Security Engineering Associates

Physical / Technical Security / Personal Protection Services
Home
About Us
Executive Security
Contact Us
Site Map
Services
Projects
People
Assessment
News & Information
Industry Information
Threat Information
Cyber Security
Intelligence
SEA News

 

The Department of State division of Diplomatic Security has recently appointed Security Engineering Associates to its Overseas Security Advisory Council as a constituent. The Overseas Security Advisory Council (OSAC) is a Federal Advisory Committee with a U.S. Government Charter to promote security cooperation between American business and private sector interests worldwide and the U.S. Department of State. The Council is established under authority of the Secretary of State pursuant to 22 U.S.C. 2656 and in accordance with the Federal Advisory Committee Act (FACA), as amended, 5 U.S.C. App., and its regulations, 41 C.F.R. Part 102.  The activities of the Council are determined to be in the public interest and are directly related to overseas security functions of the Department of State. 

 

History

 

The increase in terrorism over the last 25 years and the continuing threat against U.S. interests overseas has forced many American companies to seek advice and assistance from the U.S. Government, particularly the State Department. In 1985, a handful of chief executive officers from prominent American companies met with then Secretary of State George P. Shultz to promote cooperation between the American private sector worldwide and the U.S. Government on security issues. The subsequent establishment of the Overseas Security Advisory Council (OSAC) has developed into an enormously successful joint venture.

 

OSAC: A Public/Private Sector Partnership

The OSAC (Council) is comprised of 30 private sector and 4 public sector member organizations that represent a broad range of economic sectors or agencies operating abroad. Private sector members are selected from OSAC’s constituency and normally serve for two to four year terms. Member organizations designate a representative to work on the Council. These representatives provide the direction and guidance to develop programs that most benefit the U.S. private sector overseas. Representatives meet quarterly and staff committees tasked with specific projects – such as the protection of business information and transnational crime. Under OSAC leadership annual goals and objectives are discussed, evaluated, initiated, and assigned. The original five-year strategic plan is now being reviewed annually to keep the goals and objectives of the Council up-to-date with the needs of the constituency. The council is co-chaired by the Director of the Diplomatic Security Service (DSS) and a selected representative of the private sector.

Under OSAC’s Strategic Plan for 2006 – 2007 the following committee’s were created to support new objectives for the Council. This strategic plan outlines a purpose to protect American interests overseas by promoting public-private security partnerships through leadership, information sharing and innovation.

 
SEA Announcements

 

SEA recognizing its responsibilities to its client base has decided to expand its Board of Directors to include two more seats on the Board. Judy A. Schweers will remain as Chairperson of the Board. Megan K. Schweers and Erin E. Schweers will continue to serve on the Board in their capacities as Directors. John Volkoff, will be joining the Board as a Director and will assume the responsibilities and role as a member of Security Engineering’s Associates Board of Directors. 

 

Advisory Council

 

SEA in its constant search for better approaches to corporate, industrial and government security has embarked on a mission to develop an Advisory Board. The Board's mandate will assist SEA in becoming more innovative in its approach to assist the client needs in a strong and forth right manner that will provide the client with state of art approaches designed for current and future threats.

 

SEA to Attends 25th Annual Briefing at the U.S. Department of State in Washington, D.C.

 

Members of the Board of Directors attended the 25th Annual meeting held at the U.S. Department of State in Washington D.C. on November 18, 2011. The theme of the meeting was "Confronting Global Risks." The keynote address was given by The Honorable Hillary Rodham Clinton, Secretary of State. Discussion were held concerning the Global Financial Crisis, Defeating the terrorist threat, security in Mexico and the terrorist threats in India. The meetings were well attended with participation from many sectors.

 

 

White House Releases Cybersecurity Plans

The Obama administration's legislative proposal includes critical infrastructure protection, breach notification, privacy requirements, and overhauls for internal government cybersecurity.


By J. Nicholas Hoover

InformationWeek
May 12, 2011 04:16 PM


 

The Obama administration on Thursday announced a broad legislative proposal to overhaul the nation's cybersecurity laws with new provisions to shore up privacy protection, data breach reporting, critical infrastructure protection, and the security of federal government systems.

The new plan touches both public and private systems, requiring certain key critical infrastructure companies to draw up cybersecurity risk mitigation plans on one hand, and updating the Federal Information Security Management Act (FISMA), which regulates internal government cybersecurity, on the other.


The proposal comes at a time when dozens of pieces of cybersecurity legislation are circulating on Capitol Hill, including comprehensive bills that cover just as much ground as the White House plan. Congressional leadership has indicated a desire to push cyber legislation through Congress this year, and several members of Congress have blamed a delay on passage of comprehensive legislation--proposals have been languishing for years--on the White House's lack of a plan.

"We recognize that this is the beginning of a discussion with the Congressional leadership," a senior White House official said Thursday on a background call with reporters. "We look forward to enacting legislation this year."

Even with the White House plan now on the table, there's still much work to be done if Congress truly hopes to get a bill on the president's desk by year's end. The Republican-led House of Representatives and Democrat-controlled Senate remain at arms over several issues, including the balance of power on cybersecurity issues between the military and the Department of Homeland Security, and whether a comprehensive legislative overhaul should be accomplished in pieces or in one massive bill.

DHS, which already has a key role in government cybersecurity, plays a big part in White House plans, as well as in the primary Senate plans, both in critical infrastructure protection and in securing federal government networks. For critical infrastructure, which is increasingly coming under cyber attacks, the bill clarifies the ability of companies to share information with DHS, and allows DHS a broad, though voluntary on the part of the private sector, role in assisting critical infrastructure companies with their cybersecurity needs.

For the most critical infrastructure, which DHS would identify, the department would draw up a set of risks that the industry would need to mitigate, and private enterprise would be responsible for developing cybersecurity plans to address those risks, providing those plans to DHS, getting those plans audited by a third party, and making high-level overviews of the plan available to the public.

The proposal also includes a national data breach reporting standard aimed at "simplifying and standardizing" a patchwork of 47 state data breach reporting laws, and would provide for harsher mandatory minimum punishments for cyber criminals, particularly those responsible for intrusions into critical infrastructure networks.

Civil liberties groups have raised concerns that comprehensive legislation might include some sort of "kill switch" that could enable the President to switch parts of the Internet off at will. However, no such new cybersecurity authority is sought for the President in the White House proposal.

Privacy protection also is built into the plan. DHS would be required to develop privacy and civil liberties procedures that would be overseen and signed off on by the Attorney General, and companies wanting to share information with the government must first make reasonable efforts to remove any identifying information unrelated to cyber threats.

The White House plan also focuses on internal government cybersecurity. For example, it would update FISMA to include provisions on continuous monitoring, and codify DHS' role in managing federal civilian agency cybersecurity. The plan would also make it easier for DHS to hire cybersecurity talent, and permit "expert exchanges" between the government and private companies to share best practices.

Cyber Protection

The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.

    Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).

    Malicious code - Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer. Malicious code can have the following characteristics:

    • It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
    • Some forms propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via email, websites, or network-based software.
    • Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.

    Viruses and worms are examples of malicious code.

    Vulnerability - In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities (see Understanding Patches for more information).