lockheed martin counterintelligence & insider threat · pdf filelockheed martin...
TRANSCRIPT
Lockheed Martin Counterintelligence &
Insider Threat Programs
Connect: ID Conference
Douglas D. Thomas Director, Counterintelligence Operations & Corporate Investigations
Washington, DC March 23, 2015
2
Introduction & Background
• Douglas D. Thomas – Director, Lockheed Martin Counterintelligence Operations & Corporate Investigations
– 33 years with the Air Force Office of Special Investigations; retired as Executive Director
– 2 years as the Principle Deputy Director of the National Counterintelligence Executive (NCIX)
3
Thoughts to Consider...
• National Security is executed/funded by USG; built by Industry
• Government should have some assurances products & services are delivered uncompromised
• There is NO difference between National Security and Economic Security
• MUST think beyond classified programs and cleared people
• War Room Board Room
4
CI & Identity Management
• In this digital and portable age, our company proprietary and personal information is only as secure as those who have access to it
• Malicious and/or accidental insider activity are significant risks
• The Insider Threat cannot be detected by biometrics or other assured identity technologies
• Identifying pre-event indicators is paramount to mitigating risk
• Partnerships between CI & Cyber critical in establishing employee baseline profiles (behavioral & digital)
5
Trends
• From FY09 to the end of FY14, economic espionage and theft of trade secrets cases in the FBI increased by more than 105% (on average and increase of 16% per year)
• Economic espionage and theft of trade secrets represent the largest growth area among the traditional espionage cases overseen by the FBI’s Counterespionage Section
• Intelligence Information Reports (IIR) from Industry SCR reporting; 588 in 2009 5,070 in 2014 (+ 862%)
• Federal investigations or operations from DSS referrals; 46 in 2009 989 in 2014 (+ 2,150%)
6
Increase in Insider Threat
• The incidence of employee financial hardships during economic downturns
• The global economic crisis
– Foreign nations more eager to acquire new technologies, R&D
– Mergers, acquisitions, divestitures, joint ventures
• Ease of stealing anything stored electronically
• Increasing exposure to Foreign Intelligence Entities (FIE) presented by the reality of global business, joint ventures, and the growing international footprint of American firms.
• Increase in FIE recruitment of students
7
Lockheed Martin Insider Threat Detection
• Proactive alignment with Executive Order 13587
• Alignment with anticipated NISPOM Conforming Change #2
• Identifies indicators of persons at risk & potentially malicious activity
• Analyzes existing corporate data for behavioral patterns
• Lead generator
• Applications beyond Insider Threat
• Recipient of 2014 CSO40 Award
• 2013 Defense Security Service Award for Excellence in Counterintelligence
8
LM WISDOM ITI™
• Continuous evaluation of employee attributes, behaviors, and actions according to analyst-defined models
• Lead generation and triage from three graphical outputs
• Heavy emphasis on deviation from baseline profiles
• Analyst defined categories and attributes of interest
• Categories and attributes are assigned weights
• Models run against an entire population or subsets
• Based on Big Data technologies (petabyte+)
• Notifications and alerts
• Data encryption
9
Questions?