Operation Warp Speed and Beyond Toolkit

An Industry Partners Toolkit for the Pharmaceutical and Biotechnology Sectors.

Countermeasures Acceleration Group Logo Countermeasures Acceleration Group LogoCountermeasures Acceleration Group Logo

Fact Sheet: Explaining Operation Warp Speed

This toolkit has been developed for cleared and uncleared industry partners working on the Countermeasures Acceleration Group (CAG), formerly Operation Warp Speed (OWS). It provides OWS partners with the resources they need to better protect the important work they are doing. While some of these resources were developed with cleared contractors participating in the National Industrial Security Program (NISP) in mind, the guidance and information provided apply to any industry partner working on sensitive information that is sought after by an adversary, regardless of classification level or designation.

On September 10, 2020, Operation Warp Speed industry partners were invited to participate in a webinar that provided an overview of insider risk, cybersecurity, counterintelligence threats, and industrial security best practices. In case you were unable to attend the live webinar, you may view a recording of the webinar here.

View the Webinar Agenda PDF icon

Select a category to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or DCSA recommendations.

Counterintelligence Program for Operation Warp Speed Industry Partners

Job Aids

  • Countering Foreign Intelligence Threats: Implementation and Best Practices Guide PDF icon
    This job aid from the National Counterintelligence and Security Center (NCSC) on countering foreign threats gives best practices for implementing a CI Program. This resource is best suited for facility security personnel and senior leaders.
  • Counterintelligence (CI) Awareness Integration Plan PDF icon
    This job aid provides basic guidelines on setting up a CI program. In this resource, it is very important to fill out page 4, Contact Information, with the Defense Counterintelligence and Security Agency (DCSA) team that visits to ensure members of Operation Warp Speed know who to contact. This job aid is best suited for facility security personnel.
  • Counterintelligence Best Practices for Industry PDF icon
    This job aid is a more in-depth look into CI programs and several of the foreign collection methods. Although oriented for Department of Defense (DOD) personnel, there are several items that are universal for a CI program anywhere. This is applicable for all facility personnel and would best serve as a desk-side quick reference.
  • Understanding Espionage and National Security Crimes PDF icon
    This job aid discusses the difference between economic espionage, trade secret theft, and Export Administration Regulation(EAR) or International Traffic in Arms Regulation (ITAR) Violations.

Posters

Reports

Toolkits

  • Build Security In External Link Icon
    This toolkit by the Cybersecurity & Infrastructure Security Agency (CISA) has several articles and tools to assist in building security into a program. This toolkit is more applicable for network administrators and information technology and security personnel.
  • Computer Security Resource Center External Link Icon
    The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. This toolkit is more applicable for network administrators and information technology and security personnel.

Watch & Learn

  • CDSE Counterintelligence Awareness Video Lesson
    This four minute YouTube video is a basic primer on Counterintelligence and Security. This job aid is suited for all facility personnel.
  • CI and Insider Threat Support to Security
    This seven minute YouTube video gives the basic “why” on Insider threat and Counterintelligence. The first four and a half minutes are more universal, and after this mark, the video becomes more Department of Defense (DOD) centric. This resource is best suited for facility security personnel and senior leaders.

Games

Test your knowledge and encourage CI Awareness at your organization with these two engaging games.

Supply Chain Risk Management for Operation Warp Speed Industry Partners

Job Aids

  • Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM), v2.0, September, 2020 PDF icon
    The Healthcare and Public Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group (JCWG) Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide to provide structure and aid as a tool targeted at smaller to mid-sized health organizations. The suggested best practices herein directly address recommendations made in the 2017 Health Care Industry Cybersecurity Task Force "Report on Improving Cybersecurity in the Healthcare Industry."
  • Deliver Uncompromised: Supply Chain Risk Management PDF icon
    This job aid delivers the basics on Supply Chain Risk Management (SCRM), which is essential to protect supply chains and deliver uncompromised. It defines the supply chain, highlights external supply chain threats, and helps you make a self-assessment of your own supply chain security. This job aid is suited for all facility personnel, but it is especially helpful for those in acquisitions-type roles.
  • Exploitation of Global Supply Chain PDF icon
    This job aid from the Defense Counterintelligence and Security Agency (DCSA) and National Counterintelligence and Security Center (NCSC) focuses on the perils of supply chain exploitation. This job aid is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles.
  • Software Supply Chain Attacks PDF icon
    This is a more advanced job aid from the Office of the Director of National Intelligence (ODNI) that details the compromise of software code that may come from legitimate sources. This job aid is best suited for security personnel, network administrators/information technology personnel, and technically minded employees.

Toolkits

  • Supply Chain Risk Management External Link Icon
    This toolkit from the National Counterintelligence and Security Center (NCSC) on Supply Chain Risk Management (SCRM) hosts multiple resources for developing a more advanced supply chain center security plan. This toolkit is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles.
  • CDSE Supply Chain Risk Management
    This toolkit from the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) contains resources, including policy documents pertaining to supply chain risk management.

Watch & Learn

Webinars

  • Counterintelligence, the Supply Chain, and You
    This hour long webinar provides the basics on Supply Chain Risk Management (SCRM). A Defense Counterintelligence and Security Agency (DCSA) CI Special Agent (CISA) also talks about some tactics, techniques, and procedures for SCRM as seen in the field. This is a good introductory for anyone involved in the facility’s supply chain.
  • Supply Chain Resiliency 2020
    This hour long webinar conducted by the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) and National Counterintelligence and Security Center (NCSC) gives a more holistic look at Supply Chain Risk Management within the Federal Government. This webinar may be especially helpful for those in a facility’s acquisitions department.

Threat Awareness for Operation Warp Speed Industry Partners

eLearning Courses

  • Counterintelligence Awareness and Security Brief, CI112.16
    Although this thirty-minute eLearning course was developed for Department of Defense (DOD) personnel, it contains the basics a security professional needs to understand about threat awareness. This short course is best suited for facility security personnel.
  • Surveillance Awareness: What You Can Do External Link Icon
    The purpose of this course is to make critical infrastructure employees and service providers aware of actions they can take to detect and report suspicious activities associated with adversarial surveillance.

Job Aids

Public Service Announcement

  • PRC Targeting of COVID-19 Research Organizations PDF icon
    The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness of the threat to COVID-19-related research.

Reports

  • Advisory: APT29 Targets COVID-19 Vaccine Development PDF icon
    This report details recent Tactics, Techniques, and Procedures (TTPs) of the group commonly known as ‘APT29,’ also known as ‘the Dukes’ or ‘Cozy Bear.’ It provides indicators of compromise as well as detection and mitigation advice.
  • Foreign Economic Espionage in Cyberspace 2018 PDF icon
    This National Counterintelligence and Security Center (NCSC) report focuses on foreign economic and industrial espionage against the United States; foreign intelligence services and threat actors working on their behalf; and disruptive threat trends that warrant attention. This report is more applicable for network administrators, information technology and security personnel, and senior leaders.
  • Targeting U.S. Technologies: A report of Foreign Targeting of Cleared Industry 2019 PDF icon
    The Defense Counterintelligence and Security Agency (DCSA) produces an annual report of trends from the suspicious contact reporting coming in from cleared industry. Although this is geared for cleared industry, there is a discussion of the basic methods of operation and contact used. This report is best suited for security personnel.

Toolkits

  • DCSA Threat Awareness Products
    This Defense Counterintelligence and Security Agency (DCSA) toolkit houses several job aids applicable to all personnel. It links to job aids on Academic Solicitation, CI Awareness, Conferences, Conventions & Tradeshows, Cyber Threats, Exploitation of Business Activities, Exploitation of Global Supply Chain, Exploitation of Insider Access, Foreign Visits, and Personal Contact.

Watch & Learn

  • Suspicious Emails
    This 10 minute interactive video details the threat of suspicious emails and gives countermeasures and indicators. The video is more focused on solicitation and the attempted illicit acquisition of facility assets or information. This job aid is suited for all facility personnel, especially those in research, development, or business development.
  • Counterintelligence Video Lesson: Request for Information and Suspicious Emails
    This is a three minute news video on YouTube detailing an actual arrest of a foreign national for smuggling, money laundering, and conspiracy to commit espionage. Although the example concerns export controlled items, this is applicable to any facility in any sector as the methods used to illicitly acquire the goods are universal. This job aid is suited for all facility personnel.
  • Economic Espionage External Link Icon
    This 36 minute YouTube video and accompanying information from the Federal Bureau of Investigation is the dramatization of a true story concerning the attempted recruitment of an employee to commit economic espionage. This is applicable for all facility personnel and would best serve as a group activity/discussion.

Webinars

  • Counterintelligence and Insider Threat in the Time of COVID-19
    This hour long webinar focuses on the CI and Insider Threat and highlights some of the evolving threat vectors because of the COVID-19 Pandemic. This webinar is applicable for all employees.
  • 2019 Targeting U.S Technologies Report
    This hour long webinar focuses on foreign efforts to compromise and/or exploit cleared personnel in order to obtain unauthorized access to sensitive and classified information. This unclassified format provides analysis of the technology targeted, the methods of operation used, and the geographical regions targeting cleared industry and is based off of the Defense Counterintelligence and Security Agency (DCSA) annual trends report. Although this webinar is geared for cleared industry, there is a discussion of the basic methods of operation and contact used. This report is best suited for security personnel.
  • Counterintelligence Support to Personnel Security
    This hour long webinar discusses the Personnel Security (PERSEC) mission by identifying foreign intelligence entity (FIE) threats to personnel and enacting efforts to detect, deter, and neutralize the threat. This webinar is applicable for all facility personnel.

Cybersecurity Awareness for Operation Warp Speed Partners

eLearning Courses

  • Cyber Security Awareness, CS130.16
    This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.

Job Aids

  • Health Industry Cybersecurity Protection of Innovation Capital, May 2020 Guide PDF icon
    The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector, critical healthcare infrastructure entities organized under Presidential Policy Directive 21 and the National Infrastructure Protection Plan to partner with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver services and assets to the public. The HSCC Joint Cybersecurity Working Group (JCWG) (a standing working group of the HSCC, composed of more than 200 industry and government organizations working together to develop strategies to address emerging and ongoing cybersecurity challenges to the health sector) put together this May 2020 guide to identify recommendations for the protection of innovation capital.
  • Health Industry Cybersecurity Information Sharing Best Practices PDF icon
    Information sharing programs, when done properly, produce significant benefit at low risk for the organizations that participate. This document provides Healthcare and Public Health Sector (HPH) organizations with a set of guidelines and best practices for efficient and effective information sharing.
  • Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM), v2.0, September, 2020 PDF icon
    The Healthcare and Public Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group (JCWG) Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide to provide structure and aid as a tool targeted at smaller to mid-sized health organizations. The suggested best practices herein directly address recommendations made in the 2017 Health Care Industry Cybersecurity Task Force "Report on Improving Cybersecurity in the Healthcare Industry."
  • Cyber Essentials Guide PDF icon
    This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
  • Mobile Device Safety PDF icon
    This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment.
  • Spearfishing and Common Cyber Attacks PDF icon
    This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods.
  • Top 10 Routinely Exploited Vulnerabilities PDF icon
    This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats.
  • CISA Regional Offices  PDF icon
    This job aid provides a map with CISA Regional Office contact information.

Posters

Reports

  • HSCC Joint Cybersecurity Working Group Q2 2020 Progress Report PDF icon
    The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector, critical healthcare infrastructure entities organized under Presidential Policy Directive 21 and the National Infrastructure Protection Plan to partner with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver services and assets to the public. The HSCC Joint Cybersecurity Working Group (JCWG) (a standing working group of the HSCC, composed of more than 200 industry and government organizations working together to develop strategies to address emerging and ongoing cybersecurity challenges to the health sector) put together this 2nd Quarter 2020 progress report to address the JCWG’s progress to date in addressing the Health Care Industry Cybersecurity Task Force recommendations.
  • NIST Framework for Improving Critical Infrastructure Cybersecurity External Link Icon
    Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Toolkits

  • Cyber Essentials Toolkit External Link Icon
    The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness.
  • NSA Cybersecurity Advisories and Technical Guidance External Link Icon
    This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements.
  • OnGuardOnline External Link Icon
    This Federal Trade Commission website contains general information and tips to protect information and devices online.
  • NCSC Awareness Materials External Link Icon
    The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.

Watch & Learn

  • Cybersecurity Attacks - The Insider Threat
    This 15-minute video teaches the viewer to recognize and mitigate the attacks performed by witting and unwitting entities that comprise the cybersecurity environment.
  • NCSC Cyber Training Series External Link Icon
    This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer's component layers and associated functions, virtualization concepts, and security methods.
  • Protect Your Computer from Malware
    Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobile device without your consent. Learn more about how to avoid, detect, and get rid of malware.

Webinars

  • Creating a Workplace Culture of Cybersecurity
    This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in the workplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.

Games

  • Cybersecurity: Tomorrow’s Internet
    Test your knowledge of cybersecurity and earn badges as you go.
  • Cybersecurity Magic 8 Ball PowerPoint icon
    Can you correctly predict how the Magic 8 Ball will answer these cybersecurity questions?
  • Cybersecurity Trivia Twirl
    This game features a wheel with six segments, each representing a different Cybersecurity category. Spin the wheel and correctly answer the question to “collect” that category segment. Play continues until you successfully collect all six category segments.

National Cybersecurity Policy for Operation Warp Speed Partners

Policy

Social Media Considerations for Operation Warp Speed Partners

Job Aids

Posters

Reports

  • Internet Social Networking Risks PDF icon
    This ODNI report provides definitions of terms associated with internet and social networking risks and provides practical tips and best practices for mitigating the risk.

Watch & Learn

  • Social Media Video Lesson
    This video lesson explores the risks associated with social media and why you should be concerned.

Industrial Security & Risk Management for Operation Warp Speed Industry Partners

Job Aids

  • Asset Identification Guide: Quick Look PDF icon
    This desktop tool explains the use of the Asset Identification Guide.
  • Asset Identification Guide PDF icon
    While originally designed for use by cleared contractors, this is a useful guide for identifying your corporate assets.
  • PIEFAOS/Fish Bone Diagram PDF icon
    This job aid will give you an easy way to categorize and think about the assets you need to protect.
  • DCSA Methods of Contact/Methods of Operation Countermeasures Matrix
    DCSA provides a report to the U.S. Congress annually that details the reporting of targeting of cleared contractors by suspected foreign threats. This matrix details one year of reporting broken down by method of contact and method of operation and provides recommended countermeasures for mitigating the risk of these methods of contact and methods of operation.

Posters

Resources

Toolkits

  • Security Education, Training and Awareness
    This toolkit provides resources for developing your own security education program. While many of the resources are Department of Defense oriented, there are still many useful resources for uncleared companies.

Watch & Learn

Information Security for Operation Warp Speed Industry Partners

Resources

Toolkits

  • Controlled Unclassified Information
    This toolkit provides current information regarding Controlled Unclassified Information.
  • Unauthorized Disclosure Toolkit
    This toolkit will help you learn the difference between whistleblowing and unauthorized disclosure. Unauthorized disclosure is a crime and may involve classified or unclassified information.

Game

Graphic Novel

  • Dangerous Disclosure PDF icon
    While this graphic novel is focused on the Department of Defense, it illustrates the consequences of unauthorized disclosure.

Posters

Insider Risk for Operation Warp Speed Industry Partners

As a member of the Healthcare and Public Health Sector, you play a significant role in national security by protecting the nation and its economy from hazards such as terrorism, infectious disease outbreaks, and natural disasters.

Trusted insiders, both witting and unwitting, can cause grave harm to your organization’s facilities, resources, information, and personnel. Insider incidents account for billions of dollars annually in “actual” and “potential” damages and lost revenue related to data breaches, trade secret theft, fraud, sabotage, damage to an organization’s reputation, acts of workplace violence, and more. Implementation of an Insider Risk Program and an Insider Threat Awareness Campaign can help mitigate risks associated with trusted insiders.

The below resources were developed to support critical infrastructure sectors, cleared industry, DOD component, and federal agency insider threat programs. The principles and best practices therein have been applied throughout the private sector, and all materials are available to support Healthcare and Public Health organizations.

Establish an Insider Risk Program

eLearning Courses

Job Aids

Policy

Resources

Promote Awareness in Your Organization

Case Studies

  • Case Study Library
    Explore a growing repository of U.S. case studies. Learn about the crimes, the sentences, the impact, and the potential risk indicators that, if identified, could have mitigated harm.

eLearning Courses

Job Aids

  • Potential Insider Risk Indicators: Insider Threat PDF Icon
    Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many risks can be mitigated before harm to the organization occurs. This job aid provides information about the potential risk indicators for which you should be looking.
  • Potential Risk Indicators: Kinetic Violence PDF Icon
    In the weeks and months before an active shooter attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack.

Mobile Application

  • Insider Threat Sentry Mobile Application
    (Download on Apple App Store or Google Play) This mobile application provides up-to-date awareness material on deterring, detecting, and mitigating potential risks associated with insider threats.

Posters

Games

Play these engaging and entertaining games to test your knowledge of insider risk.

Watch & Learn

  • Insider Threat Training Videos
    This repository contains 18 training videos about insider threat, including the 4-part award-winning series “Turning People Around, Not Turning Them In.”
  • Active Shooter Awareness
    Active shooter situations are unpredictable and evolve quickly, often before law enforcement personnel can arrive. Your goal in responding is to quickly determine the most reasonable way to protect your life and the lives of those around you. This video will help you make the best decision possible for your safety and the safety of those around you.

Additional Resources

  • National Insider Threat Awareness Month
    Participating in Insider Threat Awareness Month can help your program detect, deter, and mitigate insider risk by increasing awareness and promoting reporting. This website will help you identify a variety of activities and engagements available to your organization.
  • More Awareness Materials
    Instilling a sense of vigilance in the general workforce is a basic tenet of establishing an insider risk program. Developing a vigilance campaign for your organization is an effective solution. Deploying regular messaging, awareness, and communications materials ensures that the general workforce is prepared to recognize and respond to the insider risk.

Operations Security for Operation Warp Speed Industry Partners

Job Aids

  • Operation Warp Speed OPSEC Reference Guide Word icon
    This easily customizable guide provides a definition of critical information and a 5-step process for identification and protection of that critical information. It also delineates OPSEC responsibilities for Operation Warp Speed industry partners.

Posters

Resources

  • Interagency OPSEC Support Staff (IOSS) External Link Icon
    The IOSS supports the National OPSEC Program by providing multimedia products and presenting events that attract attendees from the security, intelligence, research and development, acquisition, and law enforcement communities. These events include the National OPSEC Conference and Exhibition, the National Threat Symposium, and regional training symposia. This site requires registration.

Personnel Security for Operation Warp Speed Industry Partners

Job Aids

  • Counterintelligence Reporting Essentials (CORE): A Practical Guide for Reporting Counterintelligence and Security Indicators PDF icon
    Supervisors and coworkers are the first line of defense against espionage. The government relies on you to protect national security by reporting any behavior that you observe that may be related to a potential compromise of sensitive information. However, judgment calls are often required by the potential reporter, and this often leads to indecision or choosing not to report anything. This resource provides a focused list of serious counterintelligence- and security-related behaviors that, if observed or learned about, should be reported immediately to the appropriate counterintelligence or security authorities. All these behaviors are serious and require little or no speculation.

Reports

  • Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations PDF icon
    The report provides an analysis and overview of findings based on ten detailed cases studies of IT insider offenses. The authors discuss and compare background factors that contributed to the damaging event under five headings: Subject and Attack Characteristics, Personnel Screening, Attack Detection, Organizational and Social Environment, and Personnel Management Issues. Although this research is confined to a limited number of cases, it offers general observations that have clear implications for policies and best practices that address the threat posed by at-risk employees.
  • Enhancing Supervisor Reporting of Behaviors of Concern PDF icon
    This report compiles a literature review with key information from subject matter expert (SME) interviews about barriers to reporting, strategies for overcoming these barriers, and tools to assist with the reporting process.
  • Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers PDF icon
    Personnel and Security Research Center (PERSEREC) conducted a study of supervisor and coworker reporting of security-related information. Explanations were offered by security managers and by focus group participants as to why many security-related behaviors are underreported. PERSEREC developed a clear, succinct list of behaviors that could pose a potential threat to national security and thus should be reported if observed.
  • On the Right Track: Worker-on-Worker Violence Prevention PDF icon
    Researchers partnered with subject matter experts (SME) in law enforcement and asked them to share their opinions as to why worker-on-worker violence seems so rare in police departments, especially given the intense, fast-paced, and armed environment. The purpose of this report is to identify best practices based on these discussions and recommend potential prevention strategies that organizations might want to consider for its own workforce.

Physical Security for Operation Warp Speed Industry Partners

eLearning Courses

  • Workplace Security Awareness External Link Icon
    This course provides guidance to individuals and organizations on how to improve the security in your workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats.

Posters

Resources

Toolkit feedback/suggestions? Email dcsa.cdsetraining@mail.mil.