Transcript Topic 4 Sensors

Topic 6 Security
Enabling Objectives
6.1 DISCUSS the origin of Communication Security and Operational Security.
6.2 DEFINE COMSEC, DoD COMSEC Policy, and OPSEC.
6.3 DESCRIBE COMSEC equipment, material and administrative procedures.
6.4 DEFINE Physical, Transmission and Emission security.
6.5 DESCRIBE the OPSEC process.
6.6 DISCUSS Classification Guidance.
6.7 DEFINE Original Classification Authority.
6.8 DESCRIBE the limitations on classification and classification markings.
6.9 DESCRIBE the duties and responsibilities of SSO Navy
6.10 IDENTIFY terminology associated with the Special Security Officer duties and responsibilities
6.11 DESCRIBE the purpose of Joint Personnel Accountability System (JPAS)
What is COMSEC?
Communications Security (COMSEC)
The protection resulting from all measures designed to deny
unauthorized persons information of value that might be derived
from the possession and study of telecommunications, or to mislead
unauthorized persons in their interpretation of the result of such
possession and study. COMSEC includes:
-Crypto security - technically sound cryptosystems and their proper use
-Emission security (EMSEC) - intercept and analysis of compromising emanations
-Physical security - all physical measures necessary to safeguard classified equipment,
material, and documents
-Traffic-flow security - conceal the presence and properties of valid messages on a
network
-Transmission security (TRANSEC) - protect transmissions from interception and
exploitation by means other than cryptoanalysis (e.g. frequency hopping and spread
spectrum).
COMSEC Equipment
KIV-7
KG-84A
KG-40
KG-175
KG-194
Vintage COMSEC Equipment
German Lorenz cipher machine used during WWII for the
The Enigma machine implemented
encryption of high-level general staff messages.
a complex electro-mechanical
polyalphabetic cipher to protect sensitive
communications.
Parts of COMSEC Material
• Classifications
–
–
–
–
Top Secret (TS)
Secret (S)
Confidential (C)
Unclassified (U)
• Short Title
– Ex. USKAC D 166 MOD 1 BC 18
Administrative Procedures
• Custody
• Page Check Requirements
• Watch-to-Watch inventory
Physical Security
• Need to Know
• CO promulgated
access list
• Visitor’s Register (aka
Visitor’s Log)
COMSEC Insecurities
• Practices Dangerous to Security (PDS)
– Reportable
– Non-Reportable
Transmission Security
• Imitative Communications Deception
– ACP 122
• EEFI
• GINGERBREAD
• BEADWINDOW
Emission Security
• Emission Control
– EMCON Bill
DoD COMSEC Policy
• Xmission of DoD information shall be protected through COMSEC measures
• COMSEC materials developed, acquired, operated, maintained and disposed of
through approved methods
• Ensure operational availability of commonly used COMSEC equipment during
crisis or contingencies
• COMSEC equipment shall be compatible with DoD approved key management
systems
• Account for controlled and classified cryptographic items
• COMSEC users and technicians properly trained
Note: Policy documents can be found on NIPRNET at http://www.cnss.gov;
SIPRNET at http://www.iad.nsa.smil.mil/resources/library/cnss_section/index.cfm
Origin of OPSEC
"Even minutiae should have a place
in our collection, for things of a
seemingly trifling nature, when
enjoined with others of a more
serious cast, may lead to valuable
conclusion."
-George Washington, known OPSEC
practitioner
A key action during the OPSEC process is to analyze potential vulnerabilities to forces.
It requires identifying any OPSEC indicators that could reveal critical information about
the operation, such as, increased troop movement.
“Little minds try to defend everything at once, but sensible
people look at the main point only; they parry the worst
blows and stand a little hurt if thereby they avoid a greater
one. If you try to hold everything, you hold nothing”
Frederick the Great
Instructions to his generals, 1747
Original Classification Authority
• Designated by SECNAV or delegated authority
• SECNAV personally designates TOP SECRET OCAs
• SECNAV authorizes the CNO to designate SECRET OCAs
• OCA is not transferable
• OCA designated by virtue of their position
• Properly trained
• Duration of classification limited to 25 years
Limitations on Classification
Classifiers shall not use classification to:
• Conceal violations of law, inefficiency or administrative error
• Prevent embarrassment to a person, organization or agency
• Restrain competition
• Prevent or delay the release of information that does not
require protection
• Classify, or use as a basis for classification, references to
classified documents, when the reference citation does not disclose
classified information
This page is UNCLASSIFIED but marked SECRET for training purposes only
Electronic Media Markings
Duties and Responsibilities
•
•
Secretary of the Navy
Director of Naval Intelligence
(CNO(N2))
•The Director,
Security and
Corporate Services
(ONI-05 )
•SSO NAVY
Duties and Responsibilities
•
Command Special
Security Officer
(SSO)
–
–
–
SSO will be afforded
direct access to the
commanding officer
Appointed in writing
U.S. citizen and either
a commissioned
officer or a civilian
employee GS-9 or
above
Terminology
•
•
•
•
•
•
•
Personnel Security
Investigation
National Agency Check
National Agency Check
with Local Agency and
Credit Checks
Single Scope Background
Investigation
Reinvestigation
SSBI-PR
Entrance National Agency
Check
Terminology (cont)
•
•
•
•
•
•
Electronic Questionnaires for Investigations
Processing
Electronic Personnel Security Questionnaire
Standard Form (SF) 86, Questionnaire for
National Security Positions
Department of the Navy Central
Adjudication Facility
Defense Security Service
Original Classification Authority
Joint Personnel
Accountability System
• The Joint Personnel Adjudication System
(JPAS) is a DoD system that uses
NIPRNET to connect all DoD security
personnel around the world with their
Central Adjudication Facility (CAF).
• The JPAS web site runs on a secured
port with secured socket layer (SSL) 128bit encryption.
Joint Personnel
Accountability System (cont)
• JAMS & JCAVS = JPAS
– The Joint Adjudication Management System
(JAMS) provides the CAFs a single, integrated
information system to assist the adjudication
process through "virtual consolidation" and
vastly improve dissemination of timely and
accurate personnel security information to the
warfighters and planners. It is a system
designed for the adjudicative community by
adjudicators.
Joint Personnel
Accountability System (cont)
• The Joint Clearance and Access Verification
System (JCAVS) provides DoD security
personnel the ability to instantaneously
update other JCAVS users with pertinent
personnel security clearance and access
information in order to ensure the
reciprocal acceptance of clearances
throughout DoD.
• It is a system designed for security
managers and security officers as
representatives of that community.
Joint Personnel
Accountability System (cont)
User can view anyone’s
summary with SSN,
including one’s own
Joint Personnel
Accountability System (cont)
Joint Personnel
Accountability System (cont)
(AF only)
References
a) SECNAV M-5510.30, Department of the Navy
(DON) Personal Security Program (PSP) Manual
(June 2006)
b) SECNAV M-5510.36 Department of the Navy
Information Security Program (June 2006)
Foreign Security Markings Information Sheet
Pages 6-35 thru 6-37