Transcript TYPES OF UNCLASSIFIED CONTROLLED INFORMATION AND

Portsmouth/Paducah Project Office
2012 Annual Security Refresher
Lexington Office
Portsmouth Site
Paducah Site
1
Welcome
Portsmouth/Paducah Project Office
Welcome to the Portsmouth Paducah Project Office Annual Security Refresher for 2012.
2
PPPO Mission
Portsmouth/Paducah Project Office
The mission of the U. S. Department of Energy (DOE) Portsmouth/Paducah Project Office (PPPO) is
to provide management oversight and support to ongoing Environmental Management (EM)
Operations at the DOE Portsmouth, Ohio, and Paducah, Kentucky sites. To facilitate this mission,
the PPPO manager and key management functions are located in Lexington, Kentucky between the
Portsmouth and Paducah sites. PPPO serves as the EM line management for both Portsmouth and
Paducah. The PPPO Site Security Plan facilitates management of security assets for the PPPO
operations at the Lexington Office. Site-specific Security Plans for Paducah, Kentucky and
Portsmouth, Ohio are developed/implemented by the Infrastructure Contractor for Paducah and
the Facility Support Services Contractor for Portsmouth and are designated as the site Officially
Designated Security Authority (ODSA) for each site. Every DOE or Contractor organization must
appoint a Facility Security Officer (FSO) to serve as a security point of contact (POC). The FSO is
responsible for administering the requirements of the Safeguards and Security Program within his
or her facility in accordance with DOE requirements and the Site Security Plan.
 Contract DE-AC30-10CC40021 identifies Swift & Staley Security as the ODSA for Paducah
 Contract DE-CI0000004 identifies Wastren-EnergX Mission Support (WEMS) as the ODSA for
Portsmouth
Your ODSA or FSO POC telephone numbers are listed in site POC listing at the end of this briefing.
3
Course Objectives
Portsmouth/Paducah Project Office
This briefing is intended for all cleared and uncleared DOE employees, contractors, and
subcontractors at the Portsmouth Site, Paducah Site, and Lexington Office. The objectives of the
2012 Annual Security Refresher are to:



Remind individuals of their safeguards and security responsibilities
Promote continuing awareness of required security practices
Help individuals maintain an appreciation for the need to protect our country’s national
security interests
Guidance for this briefing is in accordance with U.S. Department of Energy (DOE) Order 470.4B,
Section 3, “Safeguards and Security Awareness” and DOE/PPPO implementing instructions. Final
approval for briefing contents is given by the DOE/Oak Ridge Office, Officially Designated Federal
Security Authority (ODFSA).



Individuals who possess DOE access authorizations (security clearances) shall receive refresher
briefings to reinforce and update awareness of safeguards and security policies and their
responsibilities
Mandatory every 12 months
Failure to complete the annual security refresher may result in administrative actions
determined by the ODFSA to include suspension of access authorization
4
About the Briefing
Portsmouth/Paducah Project Office
The Annual Security Refresher is composed of the following topical areas. At the end of the
briefing there will be a test from the content covered in these areas:

















Access Control
PPPO Recognized Badges
Badge Responsibilities
Prohibited and Controlled Articles
Reporting Requirements for Cleared Individuals
Incidents of Security Concern (IOSC)
Classified Matter/Information
Need-to-know
Unauthorized Disclosure
Penalties
Unclassified Controlled Information (UCI)
Nuclear Material Control & Accountability
Technical Surveillance Countermeasures, Operations Security and Cyber Security
Hosting Foreign National Visits and Assignments and Foreign Travel
Counterintelligence
Escort Responsibilities
Safeguards and Security Program
5
Access Control
Portsmouth/Paducah Project Office
The Portsmouth, Paducah & Lexington sites maintain General Access Areas (GAA), Property Protection
Areas (PPA), and Limited Areas (LA) to protect DOE assets. Access to PPA and LA security areas require
approval in accordance with DOE Directives and site ODSA procedures.
GAAs are designated areas that are accessible to all personnel, including the public.
PPAs are designed to protect DOE assets and personnel, and are accessible to authorized personnel only.
There are no classified holdings within this security area.
LAs are designed to protect classified matter and Category III quantities of Special Nuclear Material (SNM).
Individuals without an access authorization are not permitted within this security area unless they are
escorted and have a need-to-know.
Access into security areas must be controlled in conjunction with a DOE Security Badge or Local Site
Specific Only badge:


Protective Force or authorized personnel performing visual inspection of a badge
Automated access controls (e.g. card readers) reading an HSPD-12 badge
6
PPPO Recognized Badges
Portsmouth/Paducah Project Office
These badges are generally recognized by PPPO sites:
HSPD 12 Credential or
DOE Security Badge
DOE Standard Badge for
“Q” access authorization
DOE Standard Badge for
“L” access authorization
DOE PIV (no access
authorization)
DOE Foreign National (no
access authorization)
Site specific badges may be issued
to address a variety of unique local
badging requirements including
local site specific badge,
temporary visitor badge, and
foreign national badge, etc. Site
specific badges are not HSPD-12
compliant.
Lexington site specific
Paducah site specific
Portsmouth site specific
7
Badge Responsibilities
Portsmouth/Paducah Project Office
Your badge must be replaced or reissued if:
 Your name changes or your physical appearance changes
 Your badge is faded or damaged
 Your clearance level changes
Badge cautions:
 It is illegal to counterfeit, alter, copy, or misuse your badge
 DO NOT use your badge for purposes other than official government business
 DO NOT wear the badge in public places
 Report the loss or theft of your badge immediately to your ODSA
Other badge reminders:
 The badge is to be prominently displayed (outermost garment, above the waist, and below
the neck) at all times while on site (to include Lexington) unless prohibited by health or
safety considerations
 Protect your badge from theft when you are off site
 Your badge is the property of DOE and must be returned to the ODSA if it has expired, is no
longer required, or upon termination of employment
8
HSPD-12 Badges
Portsmouth/Paducah Project Office
During the remainder of 2012 and 2013, all employees will be issued an HSPD-12 badge, as per
Homeland Security Presidential Directive (HSPD) 12 and Environmental Management
Memorandum dated October 10th, 2012 titled “Office of Environmental Management Policy for
Homeland Security Presidential Directive 12 Implementation”:
This badge will be used for:


Physical access to all facilities within the PPPO (PPAs and LAs)
Logical access to unclassified information systems that support PPPO mission objectives
Your HSPD-12 badge will be of increased importance as time goes on. It will eventually be used for
activities such as email encryption and verification of your security clearance (if applicable). Ensure you
protect your badge and associated PIN as you would protect what it replaces – an authentication token
and/or your password.
9
Prohibited Articles
Portsmouth/Paducah Project Office
The following articles are prohibited on DOE property:




Dangerous weapons and explosives
(instruments or materials likely to cause
substantial injury to people or damage
property)
Unauthorized firearms
Controlled substances such as illegal drugs and
associated paraphernalia (but not prescription
medicine)
All items that are prohibited by law
Personnel should contact their employer to ascertain if the company has levied any further
restrictions (on local policies or procedures).
Note: Registration with the Kentucky Wildlife Management Office is required before hunting/field
trials in the surrounding Wildlife Management Areas at Paducah.
10
Controlled Articles
Portsmouth/Paducah Project Office
You must have ODSA authorization (Portsmouth and Paducah) or Lexington Information Technology
(IT) authorization prior to introducing the following controlled articles in a Limited Area:










Personal Data Assistants (PDA)
Laptop or palmtop computers
Smart phone devices
Two-way pagers
Cell phones
Cameras of all kinds
Recording equipment
Digital audio players
Thumb and Portable Hard drives and most
gaming devices (check with security)
Alcoholic beverages
Note: Authorization is recognized by a property pass (Portsmouth) or controlled article permit (Paducah).
11
Reporting Requirements for Cleared Individuals
Portsmouth/Paducah Project Office
Having a DOE access authorization is a privilege not a right. In order to maintain an access
authorization, the following information must be reported within 2 days verbally to your site Personnel
Security Office followed within 3 days by written notification, unless otherwise instructed :












Arrests – Report all arrests, including charges that are dismissed
Criminal Charges - Report all criminal charges including felony, misdemeanor, public and petty offenses as defined in the statutes of any
state
Detention by Law Enforcement - Report any detention by federal, state or other law enforcement authority for violation of law. The only
exception to this reporting requirement is detention for a simple traffic stop
Traffic Violations - Report any traffic violations for which you receive a fine of $300 or more unless the traffic violation is alcohol or drug
related. Any traffic violation that is alcohol or drug related must be reported regardless of the amount
Ongoing Regular Contact with Foreign Nationals – Report employment, business & personal related associations with any foreign national
or employees/representatives of a foreign-owned interest
Hospitalization - Report hospitalization for treatment of mental illness or other mental condition; treatment for
alcohol or drug abuse; any condition that may cause a significant impairment in judgment or reliability
Bankruptcy - Report any personal or business-related bankruptcy
Wage Garnishment - Report all wage garnishments resulting from, but not limited to, divorce, delinquent debts or
child support
Change in marital status - Report marriage or cohabitation (spouse like relationship) within 45 days
Name Changes - Report all legal name changes within 45 days
Change in Citizenship - If you are a U.S. citizen who changes citizenship or acquires dual citizenship
Family Residence Change - An immediate family member assuming residence in a sensitive country
12
Incidents of Security Concern (IOSC)
Portsmouth/Paducah Project Office
An incident of security concern occurs any time there is a potential or actual compromise
of classified or Unclassified Controlled Information (UCI) or when a security directive is
violated. Incidents of security concern are actions, inactions, or events that have occurred
at a site that:





Pose threats to national security interests and/or critical DOE assets
Create potentially serious or dangerous security situations
Potentially endanger the health and safety of the workforce or public
Degrade the effectiveness of the safeguards and security program
Adversely impact the ability of organizations to protect DOE safeguards and security interests
Remember, if you observe, find, or have knowledge of, or information regarding an IOSC,
you must immediately report the incident to your respective IOSC POC and/or FSO or the
Plant Shift Superintendent in person or by secure means. If you discover a potential IOSC,
you must take reasonable and prudent steps to contain the incident, protect the scene, and
secure classified matter or UCI as appropriate.
Your ODSA or FSO POC telephone numbers are listed in site POC listing at the end of this briefing.
13
Metric of IOSC
Portsmouth/Paducah Project Office
The following incidents of security concern were the most common for the Portsmouth, Paducah,
and Lexington sites in 2012:
 Unauthorized electronic disclosure of Unclassified Controlled
Information
 Introducing controlled item into a LA (e.g. camera cell phone,
MP3, etc.)
 Circumvention of established procedures (e.g. property pass
violations)
 Vandalism of Government property
 Loss of escort controls
Total incidents for 2011
23
Total incidents for 2012
29
14
Classified Matter/Information
Portsmouth/Paducah Project Office
Classified matter/information is any combination of documents or materials that needs to be
protected in the interest of national security. Classification can be applied to:
 classified equipment, components, parts, tooling, gauges, liquids, powder, scrap, molds,
and packaging container inserts
 classified documents, electronic media, or communications
All classified matter/information is protected according to federal statutes and Presidential Executive
Orders. DOE is responsible, under the Atomic Energy Act of 1954, as amended, for classifying
information and material relating to atomic energy and its use in weapons and under Executive
Orders for other aspects of national security. The Atomic Energy Act of 1954 and Executive Order
13526 govern classification policy.
Classifying information establishes protective barriers that ensure that
classified matter and information do not fall into unauthorized hands.
Through the process of classification, we protect important information
from adversaries, yet allow the same information to be used by scientists,
statesmen, military planners, and others with applicable access
authorization and who meet the need-to-know criterion.
Note: At Portsmouth, Paducah, and Lexington there are specific Limited Areas approved for
impromptu classified discussions. Please contact your ODSA or FSO for specific locations.
15
Levels of Classified Matter
Portsmouth/Paducah Project Office
Classified matter/information is designated by both a classification level and a category. The
classification level is based on how much our national security could be damaged if the information
were to be released to unauthorized person(s). There are three classification levels:

Top Secret (TS)-Unauthorized disclosure could
reasonably be expected to cause exceptionally
grave damage to national security.

Secret (S)-Unauthorized disclosure could
reasonably be expected to cause serious damage
to national security.

Confidential (C)-Unauthorized disclosure could
reasonably be expected to cause undue risk to
the common defense and security and be
expected to cause damage to national security.
TOP
SECRET
SECRET
CONFIDENTIAL
16
Categories of Classified Matter
Portsmouth/Paducah Project Office
There are three categories that describe classified matter :



Restricted Data (RD) is information that is related to
the design, manufacturing, and utilization of atomic
weapons; production of special nuclear material; or
use of special nuclear material in the production of
energy.
Formerly Restricted Data (FRD) is information that
pertains to the military utilization of atomic weapons
and has been removed by DOE from the Restricted
Data category.
National Security Information (NSI) is information that
requires protection in the interest of national defense
or foreign relations of the United States that is not
related to nuclear weapon design, manufacturing,
testing, or utilization. For example, a site security
vulnerability may be protected as NSI.
17
Access to Classified Matter
Portsmouth/Paducah Project Office
The following table illustrates the minimum clearance level required for access to each level and
category of classified matter:
Restricted Data
Formerly Restricted
Data
National Security
Information
Top Secret
Q
Q
Q
Secret
Q
L
L
Confidential
L
L
L
Access to classified matter requires an individual to have:
 Appropriate access authorization (or necessary security clearance)
 A need-to-know (which means access to classified matter is necessary to perform an official or
contractual duty)
Note: Access is not obtained or granted by position only.
18
Protection and Control Measures
Portsmouth/Paducah Project Office
Cover sheets must be used any time a classified document is removed from a special approved
General Services Administration container (sometimes referred to as a safe or repository), vault, or
vault-type room. The purpose of a classified cover sheet is to prevent unauthorized visual access,
serve as an immediate identifier that the attached document or material is classified, and identify
the classification level of the document.
Classified cover sheets are identified as follows:
For additional protection and control measures, including training/briefing requirements, contact
site Classified Matter Protection and Control (CMPC) point of contact. Portsmouth, Paducah, and
Lexington telephone numbers are listed in the POC listing at the end of this briefing.
19
Derivative Classifiers (DC)/Derivative Declassifiers (DD)
Portsmouth/Paducah Project Office
The following appointed positions are provided to coordinate classification activities:
 Derivative Classifiers (DC): An individual authorized to determine that matter is unclassified or
classified as restricted data, formerly restricted data, and/or national security information and
at what level based on classification guidance or source documents.
 Derivative Declassifiers (DD): An individual authorized to declassify or downgrade matter in
specific areas based on classification or declassification guidance or source documents.
When it is reasonable to expect that documents or materials contain classified information or
when regulations or other requirements apply, you are personally responsible to ensure the matter
is reviewed by an approved DC or the site Classification Officer.
Portsmouth, Paducah, and Lexington Classification Officer or Classification POC telephone numbers are listed in the
site POC listing at the end of this briefing.
20
Challenging Classification Decisions
Portsmouth/Paducah Project Office
Every employee is encouraged and expected to
challenge the classification of information,
documents, or material that he or she believes is
improperly classified. Challenges should be directed
to your site Classification Office or classification POC.
21
No Comment Policy
Portsmouth/Paducah Project Office
Sometimes classified information appears in the public domain (e.g. newspapers, websites,
speeches, etc.). If approached about the disclosed classified information do not comment on
accuracy, classification, or technical merit.
 Individuals are prohibited from commenting on classified information in the public
domain
 Avoid using the phrase “no comment” because its use may implicitly reveal classified
information
 Appearance in the public domain does not declassify the information
22
Your Responsibility
Portsmouth/Paducah Project Office
Each employee is responsible for having documents and material reviewed by a DC for
classified information prior to dissemination to uncleared individuals by physical or electronic
means.
Types of Documents to be reviewed include:






Information pertaining to Gaseous Diffusion Technology/Processes or Work for Others
Newly generated documents or material prepared in a potential classifiable subject area
Existing unmarked documents or material that an employee believes may contain
classified information
Existing documents or material that an employee believes may contain information
classified at a higher level or more restrictive category
Documents or material in a potential classified subject area intended for public release
(web page, Congress, press release) must be reviewed by the site Derivative Classifier
Newly generated documents that contain extracts from an existing classified document
(e.g. chapter or appendix) must be reviewed by a DC. If the extract is found to be
unclassified then an additional review by a Derivative Declassifier is required
23
Need-to-Know
Portsmouth/Paducah Project Office
If an individual needs to know information in order to perform an official or contractual duty,
they may have access to that information. Access to classified information requires the
appropriate DOE access authorization AND the need to know to perform an official duty.
Does that person
require this
information to do
their job?
24
Unauthorized Disclosure
Portsmouth/Paducah Project Office
Unauthorized disclosure is any communication or physical transfer of classified matter or
Unclassified Controlled Information (UCI) to an unauthorized recipient. Concerning
classified matter, unauthorized disclosure:
 Always occurs when the recipients do not have the appropriate access authorization
and the need-to-know
 Can occur when an individual intends to transfer or transmit classified matter
 Could potentially cause damage or irreparable injury to the United States, or could be
used to advantage by a foreign nation
25
Penalties
Portsmouth/Paducah Project Office
There can be potential penalties for mishandling classified information or other sensitive
information such as:





Termination of access authorization
Removal from any position of special confidence and trust requiring a clearance
Termination of employment
Prosecution
Monetary fines
26
Penalties
Portsmouth/Paducah Project Office
Civil penalties for contractor violations of classified information are issued in accordance
with Title 10, Code of Federal Regulations Part 824 (10 CFR Part 824). This CFR was
published by the Department of Energy (DOE) to implement Section 234B of the Atomic
Energy Act of 1954, 42 U.S.C. 2282B. Section 234B stipulates that a contractor or
subcontractor to the DOE who violates any rule, regulation, or order relating to the
safeguarding or security of Restricted Data, other classified information, or sensitive
information shall be subject to a civil penalty (fine) not to exceed $110,000 per
offense. In publishing 10 CFR Part 824, DOE has determined that civil penalties under Part
824 will only be assessed for violations of requirements for the protection of classified
information (Restricted Data, Formerly Restricted Data and National Security
Information). The rule does not include civil penalties relating to failure to protect
sensitive but unclassified information.
27
Unclassified Controlled Information (UCI)
Portsmouth/Paducah Project Office
UCI is broadly defined as information that may be exempt from public release either by statute, or
under the Freedom of Information Act and for which disclosure, loss, misuse, alteration or
destruction would adversely affect national security, government interests, or personal interests.
There are four basic types of UCI most addressed at the sites:
 Official Use Only (OUO)
 Personally Identifiable Information (PII)*
 Unclassified Controlled Nuclear Information (UCNI)
 Export Controlled Information (ECI)**
*PII is marked and protected as OUO, FOIA Exemption 6, Personal Privacy
** ECI is dual marked ECI and OUO, FOIA Exemption 3, Statutory Exemption
Note: An uncleared person may be granted access to Unclassified Controlled Information (UCI) if
that person has a need-to-know the specific information in the performance of official or contractual
duties.
28
Protecting UCI
Portsmouth/Paducah Project Office
UCI must be protected from unauthorized disclosure. Storing of UCI within a PPA or LA must be
locked in a room, file cabinet, desk, or bookcase (when internal building security is not provided).
When working with UCI from home or in transit, the above protection requirements are the same.
29
Transmission of UCI
Portsmouth/Paducah Project Office
The number one security incident at the sites is transmitting UCI by unsecured or inappropriate
methods. Follow the guidelines listed here when transmitting UCI:




Transmission by e-mail: UCI should be encrypted when electronically
transmitted outside the site’s network. Encryption should be accomplished
by using Entrust for e-mail. If Entrust is unavailable then password
protect(excluding UCNI which is not accredited on PPPO systems)
Transmission by Fax: When faxing UCI (excluding UCNI which must be sent
via a secure telephone facsimile), the sender must contact the recipient
prior to faxing the UCI document. The sender is responsible for making a
follow-up call to confirm that the entire UCI document was received
Transmission by Mail Off site: Place documents in a sealed opaque
envelope or wrapping, stamp or write the words “To Be Opened by
Addressee Only.” The document can be mailed First Class, Express, Certified
or Registered Mail or sent via any commercial carrier and must contain a
return address
Transmission by Mail On site: Place documents in a sealed, opaque
envelope or wrapping, stamp or write the words “To Be Opened by
Addressee Only”
Note: Personnel should contact their employer to ascertain if the company has levied any further
restrictions (on local policies or procedures).
30
Official Use Only (OUO)
Portsmouth/Paducah Project Office
To be identified as Official Use Only (OUO), information must be unclassified and meet both of the
following criteria:
 Has the potential to damage Governmental, commercial, or private interests if released to
persons who are not authorized
 Falls under one of the Freedom of Information Act (FOIA) exemptions
Note: Any Federal or contractor employee with cognizance over the information may make OUO
determinations for unclassified documents.
31
Making OUO Determinations
Portsmouth/Paducah Project Office
The determination of OUO is based off either:


Guidance
•
Approved by the HS-60
•
Issued by the HS-60, a program office, or DOE/NNSA
contractor
or
An individual evaluation (opinion)
•
Release could cause damage
•
Falls under a FOIA exemption
•
Guidance for Identification of Personal Privacy is
located DOE Order 206.1, Department of Energy
Privacy Program and The Privacy Act of 1974 (5 U.S.C.
552a)
CG-SS-4
32
OUO Determination Tree
BEGIN HERE
Potential
OUO
Portsmouth/Paducah Project Office
Yes
Is the information OUO by
classification guide topic,
CG-SS-4
Yes
Mark as
OUO
No
Not OUO
No
Not OUO
No
No
Could the release of this information
cause damage to
governmental, commercial, or
private interests
Not OUO
Yes
Does the information fall under a
FOIA exemption
Yes
Mark as
OUO
33
33
Exemptions
Portsmouth/Paducah Project Office
Once information is determined to be OUO, potential exemptions to the Freedom of Information Act
(FOIA) must be chosen. If no exemption is viable then the information cannot be OUO.
Information
is OUO
Yes
Choose a FOIA
exemption 3
through 9
No
No Marking or
Protection required.
This information will still
require a classification
review prior to releasing
to the public
Note: Exemption 2-Circumvention of Statute for OUO was deleted and should no longer be used. For
previous determinations of OUO where exemption 2 was used, the following exemptions may be applied,
exemption 7 (Law Enforcement), exemption 4 (Commercial Proprietary), and exemption 5 (Privileged
Information).
34
34
Exemption Numbers and Categories for OUO
Portsmouth/Paducah Project Office
3-Statutory Exemption
 CRADA Information
 Export Controlled Information
 Taxpayer Identification Numbers
4-Commercial/Proprietary
 Trade Secrets (e.g. Coca Cola Formula)
 Financial Data (e.g. income, profits, losses)
 Business Plans (e.g. contract proposals)
 Cost Data
 Government Credit Card Numbers
5-Privileged Information
 Recommendations (e.g. budget cuts)
 Evaluations
 Appraisal Results
 Drafts of New Policies
 Attorney-Client Exchanges
6-Personal Privacy
 Medical Condition/History
 Marital Status
 Personally Identifiable Information (e.g. Social
Security Number, birth date, place of birth)
 Unlisted Home Phone Number
7-Law Enforcement
 On-going Investigative Reports
 Reports which would Impair Impartial Adjudication
 Confidential Sources
 Security Plans (e.g. OPSEC Plan, TSCM Plan, etc.)
8-Financial Institutions
 Reports on the Financial Condition of a Bank
9-Wells
 Resource Maps
 Well Head Analysis
35
Marking OUO
Portsmouth/Paducah Project Office
The employee making the determination must
ensure that the front of each document must have
an exemption stamp designating the FOIA
exemption number and related category name.
Also the words “Official Use Only” (or “OUO” if
space is limited) are placed on the bottom of each
page or, if more convenient, on just those pages
containing OUO information.
Exemption Stamp
OUO Stamp
OFFICIAL USE ONLY
Sample of front page marking
36
Filling Out Exemption Stamp
Portsmouth/Paducah Project Office
Steps to filling out exemption stamp (or notice) based on classification/control guides:
 Fill in the exemption number and category
 Name and organization
 Date of determination
 Short name of guide, source, and date of guide
7, Law Enforcement
Jane Doe/WEMS
07/02/2004
CG-SS-4, DOE OC, June 2002
Example of front page or cover exemption marking – specific stamp design on
printed or electronic material may be slightly different at your site.
37
37
Filling Out Exemption Stamp
Portsmouth/Paducah Project Office
Steps to filling out exemption stamp (or notice) based on individual evaluation (opinion):
 Fill in the exemption number and category
 Name and organization
 Date of determination
 Enter “N/A” if guidance is not used
6, Personal Privacy
John Smith/WEMS
N/A
07/02/2004
Example of front page or cover exemption marking – specific stamp design on
printed or electronic material may be slightly different at your site.
38
38
E-Mailing OUO
Portsmouth/Paducah Project Office



If e-mail is OUO
• First line in the body of the e-mail must say
“Official Use Only” before text
If attachment is OUO
• The first line in the body of the e-mail
should say “Document attached contains
OUO information. When separated from
attachment, this e-mail is not OUO”
• Attachment must also be marked
appropriately
If transmitting outside of firewall
• PPPO federal and contractor employees are
encouraged to encrypt their e-mails prior to
transmittals (Entrust is the software that is
used for encryption)
• If Entrust is unavailable, then take other
measures to send securely such as
password protecting Word or PDF
documents
• Contractors must check site procedures
before using password protect option
39
Using Entrust to Encrypt E-Mails
Portsmouth/Paducah Project Office
Step 1: Login to Entrust
Select your user profile name
Type in password
Step 2: Encrypting e-mail
Select “Express” from Outlook tool bar
Select “Encrypt”
Step 3: Confirm encryption
Ensure that the Encrypt message is selected
Once confirmed, select “OK”
Depending on the version of Entrust used at your site, there may be
minor differences in the way the software looks and operates. Contact
your Information Technology or Cyber Security group with any
questions.
40
Personally Identifiable Information (PII)
Portsmouth/Paducah Project Office
Personally Identifiable Information (marked and protected as OUO, Exemption 6, Personal
Privacy) is defined as any information collected or maintained by the Department,
contractors or subcontractors, about an individual, including but not limited to, education,
financial transactions, medical history and criminal or employment history, and information
that can be used to distinguish or trace an individual's identity, such as his/her name, Social
Security number, date and place of birth, mother’s maiden name, biometric data, and
including any other personal information that is linked or linkable to a specific individual.
 Employees are required to prevent the unauthorized breach of PII
 Upon discovery of data breach involving PII, employees must immediately notify their
respective ODSA and/or FSO
Note: PII stored on laptops and removable media (CD ROMs, thumb drives) must be encrypted.
If PII is no longer required, it must be deleted. Requirements for identification of PII are located
in DOE O 206.1.
41
Export Controlled Information (ECI)
Portsmouth/Paducah Project Office
ECI includes many nuclear technologies restricted by Federal regulations from export to foreign
entities. ECI restrictions may be imposed by the U.S. Department of Energy, Department of
Commerce, or Department of State and even if the matter is not classified, it still must not be
exported to foreign entities without appropriate approvals.
PPPO operations involve ECI especially regarding gaseous diffusion and DUF6 conversion
technologies.
Prior to engaging in decontamination and
decommissioning (D&D) and disposal of scientific and
technical equipment, contact the ECI POC and/or
ODSA or FSO for review requirements prior to release
or disposal.
Requirements for identification, protection and
control of ECI are located in US DOE Guidelines for
Export Control and Nonproliferation dated July 1999.
Portsmouth, Paducah, and Lexington ECT POC telephone numbers are listed in the site POC listing at the end of this briefing.
42
What qualifies as ECI? (continued)
Portsmouth/Paducah Project Office
•
ECI includes commodities, technology, and software.
•
Commodities are tangible assets such as materials (e.g., metals, chemicals) and
equipment (e.g., industrial equipment, electronic equipment, nuclear test
equipment).
•
Technology is information necessary for the development, production, or use of a
product. This can include technical data or technical assistance in the form of
blueprints, diagrams, engineering designs and specifications, manuals and
instructions, and training.
•
Software includes commercial off the shelf (COTS) applications and applications
developed in-house that directly relate to the development, production, or use of a
product.
43
What is an export? (continued)
Portsmouth/Paducah Project Office
•
An export is the sending of export controlled items (e.g., information, technology,
material) outside of the United States in any manner (e.g., physical shipment,
email, website).
–
•
A deemed export is the release of technology or source code to a foreign national
within the United State in any manner (e.g., physical shipment, email, website).
–
•
An export occurs from within the United States to a foreign country.
A deemed export occurs completely within the United States.
A re-export occurs when an item controlled under United States export law is
shipped from a foreign country to another foreign country.
–
A re-export occurs completely outside of the United States.
44
Authorization to export? (continued)
Portsmouth/Paducah Project Office
•
10 CFR 810.7 and .8 allow for an authorization to export be granted as long as a
specific approval process is followed by the party who wishes to export the
commodity, technology, or software in question.
•
The authorization is a time-intensive and politically sensitive process which
requires concurrence from the Department of State, and consultation with the
Nuclear Regulatory Commission, Department of Commerce, and Department of
Defense.
•
An application for export authorization may be submitted through the Secretary of
Energy’s Office. Contact your ECI POC as far in advance as possible if an export,
deemed export, or re-export is required.
45
What are the penalties? (continued)
Portsmouth/Paducah Project Office
In the event of an illegal export:
•
Administrative or criminal penalties may be levied against a company or an
individual depending on the seriousness of the offense and whether the export
was willful or negligent.
•
Administrative penalties can result in up to ten (10) years in prison and fines of up
to $250k per offense, depending which agency has regulatory oversight of the
item(s) in question.
•
Criminal penalties can result in up to life in prison and fines of up to $1m per
offense, depending on which agency has regulatory oversight of the item(s) in
question.
•
Department of Commerce, Department of State, Department of Energy, and
Department of Treasury can all levy fines depending on the item(s) in question.
46
Unclassified Controlled Nuclear Information (UCNI)
Portsmouth/Paducah Project Office
UCNI is certain unclassified information about nuclear facilities and nuclear weapons that must be
controlled because its unauthorized release could have a significant adverse effect on the national
security or public health and safety. The Director, Office of Classification (OC), decides what specific
information is UCNI. UCNI Reviewing Officials use guidance to decide if documents contain UCNI.
Any document that may contain UCNI must be reviewed by an UCNI Reviewing Official to
determine if it contains UCNI.
The PPPO sites have existing UCNI specifically related to gaseous diffusion
technologies. Intentional or inappropriate release of UCNI information may
include civil or criminal penalties. Guidance for the UCNI program can be
referenced in:
 Section 148, Atomic Energy Act of 1954
 10 CFR Part 1017, Identification and Protection of Unclassified
Controlled Nuclear Information
 DOE O 471.1B, Identification and Protection of Unclassified Controlled
Nuclear Information
Note: PPPO information systems are not accredited for UCNI. Therefore, UCNI may not be
generated, processed, or stored on any PPPO information system components (e.g.,
workstations, laptops, flashdrives, CD/DVDs).
47
Handling, Storing, Copying, and Destroying of UCI
Portsmouth/Paducah Project Office






Handling UCI requires taking reasonable precautions to prevent unauthorized access (ensure the
need-to-know)
Storing of UCI within a PPA or LA must be locked in a room, file cabinet, desk, or bookcase (when
internal building security is not provided)
Storing of UCI at home or during transit must be under control at all times or in a locked room,
receptacle, or briefcase
Copying of UCI requires no permission; however, print only the minimum number of copies
needed, and mark and protect appropriately
Destroying of UCI is accomplished by using a shredder (¼ “ wide strip-cuts) or by other site
approved methods (e.g. shred bins)
Destruction of UCI outside of the workplace (e.g. home, travel) requires the above shredder
requirements (¼ “ wide strip-cuts). If not available, protect UCI until you return to the office
48
Nuclear Material Control & Accountability (NMC&A)
Portsmouth/Paducah Project Office
The purpose of NMC&A is to control and account for nuclear materials. NMC&A combined with physical security of
nuclear materials is the “Safeguards” of Safeguards and Security. Portsmouth and Paducah have a large inventory of
UF6 including low enriched, normal (.711%), and Depleted (<.710%) UF6. Additionally, the sites have uranium
compounds in the lab in the form of samples and some quantity of low enriched non-UF6 in the form of Process Gas
dust, trap material, oxides, contaminated scrap, etc.
In security terms, the
nuclear materials at
Graded Safeguards Table
Paducah are
considered Category
IV Attractiveness Level
E, which is the lowest
grade safeguard
category and
attractiveness level.
Most of the
Portsmouth inventory
is also Category IV, but
also has some
Category III
Attractiveness Level C
material. Access to
Category III Special
Nuclear Material
(SNM) requires an “L”
or “Q” access
authorization.
49
Technical Surveillance Countermeasures
Portsmouth/Paducah Project Office
TSCM is an electronic counterintelligence program designed to detect, deter, isolate and nullify
technical penetrations and technical security hazards. These technical penetrations and security
hazards are used to gain unauthorized access to classified information, unclassified controlled
information, or personal information and range from simple mechanical to sophisticated electronic
and fiber-optic techniques. The more common techniques include hidden audio and radio
frequency (RF) transmitting devices (microphones), telephone bugging equipment, and visual tools
such as binoculars, telescopes, mini cams and fiber optic cameras. The sale of these devices is not
restricted. They are readily available to anyone on the commercial market.




If you discover what you consider to be a technical surveillance device,
immediately cease all activity in the area as discreetly as possible
Do not voice the discovery within the immediate area, which includes the
suspect room and all other rooms that are above, below and adjacent to it
Secure the room and do not touch or remove the device
Immediately notify your TSCM POC via secure communications, outside of the
area where the suspected device has been found. During off-shift hours notify
the Plant Shift Superintendent’s Offices.
Note: Any action related to TSCM information or possible vulnerability should be safeguarded at the
highest level of classification approved for that area.
50
Operations Security (OPSEC)
Portsmouth/Paducah Project Office
OPSEC is a process focused on protecting critical and sensitive information by:
 Identifying threats and vulnerabilities which can be exploited by an adversary
 Identifying and assessing the risk
 Developing and implementing countermeasures
The principles of OPSEC are based on asking five questions:
 What information do you want to protect?
 Who wants your information?
 How is your information vulnerable?
 What is the risk for your information?
 How can you protect your information?
OPSEC: How can I do my part?
 Use strong passwords to access your government computers
 Destroy Unclassified Controlled Information (UCI) in an approved strip shredder
 Do not transmit sensitive information without following proper security procedures
 Do not discuss UCI or classified information in public
 Guard against phone calls seeking personal and sensitive information
 Use appropriate markings on UCI and classified correspondence
 Be aware of possible ways in which an adversary can collect information in an open environment (e.g. overheard conversations,
notes left in open vehicles, etc.)
 Be mindful of the information posted on social networking sites
 Utilize the OPSEC Working Group for assistance during the initial stages and throughout project planning
51
Cyber Security
Portsmouth/Paducah Project Office
The Information Technology (IT) Program establishes requirements for protecting DOE electronic
information and information systems in accordance with the Program Cyber Security Plan (PCSP).
These requirements include provisions for ensuring that the protection is commensurate with the risk
and damage that could result from the loss, misuse, disclosure or unauthorized modification of
information that is processed, stored or transmitted using DOE information systems.
Unclassified computer systems MUST NOT be used to process classified information. Always check
with a DC before initiating a document related to a classifiable subject area. Classified
information must be processed ONLY on accredited information systems in a designated security
area, such as a Limited Area. If you require access to a classified computer contact the site Cyber
Security POC or ODSA. UCI must be processed according to site level requirements. PPPO
systems are not approved for UCNI.
There are some basic principles to follow when using e-mail systems at work. Handle e-mails from
an unknown source cautiously. Ensure the sender is a reliable source before clicking on a link
embedded in the e-mail.
 Do not open or reply to suspicious e-mails
 Permanently delete from your inbox
 Notify Cyber Security POC if assistance is needed
52
Hosting Foreign National Visits and Assignments
Portsmouth/Paducah Project Office
DOE is a world leader in developing and advancing new technologies requiring international
scientific and technical collaboration with foreign nationals.
Hosting foreign nationals at DOE facilities and/or discussing DOE
information, technology, or programs off site requires multiple subject
matter expert reviews and approval by an authorized approval authority.
Hosting requirements are identified in DOE Order 142.3A Unclassified
Foreign National Visits and Assignments Program. Visit requests should be
submitted to the site ODSA or Lexington FSO 90 days in advance.
Providing any DOE program information to a foreign national, on site or off
site, must be preceded by a security plan unless the information is available
to the public at large.
If planning to host foreign nationals in support of DOE business operations,
on site or off site, your site Foreign National Visits POC can provide detailed
documentation and approval guidance which includes the required Host
Training provided from the Office of Counterintelligence.
Portsmouth, Paducah, and Lexington Hosting Foreign Nationals POC telephone numbers are listed in the site POC listing at
the end of this briefing.
53
Foreign Travel
Portsmouth/Paducah Project Office
Notify the foreign travel point of contact prior to travelling to a sensitive country



The listing for sensitive countries is maintained at the site ODSA and is
available upon request
If the country is sensitive, a pre-travel briefing must be provided by
DOE Counterintelligence
All official travel must be reported even if travel is to a non-sensitive
country
Portsmouth, Paducah, and Lexington Foreign Travel POC telephone numbers are listed in the site POC listing at the end of
this briefing.
54
Counterintelligence (CI)
Portsmouth/Paducah Project Office
Counterintelligence is information gathered and activities conducted to protect against
espionage, other intelligence activities, sabotage, or assassinations conducted for, or on
behalf of foreign powers, organizations or persons, or international terrorist activities, but
not including personnel, physical, document, or communications security programs.
Executive Order 12333, December 4, 1981, "United States Intelligence Activities”
PPPO Counterintelligence activities are supported by the DOE
Office of Intelligence and Counterintelligence, Oak Ridge Field
Office (ORFO).
All questions on this topic should be directed to:
Portsmouth: Mark Allen at (270)441-6842 or (859)219-4060, or
Dale King at (740)897-3677
Paducah/Lexington: Mark Allen at (270)441-6842 or (859)2194060
Note: ORFO CI Organization can be contacted at (865)241-0233
55
CI Program Priorities
Portsmouth/Paducah Project Office
The priorities of the ORFO are as follows:
 Nuclear Security
 Counterterrorism
 Economic Espionage – Protected Technologies
 Cyber CI Threat
 Protect Science and Technology
 Counterintelligence Insider Threats
 Foreign Travel Programs
 Foreign Visits and Assignments
All potential espionage or terrorism related concerns should be promptly reported to the ORFO. All
reports made to this office are held in strict confidentiality. Please visit the ORFO website at
www.ornl.gov/oci for specific program information, detailed reporting requirements, foreign travel
and visit information, and more.
56
CI Insider Threat Indicators
Portsmouth/Paducah Project Office
Cyber Insider Indicators
 Unusual surfing habits
 Unusual network traffic
 Misconfigured Systems
 Unauthorized modems or sniffers
 Hidden or unexplained accounts
 Attempts to install software not approved for
the computing environment
 Excessive login attempts
 Unusual file server access
 Attempts to circumvent security procedures
 Unusual questions about vulnerabilities,
policies, procedures, or configurations
 Unusual interest in penetration testing or
vulnerability assessment of networks
 Serious vulnerability that remains uncorrected
 Refusal or resistance to fixing external
vulnerabilities
 Documents staged for removal









Unsolicited email
Spoofed email addresses
Suspicious links or attachments
Network scans
Malicious code attempting external
communications
Unauthorized File Transfer Protocol (FTP) or
web servers
Attacks on network security infrastructure
Beaconing activity
Files compressed and staged for removal
57
CI Insider Threat Indicators (cont.)
Portsmouth/Paducah Project Office
Espionage Indicators
 Unexplained affluence
 Failing to report overseas travel
 Unexplained travel
 Unexplained absences
 Showing unusual interest in information outside of responsibilities
 Unusual work hours
 Taking classified or sensitive material home
 Unreported contact with foreign government, military, or intelligence officials,
 Attempting to gain access without the need-to-know
 Excessive use of copy machines
 Unwillingness to take vacation
 Resistance to sharing duties or separation of duties
 Exploitable conduct
 Unexplained or extensive technical computer-related knowledge
More information is available on the DOE Counterintelligence website or call 865-241-0233.
58
Recruiting Methods
Portsmouth/Paducah Project Office
Foreign intelligence officers do not typically obtain information themselves. They
recruit citizens from a target country who have legitimate access to the information
being sought.
 They will attempt to “fill a void" or “meet a need" in the target’s life
 They will ask for something and probably provide something in return
 The sensitivity or perceived value of the information requested will increase over
time
How do Intelligence Officers identify potential sources?







Visits to the U.S., especially hosted visits
American travelers to foreign countries
International conferences, conventions, seminars and exhibits
Professional associations and publications
Collaborative research and development
Unsolicited requests for information
They want to see who responds
Insider Threat
Portsmouth/Paducah Project Office
The insider threat is identified as one or more individuals with the access and/or inside
knowledge of a company, organization, or enterprise giving them opportunity to exploit the
vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to
cause harm.
An insider could be
current or former
employees,
contractors, vendors,
or visitors. They are
often times people
placed in a position of
trust. In fact, most
spies in the U.S. once
held a security
clearance.
An insider threat could be anyone
60
Foreign Intelligence Collecting
Portsmouth/Paducah Project Office
Various kinds of information can be gathered through secret or covert methods. While some
information is indeed collected through clandestine operations, others can be gathered by
widely available means. These are commonly called the “intelligence collection disciplines” or
the “INTs”:




Human Intelligence (HUMINT) is the collection of
information from human resources (e.g., interviews,
social engineering, etc.)
Signals Intelligence (SIGINT) is the collection of
information by intercepting electronic signals between
two parties
Imagery Intelligence (IMINT) is the collection of
information through photos (e.g., via satellites)
Open-Source Intelligence (OSINT) is the collection of
information generally available to the public (e.g.,
newspapers, internet, TV, etc.)
Intercepting Signals
61
Security Condition Threat Level
Portsmouth/Paducah Project Office
The Deputy Secretary of the DOE establishes the Security Condition (SECON) levels. The SECON
levels reflect a multitude of conditions that may adversely impact Departmental and/or site
security to include terrorism, continuity conditions, environmental (e.g., fire, chemical,
radiological, etc.) and/or severe weather conditions.
The security readiness state is reflected in the following SECON
levels when conditions reflect a risk of terrorist activity, continuity
conditions, environmental, and/or severe weather conditions.





SECON 1: Severe Condition
SECON 2: High Condition
SECON 3: Elevated Condition
SECON 4: Guarded Condition
SECON 5: Low Condition
Personnel will be alerted to changes in the security conditions over
the plant PA system and through appropriate security and
emergency management staff.
62
Terrorist Threat
Portsmouth/Paducah Project Office
Terrorism remains a threat to the security of the homeland. The Department of Homeland
Security (DHS) implores all Americans to share responsibility for the nation’s security.
“See Something, Say Something”
is a nationwide campaign
program designed to raise public
awareness for indicators of
terrorism and violent crime, and
to emphasize the importance of
reporting suspicious activity to
the proper state and local law
enforcement authorities.
See Something, Say Something
Report suspicious activity to ODSA, PSS, or call local law enforcement.
63
Active Shooter
Portsmouth/Paducah Project Office
An active shooter is an individual actively engaged in killing or attempting to kill people in a
confined and populated area. Active shooters use guns and there is no pattern or method to
their selection of victims. Because active shooter situations are often over within 10 to 15
minutes, before law enforcement arrives on scene, individuals must be prepared both mentally
and physically to deal with an active shooter.
How to Respond:
 Evacuate-Take note of all exits in your
facility
 Hide-Stay out of shooter’s view. If you are
in an office lock the door or block entry
 Take Action-As a last resort, attempt to
subdue the active shooter. When the
active shooter is at close range and you
cannot flee, your chance of survival is much
greater if you try to incapacitate him/her
 Call 9-1-1 or 740-897-2444 (Portsmouth) or
270-441-6211 (Paducah) on a cell phone
when it is safe to do so!
Not an actual scene
64
Escort Responsibilities
Portsmouth/Paducah Project Office
Responsibilities for escorting into the Limited Area:

Ensure that appropriate measures are taken to prevent a compromise of classified matter and/or Special
Nuclear Material (SNM)

Maintain continuous visual and unaided voice and/or physical control of escorted individual(s)

Ensure that escorted individual(s) have a need-to-know for the security area they are entering

Verify and maintain escort ratio: Portsmouth and Paducah standard ratio is one (1) escort to every four
(4) visitors/employees

Prominently display the “yellow” escort badge (if applicable) on outer most garment, above the waist
and below the neck, identifying that uncleared individuals are present



Prior to escorting, verbally challenge escorted
individual(s) on whether they possess any controlled
or prohibited articles (e.g. camera cell phones, thumb
drives, etc.)
Ensure full compliance with site specific security
requirements, plans, and procedures
Ensure that access authorization is commensurate
with the security area being entered
65
Safeguards and Security Program
Portsmouth/Paducah Project Office
To ensure appropriate security measures and avoid project delays, the PPPO management
expectations are as follows; the Safeguards and Security considerations , which include NMC&A, are
thoroughly integrated with all aspects of mission accomplishment, including all topical areas of
safeguards and security (e.g. personnel, physical, information, nuclear safeguards) and related
cross-cutting areas (e.g. cyber security, export control, classification, foreign visits and assignments
and foreign travel). This integration will ensure the adequate protection of DOE assets (e.g.
classified matter, unclassified controlled matter, and government property).
66
Safeguards and Security Program
Portsmouth/Paducah Project Office
The Safeguards and Security Program ensures that the Department of Energy efficiently and effectively meets
all its obligations to protect Special Nuclear Material, other nuclear materials, classified matter, sensitive
information, government property, and the safety and security of employees, contractors, and the general
public.
The program helps to:
 Identify what needs protected
 Establish clear roles and responsibilities
 Implement DOE requirements though line management
 Establish oversight programs to assure requirements are implemented
 Seek and implement continuous improvement
The Safeguards and Security Program incorporates the following principles:
 Integration of Safeguards and Security with all aspects of mission
accomplishment
 Protection requirements are commensurate with the consequences of loss or
misuse of the protected asset
 Responsibility for the implementation of protection measures resides with DOE
line management elements responsible for mission accomplishment
 Authority is delegated to appropriate levels to promote efficiency and
effectiveness
67
Summary
Portsmouth/Paducah Project Office







Having a DOE access authorization is a privilege, not a right. You may have been recognized and entrusted
by the U.S. Government to protect and handle classified matter; therefore, it is your responsibility to
follow DOE requirements as well as site plans and procedures. Failure to adhere to these security
requirements could potentially cause damage to governmental, commercial, or private interests
Ensure classified information and UCI are appropriately protected and controlled
Ensure need-to-know criterion for both classified and UCI is met prior to providing anyone access. In
addition, the recipient of classified information must possess the appropriate access authorization
Ensure any document prepared in a potentially classified subject area is reviewed by a DC or the site
Classification Officer BEFORE publication and distribution
Know the security requirements for the area(s) you work in or
visit, and follow site guidance for prohibited and controlled items
Know the reporting requirements
Contact your respective ODSA for guidance or questions
regarding any security-related matter (e.g. physical, cyber,
personnel, information, classification, protective force, etc.)
68
Portsmouth Security Points of Contact Listing
Portsmouth/Paducah Project Office
This POC listing is not intended to be a complete listing of telephone numbers. If you have a question, contact the WEMS security office.
Classification Officer and POCs
Physical Security
Henry Thomas
740-897-5245
Classified Matter Protection and Control (CMPC)
Wayne Conley
740-897-2604
Technical Surveillance and Countermeasures (TSCM)
Wayne Conley
740-897-2604
Unclassified Controlled Information (UCI)
Wayne Conley
740-897-2604
Hosting Foreign Nationals
740-897-3683
Jim Sevens
740-897-2022
John Zangri
740-897-3247
Jim Dixon
740-897-2334
Rachel Stroth
740-897-3274
Rich Kielmar
740-897-2603
Jim Snodgrass
740-897-2302
Dave Davis
740-897-2728
Cyber Security
Wayne Conley
740-897-2604
Counterintelligence POC
Brian Kirkendall
270-441-6838/
740-897-3677
Rachel Stroth
859-219-4060
Visitor Control
Reporting Incidents of Security Concern
Erica Wiley
Wayne Conley
740-897-2604
Jim Sevens
740-897-2022
Export Controlled Information (ECI)
Jim Dixon
740-897-2334
Dan Hupp
Waste, Fraud, and Abuse
Jim Sevens
740-897-3274
740-897-2992
740-897-5747
Enforcement Coordinator
740-897-2022
WEMS Security Manager
Rick Coriell
740-897-3853
Operations Security (OPSEC)
Dale King (Primary)
Mark Allen (Alternate)
John Jordan
Dan Longpre
740-897-5747
Foreign Travel POC
740-897-3151
Personnel Security Office
Wayne Conley
740-897-2604
Site FSOs
Megan Bach
740-897-3467
Wastren-EnergX Mission Support (WEMS) Rick Coriell
740-897-3151
Linsay Ward
740-897-2994
Fluor B&W Portsmouth (FBP), Troy Ayres
740-897-2370
Dana Kirkman
740-897-3673
Restoration Services Inc. (RSI), Rick Ferguson
865-574-0884
B&W Conversion Services (BWCS), Beth Keener
740-497-5910
The American Centrifuge (USEC, Inc.), Angela Wright
740-897-2749
Lock Smith
Jim Snodgrass
740-897-2757
Jim Dixon
740-897-2334
Emergencies at Portsmouth 740-897-2444 or 911 (plant phone)
69
Paducah Security Points of Contact Listing
Portsmouth/Paducah Project Office
This POC listing is not intended to be a complete listing of telephone numbers. If you have a question, contact the SST security office.
Classification Officer and POCs
Jackie Thompson
Physical Security
270-441-5659
Dusty Alexander
270-441-5427
Classified Matter Protection and Control (CMPC)
Jeff Harris
270-441-5253
Melissa Howell
270-441-5438
Brad Nall
270-441-5037
Chuck Moreland
270-441-5078
Cyber Security
Technical Surveillance and Countermeasures (TMCS)
Bill Offner
Melissa Howell
270-441-5438
Operations Security (OPSEC)
Dusty Alexander
270-441-5427
Melissa Howell
270-441-5438
Kara Doughty
270-441-5252
270-441-5253
Unclassified Controlled Information (UCI)
Jackie Thompson
270-441-5659
Jeff Harris
Melissa Howell
270-441-5438
Visitor Control
Hosting Foreign Nationals
270-441-5107
Kara Doughty
270-441-5252
Kara Doughty
270-441-5252
Betty Hart
270-441-5417
Betty Hart
270-441-5417
Terri Dorris
270-441-5271
Terri Dorris
270-441-5271
Ronda Hays
270-441-5099
Counterintelligence POC
Mark Allen
Export Control Information (ECI)
270-441-6838
Reporting Incidents of Security Concern
Jackie Thompson
270-441-5659
Melissa Howell
270-441-5438
Charlie Cobb
270-441-5248
Enforcement Coordinator
Chuck Moreland
270-441-5078
Dusty Alexander
Melissa Howell
270-441-5438
Foreign Travel POC
Jeff Harris
270-441-5253
Kara Doughty
270-441-5252
Kara Doughty
270-441-5252
Betty Hart
270-441-5417
Terri Dorris
270-441-5271
Swift & Staley Inc., Security Manager
Charlie Cobb
270-441-5248
Personnel Security Office
Kara Doughty
270-441-5252
Betty Hart
270-441-5417
Terri Dorris
270-441-5271
Locksmith
Jeff Harris
270-441-5253
Bobby Harris
270-441-5004
Phillip Easley
270-441-5004
270-441-5427
Site FSOs
Swift and Staley Inc., (SST) Charlie Cobb
270-441-5248
LATA of Kentucky, Inc., (LATA) Tim Fralix
B&W Conversion Services (BWCS), Mike
Stanley
270-441-5025
270-538-2024
Emergencies at Paducah 270-441-6211 or 333 (plant phone)
70
Lexington Security Points of Contact Listing
Portsmouth/Paducah Project Office
This POC listing is not intended to be a complete listing of telephone numbers. If you have a question, contact the PPPO FSO.
Classification Officer and POCs
Physical Security
Larry Sparks DOE/ORO
865-576-2659
Mark Allen DOE/PPPO/FSO
270-441-6842/ 859-219-4060
Mark Allen DOE/PPPO FSO
270-441-6842/ 859-219-4060
Sammy Bell PRC/DOE
270-441-6838
Classified Matter Protection and Control
Cyber Security
Mark Allen DOE/PPPO FSO
270-441-6842/ 859-219-4060
James Woods DOE/PPPO
859-219-4053
Sammy Bell PRC/DOE
270-441-6838
Abe Getchell PRC/DOE
859-219-4024
Technical Surveillance and Countermeasures (TSCM)
Operations Security (OPSEC)
Sammy Bell PRC/DOE/POC
270-441-6838
Mark Allen DOE/PPPO FSO
270-441-6842/ 859-219-4060
Unclassified Controlled Information (UCI)
Abe Getchell PRC/DOE
859-219-4024
Visitor Control
Abe Getchell PRC/DOE
859-219-4024
Mark Allen DOE/PPPO/FSO
270-441-6842/ 859-219-4060
Foreign Travel POC
Sammy Bell PRC/DOE
270-441-6838
Mark Allen DOE/PPPO/FSO
270-441-6842/ 859-219-4060
Abe Getchell PRC/DOE
859-219-4024
Sammy Bell PRC/DOE
270-441-6838
Hosting Foreign Nationals
Counterintelligence
Mark Allen DOE/PPPO/FSO
270-441-6842 / 859-219-4060
Mark Allen DOE/PPPO/FSO
Sammy Bell PRC/DOE
270-441-6838
Reporting Incidents of Security Concern
Waste, Fraud, and Abuse/Enforcement POC
Rachel Blumenfeld DOE PPPO Deputy Manager
859-219-4002
DOE PPPO Security Manager
Mark Allen
270-441-6842/ 859-219-4060
Lock/Key/FOB
Abe Getchell PRC/DOE
270-441-6842/ 859-219-4060
Mark Allen DOE/PPPO/FSO
270-441-6842/ 859-219-4060
Sammy Bell PRC/DOE
270-441-6838
James Woods DOE/PPPO
859-219-4053
Abe Getchell PRC/DOE
859-219-4024
Site FSO
859-219-4024
Mark Allen DOE/PPPO/FSO
270-441-6842/219-4060
71
Questions
Portsmouth/Paducah Project Office
If you have any questions concerning the content of this training, or have suggestions
for improvement please e-mail Missy Howell ([email protected]), Wayne
Conley ([email protected]), or Abe Getchell ([email protected]).
72
Congratulations
Portsmouth/Paducah Project Office
You have completed the Portsmouth/Paducah Project Office Annual Security Refresher!
73