Posts

What to Do during the Federal Hiring Freeze

Published with Permission by:
Lint, James R., “What to Do during the Federal Hiring Freeze”, In Cyber Defense, 7 Feb. 2017, Web, http://incyberdefense.com/news/federal-hiring-freeze/

Commentary by James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Now that President Trump has instituted a 90-day federal hiring freeze, it’s time to study the government hiring situation and improve your application. It’s time to reassess your strategy for getting a federal job and to determine if you are serious about working for the federal government.

When the hiring freeze is lifted, it’s likely that new legislation will restrict managers to hiring just one person for every two vacancies in their office. This will increase the competition and make it more difficult to get hired for a federal job.

The Manager’s View of a Hiring Freeze

It’s smart to look at federal job vacancies from a hiring manager’s point of view. After the freeze ends, I know from personal experience (as a hiring manager during the freeze of 2012-13), that managers will be eager to hire. They need employees to fulfill their agency’s mission.

Until a vacancy is filled, current employees must share the work of the vacant position. Currently, it takes at least six months from the time a hiring process begins to actually bringing a new hire onboard.

When the new employee arrives and assumes his duties, the existing staff is better able to focus on their own jobs. Overall efficiency improves and work is completed in less time than during the freeze.

It is important to remember that the hiring freeze is only for 90 days. Specific exemptions permit some federal agencies to continue to hire during the freeze.

Exceptions to the Federal Hiring Freeze

Experienced federal professionals know that every rule and regulation has exceptions. Paragraph 3 of the January 31 Memorandum: Federal Civilian Hiring Freeze Guidance from the White House lists the following hiring exceptions:

3g. Federal civilian personnel hires are made by the Office of the Director of National Intelligence (ODNI) and the Central Intelligence Agency (CIA).

3h. Appointments made under the Pathways Internship and Presidential Management Fellows programs (this does not include the Recent Graduates program). Agencies should ensure that such hires understand the provisional nature of these appointments and that conversion [to full-time employment] is not guaranteed.

3i. Conversions in the ordinary course to the competitive service of current agency employees serving in positions with conversion authority, such as Veteran’s Recruitment Act (VRA) and Pathways programs.

3r. The head of any agency may exempt any positions that it deems necessary to: Meet national security (including foreign relations) responsibilities, or public safety responsibilities (including essential activities to the extent that they protect life and property).

Cybersecurity Field Fulfills Critical Needs and Has Many Exemptions

Many cybersecurity jobs are in intelligence organizations, so those jobs are considered essential to the protection of health and safety. (Think hospital records at military facilities and the Department of Veterans Affairs.) Similarly, cyber defense jobs support foreign affairs organizations and are deemed essential to meeting national security responsibilities.

Opportunities Exist in Cybersecurity Despite Hiring Freeze

Despite President Trump’s executive order, there are still opportunities available for cyber defenders. Cyber organizations are hiring employees fresh out of college as well as service veterans.

So don’t be discouraged; the future of the federal civil service is not as bleak as media sources describe. In fact, some job seekers might think it’s more difficult now to obtain a federal job, so there could be fewer applicants and thus less competition.

Be persistent. Keep focused on your career goals and your readiness to meet the challenges of the job you seek.

About the Author

 James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a book in 2017, “Secrets to Getting a Federal Government Job.

Giuliani Appointment Puts Administration Spotlight on Cybersecurity

Published with Permission by:
Lint, James R., “Giuliani Appointment Puts Administration Spotlight on Cybersecurity”, In Cyber Defense, 20 Jan. 2017, Web, http://incyberdefense.com/news/giuliani-appointment-cybersecurity/

By James R. Lint
Faculty Member, School of Business, American Military University
Contributor, In Homeland Security

Donald Trump announced last week that former NYC Mayor Rudy Giuliani will be advising the new administration on cybersecurity issues.

Giuliani will head an advisory group from the corporate world because of his “long and very successful government career in law enforcement, and his now sixteen years of work providing security solutions in the private sector,” according to a statement by the Trump transition website.

Trump will host “a series of meetings with senior corporate executives from companies which have faced or are facing challenges similar to those facing the government and public entities today, such as hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure,” the GreatAgain.gov website explains.

The goal is to improve the planning and implementation for increasing security of computer systems by drawing on the knowledge and input of corporate leaders. Cybersecurity has become a key issue for Trump, since U.S. intelligence agencies blamed Russia for recent hacking attacks during the U.S. presidential election campaign.

New Cybersecurity Initiative Using Several Avenues to Share Information

The Department of Homeland Security has several avenues to share information with public corporations. Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing directs DHS to engage “in continuous, collaborative, and inclusive coordination” with information sharing and analysis organizations (ISAOs) via the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC coordinates cybersecurity information sharing and analysis among the federal government and private-sector partners.

These organizations were created for each of the 16 critical infrastructure sectors. The information technology sector has many government and private sector participants. It appears this new initiative aims to get corporate executives to participate and solve cyber security problems.

What Will Giuliani’s Role Be?

Giuliani’s role in this new cybersecurity initiative is not clear. For example, what will his official position be and how will he interact with DHS? The DHS Office of Cybersecurity and Communications (CS&C) is part of the National Protection and Programs Directorate. Will Giuliani coordinate with the CS&C? Or will he plan for or give direction to the office?

The U.S. Computer Emergency Readiness Team (US-CERT) has broad knowledge of and experience with federal computer systems. The Defense Department is required to report an incident to US-CERT within 12 hours. Public-sector organizations can voluntarily report incidents to US-CERT.

Will Giuliani receive briefings from US-CERT? Will he have the reports filtered via CS&C?

The bottom line is that the new administration sees the value of and need for improved cybersecurity. It appears to be a growing business. It will also be an area for improved employment prospects.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”

New Medical Technology and Data Privacy

Published with Permission by:
Lint, James R., “New Medical Technology and Data Privacy”, In Cyber Defense, 18 Jan. 2017, Web, http://incyberdefense.com/news/new-medical-technology-data-privacy/

By James R. Lint
Faculty Member, School of Business, American Military University
Senior Editor for
In Cyber Defense

As we grow older, we should be thankful for the growth of medical technology. New devices on the market expand healthcare providers’ capability to treat patients. These new products range from insulin pumps and home safety equipment to blood pressure rings.

Airbags for Humans

At the CES show in 2017, ActiveProtective debuted an innovative belt with built-in airbags that deploy when the belt detects that the wearer is falling. The concept is similar to a car airbag by providing protection before impact and preventing injury. This airbag product is especially useful for hip replacement patients.

However, there might be data privacy issues with this product later. The company plans to increase the belt’s communication ability as time goes on. In the future, the belt may include the option to send information via email to doctors or other caregivers using a Wi-Fi/Bluetooth system or cellular phone.

Should Other Fall Devices Communicate Private Data?

All medical device users face the conundrum of deciding whether privacy or immediate treatment of an injury is more important. For instance, many fall monitoring devices on the market immediately communicate to other people when the wearer falls. Other monitoring devices, such as Life Alert, require the patient to press a button and call for help. Both types of monitoring devices are helpful, but again there are privacy concerns.

Often, a patient’s primary focus is on immediate treatment and health recovery. The patient would rather call an ambulance than worry about privacy invasions from patient data these devices might transmit.

While these monitoring devices may only send alert information regarding someone’s fall-related injuries, this information may not be encrypted. This lack of security becomes a worrisome issue if a thief is scanning radio waves or wardriving in order to find Wi-Fi networks.

With the alert message sent from someone’s home, a criminal may intercept the message and attempt a home invasion before first responders can arrive. Both versions of an alert compromised in transmission could invite someone to empty your home of valuables.

Cybersecurity Experts Are Critical for Solving Privacy Issues

It will be up to cyber defenders to think of these privacy issues and provide solutions. The problems are not easy. There needs to be a way to securely transmit private health information without the fear of a garbled message and without using encryption that renders an emergency message unreadable by the patient’s family or friends.

If radio transmissions are used to communicate health data, a device’s ability to transmit information could be limited due to the use of powerful encryption in hand-held radios. However, a patient in pain would be more interested in making contact with first responders than about risks to data security.

Inside a hospital, it’s easier to control data signals and encryption due to HIPAA regulations. However, people who are at home with chronic medical problems will need more careful monitoring. The criticality of quality medical information given to medical personnel will become an issue of data protection as the field of medical equipment continues to evolve.

Do Medical Devices Have Potential for Security Attacks?

After Vice President Dick Cheney received a pacemaker, he and the U.S. Secret Service worried about the potential for assassination via a hacked pacemaker. There have not been any reports of assassination by medical device…yet.

Security researchers have explored a few specific devices to improve multiple devices that communicate medical information.

New medical devices are being developed regularly. Over time, confidence in health monitoring technology will increase in importance. So with today’s advances in technology, it’s a better time to be a patient than ever before.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”

OPSEC Precautions For This Site

Source: http://news.nationalpost.com/arts/movies/jason-bourne-proves-why-computers-are-the-worst-thing-to-happen-to-the-spy-thriller-since-no-more-day-to-day-formalwear

Things to keep in mind when interacting with The Lint Center, particularly when leaving comments or uploading photos:

  1. Defense conditions are classified secret, while force protection conditions are unclassified.
  2. Vulnerability of oconus installations to sabotage or penetration is classified secret if U.S. Intelligence information is made.
  3. The identity of units planned for deployment is confidential until an official announcement of the deployment is made.
  4. General geographic location of units deployed ( I.E. City, Country or Area) is unclassified.
  5. Specific geographic location of units deployed is confidential.
  6. Details of allied military participation in operations are secret.

The Global reach of the World Wide Web requires special precautions to be taken when posting information. The following types of information will not be posted publicly on WarriorLodge.com and will be taken down immediately:

  • Information that is for official use only (FOUO). This type of information would pose an unacceptable risk to the US Military, especially in electronically aggregated form. While records containing FOUO information will normally be marked at the time of their creation, records that do not bare such markings shall be assumed to contain FOUO information.
  • Analysis and recommendations concerning lessons learned which would reveal sensitive military operations, exercises or vulnerabilities.
  • Reference to unclassified information that would reveal sensitive movements of military assets or the location of units, installations, or personnel where uncertainty regarding location is an element of a military plan or program.
  • Personal information including compilations of names or personnel assigned overseas, sensitive, or routinely deployable units.
  • Names, locations, and specific identifying information about family members of military and government employees.
  • Highly technical information that can be used or be adapted for use to design, engineer, product, manufacture, operate, repair, overhaul, or reproduce any military or space equipment or technology concerning such equipment.
  • Unclassified information pertaining to classified programs. The clearance review procedures for unclassified information pertaining to classified programs proposed for posting to a publicly accessible web sites must take into account the likelihoods of classification compilation.

So, let’s review…

  1. Don’t discuss current or future deployment destinations.
  2. Don’t discuss current or future operations or missions.
  3. Don’t discuss current or future dates and times of when service members will be in deployed, in-port or conducting exercises.
  4. Don’t discuss readiness issues and numbers.
  5. Don’t discuss specific training equipment.
  6. Don’t discuss people’s names and billets in conjunction with operations.
  7. Don’t speculate about current or future operations.
  8. Don’t spread rumors about current, future, or past operations or movements.
  9. Don’t assume the enemy is not trying to collect information on you; they are… right now.  Seriously.
  10. Be smart, use your head, and always think OPSEC when using email, phone, chat rooms and message boards.

dia

Operations Security: 1. A systematic, proven process by which a government, organization, or individual can identify, control, and protect generally unclassified information about an operation/activity and, thus, deny or mitigate an adversary’s/competitor’s ability to compromise or interrupt said operation/activity (NSC 1988). 2. OPSEC is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to (a) identify those actions that can be observed by adversary intelligence systems, (b) determine indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries, and select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation (DOD JP 1994; JCS 1997).

Operations Security process: An analytical process that involves five components: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures (NSC 1988).

Source: http://www.ioss.gov/glossary.html#o