Operation Warp Speed and Beyond Toolkit

An Industry Partners Toolkit for the Pharmaceutical and Biotechnology Sectors.

Countermeasures Acceleration Group Logo Countermeasures Acceleration Group LogoCountermeasures Acceleration Group Logo

Fact Sheet: Explaining Operation Warp Speed

This toolkit has been developed for cleared and uncleared industry partners working on the Countermeasures Acceleration Group (CAG), formerly Operation Warp Speed (OWS). It provides OWS partners with the resources they need to better protect the important work they are doing. While some of these resources were developed with cleared contractors participating in the National Industrial Security Program (NISP) in mind, the guidance and information provided apply to any industry partner working on sensitive information that is sought after by an adversary, regardless of classification level or designation.

On September 10, 2020, Operation Warp Speed industry partners were invited to participate in a webinar that provided an overview of insider risk, cybersecurity, counterintelligence threats, and industrial security best practices. In case you were unable to attend the live webinar, you may view a recording of the webinar here.

View the Webinar AgendaPDF icon

Select a category below to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or DCSA recommendations.

Counterintelligence Program for Operation Warp Speed Industry Partners

Job Aids

Countering Foreign Intelligence Threats: Implementation and Best Practices Guide PDF icon

This job aid from the National Counterintelligence and Security Center (NCSC) on countering foreign threats gives best practices for implementing a CI Program. This resource is best suited for facility security personnel and senior leaders.

Counterintelligence (CI) Awareness Integration Plan PDF icon

This job aid provides basic guidelines on setting up a CI program. In this resource, it is very important to fill out page 4, Contact Information, with the Defense Counterintelligence and Security Agency (DCSA) team that visits to ensure members of Operation Warp Speed know who to contact. This job aid is best suited for facility security personnel.

Counterintelligence Best Practices for Industry PDF icon

This job aid is a more in-depth look into CI programs and several of the foreign collection methods. Although oriented for Department of Defense (DOD) personnel, there are several items that are universal for a CI program anywhere. This is applicable for all facility personnel and would best serve as a desk-side quick reference.

Understanding Espionage and National Security Crimes PDF icon

This job aid discusses the difference between economic espionage, trade secret theft, and Export Administration Regulation(EAR) or International Traffic in Arms Regulation (ITAR) Violations.

Posters

Mask Up and Zip It 8.5x11 / 17x22 PDF icon
Elicitation 8.5x11 / 17x22 PDF icon
Foreign Collection 8.5x11 / 17x22 PDF icon
Security Name Tag 8.5x11 / 17x22 PDF icon

Reports

National Counterintelligence Strategy Executive Summary PDF icon

This report provides an executive summary of the National Counterintelligence Strategy of the United States of America for 2020-2022.

Toolkits

Build Security In External Link Icon

This toolkit by the Cybersecurity & Infrastructure Security Agency (CISA) has several articles and tools to assist in building security into a program. This toolkit is more applicable for network administrators and information technology and security personnel.

Computer Security Resource Center External Link Icon

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. This toolkit is more applicable for network administrators and information technology and security personnel.

Watch & Learn

CDSE Counterintelligence Awareness Video Lesson

This four minute YouTube video is a basic primer on Counterintelligence and Security. This job aid is suited for all facility personnel.

CI and Insider Threat Support to Security

This seven minute YouTube video gives the basic “why” on Insider threat and Counterintelligence. The first four and a half minutes are more universal, and after this mark, the video becomes more Department of Defense (DOD) centric. This resource is best suited for facility security personnel and senior leaders.

Games

Test your knowledge and encourage CI Awareness at your organization with these two engaging games.


Supply Chain Risk Management for Operation Warp Speed Industry Partners

Job Aids

Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM), v2.0, September, 2020 PDF icon

The Healthcare and Public Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group (JCWG) Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide to provide structure and aid as a tool targeted at smaller to mid-sized health organizations. The suggested best practices herein directly address recommendations made in the 2017 Health Care Industry Cybersecurity Task Force "Report on Improving Cybersecurity in the Healthcare Industry."

Deliver Uncompromised: Supply Chain Risk Management PDF icon

This job aid delivers the basics on Supply Chain Risk Management (SCRM), which is essential to protect supply chains and deliver uncompromised. It defines the supply chain, highlights external supply chain threats, and helps you make a self-assessment of your own supply chain security. This job aid is suited for all facility personnel, but it is especially helpful for those in acquisitions-type roles.

Exploitation of Global Supply Chain PDF icon

This job aid from the Defense Counterintelligence and Security Agency (DCSA) and National Counterintelligence and Security Center (NCSC) focuses on the perils of supply chain exploitation. This job aid is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles.

Software Supply Chain Attacks PDF icon

This is a more advanced job aid from the Office of the Director of National Intelligence (ODNI) that details the compromise of software code that may come from legitimate sources. This job aid is best suited for security personnel, network administrators/information technology personnel, and technically minded employees.

Toolkits

Supply Chain Risk Management External Link Icon

This toolkit from the National Counterintelligence and Security Center (NCSC) on Supply Chain Risk Management (SCRM) hosts multiple resources for developing a more advanced supply chain center security plan. This toolkit is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles.

CDSE Supply Chain Risk Management

This toolkit from the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) contains resources, including policy documents pertaining to supply chain risk management.

Watch & Learn

Know The Risk – Raise Your Shield: Supply Chain Risk Management Video Lesson

This is a five minute video on YouTube developed by the Office of the Director of National Intelligence (ODNI). This short video gives the basics of Supply Chain Risk Management (SCRM) and is best suited for security personnel and senior leaders.

Webinars

Counterintelligence, the Supply Chain, and You

This hour long webinar provides the basics on Supply Chain Risk Management (SCRM). A Defense Counterintelligence and Security Agency (DCSA) CI Special Agent (CISA) also talks about some tactics, techniques, and procedures for SCRM as seen in the field. This is a good introductory for anyone involved in the facility’s supply chain.

Supply Chain Resiliency 2020

This hour long webinar conducted by the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) and National Counterintelligence and Security Center (NCSC) gives a more holistic look at Supply Chain Risk Management within the Federal Government. This webinar may be especially helpful for those in a facility’s acquisitions department.
 


Threat Awareness for Operation Warp Speed Industry Partners

eLearning Courses

Counterintelligence Awareness and Security Brief, CI112.16

Although this thirty-minute eLearning course was developed for Department of Defense (DOD) personnel, it contains the basics a security professional needs to understand about threat awareness. This short course is best suited for facility security personnel.

Surveillance Awareness: What You Can Do External Link Icon

The purpose of this course is to make critical infrastructure employees and service providers aware of actions they can take to detect and report suspicious activities associated with adversarial surveillance.

Job Aids

Foreign Collection Methods: Indicators and Countermeasures PDF icon

This job aid provides information and indicators to look out for on several foreign collection methods.

Foreign Intelligence Entity (FIE) Targeting And Recruitment PDF icon

This is a basic primer on what the recruitment phases look like. Knowing the signs can help identify whether you or your coworkers are being targeted and keep you off the road to recruitment. This job aid is suited for all facility personnel.

Counterintelligence Awareness for Defense Critical Infrastructure PDF icon

This job aid is more Department of Defense (DOD) oriented for critical infrastructure but has some applicable information for those outside the DOD as well. Specifically, there is a section on the second page for Health Affairs that you will find valuable. This job aid is best suited for facility security personnel.

Public Service Announcement

PRC Targeting of COVID-19 Research Organizations PDF icon

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness of the threat to COVID-19-related research.

Reports

Advisory: APT29 Targets COVID-19 Vaccine Development PDF icon

This report details recent Tactics, Techniques, and Procedures (TTPs) of the group commonly known as ‘APT29,’ also known as ‘the Dukes’ or ‘Cozy Bear.’ It provides indicators of compromise as well as detection and mitigation advice.

Foreign Economic Espionage in Cyberspace 2018 PDF icon

This National Counterintelligence and Security Center (NCSC) report focuses on foreign economic and industrial espionage against the United States; foreign intelligence services and threat actors working on their behalf; and disruptive threat trends that warrant attention. This report is more applicable for network administrators, information technology and security personnel, and senior leaders.

Targeting U.S. Technologies: A report of Foreign Targeting of Cleared Industry 2019 PDF icon

The Defense Counterintelligence and Security Agency (DCSA) produces an annual report of trends from the suspicious contact reporting coming in from cleared industry. Although this is geared for cleared industry, there is a discussion of the basic methods of operation and contact used. This report is best suited for security personnel.

Toolkits

DCSA Threat Awareness Products

This Defense Counterintelligence and Security Agency (DCSA) toolkit houses several job aids applicable to all personnel. It links to job aids on Academic Solicitation, CI Awareness, Conferences, Conventions & Tradeshows, Cyber Threats, Exploitation of Business Activities, Exploitation of Global Supply Chain, Exploitation of Insider Access, Foreign Visits, and Personal Contact.

Watch & Learn

Suspicious Emails

This 10 minute interactive video details the threat of suspicious emails and gives countermeasures and indicators. The video is more focused on solicitation and the attempted illicit acquisition of facility assets or information. This job aid is suited for all facility personnel, especially those in research, development, or business development.

Counterintelligence Video Lesson: Request for Information and Suspicious Emails

This is a three minute news video on YouTube detailing an actual arrest of a foreign national for smuggling, money laundering, and conspiracy to commit espionage. Although the example concerns export controlled items, this is applicable to any facility in any sector as the methods used to illicitly acquire the goods are universal. This job aid is suited for all facility personnel.

Economic Espionage External Link Icon

This 36 minute YouTube video and accompanying information from the Federal Bureau of Investigation is the dramatization of a true story concerning the attempted recruitment of an employee to commit economic espionage. This is applicable for all facility personnel and would best serve as a group activity/discussion.

Webinars

Counterintelligence and Insider Threat in the Time of COVID-19

This hour long webinar focuses on the CI and Insider Threat and highlights some of the evolving threat vectors because of the COVID-19 Pandemic. This webinar is applicable for all employees.

2019 Targeting U.S Technologies Report

This hour long webinar focuses on foreign efforts to compromise and/or exploit cleared personnel in order to obtain unauthorized access to sensitive and classified information. This unclassified format provides analysis of the technology targeted, the methods of operation used, and the geographical regions targeting cleared industry and is based off of the Defense Counterintelligence and Security Agency (DCSA) annual trends report. Although this webinar is geared for cleared industry, there is a discussion of the basic methods of operation and contact used. This report is best suited for security personnel.

Counterintelligence Support to Personnel Security

This hour long webinar discusses the Personnel Security (PERSEC) mission by identifying foreign intelligence entity (FIE) threats to personnel and enacting efforts to detect, deter, and neutralize the threat. This webinar is applicable for all facility personnel.

Cybersecurity Awareness for Operation Warp Speed Partners

eLearning Courses

Cyber Security Awareness, CS130.16
This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.

Job Aids

Health Industry Cybersecurity Protection of Innovation Capital, May 2020 Guide PDF icon
The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector, critical healthcare infrastructure entities organized under Presidential Policy Directive 21 and the National Infrastructure Protection Plan to partner with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver services and assets to the public. The HSCC Joint Cybersecurity Working Group (JCWG) (a standing working group of the HSCC, composed of more than 200 industry and government organizations working together to develop strategies to address emerging and ongoing cybersecurity challenges to the health sector) put together this May 2020 guide to identify recommendations for the protection of innovation capital.

Health Industry Cybersecurity Information Sharing Best Practices PDF icon
Information sharing programs, when done properly, produce significant benefit at low risk for the organizations that participate. This document provides Healthcare and Public Health Sector (HPH) organizations with a set of guidelines and best practices for efficient and effective information sharing.

Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM), v2.0, September, 2020 PDF icon
The Healthcare and Public Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group (JCWG) Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide to provide structure and aid as a tool targeted at smaller to mid-sized health organizations. The suggested best practices herein directly address recommendations made in the 2017 Health Care Industry Cybersecurity Task Force "Report on Improving Cybersecurity in the Healthcare Industry."

Cyber Essentials Guide PDF icon
This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Mobile Device Safety PDF icon
This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment.

Spearfishing and Common Cyber Attacks PDF icon
This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods.

Top 10 Routinely Exploited Vulnerabilities PDF icon
This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats.

Joint Cyber Intelligence Tool Suite (JCITS) PDF icon
In partnership with industry, JCITS uses mapping of cleared contractor public infrastructure and fuses those maps with known cyber-attack patterns of foreign adversaries.

JCITS Malware Intelligence Triage Tool (JMITT) PDF icon
JCITS Malware Intelligence Triage Tool (JMITT) is an evolved platform that conducts real time analysis of emails with suspicious attachments.

JMITT Email Submission Procedures PDF icon
This job aid details the email submission procedures used to submit an email with a suspicious attachment to the JMITT.

CISA Regional Offices PDF icon
This job aid provides a map with CISA Regional Office contact information.

Posters

Phishing 8.5 x 11 / 17 x 22 PDF icon
Protect Your Information 8.5 x 11 / 17 x 22 PDF icon
Secure Your Information 8.5 x 11 / 17 x 22 PDF icon
Stronger Passwords 8.5 x 11 / 17 x 22 PDF icon

Reports

HSCC Joint Cybersecurity Working Group Q2 2020 Progress Report PDF icon
The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector, critical healthcare infrastructure entities organized under Presidential Policy Directive 21 and the National Infrastructure Protection Plan to partner with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver services and assets to the public. The HSCC Joint Cybersecurity Working Group (JCWG) (a standing working group of the HSCC, composed of more than 200 industry and government organizations working together to develop strategies to address emerging and ongoing cybersecurity challenges to the health sector) put together this 2nd Quarter 2020 progress report to address the JCWG’s progress to date in addressing the Health Care Industry Cybersecurity Task Force recommendations.

NIST Framework for Improving Critical Infrastructure Cybersecurity External Link Icon
Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Toolkits

Cyber Essentials Toolkit External Link Icon
The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness.

NSA Cybersecurity Advisories and Technical Guidance External Link Icon
This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements.

OnGuardOnline External Link Icon
This Federal Trade Commission website contains general information and tips to protect information and devices online.

NCSC Awareness Materials External Link Icon
The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.

Watch & Learn

Cybersecurity Attacks - The Insider Threat
This 15-minute video teaches the viewer to recognize and mitigate the attacks performed by witting and unwitting entities that comprise the cybersecurity environment.

NCSC Cyber Training Series External Link Icon
This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer's component layers and associated functions, virtualization concepts, and security methods.

Protect Your Computer from Malware
Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobile device without your consent. Learn more about how to avoid, detect, and get rid of malware.

Webinars

Creating a Workplace Culture of Cybersecurity
This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in the workplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.

Games

Cybersecurity: Tomorrow’s Internet
Test your knowledge of cybersecurity and earn badges as you go.

Cybersecurity Magic 8 Ball PowerPoint icon
Can you correctly predict how the Magic 8 Ball will answer these cybersecurity questions?

Cybersecurity Trivia Twirl
This game features a wheel with six segments, each representing a different Cybersecurity category. Spin the wheel and correctly answer the question to “collect” that category segment. Play continues until you successfully collect all six category segments.
 


National Cybersecurity Policy for Operation Warp Speed Partners

Policy


Social Media Considerations for Operation Warp Speed Partners

Job Aids

Social Media Safety PDF icon
This job aid from ODNI provides best practices for navigating social media safely.

Social Media: Leveraging Value while Mitigating Risk External Link Icon
The slides from a presentation by David Etue, Vice President of Corporate Development Strategy at SafeNet, discuss the importance, impact and risk of social media in protection health information, and discuss some best practices in mitigation of those risks.

Facebook Smartcard (Configuration Guide) PDF icon
This is a quick configuration guide for Facebook.

Facebook Smartcard (Trifold) PDF icon
This trifold brochure is an easy way to provide employees with the basics of configuring their Facebook profile to mitigate their risk.

LinkedIn Smartcard (Trifold) PDF icon
This trifold brochure is an easy way to provide employees with the basics of configuring their LinkedIn profile to mitigate their risk.

Twitter Smartcard (Configuration Guide) PDF icon
This is a quick configuration guide for Twitter.

Twitter Smartcard (Trifold) PDF icon
This trifold brochure is an easy way to provide employees with the basics of configuring their Twitter account to mitigate their risk.

Posters

Social Networking
Social Networking
8.5 x 11
17 x 22

Twitter
Twitter
8.5 x 11
17 x 22

Reports

Internet Social Networking Risks PDF icon
This ODNI report provides definitions of terms associated with internet and social networking risks and provides practical tips and best practices for mitigating the risk.

Watch & Learn

Social Media Video Lesson
This video lesson explores the risks associated with social media and why you should be concerned.

Industrial Security & Risk Management for Operation Warp Speed Industry Partners

Job Aids

Asset Identification Guide: Quick Look PDF icon

This desktop tool explains the use of the Asset Identification Guide.

Asset Identification Guide PDF icon

While originally designed for use by cleared contractors, this is a useful guide for identifying your corporate assets.

PIEFAOS/Fish Bone Diagram PDF icon

This job aid will give you an easy way to categorize and think about the assets you need to protect.

DCSA Methods of Contact/Methods of Operation Countermeasures Matrix

DCSA provides a report to the U.S. Congress annually that details the reporting of targeting of cleared contractors by suspected foreign threats. This matrix details one year of reporting broken down by method of contact and method of operation and provides recommended countermeasures for mitigating the risk of these methods of contact and methods of operation.

Posters

Packing 8.5x11 / 17x22 PDF icon
Know the Risks 8.5x11 / 17x22 PDF icon
Lady Liberty 8.5x11 / 17x22 PDF icon

Resources

CISA Critical Infrastructure Sector – Healthcare and Public Health External Link Icon

The Healthcare and Public Health Sector-Specific Plan External Link Icon details how the National Infrastructure Protection Plan External Link Icon risk management framework is implemented within the context of the unique characteristics and risk landscape of the sector. This website provides the sector specific plan and links to sector resources.

DSAC Critical Infrastructure Resources External Link Icon

This site provides valuable information about daily open source infrastructure reports, the InfraGard Program, and other resources for protecting critical infrastructure.

Toolkits

Security Education, Training and Awareness

This toolkit provides resources for developing your own security education program. While many of the resources are Department of Defense oriented, there are still many useful resources for uncleared companies.

Watch & Learn

Critical Program Information Security Short

This video explains critical program information and the need for enhanced protection of this type of information.

DCSA Counterintelligence Methods of Contact/Methods of Operation Countermeasures Matrix Video

This video explains the how to use the DCSA Methods of Contact/Methods of Operation Countermeasures Matrix.

Return to top of page.

Information Security for Operation Warp Speed Industry Partners

Resources

ISOO CUI Resources External Link Icon

This site provides resources for safeguarding Controlled Unclassified Information, including cover sheets, labels, and education materials.

Protecting Sensitive Unclassified Information External Link Icon

This site discusses best practices for protecting sensitive unclassified information.

Toolkits

Controlled Unclassified Information

This toolkit provides current information regarding Controlled Unclassified Information.

Unauthorized Disclosure Toolkit

This toolkit will help you learn the difference between whistleblowing and unauthorized disclosure. Unauthorized disclosure is a crime and may involve classified or unclassified information.

Game

Unauthorized Disclosure Magic 8 Ball Powerpoint Icon

This game provides useful information about unauthorized disclosure of both unclassified information and classified information.

Graphic Novel

Dangerous Disclosure PDF icon

While this graphic novel is focused on the Department of Defense, it illustrates the consequences of unauthorized disclosure.

Posters

Think Before You Click 8.5 x 11 / 17 x 22 PDF icon
Unauthorized Disclosure 8.5 x 11 / 17 x 22 PDF icon
It Came from an Email 8.5 x 11 / 17 x 22 PDF icon
Secure Your Information 8.5 x 11 / 17 x 22 PDF icon

Insider Risk for Operation Warp Speed Industry Partners

As a member of the Healthcare and Public Health Sector, you play a significant role in national security by protecting the nation and its economy from hazards such as terrorism, infectious disease outbreaks, and natural disasters.

Trusted insiders, both witting and unwitting, can cause grave harm to your organization’s facilities, resources, information, and personnel. Insider incidents account for billions of dollars annually in “actual” and “potential” damages and lost revenue related to data breaches, trade secret theft, fraud, sabotage, damage to an organization’s reputation, acts of workplace violence, and more. Implementation of an Insider Risk Program and an Insider Threat Awareness Campaign can help mitigate risks associated with trusted insiders.

The below resources were developed to support critical infrastructure sectors, cleared industry, DOD component, and federal agency insider threat programs. The principles and best practices therein have been applied throughout the private sector, and all materials are available to support Healthcare and Public Health organizations.

Establish an Insider Risk Program

eLearning Courses

Establishing an Insider Threat Program for Your Organization, INT122.16

This course is designed for individuals designated as the organizational Insider Threat Program Manager. The instruction provides guidance for organizational Insider Threat Program Managers on how to organize and design their specific program.

Job Aids

Insider Risk Programs for the Healthcare and Public Health Sector: Implementation Guide PDF Icon

As a member of the Healthcare and Public Health Sector, you play a significant role in national security by protecting the nation and its economy from hazards such as terrorism, infectious disease outbreaks, and natural disasters. Implementation of an Insider Risk Program can help mitigate risks associated with trusted insiders.

Insider Threat Programs for the Critical Manufacturing Sector: Implementation Guide PDF Icon

This guide was developed to provide guidance and information for critical manufacturing organizations to establish insider threat programs.

Insider Risk Evaluation and Audit Tool PDF Icon

This tool is designed to help the user gauge an organization’s relative vulnerability to insider threats.

Policy

Presidential Policy Directive: Critical Infrastructure Security and Resiliency External Link Icon

The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.

Resources

Full Catalog of Training Materials for Insider Threat Practitioners

Insider Threat Programs are designed to deter, detect, and mitigate actions by insiders who represent a threat to national security. CDSE has provided an extensive catalog of insider threat resources for your use.

Insider Threat Mitigation

This CISA site is designed to assist individuals, organizations, and communities in improving or establishing an insider threat mitigation program.

CISA Resources for Healthcare and Public Health Sector External Link Icon

The Healthcare and Public Health Sector-Specific Plan  External Link Icon details how the National Infrastructure Protection Plan External Link Icon risk management framework is implemented within the context of the unique characteristics and risk landscape of the sector. This website provides the sector specific plan and links to sector resources.

National Insider Threat Task Force External Link Icon

This site provides insider risk resources to assist you in developing your Insider Risk Program.


Promote Awareness in Your Organization

Case Studies

Case Study Library

Explore a growing repository of U.S. case studies. Learn about the crimes, the sentences, the impact, and the potential risk indicators that, if identified, could have mitigated harm.

eLearning Courses

Insider Threat Awareness, INT101.16

This course provides a thorough understanding of how Insider Threat Awareness is an essential component of a comprehensive security program.

Protecting Critical Infrastructure against Insider Threats External Link Icon

This course provides guidance to critical infrastructure employees and service providers on how to identify and take action against insider threats to critical infrastructure.

Job Aids

Potential Insider Risk Indicators: Insider Threat PDF Icon

Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many risks can be mitigated before harm to the organization occurs. This job aid provides information about the potential risk indicators for which you should be looking.

Potential Risk Indicators: Kinetic Violence PDF Icon

In the weeks and months before an active shooter attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack.

Mobile Application

Insider Threat Sentry Mobile Application

(Download on Apple App Store or Google Play) This mobile application provides up-to-date awareness material on deterring, detecting, and mitigating potential risks associated with insider threats.

Posters

Resilience Pathways 8.5x11 / 17x22 PDF Icon
Superwoman 8.5x11 / 17x22 PDF Icon
Umbrella 8.5x11 / 17x22 PDF Icon
Concerning Behavior 8.5x11 / 17x22 PDF Icon

Games

Play these engaging and entertaining games to test your knowledge of insider risk.

Watch & Learn

Insider Threat Training Videos

This repository contains 18 training videos about insider threat, including the 4-part award-winning series “Turning People Around, Not Turning Them In.”

Active Shooter Awareness

Active shooter situations are unpredictable and evolve quickly, often before law enforcement personnel can arrive. Your goal in responding is to quickly determine the most reasonable way to protect your life and the lives of those around you. This video will help you make the best decision possible for your safety and the safety of those around you.

Additional Resources

National Insider Threat Awareness Month

Participating in Insider Threat Awareness Month can help your program detect, deter, and mitigate insider risk by increasing awareness and promoting reporting. This website will help you identify a variety of activities and engagements available to your organization.

More Awareness Materials

Instilling a sense of vigilance in the general workforce is a basic tenet of establishing an insider risk program. Developing a vigilance campaign for your organization is an effective solution. Deploying regular messaging, awareness, and communications materials ensures that the general workforce is prepared to recognize and respond to the insider risk.

Operations Security for Operation Warp Speed Industry Partners

Job Aids

Operation Warp Speed OPSEC Reference Guide

This easily customizable guide provides a definition of critical information and a 5-step process for identification and protection of that critical information. It also delineates OPSEC responsibilities for Operation Warp Speed industry partners.

Posters

Free Speech 8.5x11 / 17x22 PDF icon
Mask Up and Zip It 8.5x11 / 17x22 PDF icon

Resources

Interagency OPSEC Support Staff (IOSS) External Link Icon

The IOSS supports the National OPSEC Program by providing multimedia products and presenting events that attract attendees from the security, intelligence, research and development, acquisition, and law enforcement communities. These events include the National OPSEC Conference and Exhibition, the National Threat Symposium, and regional training symposia. This site requires registration.

Personnel Security for Operation Warp Speed Industry Partners

Job Aids

Counterintelligence Reporting Essentials (CORE): A Practical Guide for Reporting Counterintelligence and Security Indicators PDF icon

Supervisors and coworkers are the first line of defense against espionage. The government relies on you to protect national security by reporting any behavior that you observe that may be related to a potential compromise of sensitive information. However, judgment calls are often required by the potential reporter, and this often leads to indecision or choosing not to report anything. This resource provides a focused list of serious counterintelligence- and security-related behaviors that, if observed or learned about, should be reported immediately to the appropriate counterintelligence or security authorities. All these behaviors are serious and require little or no speculation.

Reports

Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations PDF icon

The report provides an analysis and overview of findings based on ten detailed cases studies of IT insider offenses. The authors discuss and compare background factors that contributed to the damaging event under five headings: Subject and Attack Characteristics, Personnel Screening, Attack Detection, Organizational and Social Environment, and Personnel Management Issues. Although this research is confined to a limited number of cases, it offers general observations that have clear implications for policies and best practices that address the threat posed by at-risk employees.

Enhancing Supervisor Reporting of Behaviors of Concern PDF icon

This report compiles a literature review with key information from subject matter expert (SME) interviews about barriers to reporting, strategies for overcoming these barriers, and tools to assist with the reporting process.

Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers PDF icon

Personnel and Security Research Center (PERSEREC) conducted a study of supervisor and coworker reporting of security-related information. Explanations were offered by security managers and by focus group participants as to why many security-related behaviors are underreported. PERSEREC developed a clear, succinct list of behaviors that could pose a potential threat to national security and thus should be reported if observed.

On the Right Track: Worker-on-Worker Violence Prevention PDF icon

Researchers partnered with subject matter experts (SME) in law enforcement and asked them to share their opinions as to why worker-on-worker violence seems so rare in police departments, especially given the intense, fast-paced, and armed environment. The purpose of this report is to identify best practices based on these discussions and recommend potential prevention strategies that organizations might want to consider for its own workforce.

Physical Security for Operation Warp Speed Industry Partners

eLearning Courses

Workplace Security Awareness External Link Icon
This course provides guidance to individuals and organizations on how to improve the security in your workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats.

Posters

No Badge 8.5x11 / 17x22 
Remember the Importance of Physical Security 8.5x11 / 17x22 
 

Resources

DSAC Critical Infrastructure Resources External Link Icon
This site provides valuable information about daily open source infrastructure reports, the InfraGard Program, and other resources for protecting critical infrastructure.

CISA Infrastructure Security External Link Icon
Explore the infrastructure security services CISA offers through this website as well as through the CISA Services CatalogExternal Link Icon

Toolkit feedback/suggestions? Email dcsa.cdsetraining@mail.mil.