NSA Employee Steered Cyberdefense Funds To Self

"Schepens ... had access to the account into which the taxpayer funds were deposited."

Dynamic Security could have prevented this.!

A Maryland man admits to awarding more than $750,000 in federal funds to a business he and his wife ran from their home.

By K.C. Jones
InformationWeek

Feb 8, 2007 07:25 PM

A former National Security Agency employee pleaded guilty this week to steering federal money for cybercrime defense to a company co-owned by his wife.

Wayne Schepens of Maryland admitted to awarding more than $750,000 in federal funds to a business he and his wife ran from their home. The firm participated in Cyber Defense Exercises at Navy, Marine, and Army schools, including the U.S. Military Academy at West Point.

All branches of the U.S. military engage in cyberdefense activities and training.

It's illegal for government employees to spend taxpayer money on government contracts that benefit them financially. Schepens created the cyberdefense exercises and competitions, awarded the money to support them, and had access to the account into which the taxpayer funds were deposited. In April, he will face sentencing, which could include five years imprisonment, up to $250,000 in fines, and probation.

The former NSA employee's wife, Jennifer Schepens, answered the phone at the business, CDXperts Inc., and said only that she would like to comment on the plea but could not at this time.

VA investigating another missing hard drive

Cybercrime pays and repeats itself. Dynamic Security could protect against unauthorized removal of equipment.

Grant Gross February 05, 2007 (IDG News Service) -- The Department of Veterans Affairs (VA) is investigating a missing hard drive containing the personal records of 48,000 military veterans, the agency said.

The external hard drive contained about 20,000 personal records that were not encrypted, according to information from Rep. Spencer Bachus (R-Ala.). A VA employee reported the hard drive missing from a Birmingham, Ala., agency facility on Jan. 22, according to a VA press release.

The VA and the FBI are investigating the missing hard drive, the VA said in its Friday press release. The VA's Office of Information and Technology is conducting a separate investigation, Secretary of Veterans Affairs Jim Nicholson said in a statement.

"We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved," Nicholson added.

In May 2006, the VA reported a laptop and hard drive containing the personal records of 26.5 million military veterans and their families had been stolen from an employee's home. Police later recovered the hardware, and the VA said computer forensics tests indicated thieves had not accessed the data. However, the theft set off criticism from several members of Congress about the VA's cybersecurity practices.

The hard drive in Alabama was used to back up information contained on an employee’s office computer and may have contained data from research projects the employee was involved in, as well as personal information, the VA said.

The VA Office of Inspector General has seized the employee’s computer and is analyzing its contents, the VA said. The VA is prepared to notify affected people and provide free credit monitoring, the agency said.

The VA will continue to aim to be a leader in protecting personal information, Nicholson said in his statement.

In August, the VA also reported that a desktop computer containing the personal information of 38,000 veterans was missing from the office of Unisys Corp., the subcontractor assisting at the agency's medical centers in Pittsburgh and Philadelphia.

The lost VA hardware prompted a congressional review of other U.S. government agencies, and agencies reported thousands of l

US Military Roadmap: 'Fight the Net

 IT Security Problems Recognized by the Military

US Military Roadmap: 'Fight the Net' 

JANUARY 30, 2007 | Ground operations, air operations, maritime operations -- and now, information operations? That's right -- the U.S. military wants to add information operations as a new military core competency, according to a newly declassified Defense Department document called the "Information Operations Roadmap." The 78-page document, written in October 2003 and signed by former Defense Secretary Donald Rumsfeld (complete with blacked-out blocks of classified text), was obtained via the Freedom of Information Act by the National Security Archive at George Washington University and reported by BBC News. It provides a sneak-peek into the military's ambitious goals for information operations: using/fighting the Internet, improving psychological operations (psyops), and dominating the electromagnetic spectrum. Bottom line: Information is crucial to the military's success.

"Fight the Net" is a major recurring theme of the document. Given the rise in hacker and cybercrime risks to U.S. businesses, the military should fight the Internet as if it were an "enemy weapons system," the document says. It also points out that networks are becoming more vulnerable and calls for a defense-in-depth strategy for "providing Combatant Commanders with the tools necessary to preserve warfighting capability." The document hints about the use of "offensive cyber tools" and computer network attacks as well as integrated weapons systems, but much of that section is classified, and therefore sketchy. Sean Kelly, business technology consultant with Consilium1, says the "fight the net" campaign is the wrong approach. "I agree that our Defense Department needs to have strong security strategies for defending our information systems -- especially intelligence databases, as well as key communications channels," Kelly says. "I would hope that our Defense Department would employ some of the best and brightest network security professionals to develop a strategy that identifies and protects -- through monitoring and taking action where necessary, [a] good old fashioned incident response program -- high-risk areas of its own networks as well as on the Internet." The military's IO Roadmap also includes improving psyops, which today are more "reactive" and "not well organized," according to the document, including better using technology -- radio, television, print, and Web -- to spread the word.

But one of the most compelling issues in the roadmap was the military's interest in getting control of the electromagnetic spectrum. "To prevail in an information-centric fight, it is increasingly important that our forces dominate the electromagnetic spectrum with attack capabilities," according to the document. Kelly says controlling the electromagnetic spectrum is extreme. "Instead of taking an 'us against the world' approach, we should be collaborating with other nations to identify threats and develop a plan address known vulnerabilities," he says. "We can decide how we want to defend our internal interests and network infrastructure, but we should not be seeking the ability to have full control over the electromagnetic spectrum." Defense Department officials were not available for comment in time for this posting.    

CyberTerrorism

Russian expert: Terrorists may try cyberattacks (December 13 2006, 12:00AM)

An increasingly networked infrastructure and a paucity of laws defining cybercrime could lead to disaster in Russia if terrorists such as Chechen separatists started turning their attention to electronic warfare, says one security expert there.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=900600