This eLearning course, “Thwarting the Enemy: Providing Counterintelligence and Threat Awareness to the Defense Industrial Base,” is designed to equip employees working in cleared defense contractor facilities with the essential knowledge and skills to identify and mitigate potential threats.
It provides comprehensive training on the importance of Counterintelligence (CI) and Threat Awareness within the context of the defense industrial base. The course is conducted in a flexible, self-paced online format.
Threat awareness is critical in defense contracting because the stakes are incredibly high. Failures in threat awareness could result in the loss of sensitive information, compromise of mission-critical systems, or even endanger national security.
Employees must be vigilant in recognizing and reporting activities or situations that could pose a threat to their organization and, by extension, the United States.
The National Industrial Security Program Operating Manual (NISPOM), under 32 Code of Federal Regulation (CFR) Part 117, establishes the standard procedures and requirements for protecting classified information.
This involves a series of guidelines and responsibilities for both contractors and government agencies to ensure the safeguarding of sensitive materials.
The NISPOM is a cornerstone of defense industry security, and compliance with its standards is mandatory for all involved.
This course is intended primarily for employees working at cleared defense contractor facilities, including those in managerial, technical, and administrative roles. It is also beneficial for Facility Security Officers (FSOs) who are responsible for security training and compliance within their organizations.
There are no formal prerequisites for this course; however, a basic understanding of defense industry operations and standard security protocols can be helpful.
By understanding the critical elements outlined in this introduction, you will be better prepared to absorb the materials in the subsequent sections of the course.
Thwarting the Enemy: Providing Counterintelligence and Threat Awareness to the Defense Industrial Base Answers
Question | Answer |
---|---|
Mr. Smith was targeted at a conference by unknown attendees. When discussing work details at a conference, what philosophy would you follow? Sharing ideas with colleagues is a great way to learn. As long classified or confidential details are not discussed, there’s no harm. Exchanging ideas with others in the same field is the best way to advance technology. Within the safe environment of an invitation- only conference, no topic should be off limits. It’s best to do more listening and less talking. | It’s best to do more listening and less talking. |
A Technology Control Plan (TCP) stipulates the following: | May be required by the National Industrial Security Program Operating Manual (NISPOM) and the International Traffic in Arms Regulations (ITAR) under certain circumstances Outlines the specific information that has been authorized for release How a company will control access to its export-controlled technology |
Dual Use Technology that has both military and commercial use. True or False? | True |
William is a sales manager with a large firm working on aviation technologies. He is working at the company’s booth at the Paris Air Show. Which of the following collection methods would an adversary NOT use at the Paris Air Show? Taking excessive photographs, especially in areas that prohibit photography Individuals returning to the booth multiple times in an attempt to speak with different employees Gathering copies of all brochures and asking for business cards Attempts to steal display items None of the above | None of the above. All of the listed methods could be employed by an adversary to gather information at a public event like the Paris Air Show. These techniques are common ways to covertly collect data, make contacts, or get proprietary or even classified information. William and his colleagues should be aware of such tactics and be prepared to counter them effectively. |
Which of the following could be an indicator of a suspicious email? Requests export controlled items for delivery to a foreign address The email does not list an end user The email requests to pay in cash Requestor does not seem to have an adequate knowledge of the subject matter All of the above | All of the above |
Information at Ansdrea’s facility was compromised when employees of a foreign firm, with whom Andrea’s facility was partnered, learned information beyond the approved scope of the project. Andrea’s facility was targeted using ____ the collection method. | Andrea’s facility was targeted using joint ventures and research as the collection method. |
During a foreign conference or trade show what activities might be experienced? Casual conversations during and after the event hinting at future contracts or relations Excessive or suspicious photography and filming of technology and products Telephone monitoring and hotel room instructions Foreign attendees’ business cards do not match stated affiliations All of the above | All of the above |
Which of the following are examples of suspicious internet activities and indicators? Malware, malicious code, viruses Hacking Email solicitation All of the above | All of the above. |
Which of the following could be a potential espionage indicator of an Insider Threat? Works hours inconsistent with job assignment Misuse of computers Reluctance to take polygraph Divided loyalty or allegiance to the United States All of the above | All of the above |
Which of the following examples of a possible recruitment? An offer of financial assistance by a foreign national other than close family A request for classified or unclassified information outside official channels Asking to engage in illegal activity Contact with an individual associated with a foreign intelligence, security, or terrorist organization All of the above | All of the above |
Technology information includes both classified and unclassified information. | True |
Dual use technology is always considered Export Controlled and is strictly controlled and enforced by the Export Administration Regulations (EAR). True or false? | True |
Social engineering, electronic elicitation, email spoofing, spear phishing, whale phishing, or direct questioning (such as through social networking sites) are all examples of reportable suspicious cyber incidents. | True |
A Technology Control Plan (TCP) stipulates the following: Indicators of terrorist activity How a company will control access to its export-controlled technology May be required by National Industrial Program Operating Manual (NISPOM) and the International Traffic in Arms Regulations (ITAR) under certain circumstances Outlines specific information that has been authorized for release | How a company will control access to its export-controlled technology May be required by National Industrial Program Operating Manual (NISPOM) and the International Traffic in Arms Regulations (ITAR) under certain circumstances Outlines specific information that has been authorized for release |
A cleared defense contractor hosted a foreign visit. Which of the following activities might you expect to occur? | A visitor attempts to wander away from his escort Foreign delegation asking questions outside the scope of the intended visit Some of those listed on the visit request form are replaced with last minute substitutes |
Dual use technology is technology that has both military and commercial use. True or false? | True |
Julie is her organization’s Facility Security Officer (FSO). When considering assets, she knows the most valuable assets to our adversaries are , , __. devices, performance, and information personnel, information, location technology, personnel, and information | technology, personnel, and information |
Which of the following are examples of academic solicitation? A foreign student requests an internship at a cleared defense contract facility U.S. researchers receive requests to provide dual-use components under the guise of academic research U.S. professors or researchers are invited to attend or submit a paper for an international conference All of the above | All of the above |
Sarah is the Facility Security Office (FSO) at a small, private firm that develops dual use technology. A foreign firm approaches Sarah’s facility requesting to purchase the technology. Which regulation is applicable to determine if they can sell the dual use technology to a foreign firm? International Traffic in Arms Regulations (ITAR) Export Administration Regulations (EAR) DOD 5200.1R Information Security Regulation | Export Administration Regulations (EAR) |
If you had worked with Ms. Sims, which behaviors might be considered as suspicious? Requesting additional security access Eating lunch alone Working long and irregular hours without authorization A tendency to ask questions outside of her normal scope and classification level | Working long and irregular hours without authorization A tendency to ask questions outside of her normal scope and classification level |
personnel from Sarah’s organization were approached at a conference and were targeted for information concerning a classified system. Which of the following information collection methods may have been used? Recruitment and Elicitation Hiding listening devices in the contractor’s facility Hacking the contractor’s network Stealing employee credentials | Recruitment and Elicitation |
A Technology Control Plan (TCP) stipulates how a company will control access to its export-controlled technology. | True |
Which of the following are potential espionage indicators of an Insider Threat? Unexplained or sudden affluence Unreported foreign contact and travel Downloading files prior to voluntary termination of employment All of the above | All of the above |
Brian is the Facility Security Officer (FSO) at a defense contractor. Who can he go to request contract-specific threat information and program threat assessments? Local law enforcement Program Office Federal Bureau of Investigation (FBI) Defense Industrial Security Clearance Office (DISCO) | Program Office |
There are countermeasures available to protect contractors from foreign collection attempts while traveling abroad for trade shows or conventions. True or false? | False |
Because the FBI has primary responsibility for counterintelligence investigations within the United States, all threats should be reported only to the FBI. True or false? | False |
Which of the following are reportable examples of a possible transmission of classified material via unsecured means? Use of unclassified fax or computer to transmit classified material Unauthorized removal of classified or protected material from the work area Removal of classification markings from documents Sending information on a personal cell phone instead of a government issued phone All of the above | All of the above |
Daily audits of classified systems will prevent unauthorized logons and identify suspicious transmissions. True or false? | False |
Brian Muller is the program manager for a new weapons system… | Unsolicited and direct requests |
Which of the following is not a potential espionage indicator of an Insider Threat? Unexplained or sudden affluence Unreported foreign contact and travel Inappropriate, unusual, or excessive interest in classified information Non of the above | Non of the above |
Jack is a Facility Security Officer (FSO) for a cleared defense contractor. Where should he find reporting procedures that pertain to this organization? In the Statement of Work National Industrial Security Program Operating Manual (NISPOM) DOD 5200.1R Information Security Regulation DD Form 254 | National Industrial Security Program Operating Manual (NISPOM) |
What report summarizes suspicious contact reporting from industry, which adversaries target cleared industry, and what they target? “Targeting U.S. Technology Report” by the Defense Counterintelligence and Security Agency “Annual Threat Assessment of the U.S. Intelligence Community” by the Office of the Director of National Intelligence (ODNI) “The National Counterintelligence Strategy of the U.S.” by the National Counterintelligence and Security Center (NCSC) “Lone Offnder Terrorism Report” by the FBI | “Targeting U.S. Technology Report” by the Defense Counterintelligence and Security Agency |
Which of the following types of technology is strictly controlled by the Department of Defense? Dual use technology Military critical technology Commercial aviation technology | Military critical technology |
Actual, probable, or possible espionage issues are to be reported directly to the local FBI without ever needing to notify the Cognizant Security Agency (CSA) True or false? | False |
Countermeasures to be considered prior to attending a foreign trade show or conventional include: Provide employees with detailed travel briefings Request a threat assessment from the program office Consider what information is being exposed, where, when, and to whom Take mock-up displays instead of real equipment All of the above | All of the above |
Objectives of the Course
- Raise Awareness: To increase employee awareness regarding the different types of threats, including but not limited to espionage, sabotage, and insider threats, that could be directed against the U.S. defense industrial base.
- NISPOM Compliance: To familiarize employees and FSOs with the specific requirements outlined in the NISPOM, ensuring compliance with federal regulations concerning the handling of classified and sensitive information.
- Reporting Protocols: To educate employees on how to recognize suspicious activities or indicators and the correct channels through which to report them, primarily to the Facility Security Officer (FSO).
- Countermeasures Training: To provide actionable guidelines and techniques for implementing countermeasures against potential threats effectively.
- Annual Requirement: To enable employees to meet their annual Threat Awareness training requirement as mandated by NISPOM, with an evaluation exam having a passing grade of 75%.
- Real-World Scenarios: To provide real-world examples and case studies to illustrate the concepts taught, helping participants to understand the practical applications of the training material.
Key Takeaways for Employees and FSOs
For Employees
- Threat Identification: Understanding what constitutes a threat and how it may manifest in the workplace.
- Critical Reporting Steps: Knowledge of how, when, and to whom to report suspicious activities or security concerns, primarily focusing on the role of the FSO in this process.
- Self-Assessment: The ability to critically assess one’s own actions and environment for vulnerabilities or indicators that may be exploited by adversaries.
- Resource Knowledge: Awareness of available resources, including literature and contacts, that can provide additional information or assistance in the realm of counterintelligence and threat awareness.
For FSOs
- Compliance Monitoring: Skills for effectively ensuring and monitoring compliance with NISPOM guidelines within the organization.
- Employee Training: Strategies for delivering effective CI and threat awareness training to employees, which can include online modules, in-person sessions, and periodic refreshers.
- Risk Assessment: Techniques for conducting internal risk assessments and for implementing appropriate countermeasures based on those assessments.
- Reporting Procedures: Understanding how to handle reports from employees, including validating the information and forwarding it to relevant authorities when necessary.
By focusing on these objectives and key takeaways, the course aims to equip both employees and FSOs with the tools they need to protect their organizations and contribute to national security.