• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
C:\Documents And Settings\Fakhri O\My Documents\2 Professional Files\Omar Matic\The Invention (Open Market)
 

C:\Documents And Settings\Fakhri O\My Documents\2 Professional Files\Omar Matic\The Invention (Open Market)

on

  • 552 views

 

Statistics

Views

Total Views
552
Views on SlideShare
551
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Even though they’re blank it won’t allow Issue if clearance doesn't match. John who doesn't have a SCI can only pull TS and below CDs. It doesn't matter if it’s blank.
  • Just like Wal-Mart Scan the item FIRST then begin “Badging” process. System knows who the CD belongs to. We can see the time of transfer & the Kiosk number. Note the serial numbering schema, this’ll be important in Phase III. Also, it’ll alert the CSO if some scans a CD of a higher classification than they hold.
  • John Doe is out-processing to go to another assignment. As we’ve seen thus far he’s transferred the TS CD that he needed to handoff to Col Jones. Now he can destroy (Kiosk #11) four other CDs of various classifications that he’s accumulated since Apirl 13 th .
  • September 15 th John attempts to out-process however he can’t seem to remember what he did with pesky secret CD he pulled on May 15 th . The CDs are pre-marked as per Executive Order 12958 which, to large degree takes the onus off of the end user Visibility on usage, time in service (from issuance to destruction), high volume users (threats)
  • Remember Col Jones. As we can see it only took her just over an hour to secure that CD. Of course, if she wanted to she could have destroyed it now that she owns it.
  • Set time & quantity limits
  • http://www.archives.gov/isoo/faqs/agency-declass-plans.html#data Question #2 What are the causes for data spillages? A: Examples of data spillage causes include, but not limited to: Improperly handled media and media releases Improper data transfers Compilation of hidden, classified, or sensitive data in a file, in this sense, does not refer to data aggregation Residual hidden data in a Word document Embedded objects Compressed files Encrypted files User error User fatigue Lack of proper security training Lack of trustworthy labels on data Contaminated data received from an outside source Data entry of classified information on an inappropriate system Process error Improper disposal
  • Most all systems require barcode reader to access CD Readers and CD Writers
  • The use of serial numbers in the example shown isn’t important. Whatever coding or numbering scheme you chose is irrelevant. Forbidding serial numbers we know are too high a level.
  • Note the big difference is that it’ll only allow Secret-to-Secret, Unclassified-to-unclassified etc.
  • Not everyone can conduct High-to-Low data Xfer (Re IODM Kevin Nesbitt)
  • Parking Lot

C:\Documents And Settings\Fakhri O\My Documents\2 Professional Files\Omar Matic\The Invention (Open Market) C:\Documents And Settings\Fakhri O\My Documents\2 Professional Files\Omar Matic\The Invention (Open Market) Presentation Transcript

  • CD Lifecycle & Data Spill Solutions Omar J. Fakhri Ph: (727) 505-4701 [email_address]
  • Overview
    • Need
    • Scalable Solutions
      • Phase I Cradle-to-Grave Lifecycle CD Tracking;
        • a. Authenticate & Issue
        • b. Authenticate & Transfer
        • c. Authenticate & Destroy
      • Phase II Secure Storage Of CDs
      • Phase III Spill-Resistant Network With Bar-coding
        • a. General User Desktops
        • b. Communal desktops with Same-Level CD burning
        • c. Five-Step Process for High-Low Data Transfer
    • Wrap up
  • The Webster Commission’s Report “… The FBI should study the feasibility of bar coding particularly sensitive classified material, such as asset files, to facilitate control and tracking .” (Page 78) FBI Strategic Objective: IVA.1 Protect the FBI from compromise of its employees. “Security and counterintelligence professionals generally agree that the most significant threat to an organization’s internal security is betrayal by a trusted insider.” (Page 84)
    • Phase I Cradle-to-Grave Lifecycle CD Tracking
    • Phase I a. Authenticate & Issue
    • Phase I b. Authenticate & Transfer
    • Phase I c. Authenticate & Destroy
  • Technology Blending For Cradle-to-Grave Lifecycle Tracking of Recordable Media (CDs) Phase I Components: a. Authenticate & Issue b. Authenticate & Transfer c. Authenticate & Destroy Barcode Printer CAC Badges & Readers TS S C U SCI Pre Bar-coded (blank) CDs Barcode Readers NSA Certified CD Destroyers Optional Receipt Printing CD Vending Machines Kiosk #11
    • Phase I a.
    • Authenticate & Issue
    SCI Authenticate Issue Track T -Transferred D - Destroyed S - Stored ( Phase II ) OC - Owner Custody Kiosk #11 Disallows Issue to personnel without appropriate clearance Profile: John Doe ( TS ) Recipient Owner Custody 4/18/10 09:02 1 -86463 U 39 1 -38761 1 -76489 3 -85288 3 -85280 4 -13899 Serial Number Owner Custody 7/28/10 11:00 S 11 Owner Custody 8/1/10 17:00 C 11 8/1/10 19:03 5/9/10 13:31 4/13/10 16:44 Date Issued Owner Custody Owner Custody Owner Custody Status (T, D, S, OC) T,D,S Date TS 27 Kiosk Number CD Class Kiosk Number 32 11 U S TS S C U
    • Phase I Cradle-to-Grave Lifecycle CD Tracking
    • Phase I a. Authenticate & Issue
    • Phase I b. Authenticate & Transfer
    • Phase I c. Authenticate & Destroy
    • Phase I b.
    • Authenticate & Transfer
    Authenticate Ownership Eligibility/Acceptance (Yes/No) Authentication Looser Receipt Gainers Receipt Transfer Complete Hardcopy Printed (Optional) Kiosk #11 Disallows transfers to Personnel without appropriate Clearance TS Profile: John Doe (TS) Col. Smith Recipient 4 -13899 Serial Number 4/13/10 16:44 Date Issued Transferred Status (T, D, S, OC) 9/12/10 13:10 T,D,S Date 11 TS 27 Kiosk Number CD Class Kiosk Number TS Profile: Col Smith (TS-SCI) Recipient 4 -13899 Serial Number 9/12/10 13:10 Date Issued Owner Custody Status (T, D, S, OC) T,D,S Date TS 11 Kiosk Number CD Class Kiosk Number
    • Phase I Cradle-to-Grave Lifecycle CD Tracking
    • Phase I a. Authenticate & Issue
    • Phase I b. Authenticate & Transfer
    • Phase I c. Authenticate & Destroy
    • Phase I c.
    • Authenticate & Destroy
    Authenticate Ownership Kiosk #11 Disallows & Alerts when inappropriate Clearance or “ownership” is detected Profile: John Doe (TS) Col. Smith Recipient 11 9/15/10 13:10 Destroyed 4/18/10 09:02 1 -86463 U 39 1 -38761 1 -76489 3 -85288 3-85280 4 -13899 Serial Number 11 9/15/10 13:10 Destroyed 7/28/10 11:00 S 11 11 9/15/10 13:10 Destroyed 8/1/10 17:00 C 11 8/1/10 19:03 5/9/10 13:31 4/13/10 16:44 Date Issued Destroyed Custody of Owner Transferred Status (T, D, S, C) 9/15/10 13:10 9/12/10 13:10 T,D,S Date 11 TS 27 Kiosk Number CD Class Kiosk Number 32 11 U S 11
    • Wrap-up Phase I
    • Authenticate & Issue/Transfer/Destroy
    • Benefits
    • Full lifecycle accountability
    • Spot-checks & Tripwires
    • Prevents Unauthorized Possession
    • Leverages/blends Existing Technology
    • No Classified is actually accessed/read
    Kiosk #11 Profile: John Doe (TS) Col. Smith Recipient 11 9/15/10 13:10 Destroyed 4/18/10 09:02 1 -86463 U 39 1 -38761 1 -76489 3 -85288 3 -85280 4 -13899 Serial Number 11 9/15/10 13:10 Destroyed 7/28/10 11:00 S 11 11 9/15/10 13:10 Destroyed 8/1/10 17:00 C 11 8/1/10 19:03 5/9/10 13:31 4/13/10 16:44 Date Issued Destroyed Owner Custody Transferred Status (T, D, S, OC) 9/15/10 13:10 9/12/10 13:10 T,D,S Date 11 TS 27 Kiosk Number CD Class Kiosk Number 32 11 U S 11
  • Phase II Storage
  • Phase II - Technology Blending For Secure CD Storage Same Components From Phase I SU#22 Gutted ( Stackable ) CD Drives + TS S C U SCI Bar-coded (blank) CDs
    • Phase II
    • Authenticate & Store
    Optional Receipt Printing Authenticate Ownership Opens appropriate gutted CD slot in stack SU#22 TS TS S C Owner Custody 9/12/10 13:10 4 -13899 TS 11 Profile (TS-SCI) SU#22 Recipient 4 -13899 Serial Number Date Issued Stored Status (T, D, S, OC) 9/12/10 14:15 T,D,S Date TS Kiosk Number CD Class Kiosk Number
    • Wrap-Up Phase II
    • Authenticate & Store
    SU#22
    • Benefits
    • Inventory accountability
    • Spot-checks & Tripwires
    • Prevents Unauthorized Possession
    • Leverages/blends Existing Technology
    • No Classified is actually accessed/read
    TS TS S C Owner Custody 9/12/10 13:10 4 -13899 TS 11 Profile SU#22 Recipient 4 -13899 Serial Number Date Issued Stored Status (T, D, S, OC) 9/12/10 14:15 T,D,S Date TS Kiosk Number CD Class Kiosk Number
  • Phase III Spill-Resistant Network
  • Phase III Spill-Resistant Network All CD Readers and CD Writers Require Barcode Reader to Access Drive a. General User Desktop CD Readers Integrated With Barcode Reader b. Communal Desktops with Same-Level CD Burners c. Centralized High-Low CD Burner Process a., b., & c. should be deployed together
  • Phase III c. Centralized High-Low CD Burner Process (Only CD Drives that can operate without a Barcode Reader) Phase III b . Communal Desktops with Same-Level CD Burners Phase III a. General User Desktop CD Readers Integrated With Barcode Reader Spill-Resistant Network Topography Works on both thin-client and client-server environments CD Readers Only Same Classification CD Writers Only
  • Phase III a. General User Desktops CD Readers Integrated With Barcode Reader User scans barcode on CD to access CD drive. The first digit of the Serial Number (SN) determines if drive can be accessed. Example: Unclassified systems with CD Readers will NOT mount CDs with SNs beginning with # 2 or higher Confidential systems will NOT mount CDs with SNs beginning with 3 or higher Secret systems will NOT mount CDs with SNs beginning with # 4 or Higher. Etc… Prevents the reading of CDs that are classified higher than the system (data spill) Kiosk #11 CD Readers Only Introduction of “Foreign” CDs? Use Barcode Printer
  • Phase III b. Communal Desktops with Same-Level CD Burners User must scan barcode on CD to access CD Bruner . The first digit of the Serial Number (SN) determines if drive can be accessed. Example: Unclassified systems with CD burners will only mount CDs with SNs beginning with # 1 Confidential systems will only mount CDs with SNs beginning with # 2 Secret systems will only mount CDs with SNs beginning with # 3 . Etc… Prevents Users writing data to incorrectly marked blank CDs (data spill waiting to happen)
  • Phase III c. Centralized High-Low CD Burner Process Privileged User emails (low side) sanitized file to user User Uploads File to High-Side SharePoint System generates Ticket Privileged User from pool uses “Integrity” (aka Dirty word search & Secure Copy) to burn file(s) to unclassified (Green) CD Air Gap/Sneaker Net 1 Upload 2 Track 4 Secure Transfer 3 Verify 5 Deliver & Close Ticket (Step 2)
  • Wrap-Up
      • Phase I Cradle-to-Grave Lifecycle CD Tracking
      • Phase II Secure Storage
      • Phase III Spill-Resistant Network With Bar-coding
    Kiosk #11
  • Benefits
    • Provides Scalable lifecycle Cradle-to-Grave tracking of CDs
    • Fully Automated
    • Custody Transfers
    • Employee out-processing flagging lost data
    • Prevents unauthorized possession and secure Storage
    • Facilitates Trend Analysis
    • Facilitates secure High-Low Data Transfers & Prevents Data Spills
    • Never actually “Reads” Classified Data
    • Blends Existing COTS Technology
    • Adds “ Depth ” to existing cybersecurity capabilities - keeping data secure even after it leaves the network.
  • The Webster Commission’s Report “ For instance, an information system auditing program would surely have flagged Hanssen’s frequent use of FBI computer systems to determine whether he was the subject of a counterintelligence investigation.” (Page 4) “ Over twenty-two years and more than forty passes, Hanssen turned over to Soviet and Russian intelligence an estimated twenty-six diskettes and 6,000 pages of classified information.” (Page 16) “… over seven years ago, the CIA IG concluded that Aldrich Ames’ access to computer “terminals that had floppy disk capabilities represented a serious system vulnerability’.” (Page20) However, if you control the “vehicle” or medium of how information “walks out” of your facility you reduced the insider threat by denying the traitor the medium to do it with. Omar J Fakhri
  • The following 6 slides are a copy of the Narrative (Word doc) also located on this website
  • The Omar-Matic, The Omar-ized Network, Omar-ized CD writers/readers, the Barker Box BRIEF DESCRIPTION OF THE INVENTION: The Omar-Matic provides the full lifecycle (cradle-to-grave) tracking of CDs. It’s intended to be used in environments, such as the Intelligence Community (IC) where users, in certain circumstances must, for whatever reason, remove data from a system or network. When this happens the most common mode is to burn a CD. However, within the IC, and dealing with national security information such as SCI, Top Secret, Secret, Confidential or even Sensitive Unclassified data, such as PII, brings on major security challenges because… once any data leaves the confines of a “ System boundary ” and goes onto any removable media it becomes subject to loss or theft (Insider Threat). This is where the Omar-Matic comes in. The Omar-Matic blends existing Commercial Off The Shelf (COTS) technology in such a manner to facilitate the full lifecycle tracking of all CDs. The COTS technology used in this concept are as follows: Bar-coding of CDs Barcode readers and printers DVD kiosk vending machines such as “Red Box” Common Access Control (CAC) badging technology and equipment NSA approved CD Shredders. Receipt printers Actually, the Omar-Matic has three distinct concepts. The first one blends the use of all the aforementioned COTS technologies into a single package or “kiosk”. Ideally, there would be numerous such kiosks strategically/conveniently located within a major IC facility such as the Pentagon or the J. Edger Hoover Building. PHASE-I Here’s how it works, users would use their CAC Badge to get a blank pre-labeled CD from the Omar-Matic CD dispensing kiosk. This concept capitalizes on the fact that the CAC badge system already “knows” this person’s security clearance and level of access. Therefore, the kiosk would only issue blank CDs up to the security level that the person is cleared for. For instance, if a person only held a Secret clearance then the kiosk could ONLY issue that person any blank CD marked at Secret or below and it would disallow the issuance of TS or SCI CDs. Also, the CAC badging system would track how many blank CDs, the classification level, even the time/date, and the specific kiosk a particular CD came from. This running tally can be extremely useful when its time for the individual to leave the organization (out process), or if the Chief Security Officer (CSO) needed to conduct a random spot-check to ensure proper stewardship of sensitive CDs. This kiosk also facilitates and records the transfer of CD ownership between individuals. Since the system knows the classification of the CD, and the clearance of the recipient, it will not allow a custody transfer to a recipient with an inadequate clearance. Okay, so the Omar-Matic can issue blank CDs and it can record the custody transfer between owners. What about the imminent destruction of the CD?
    • The Omar-Matic kiosk is actually conjoined with an NSA-approved CD shredder and, after proper authentication; it will securely destroy the CD. However, it will not allow the destruction of someone else’s CDs. Moreover, it will notify the CSO of any unauthorized possession, here’s how. Let’s say Sgt Jones, who has a TS clearance, gives Private Smith, who only has a Secret clearance, a TS CD and tells her to go to the kiosk to destroy it. When Private Smith gets to the kiosk the first thing she must do is scan the barcode on the CD. At this point, the system will recognize that the true owner is, in fact, Sgt Jones. The system will then ask for the Badge & PIN of the person attempting to destroy the CD. If Private Smith authenticates herself the system will not destroy the CD but, instead, send an alert to the CSO that a security breach has occurred. Essentially, Private Smith has custody of data that exceeds her clearance.
    • The kiosk will also print barcode stickers to accommodate “foreign” CDs which originated from outside the Omar-Matic system. Users would affix barcode stickers to foreign CDs so they can be tracked. This is especially important if they contain sensitive data. Of course, not all foreign CDs are sensitive and require tracking but all should be barcoded. That said, the 100% barcoding policy is NOT “required” unless the customer intends to implement Phase-III.
    • Some of the benefits are:
      • The CDs are pre-marked as per Executive Order 12958 which, to a large degree, takes the onus off the end user
      • Provides full cradle-to-grave accountability of all CDs
      • Visibility on usage, time in service (from issuance to destruction), high volume users (threats)
      • It forces users to destroy CDs when they are no longer needed (reduce risk)
      • The Omar-Matic is totally unclassified since it can only read data (barcodes) from the non-business side of the CD. User or “classified” data is never accessed.
      • Should someone discover an abandoned CD, for example one inadvertently left in a bathroom, that person could take it to the closest kiosk to scan the barcode which would immediately reveal the registered owner.
      • Enforces personal stewardship and accountability of all removable CDs.
      • Uses a Phased approach and builds upon the success of previous Phases.
    • Building a prototype of this kiosk should be inexpensive. The hardest part would be integrating it with existing industry standard CAC authentication systems. Consequently, early prototypes should probably use an independent token similar to the keychain-size consumer loyalty tokens that retailers use at the checkout. Note: RF keychain-sized tokens could work but would probably add unnecessary complexity, especially for initial prototypes. There are many other options to explore in this area, such as fingerprint reader (biometric) technology.
    • What this first concept does NOT deal with is where CDs are actually stored, especially when you are talking about SCI, TS, and Secret data. This is where the second concept comes in.
    • For now, I believe that this is as far as a potential developer needs to go (Phase-I) to develop a product/prototype that would;
      • 1. Achieve “Proof-of-concept” and
      • 2. Win the acceptance of the IC (sellable).
    • However, as any successful retailer (aka Wal-Mart) will attest, once you have an “automated” method of tracking property it opens the door for many other interesting possibilities.
  • PHASE-II The second concept (Phase-II) of the Omar-Matic is referred to in the original patent application as “The Barker Box”. The Barker Box uses most of the COTS technology mentioned above. Like the aforementioned kiosk, this device uses a barcode scanner, authentication appliances, and PIN but it’s also married to a “Stack” of gutted (minus the mechanism that allows it to read data) CD drives. Upon user authentication, the Barker Box will open (eject) the door to one of the empty and “gutted” CD drives within the stack. The user would use this vacant slot to “store” a CD – essentially a safe of sorts. Internally, the gutted CD drive would then verify that the CD with that identical barcoded serial number is, in fact, stored within. Again, only the non-business side of the CD is read. As with the aforementioned kiosk, the database would reflect the current status of that particular CD, which is… secured in the Barker Box. Moreover, this system would track when the CD was removed, by whom, for how long (threat), and how often (threat). The Barker Box takes CD accountability to the next level but there are many other benefits that will be included in my business plan should a developer or the Government decide to give it a green light. PHASE-III The third concept (Phase-III) of the Omar-Matic is referred to in the original patent application as the Omar-ized Network and Omar-ized CD Readers and Writers. I concede that my choice of naming conventions was a tad unfortunate. Consequently, I’m now calling this concept the “Spill-Resistant Network” and “Spill-Resistant Drives” which is more descriptive and way less cheesy. Anyway, the concept of this network is based on the principal that all the CD readers on the network will NOT mount any CD that’s not “appropriately” barcoded. This concept “forbids” any CD “known” to be classified at too high a level from ever being mounted in the first place. It’s important to understand that data spills are, as the name would imply, committed unintentionally - by humans. Moreover, spills cause damage and must be “cleaned up.” However, the really clever part of this concept is the use of the Bell-La Padula security model to setup the barcode Serial numbering scheme for all CDs used on the network. Essentially, on an Omar-ized network all unclassified CD serial numbers will start with the number one (#1). Confidential CDs will start with the number two (#2) and Secret CDs will start with the number three (#3) so on and so fourth. It is important to note that the specific serial coding scheme doesn’t really matter as long as it’s associated with a security classification level. For instance, you could even use letters (U, C, S, TS, SCI) in the serialization of the CDs. Omar-ized CD readers shall be setup to reflect the security classification of the network. If it’s a Secret network then all the readers are setup to disallow the mounting of any Top Secret or higher CD. Simply put, if the serial number begins with a four (Top Secret) or higher the CD can NOT be mounted on the drive (disallowed). This eliminates the inadvertent introduction of TS or higher data from contaminating (spillage) the Secret network. When you combine this with a strict “NO Thumb-drive policy” (like many IC agencies do anyway) you greatly reduce the chance of a data spill.
  • Similarly, the Omar-ized CD writers operate on the very same Bell-La Padula security model. Moreover, when combined with the aforementioned barcode serial numbering scheme, it actually prevents data from being written (burned) to incorrectly labeled CDs, which is a data spill waiting to happen. Of course, there are times when personnel in the IC must “migrate” data from a system of a higher classification down to a system of a lower classification. This is a process is fraught with risk and must only be done under tightly controlled processes by trained and competent personnel. Such a process usually involves what as known in the industry as an “air-gap” or “ sneakernet .” Like other subtle nuances associated with the Omar-Matic, my process to migrate system high data down to a system of a lower classification has also evolved. All these evolutions I recorded in my “inventor’s notebook”. On an Omar-ized network only “privileged users” would have the access to regular (non-Omar-ized) CD writers which would be the ONLY machine(s) that would allow High-low data transfer. However, I have since devised a process to facilitate this High-Low transfer and here’s how it works. Let’s assume the entire network is classified Secret and a user on that network has an unclassified Word file that they need to email to someone on the internet (unclassified). On the Omar-ized network there would be a webpage (SharePoint would work fine) where the user would upload the aforementioned file. Obviously, the user would then have to populate some typical data fields such as the urgency (priority) of the request. A “Ticket” is then automatically generated and someone from the pool of “privileged users” is notified. The privileged users should be trained and equipped (non-Omar-ized CD writers) to migrate the data from the Secret system down to an unclassified CD which is then “air-gapped” to an unclassified internet terminal. The privileged user would then email (on the internet) the word file to the general user who could then confidently forward it on to whomever they need to. 25 Assumptions: 1. The IC (or for that matter wider industry) uses removable media, for whatever reason, to transfer data from one system to another. 2. Removable media is used to fulfill a need to transfer data from one system to another. 3. Removable media isn’t going away anytime soon – or at least until “ cloud computing ” comes to fruition. Even then, would it be too risky for the IC? 4. Removable media is susceptible to being lost or stolen (risk) 5. A trusted insider ( Robert Hanssen ) would exploit unmonitored/uncontrolled removable media to get data off of a system and out of a secure facility. 6. When data is on a system it is “secure” up to the level of protection afforded (accredited) to that system but once the data is transferred to any removable media it is less secure. 7. Once a CD is “written to” (at least the ones we’ll be using) it is then “closed out” and can no longer be written to again (one-time shot) whereas thumb-drives written to repeatedly. 8. Removable media is temporary, and to that end, the assumption is that… it will (or should), eventually be destroyed - if not think Barker Box. 9. When someone obtains a blank CD, either from an Omar-Matic kiosk or their communal office supply cabinet, the intent is to (sooner or later) actually write data to it. Essentially, no one obtains a blank CD to use it as coaster for their coffee cup.
  • 10. If someone obtains a CD marked Secret they intend to write at least some Secret data to it. 11. IC system users know the importance of correctly marking/labeling any electronic media which contains National Security Information (EO 12958). 12. When using regular blank CDs (not the pre labeled blanks) system owners are relying on users to correctly label (SF 707 (1-87) etc.,) the media. Consequently, system owners must accept the risk that the media might be mislabeled or remain unlabeled due to human error. 13. If you discover any removable media marked classified (Secret, TS, etc.) one must “assume” that it has classified data on it and… you must take appropriate measures to “secure” that CD until its status can be confirmed. 14. A lost CD could actually cause more damage than a lost laptop. 15. If someone loses a laptop the assumption is that they’ll be “found out” however, if someone loses an unaccounted for CD they’d just burn another. CDs only cost about 32 cents each. 16. No on knows how many CDs are burned in the government and industry or if they are incorrectly disposed of. 17. If we build a working prototype and allow a Government customer to pilot such a contraption they’d love it! 18. Users would accept this concept since all the technology (barcode scanning, vending machines, ect.) is woven into our daily personal lives. Also, subconsciously, vending machines are associated with pleasure (ATMs, DVD rental, candy, soda, condoms) 19. The Omar-Matic will NOT completely prevent a highly motivated trusted insider from removing the media from the facility and copying it while in the parking lot and then quickly returning the CD to avoid detection. However, if you dovetail RF tagging between Phases II and III and… if you monitor the time between when it’s pulled from the Barker box to when it’s mounted onto an Omar-ized CD Reader (and vise versa) this “residual” risk can be mitigated too. 20. The Omar-Matic will NOT completely stop all data spills, lost media, thwart all trusted insiders or cure world hunger. However, it will improve CD stewardship and impose personal accountability of all CDs used on the network and make it harder for a trusted insider to steal. 21. The Omar-Matic places no additional administrative burden on end users only that they correctly store, transfer, and destroy all the CD’s they use - the logging of those three activities is recorded automatically. 22. Since the entire system is unclassified, full system management, i.e. trend analysis, chronological tripwires, inventory restocking, user out processing, etc., could in fact, be done remotely by a the vendor (which would be us) making the CSO completely unburdened by this new process (think entirely new service industry – a niche market perhaps?) 23. If the customer decides to go “whole-hog” on Phase-I we may want to engineer a transition period. This period could involve a “CD amnesty box” to capture orphaned, unlabeled, mislabeled, and unloved “mystery” CDs. This would also give the organization an opportunity to start from ground zero. Interestingly, close scrutiny of the amnesty CDs may further reveal the scope of a previously unrealized problem and further justify wider use of this product.
  • 24. The FBI will need more CD writers. On April 1, 2010 at an “FBI Employee Town Hall meeting” in front of a packed audience the FBI Director Robert S. Mueller, III stated, “ we will buy more CD writers ”. I know this because my Supervisor (Mike Simmons) and I were in that audience when the Director said it. 25. The Webster Commission actually meant what they said on page 78 of their report “…The FBI should study the feasibility of bar coding particularly sensitive classified material, such as asset files, to facilitate control and tracking .” Essentially, most cyber-security warriors are focused on DMZs, IDS’, firewalls and all that geeky stuff. I concede that stewardship of removable media isn’t sexy but should be viewed as fundamental to a robust and holistic cyber-security solution. Simply put, what good are all the router patches, port scans, and red teaming if Robert Hanssen can waltz out the front door with a wallet full of CDs? Stewardship & accountability matters and I believe that this will separate a potential developer/cyber-security company from the rest of the pack. This innovative approach to removable media stewardship can showcase our deeper appreciation of cyber-security challenges. Omar J. Fakhri (Inventor) 727-505-4701 [email_address]
  • Pulling it all together The NSA approved SEM Model 1200 CD-ROM Declassifer about $5K https://www.semshred.com/contentmgr/showdetails.php/id/54 Barcode reading equipment. Symbol MK1100 Self-Service Micro Kiosk Item No.: MK1100 List price: $1,305.00 http://www.scanonline.com/mk1100.html There’s tons of vending machine makers who make to order http://www.seagamfg.com/custom.html http://www.teleasy.com/quikflikweb1.asp Prototype Productions, Inc. http://www.protoprod.com/ HID is the access badge system currently in use by the FBI http://www.proximitycards.com/ http://www.geindustrial.com/ge-interlogix/products/access/HID.html The supplier of Govt. CD’s who’d have to put the barcode serial number on the CD’s http://www.at-ease-inc.com/atease.html
  • The Webster Report “ Much of Robert Hanssen’s espionage involved compromising FBI document security by photocopying or downloading classified material and carrying it out of Bureau facilities . Thefts by a trusted employee entitled to read most of what he stole are difficult to prevent, short of invasive searches.” (Page 73) “ It is impossible to determine the number of classified documents the FBI receives, generates, and handles each year because production and copying of Secret documents are not regulated .” (Page 74) “ The FBI imposes no physical controls on disseminating and copying most categories of classified material within FBI space” (Page 76) “ FBI manuals should establish a time limit for maintaining working copies of classified documents so that managers can better monitor retention of copies ... The FBI should study the feasibility of bar coding particularly sensitive classified material, such as asset files, to facilitate control and tracking .” (Page 78)
  • The Webster Report “ Much of Robert Hanssen’s espionage involved compromising FBI document security by photocopying or downloading classified material and carrying it out of Bureau facilities . Thefts by a trusted employee entitled to read most of what he stole are difficult to prevent, short of invasive searches.” (Page 73) “ It is impossible to determine the number of classified documents the FBI receives, generates, and handles each year because production and copying of Secret documents are not regulated .” (Page 74) “ The FBI imposes no physical controls on disseminating and copying most categories of classified material within FBI space” (Page 76) “ FBI manuals should establish a time limit for maintaining working copies of classified documents so that managers can better monitor retention of copies ... The FBI should study the feasibility of bar coding particularly sensitive classified material, such as asset files, to facilitate control and tracking .” (Page 78)