Features

Features

National Counterintelligence and Security Center

FINAL Know the Risk Red block

 

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness.  The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.


The following products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.  It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust.

 

Toolkits

 

  fed partner button  

 

video icon  Videos

 

Terminal Risk - Introduction
Spear phishing 2017
Spear Phishing (30 second trailer)
Spear Phishing (30 second trailer)
Spear Phishing Full Video
Spear Phishing Full Video
Social Media Deception Trailer
Social Media Deception Trailer
Social Media Deception Full Video
Social Media Deception Full Video
Travel Awareness
Travel Awareness
Human Targeting
Human Targeting
Social Media Deception
Human Targeting: Social Media Deception
Supply Chain Risk Management
Supply Chain Risk Management
Public WiFi Threats
Public WiFi Threats
Social Media Deception
Hotel Business Center: Social Media Deception
Video Message from Deputy Director, Daniel Payne
Video Message from Deputy Director
Economic Security is National Security Video
Economic Security is National Security Video
Keyboard Capture
Keyboard Capturer
   

 

Print Materials

Posters

         
Download all posters


Brochures

Download brochure         

 

CFIT Image for UNCLAS

Download CFIT brochure


Flyers

   

Download all flyers

 

Infographics

  

Download all infographics

 

Other Government Products

 

Links & Additional Resources

 

 

Traveling Overseas with Mobile Phones, Laptops, PDAs, and Other Electronic Devices

 

YOU SHOULD KNOW

 

For general travel alerts and information, see the Department of State Site. http://travel.state.gov/content/passports/en/alertswarnings.html. 

 

  • In most countries you have no expectation of privacy in Internet cafes, hotels, offices, or public places. Hotel business centers and phone networks are regularly monitored in many countries. In some countries, hotel rooms are often searched.
  • All information you send electronically – by fax machine, personal digital assistant (PDA), computer, or telephone – can be intercepted. Wireless devices are especially vulnerable.
  • Security services and criminals can track your movements using your mobile phone or PDA and can turn on the microphone in your device even when you think it’s off. To prevent this, remove the battery.
  • Security services and criminals can also insert malicious software into your device through any connection they control. They can also do it wirelessly if your device is enabled for wireless. When you connect to your home server, the “malware” can migrate to your business, agency, or home system, can inventory your system, and can send information back to the security service or potential malicious actor.
  • Malware can also be transferred to your device through thumb drives (USB sticks), computer disks, and other “gifts.”
  • Transmitting sensitive government, personal, or proprietary information from abroad is therefore risky.
  • Corporate and government officials are most at risk, but don’t assume you’re too insignificant to be targeted.
  • Foreign security services and criminals are adept at “phishing” – that is, pretending to be someone you trust in order to obtain personal or sensitive information.
  • If a customs official demands to examine your device, or if your hotel room is searched while the device is in the room and you’re not, you should assume the device’s hard drive has been copied.

 

BEFORE YOU TRAVEL

  • If you can do without the device, don’t take it.
  • Don’t take information you don’t need, including sensitive contact information. Consider the consequences if your information were stolen by a foreign government or competitor.
  • Back up all information you take; leave the backed-up data at home.
  • If feasible, use a different mobile phone or PDA from your usual one and remove the battery when not in use. In any case, have the device examined by your agency or company when you return.
  • Seek official cyber security alerts from: www.onguardonline.gov and www.us-cert.gov/cas/tips

 

Prepare your device:

  • Create a strong password (numbers, upper and lower case letters, special characters – at least 8 characters long). Never store passwords, phone numbers, or sign-on sequences on any device or in its case.
  • Change passwords at regular intervals (and as soon as you return).
  • Download current, up-to-date antivirus protection, spyware protection, OS security patches, and a personal firewall.
  • Encrypt all sensitive information on the device. (But be warned: In some countries, customs officials may not permit you to enter with encrypted information.)
  • Update your web browser with strict security settings.
  • Disable infrared ports and features you don’t need.

 

WHILE YOU'RE AWAY

  • Avoid transporting devices in checked baggage.
  • Use digital signature and encryption capabilities when possible.
  • Don’t leave electronic devices unattended. If you have to stow them, remove the battery and SIM card and keep them with you.
  • Don’t use thumb drives given to you – they may be compromised. Don’t use your own thumb drive in a foreign computer for the same reason. If you’re required to do it anyway, assume you’ve been compromised; have your device cleaned as soon as you can.
  • Shield passwords from view. Don’t use the “remember me” feature on many websites; re type the password every time.
  • Be aware of who’s looking at your screen, especially in public areas.
  • Terminate connections when you’re not using them.
  • Clear your browser after each use: delete history files, caches, cookies, URL, and temporary internet files.
  • Don’t open emails or attachments from unknown sources. Don’t click on links in emails. Empty your “trash” and “recent” folders after every use.
  • Avoid Wi-Fi networks if you can. In some countries they’re controlled by security services; in all cases they’re insecure.
  • If your device or information is stolen, report it immediately to your home organization and the local US embassy or consulate.

 

WHEN YOU RETURN

  • Change your password.
  • Have your company or agency examine the device for the presence of malicious software.

 

The most up-to-date training and awareness films addressing threats such as foreign recruitment of U.S. students, targeting of U.S. industry and corporate executives, Insider Threats, and the advanced technical threats of the 21st Century.

 

gop seals horiz

 

Game of Pawns -- The Glenn Duffie Shriver Story

 

Based on a true story, Game of Pawns is a call for vigilance to the nearly 260,000 American students studying abroad.

 

Synopsis:

There is an ancient Chinese proverb:  Life is a game of chess, changing with each move.  Glenn Duffie Shriver's first big move was the dream of a lifetime:  a study abroad year in Shanghai, China.  But, his year overseas would, eventually, lead him down a treacherous path.  After answering a work-for-hire ad in a online college newspaper, shriver is befriended by three Chinese intelligence officers.  What first seems like an innocent offer of friendship and a "free" scholarship ends in a life-altering prison term for conspiracy to commit espionage against the United States.

Produced by the Counterintelligence Division of the FBI in association with the FBI's Washington Field Office and the National Counterintelligence and Security Center, Game of Pawns is a cautionary tale for all students to be vigilant during their time abroad.

 

(coming soon a Special Features: Excerpts from the prison cell interview with the real Glenn Duffie Shriver.)

 

 terminalriskseals

Terminal Risk 

 Terminal Risk -- a video jointly produced by NCSC, NSA, FBI and State/DS-- focuses on the Counterintelligence and security threats faced by the private sector at home and abroad. The ten vignettes were the result of NCSC discussions with industry security officers in the defense, pharmaceutical, entertainment, energy and IT sectors. They reflect real-life threats faced by the U.S. private sector from terrorists, foreign intelligence services and foreign competitors. The video also provides advice on steps private sector firms and their employees can take to counter these threats.

 



October 2017
October 16-20
Special Security Officer’s Course, Linthicum, MD
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
October 23-27
Personnel Security Course, Burlington, VT (MTT)
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
November 2017
November 13-17
ICD 705 Physical Security Course, Chantilly, VA
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
December 2017
December 4-8
ICD 705 Physical Security Course, Orlando, FL (MTT)
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
January 2018
January 8-12
Personnel Security Course, Linthicum, MD
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
January 22-26
ICD 705 Physical Security Course, Port Hueneme, CA (MIT)
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
February 2018
February 5-9
ICD 705 Physical Security Course, Chantilly, VA
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
February 12-16
Special Security Officer's Course, Chantilly, VA
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
March 2018
March 12-16
Personnel Security Course, Linthicum, MD
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
April 2018
April 9-13
Personnel Security Course, Chantilly, VA
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
April 16-20
ICD 705 Physical Security Course, Chantilly, VA
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
May 2018
May 7-11
Special Security Officer's Course, Chantilly, VA
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
May 14-18
ICD 705 Physical Security Course, Linthicum, MD
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 
May 21-25
Personnel Security Course, Linthicum, MD
Mon-Thurs 8:00a-4:30p, Fri 8:00a-12:00p
 

Unauthorized Disclosure Resources

EO 13526 - Classified National Security Information (2009)
EO 12333 - United States intelligence activities, as amended (2008)
National Security Act of 1947, as amended
ODNI Instruction No. 2007-6
Title 18, U.S. Code (USC) - Crimes and Criminal Procedure
Title 50, U.S.C. - War and National Defense
Whistleblower Protection Act, Intelligence Community of 1998
WMD Commission Report

 

Classification Management Resources

EO 13526 - Classified National Security Information (2009)
ISOO Implementing Directive, 32 CFR Part 2001, Classified National Security Information; Final Rule (2010)
ICD 710 - Classification and Control Markings System (2009)
CAPCO Authorized Classification and Control Markings Register (Publically Releasable)(2008)
CAPCO Intelligence Community Classification and Control Markings Implementation Manual (2009)

Training Icon   General Security Web-Based Training
 

WBT Welcome to Security in the IC

(U) Welcome to Security in the Intelligence Community (IC) - provides SCI-approved personnel with an introduction to fundamental security concepts and their personal responsibilities. It introduces basic concepts needed to protect classified activities, procedures, systems, and facilities.

AGILE Course Code: ONCIX-SSD-4008
Audience: People working within a SCI environment
Duration: 2.5 hours
Classification: UNCLASSIFIED
Pre-requisites: None
Updated: August 2016

This course is available on AGILE Course Code ONCIX-SSD-4008. Please visit https://www.agile.mil
 

WBT IC Security Today
(U) IC Security Today provides SCI-approved personnel with a review basic concepts needed to protect classified activities, procedures, systems, and facilities, focusing on changes within security in a post-9/11 world. This course is useful as a refresher for security practitioners.

AGILE Course Code: ONCIX-SSD-4007
Audience: All SCI-approved personnel
Duration: 3 hours 20 minutes
Classification: UNCLASSIFIED
Pre-requisites: TS/SCI and an initial security SCI briefing
Updated: July 2016

This course is available on AGILE. Please visit https://www.agile.mil

 

Unauthorized Disclosure Training
 

WBT Unauthorized Disclosure

(U) Unauthorized Disclosures of Classified Information defines unauthorized disclosures, the damage that they can cause, common misconceptions related to the disclosure of classified information, and the responsibilities of IC employees related to unauthorized disclosures. This course is based on the requirements specified under ICD 701.

AGILE Course Code: ONCIX-SSD-4002
Audience: All SCI-approved personnel
Duration: 30 minutes
Classification: UNCLASSIFIED
Pre-requisites: TS/SCI
Updated: September 2011

This course is available on AGILE. Please visit https://www.agile.mil
 

WBT Unauthorized Disclosure for professionals

(U) Unauthorized Disclosures of Classified Information - Supplement for Security Professionals builds upon the concepts presented in Unauthorized Disclosures of Classified Information. It provides security professionals the tools to effectively respond to issues related to unauthorized disclosures. The security personnel’s reporting responsibilities and requirements under ICD 701 are also explored.

AGILE Course Code: ONCIX-SSD-4003
Audience: All SCI-approved personnel
Duration: 20 minutes
Classification: UNCLASSIFIED//FOUO
Pre-requisites: TS/SCI and must be a security professional
Updated: September 2011

 

This course is available on AGILE. Please visit https://www.agile.mil
 
WBT ORCON

(U) Application of Dissemination Controls: Originator Control provides direction and guidance for the application and use of the originator control markings (ORCON) on classified material.

AGILE Course Code: ONCIX-SSD-4006
Audience: Federal government civilians, military personnel and government contractors with responsibility for security and marking classified information. Also may be used for newly assigned SCI-access personnel or for an annual refresher training.
Duration:  2.5 hours
Classification: UNCLASSIFIED//FOUO
Pre-requisites: None
Updated: August 2014

 

This course is available on AGILE. Please visit https://www.agile.mil

 

WBT SCRM
(U) Supply Chain Risk Management (SCRM) Awareness provides introductory-level training on how performance risk functions (threats, vulnerabilities and consequences) affect the supply chain. This course is intended for personnel involved the acquisitions and logistics process as well as security officers and specialists.  

AGILE Course Code: ONCIX-SCD-1001
Audience: Security professionals and their managers
Duration: 2.5 hours
Classification: UNCLASSIFIED
Pre-requisites: None
Updated: September 2016

 

This course is available on AGILE. Please visit https://www.agile.mil

National Counterintelligence and Security Center