dss newsletter june 12 - defense security service · defense security service, april 2017 our goal...

INDUSTRY WEBINAR

InApril2017,thirty-onerepresentativesfromclearedindustryparticipatedinthefirstinaseriesofDSSinTransitionandIndustrywebinars.ItwasapromisingstarttowhatweareconfidentwillbeaclosepartnershipforreceivingfeedbackonthedevelopmentofthenewDSSmethodologyandassessingtheeffectivenessofourcommunicationeffortstoindustry.Duringthewebinar,weoutlinedthehistoryoftheDSSinTransitioninitiative,detailedthecomponentsofthenewDSSmethodology,andpresentedanoverviewofthefindingsfromourintegratedprocessteams.

Movingahead,weplanonleveraging thecollectivebackground,experience,andexpertiseoftheparticipantsasan, “industryfocusgroup.”Inthisregard,wewillbelookingtothemtoprovide feedback,identifygaps,andvalidateapproachesaswedevelopthenew DSSmethodologyandramp-upourcommunicationefforts. ThenextDSSinTransitionandIndustry webinarisscheduledforJuly2017. Meanwhile,youcanviewtheApril2017 webinarbyclickingonthefollowing link: http://cdse.adobeconnect.com/p8xk8gnjsy9/.

TheworldisrapidlychangingandtheDefenseSecurityService(DSS)ischangingtoo.Wheretheagencyonceconcentratedonschedule-drivenNationalIndustrialSecurityProgramOperatingManual(NISPOM)compliance,DSSisnowmovingtoanintelligence-led,asset-focused,andthreat-drivenapproachtoindustrialsecurityoversight.

Through2017,DSS inpartnershipwithindustrywillbedeveloping,testing,andrefiningthisnewmethodologyforhelpingclearedfacilitiesbetterprotectnationalsecurityinformationandtechnology.ThenewmethodologywillallowDSStoworkmoreeffectivelywithclearedindustryandprogrammanagerstodesigntailoredsecurityprogramswiththeultimategoalofhelpingtoensurethatcontractedcapabilities,technologies,andservicesaredelivereduncompromised.

FROM THE CHANGEMANAGEMENT OFFICE

WelcometotheinauguraleditionoftheDSSinTransitionnewsletter.Recognizingthatthischangeisfargreaterthananytheorganizationhastackledinthepast,DSSestablishedtheChangeManagementOffice(CMO)inFebruary2017.ThisofficereportstoMr.JamesKren,DSSDeputyDirector,throughMr.KevinJones,DSSinTransitionChangeManagementOfficer/Director,CenterforDevelopment ofSecurityExcellence(CDSE),andhasoversightofthechangeactivitiesacrosstheagency.Theseactivitiesincludecoordinatingallof theactionsrequiredtodesign,test,andrefinethenewDSSmethodologyandimplementingourcomprehensivecommunicationsstrategy.

Inaddition,theCMOhastheresponsibilityfordevelopingacommonapproachforchangemanagementtouseacrosstheagency.ThisapproachwillbekeytobuildingorganizationalandindividualchangemanagementcapabilitiesandcompetenciesneededtosustaintheDSSinTransitioninitiativeovertheyears.TheCMOisalsoworkingonasix-month,one-year,andtwo-yearchangemanagementplantohelpguide,coordinate,andsupportallofourenterprise-widechangeinitiativesinDSS.

Lookingahead,theCMOwillberegularlyreachingouttoclearedindustrythroughaseriesofcoregroupmeetingsandfocusgroupwebinars.TheobjectiveistocontinuouslygatherinputonhowtotransformtheintentoftheDSSinTransitiontaglineof “PartneringwithIndustrytoProtectNationalSecurity”into aworkingreality.

CURRENT NEWSPRIORITIZATION FIELD TEST

InMay2017,eightFieldOfficesfromacrossthecountryparticipatedinathree-phaseexercisetotesttheprioritizationprocessforthenewmethodology.Inthefirstphase,theISRsineachFieldOfficeweretaskedtocollectdataonalloftheirassignedfacilities,completeanExcelworkbookonNIPRNet developedspecificallyfortheexercise,andthenscoreeachfacilitybeforereturningtheworkbookstoHeadquarters.

Inthesecondphase,Headquarters addedaprioritizationscoretothefield score,includedathreatmultiplier,and developedatotalscore.Thistotalscore wasreturnedtotheFieldOfficesvia SIPRNet whereinthethirdphasethe ISRsweregiventheopportunityto eitheracceptoroverridethescores. Thefindingsofthisexercisearecurrently beingcompiledandtheresultswillbe briefedtoDirectorDan Payne inJune.

ISSUE1ISSUE1VOL1

SUMMER2017

V1V2

V3V4

C1C2

C3C4

PointsofContactMetho

ds

NISPOM+

TVIReviewV1:V2:V3:V4:

C1:C2:C3:C4:

Also:F{TVI}AssessmentsTechnologyTrendsReportOnTheGroundUnderstanding

Also:DSSDirectorStrategicGuidancePastSVAsBusinessAnalysis

MajorInput:PrioritizedTechnologies/NIPFPriorities/All-Source Commerce

Study

NewEntrantorChangedConditions

“ShoeLeather”(ISR/ISSP)

PlanforAllocatingResources

Continuouslywalkthrough12x13matrixtotailorassessmentatfacility

12x13Matrix

CollaborativelydevelopedwithDSS,Facility,andPMstodefinecountermeasures

TVIAnalysisandReviewisjointlydevelopedwithfacilitysecurity,and

involvesPMasneeded

Ø ValidateCountermeasureImplementation&ValueØ AssessEffectivenessØ UseMOEsforContinuousImprovement

*FCBtoSustainAssetList

Improveopportunityto

identifythreatorvulnerability

DataGeneratedFeedsFuturePrioritization

Asset

TheNewMethodologyisafluidanddynamicmodelconsistingoffourcomponentsthatwillcontinuetoevolve.ThePrioritizationComponentprioritizesassetsandfacilitiesbasedonnationalintelligenceinformation.Thekeytothiscomponentisthatit’sdesignedtobefield-drivenandnotheadquarterscentric.Ourplanistoempowerourfieldforcetomakeinformeddecisionsonprioritiesintheirportfolios.

TheAssetIdentificationComponentfurtherdefinesprioritizedassets.Assetscanbeunderstoodasitemsofvaluerelatedtoaprogramorclassifiedcontract,thelossorcompromiseofwhichwouldadverselyaffectnationalsecurity.Wecurrentlyareintheprocessofdevelopingbothlong-termandnear-termapproachesfordefiningprioritizedassets.Weplantolearnaswego,makecontinuousimprovements,andapplythesameapproachtodevelopingtheothercomponentsinthenewmethodology.

THE OVERALL APPROACHTheThreat,Vulnerability,Impact(TVI)AnalysisandReviewComponentanalyzesandconsidersthreatstoassets,identifiesvulnerabilitiestothoseassets,andcapturesNISPOMcompliancerequirements.WewillusetheTechnologyTrendsForecast,ThreatAlerts,andrelatedsourcestohelpidentifythesethreats,usingamatrixtohelpdeterminevulnerabilities.The Tailored Security Program (TSP) Component provides a template and necessary guidance to industry for initially developing a baseline for the TSP. Our expectation is that the baseline will closely resemble an enhanced Standard Practice Procedure (SPP) and form the foundation for the TSP. Once TSPs have been developed and implemented by industry, DSS will evaluate, validate, and continuously review them.Thefourcomponentstakentogetherwillformacontinuousloopwiththeresultsfromallcomponentsfeedingbackintotheoverallprocess.

Didyouknow?...thatover75%ofallchangemanagementeffortsfail?Oneofthemostcommonreasonswhyisthatpeopleareinherentlyresistanttochange.Thiscanmanifestitselfinmanyways.Forexample,peopleresistingchangeoftenmakestatementslike,“we'vealwaysdoneitthisway,sowhyshouldwechange?”or “wearealreadykindofdoingthingsthisway,sowewon'tchangemuch.”

DSSinTransitionisanenterprise-widechangeinitiative.Itwillfacethesametypeofresistance.Don’tletithappen.Participateinmakingthischangeareality.EveryoneinDSShastheopportunitytolearnabout,engagein,andprovidefeedbackonDSSinTransition.Bygettinginvolved,youcanhelpDSSnotonlybeattheodds,butalsoshapethefutureofindustrialsecurityoversight.

ChangeManagementFacts

IMPLEMENTATIONOver the last several months, DSS developed and implemented Integrated Process Teams (ITPs) that have been engaged indeveloping and testing each specific component of the new methodology. The Prioritization IPT’s efforts culminated in May2017 with an exercise involving eight DSS field offices to pilot and refine the processes and tools required to prioritize assetsand cleared contractor facilities. Additionally, the Asset and TVI Analysis and Review IPTs have developed draft concepts ofoperation that have been delivered to DSS leadership for review and the TSP IPT is just now beginning its work. Eventually,each component of the new methodology will be integrated into one comprehensive concept of operations, tested, andrefined before it is provided to the field for implementation.

HOW WE’RE MOVING FORWARD

PARTNERING WITH INDUSTRYIn April 2017, DSS launched an ongoing series of meetings with a core group of 18-volunteer representativesfrom cleared industry. The purpose of these meetings is to update cleared industry on the findings of theIPTs and to solicit their perspectives, ideas, and comments on the new DSS methodology. Thus far, DSS hashosted at CDSE two in-person meetings as well as a number of teleconferences to answer questions, discussissues, and solicit input on the way ahead.

In addition, DSS also has assembled an additional 40+ volunteers from cleared industry as a focus group toprovide ongoing input on the effectiveness of our communication efforts. As we ramp-up our communicationactivities, we will be looking to them to learn how we can improve both our message and delivery.

• This is an enterprise-wide initiative:It is how DSS will be doing businessin the future and will influence andinform everything the Agency does

• We are learning by doing: As wedesign, test, and validate the newmethodology, it will continue toevolve

• There is no turning back: DSS iscommitted to moving to anintelligence-led, asset-focused, andthreat-driven approach to industrialsecurity oversight

• Partnering with industry: As thenew methodology is developed,cleared industry will providefeedback, participate in exercises,and support the refinement of theprocess

• This change benefits everyone: Itwill enable those involved inindustrial security to become moreefficient, effective, and successful intheir roles

DSS IN TRANSITION –FIVE BASIC PRINCIPLES

VISITUSONTHEWEBDSSEMPLOYEES– VISITUSONSHAREPOINT

http://www.dss.milhttp://dssinside.dss.mil/transition

InformationSheet• ProvidesabroadrangeoftalkingpointsonDiT andthenewDSSmethodologyforuseinternallyandexternally

FAQs• AnswerscommonlyaskedquestionsaboutDiT,thenewmethodology,andtransitiontimeline

QuickReferenceGuide• FeatureskeymessagesonDiT andthenewDSSmethodologyina4”x6” laminatedcard

Tri-FoldCard• Definestheneed,goal,andapproachforDiT inabusinesscardsizetri-fold

AccessArticles• OffersacollectionofarticlesonDiT publishedintheDSSmagazine

Webinars• DeliversDiT updates,discussions,andanswerstoquestionsvialivewebinarsessionsthathavebeenrecorded

Infographics• DisplaysDiT keymessagesinaonepagepicture(seefollowingpageforanexample)

GeneralBriefing• Suppliesslidesandtalkingpointsforgeneralaudiences

BriefingforSeniorLeadership• HighlightsDiT purpose,approach,andexpectedoutcomesina

DiT COMMUNICATION PRODUCTS

customizedsetofslidesandtalkingpointsforseniorlevelaudiences

PleasecontacttheDSSChangeManagementOfficeforcustomizedcommunicationproducts

Defense Security Service,  April 2017

Our goal is to help ensure contracted capabilities, technologies, and services are delivered uncompromised

Partnering with Industry to Protect National Security

The Defense Security Service (DSS) is changing its approach to industrial security oversight 

DSS is moving from a focus on schedule‐driven compliance to an intelligence‐led, asset‐focused, and threat‐drivenapproach to industrial security oversight

The New Methodology is a fluid and dynamic model that will continue to evolve

It consists of four primary components:• Asset Prioritization• Asset Identification• Threat, Vulnerability, and Impact Analysis• Tailored Security Programs

Cleared industry is partnering with DSS on the New Methodology to: 

• Support the design and development of the components• Participate in practical exercises to validate processes• Analyze and challenge approaches and assumptions• Provide feedback on communication strategies, methods, and messages