,” said Gordon Van Vleet, a Netcom public affairs officer.

“The Department of Defense routinely takes preventative ‘network hygiene’ measures to mitigate unauthorized disclosures of classified information onto DoD unclassified networks.”

The army stressed its actions were automatic and would not affect computers outside military facilities.

“The department does not determine what sites its personnel can choose to visit while on a DoD system, but instead relies on automated filters that restrict access based on content concerns or malware threats,” said Van Vleet. “The DoD is also not going to block websites from the American public in general, and to do so would violate our highest-held principle of upholding and defending the constitution and respecting civil liberties and privacy.”

Similar measures were taken by the army after the Guardian and other newspapers published leaked State Department cables obtained via WikiLeaks.

“We make every effort to balance the need to preserve information access with operational security, however there are strict policies and directives in place regarding protecting and handling classified information,” added the Netcom spokesman.

“Until declassified by appropriate officials, classified information – including material released through an unauthorized disclosure – must be treated accordingly by DoD personnel. If a public website displays classified information, then filtering may be used to preserve ‘network hygiene’ for DoD unclassified networks.”

A Defense Department spokesman at the Pentagon added: “The Guardian website is NOT being blocked by DoD. The Department of Defense routinely takes preventative measures to mitigate unauthorized disclosures of classified information onto DoD unclassified networks.”

 

http://www.guardian.co.uk/world/2013/jun/28/us-army-blocks-guardian-website-access

June 7 memorandum from the DoD warning employees not to read information on any leaks

ScreenHunter_37 Jun. 18 23.42

ScreenHunter_38 Jun. 18 23.42

DoD Warns Employees of Classified Info in Public Domain

Categories: Leaks, Secrecy

As a new wave of classified documents published by news organizations appeared online over the past week, the Department of Defense instructed employees and contractors that they must neither seek out nor download classified material that is in the public domain.“Classified information, whether or not already posted on public websites, disclosed to the media, or otherwise in the public domain remains classified and must be treated as such until it is declassified by an appropriate U.S. government authority,” wrote Timothy A. Davis, Director of Security in the Office of the Under Secretary of Defense (Intelligence), in a June 7 memorandum.

“DoD employees and contractors shall not, while accessing the web on unclassified government systems, access or download documents that are known or suspected to contain classified information.”

“DoD employees or contractors who seek out classified information in the public domain, acknowledge its accuracy or existence, or proliferate the information in any way will be subject to sanctions,” the memorandum said.

http://blogs.fas.org/secrecy/2013/06/dod-classified/

DoD: If You See A Leaked NSA Document, Press SHIFT And DELETE To Get Rid Of It

from the this-again dept

We saw this back when Wikileaks released a bunch of documents and the Defense Department and other government agencies told employees that they weren’t allowed to look at any of the documents, even though they were being splashed all over the press.  Now, it appears, the same thing is happening concerning the NSA leaks.  The Defense Department quickly sent out a memo to staff, saying:

Classified information, whether or not already posted on public websites, disclosed to the media, or otherwise in the public domain remains classified and must be treated as such until it is declassified by an appropriate U.S. government authority. It is the responsibility of every DoD employee and contractor to protect classified information and to follow established procedures for accessing classified information only through authorized means. 

This included instructions, such as the following:

DoD employees or contractors who inadvertently discover potentially classified information in the public domain shall report its existence immediately to their Security Manager. Security Managers and Information Assurance Managers are instructed to document the occurrence and report the event to the Director of Security Policy and Oversight, Office of the Under Secretary of Defense for Intelligence (OUSD(I)). The offending material will be deleted by holding down the SHIFT key while pressing the DELETE key for Windows-based systems and clearing of the internet browser cache.

Given how much these documents are now showing up in the news, you have to imagine that Defense Department “Security Managers” are up to their eyeballs in “reports” from staffers who “inadvertently” run across such classified materials.  On top of this, staff are told to not even acknowledge the existence of these documents:

DoD employees or contractors who seek out classified information in the public domain, acknowledge its accuracy or existence, or proliferate the information in any way will be subject to sanctions.

I’ve seen people defend these policies in the past, but they make no sense.  All they do is encourage a head-in-the-sand mentality within the government, in which employees are told to pretend that public information isn’t public.  As we’ve said before, in the business world, non-disclosure agreements are generally considered null and void the moment the same information becomes public via other means.  Because that’s dealing with reality.  Pretending that these documents aren’t out in the world, and having to fill out a report every time a government employee happens to hit a news article with one of these documents shown, seems like a tremendous waste of time and energy, all in an attempt to deny reality.

U.S. energy companies victims of potentially destructive cyber intrusions: The secretary said that a coordinated attack on enough critical infrastructure could be a “cyber Pearl Harbor”

Posted By John ReedThursday, October 11, 2012 – 8:56 PM

Foreign actors are probing the networks of key American companies in an attempt to gain control of industrial facilities and transportation systems, Defense Secretary Leon Panetta revealed tonight.

“We know that foreign cyber actors are probing America’s critical infrastructure networks,” said Panetta, disclosing previously classified information during a speech in New York laying out the Pentagon’s role in protecting the U.S. from cyber attacks. “They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation thorough the country.”

He went on to say that the U.S. government knows of “specific instances where intruders have gained access” to these systems — frequently known as Supervisory Control and Data Acquisition (or SCADA) systems — and that “they are seeking to create advanced tools to attack these systems and cause panic, destruction and even the loss of life,” according to an advance copy of his prepared remarks.

The secretary said that a coordinated attack on enough critical infrastructure could be a “cyber Pearl Harbor” that would “cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability.”

Panetta’s comments regarding the penetration of American utilities echo those of a private sector cyber security expert Killer Apps spoke with last week who said that the networks of American electric companies were penetrated, perhaps in preparation for a Stuxnet-style attack.

Stuxnet is the famous cyber weapon that infected Iran’s uranium-enrichment centrifuges in 2009 and 2010. Stuxnet is believed to have caused some of the machines to spin erratically, thereby destroying them.

“There is hard evidence that there has been penetration of our power companies, and given Stuxnet, that is a staging step before destruction” of electricity-generating equipment, the expert told Killer Apps. Because uranium centrifuges and power turbines are both spinning machines, “the attack is identical — the one to take out the centrifuges and the one to take out our power systems is the same attack.”

“If a centrifuge running at the wrong speed can blow apart” so can a power generator, said the expert. “If you do, in fact, spin them at the wrong speeds, you can blow up any rotating device.”

Cyber security expert Eugene Kaspersky said two weeks ago that one of his greatest fears is someone reverse-engineering a sophisticated cyber weapon like Stuxnet — a relatively easy task — and he noted that Stuxnet itself passed through power plants on its way to Iran. “Stuxnet infected thousands of computer systems all around the globe, I know there were power plants infected by Stuxnet very far away from Iran,” Kaspersky said.

While the utilities have been penetrated, Panetta said that the Defense Department, largely via the National Security Agency, is “acting aggressively to get ahead of this problem –putting in place measures to stop cyber attacks dead in their tracks” under a whole-of-government effort.

The Department of Homeland Security, working with the Department of Energy, has the lead in responding to the attacks that Panetta disclosed tonight, senior defense officials told reporters during a background briefing about Panetta’s speech. The Pentagon officials believe they know who was behind the attack but would not reveal who that may be. They did note however, that Russia, China, and increasingly, Iran have developed worrisome cyber capabilities. DHS officials were not available for comment.

Panetta added that the Pentagon stands ready to “counter” cyber threats to U.S. national interests. He did not, however, use the word “offensive” to describe any of DoD’s operations in cyberspace.

“If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President,” said Panetta. “For these kinds of scenarios, the [Defense Department] has developed that capability to conduct effective operations to counter threats to our national interests in cyberspace.”

He went on to insist, though, that the Pentagon has only a supporting role to civil agencies in defending U.S. civilian infrastructure from cyber attack and that DoD will not monitor citizens personal computers.

“That is not our mission,” said Panetta.

The Defense Department will only have the lead in responding to cyber attacks when deemed appropriate under the rule of armed conflict, said one of the defense department officials.

To protect the United States from crippling cyber attacks by “foreign adversaries,” Panetta said the Pentagon will focus on the following:

  • Developing new cyber capabilities via the more than $3 billion spent on cyber issues annually;
  • Establishing policies and organizations that DoD needs to execute its mission in near real-time with other federal agencies, such as the Department of Homeland Security and the FBI;
  • Improving DoD’s cooperation with private industry and international partners via better information-sharing about cyber threats and the establishment of basic cyber security standards for critical infrastructure providers.

Panetta also urged Congress to pass the Cyber Security Act of 2012, which would allow real-time information-sharing between businesses and the government, restrict the type of information government can collect on private citizens and how that information may be used, as well as set minimal cyber security standards that critical infrastructure providers should meet.

Super-sizing the soldier: Is obesity going to pose a huge recruiting problem?: At present, 62 percent of active duty military members over the age of 20 have a body mass index that falls into either the overweight or obese category

Posted By Thomas E. RicksTuesday, October 9, 2012 – 10:22 AM

By Jim Gourley

Best Defense department of physical fitness and national security

Obesity and weight-related health conditions have become a prevalent concern to American policy in the last decade. National military leadership was also exposed to obesity’s potential risks to national security with the release of the report “Too Fat to Fight” by Mission Readiness in 2010. The group’s primary message is that a burgeoning population of overweight American children will drastically reduce an already diminished pool of viable candidates for military service in the next ten years. However, these reports indicate only the most general aspects of the problem and focus on projections of future implications. When the scope of the American obesity epidemic is examined specifically within the context of its impact on the armed forces, data shows clearly that the threat is not imminent, but existential.

At present, 62 percent of active duty military members over the age of 20 have a body mass index that falls into either the overweight or obese category. For personnel under the age of 20, the number stands at 35 percent. That is actually an improvement from a 2005 rate of 46 percent. These statistics are often challenged due to the disputable methods of calculating Body Mass Index (BMI). However, the 2011 Annual Summary of the Armed Forces Health Survey Center cites 21,185 medical diagnoses for overweight, obesity and hyperalimentation (overeating). Research also dispels service culture stigmas. No service is immune to overweight issues. Comparing the relative percentages of overweight/obese service members, the Navy is the fattest service at 62.7 percent, followed by the Army at 61 percent, the Air Force at 58.8 percent. The Marines register the fittest at 55.1 percent, still substantially more than half overweight. Closer examination shows that more than 12 percent of active duty service members in each service are obese. The Marines break the trend more significantly in this category with a 6.1 percent obesity rate.

The increase of girth in the military progressed at a linear rate between 1995 and 2005, but has remained fairly consistent since then. However, emerging data indicates that the overweight population may rise further in the next ten years if the military is to meet recruiting goals. A new study by the Trust for America’s Health predicts that more than half of Americans in 39 states will be obese by 2030. This is disturbing enough, but it becomes even more troubling for the armed forces when individual state recruitment trends are compared to their childhood obesity rates. All ten states that contributed the most military inductees in 2010 have childhood obesity rates greater than 15 percent. Three of them (including Texas, which was second in total recruitment with over 15,000 new military members) exhibit rates between 20-25 percent. The preponderance of our young military members come from the most ponderous states.

The problem is not simply one of cosmetics or intangible metrics of combat performance. The costs of an unfit military carry a real-dollar value. A 2007 joint study by The Lewin Group and TRICARE management activity estimated that the Defense Department spends $1.1 billion annually on medical care for obesity and overweight conditions. This study included dependents and retirees who qualified for TRICARE Prime coverage. More restricted to the active duty component are the costs to manpower. The AFHSC report tallied 245 “bed days” for medical treatment directly linked to weight issues, and 4,555 service members were involuntarily separated for failing to meet weight standards in 2008. The recruiting and initial entry training costs alone represent a loss of $225 million. Adding in specific military job training, logistics, equipment and the cost of lost duty days brings the annual price tag of overweight service members to about $1.5 billion. That exceeds the military’s budget for Predator drones in 2010. Themilitary still fails to grasp the true scale of the problem so long as comorbidities of overweight and obesity remain unexamined. There were more than 42,000 service members affected by hypertension and another 5,700 by diabetes in 2011. Hypertension alone ranks in the top thirty conditions affecting active duty service members. Also overlooked is the expense of XXL chemical warfare suits and development of other plus-sized uniform items.

The military’s response to the problem has been mixed. The Army provided waivers to 1,500 new recruits who failed to meet weight standards in 2007. The program remains in place but the numbers of waivers issued in subsequent years have not been published. The Navy had a similar program until 2010. The Air Force never offered such a program and the Marines actually tightened standards in the 2009-2011 time period. Trends suggest that weight standards are on a sliding scale driven largely by manpower requirements and retention problems in a wartime military.

Therein lies the greatest problem. It seems all but certain that American society will continue gaining weight over the next decade. In this regard, the military may be a kind of canary in the cave given its emphasized dependence on physical fitness for mission success. However, without an established position on the matter of physical fitness standards and given the likelihood that leaders at every level will themselves be at an unhealthy weight, it is possible that the military will experience substantial increases in operating costs and diminished capability in the next decade.

Jim Gourley is a Best Defense jolly good fellow.

http://ricks.foreignpolicy.com/posts/2012/10/09/super_sizing_the_soldier_is_obesity_going_to_pose_a_huge_recruiting_problem

Obama administration officials say there’s no point crafting detailed sequestration plans

Prepare for the Worst

Oct. 7, 2012 – 04:14PM   |
By THE DEFENSE NEWS STAFF

Obama administration officials say there’s no point crafting detailed sequestration plans, given it’s a crisis created by Congress that might never happen.

But Pentagon Comptroller Bob Hale last week finally hinted at some implications, saying civilian workers might be furloughed to cover Afghanistan operations. He also said the Defense Department would look to protect its top programs and avoid costly terminations.

Even though DoD is not yet making detailed plans, Hale stressed the Pentagon will be ready if sequestration goes into effect. Ready or not, a 10 percent chop off DoD’s annual budget — a sequestration requirement — is a big hit, all the more following cuts over the past two years.

Unfortunately, wisdom will not prevail in a timely fashion: This is an election year. Republicans want details to criticize Obama for cutting defense; the president won’t play along, blaming Congress for creating this mess in the first place. That leaves a looming threat to the defense section frozen by uncertainty and workers fearing for their jobs.

No matter how you slice it, sequestration will only make a bad situation worse, and Congress has a responsibility to avoid it. Yet it has demonstrated a tendency toward nonpartisan irresponsibility. DoD leaders absolutely must do more to prepare for a worst-case scenario.

http://www.defensenews.com/article/20121007/DEFFEAT05/310070008/Prepare-Worst?odyssey=mod|newswell|text|FRONTPAGE|s