Lockheed Martin Counterintelligence &

Insider Threat Programs

Connect: ID Conference

Douglas D. Thomas Director, Counterintelligence Operations & Corporate Investigations

Washington, DC March 23, 2015

2

Introduction & Background

• Douglas D. Thomas – Director, Lockheed Martin Counterintelligence Operations & Corporate Investigations

– 33 years with the Air Force Office of Special Investigations; retired as Executive Director

– 2 years as the Principle Deputy Director of the National Counterintelligence Executive (NCIX)

3

Thoughts to Consider...

• National Security is executed/funded by USG; built by Industry

• Government should have some assurances products & services are delivered uncompromised

• There is NO difference between National Security and Economic Security

• MUST think beyond classified programs and cleared people

• War Room Board Room

4

CI & Identity Management

• In this digital and portable age, our company proprietary and personal information is only as secure as those who have access to it

• Malicious and/or accidental insider activity are significant risks

• The Insider Threat cannot be detected by biometrics or other assured identity technologies

• Identifying pre-event indicators is paramount to mitigating risk

• Partnerships between CI & Cyber critical in establishing employee baseline profiles (behavioral & digital)

5

Trends

• From FY09 to the end of FY14, economic espionage and theft of trade secrets cases in the FBI increased by more than 105% (on average and increase of 16% per year)

• Economic espionage and theft of trade secrets represent the largest growth area among the traditional espionage cases overseen by the FBI’s Counterespionage Section

• Intelligence Information Reports (IIR) from Industry SCR reporting; 588 in 2009 5,070 in 2014 (+ 862%)

• Federal investigations or operations from DSS referrals; 46 in 2009 989 in 2014 (+ 2,150%)

6

Increase in Insider Threat

• The incidence of employee financial hardships during economic downturns

• The global economic crisis

– Foreign nations more eager to acquire new technologies, R&D

– Mergers, acquisitions, divestitures, joint ventures

• Ease of stealing anything stored electronically

• Increasing exposure to Foreign Intelligence Entities (FIE) presented by the reality of global business, joint ventures, and the growing international footprint of American firms.

• Increase in FIE recruitment of students

7

Lockheed Martin Insider Threat Detection

• Proactive alignment with Executive Order 13587

• Alignment with anticipated NISPOM Conforming Change #2

• Identifies indicators of persons at risk & potentially malicious activity

• Analyzes existing corporate data for behavioral patterns

• Lead generator

• Applications beyond Insider Threat

• Recipient of 2014 CSO40 Award

• 2013 Defense Security Service Award for Excellence in Counterintelligence

8

LM WISDOM ITI™

• Continuous evaluation of employee attributes, behaviors, and actions according to analyst-defined models

• Lead generation and triage from three graphical outputs

• Heavy emphasis on deviation from baseline profiles

• Analyst defined categories and attributes of interest

• Categories and attributes are assigned weights

• Models run against an entire population or subsets

• Based on Big Data technologies (petabyte+)

• Notifications and alerts

• Data encryption

9

Questions?