Presentation on theme: "Security Message The protection of government assets, people and property, both classified and official but unclassified, is the responsibility of each."— Presentation transcript:
1Security MessageThe protection of government assets, people and property, both classified and official but unclassified, is the responsibility of each and every member of the Department of Defense (DoD), regardless of how it was obtained or what form it takes. Our vigilance is imperative in the protection of this information. Anyone with access to these resources has an obligation to protect it.The very nature of our jobs dictates we lead the way in sound security practices. Anything less is simply not acceptable.WWII focused attention on the problems the nation was facing as a result from a lack of a standard information security program between, Army, Navy, Corps of Engineers, CIA, FBI, State, etc., and Industry. EO Order 10290, under President Truman, established the first umbrella program in 1951 to cover information security. Presidents Eisenhower, Kennedy, Nixon, Carter, Reagan, Clinton and Bush (2nd) each issued EO’s expanding the Information Security Program.80% of classified holdings are w/industry.
2Fort Drum and the 10th Mountain Division (LI) By Pete HansenSecurity and Intelligence DivisionDirectorate of Plans, Training, Mobilization and Security(315) DSNIntroduce Self.Why are we here?To talk about Security – I will try to go through the slides fast – to give you something to look at – as Security is not the most stimulating subject.Class slides and notes availability on Fort Drum’s MountaiNet Website.Garrison Patch -> Garrison Links -> SID – Security & Intelligence Division ->Slides available on Fort Drum’s MountaiNet website: https://mountainet.drum.army.mil/
3Slides and other information available on the MountaiNet. Garrison Patch -> Garrison Links -> SID – Security & Intelligence Division ->Also print a Quarterly News Letter (Handout)Why are we here?
4Objectives Why You Are Here (security manager duties) Required Training (tailored and records)Original and Derivative Classification (challenging)Marking Classified MaterialControlling Access (most difficult)Storage, Reproduction, Transmission, Transportation, Dissemination and Destruction of ClassifiedProcedures for Securing Electronic Classified Information and AutomationInspectionsThreatSecurity Violations and Incidences (penalties)What we will accomplish(Transmission -> Couriers, mailing, or electronic transfer)
5Security Manager Duties Advise and Represent the Commander.Manage and Execute Unit Security Program. *Develop Unit Security Policy and Procedures.Manage Unit Security Education Program.Write / Interpret Classification Guides.Help Solve Classification Problems.Develop Procedures and Manage Access: Ensure All Personnel with Access to Classified Information are Properly Cleared.Safeguard and Protect Classified: Responsible for Classified Material Accountability. Consider a Classified Document Custodian for Secret: required for Top Secret.Review Classified Holdings / Reduce Unneeded Material.Conduct Inspections and Spot Checks.Enforce Regulations and Policies.Maintain Unit Security Clearance Access Roster.Emergency Evacuation & Destruction Plan.* Starts with In and Out-processing Your Units’ Personnel.Closely matches our objectives – key differences in the top three bullets.Discuss these duties with your rater!!!!Security is a command function – you are trying to keep your boss out of trouble.Individual Users of Classified Information – Responsible to protect classified information in their possessionClassified Document Custodian Although not required for most colateral Secret material, good idea to know who has / had access. Maintains accountability.– Specifically responsible for classified document accountability- Protects classified information at all times- Accounts for all classified information in and out of storage- Files all classified information IAW ARIMS
6Why are we here? AR 380-5, Information Security Program: All Personnel: Initial Training within 60 days of Arrival.* Unit responsibilityAll Personnel that have Access to Classified Material: Unique Security Training Tailored to their Specific Role, Duties and Access Unit responsibilityAnnual Refresher Training Also - SID as requestedSecurity Manager Training: IAW para 9-12.* SID provides quarterlyAR , Personnel Security: Initial and Annual.* SID as requestedAR 25-2, Information Assurance: Initial and Refresher IA Awareness training.DOIM provides several times a yearAR , Subversion and Espionage Directed Against the US Army (SAEDA): Annual training DPTMS / 902nd provides monthlyAR 530-1, OPSEC: Orientation within 90 days of arrival and annually thereafter.AR , AT: Annual training, and Travel briefs within two-months of travel, including Canada DPTMS provides monthly*NOTE: Requirement Satisfied by this TrainingAlso FORSCOM Supplement to AR380-5 and FORSCOM MemorandiumNot only to teach you how to execute your duties, but because Regs specify that I provide you training.AR – w/i 60 days & annual refresher security training. Also Security Manager training IAW Chapter Hopefully we will accomplish this. AR380-5 indicates training is to be tailored. Initial – good time to have individual pull out his/her SF312 (nondisclosure agreement) and go over it (didn’t have it – execute a new one and have it on file). Enter the date into JPAS. (SF312 Handout). Installation Status Report Item 21-1 and 21-2)AR , Personnel Security, requires initial and annual (this training satisfies this requirement). SID also provides JPAS training and conducts e-QIP labs.AR 25-2, Information Assurance, requires initial and refresher IA awareness training, prior to accessing automation (DOIM provides and web training avail).AR , Subversion and Espionage Directed Against the US Army (SAEDA), requires annual training (902nd / DPTMS, PEM). 2nd working Tuesday monthly.AR 530-1, OPSEC, requires OPSEC orientation w/I 90 days of arrival and annually thereafter (DPTMS, PEM). 2nd working Tuesday monthly.AR , AT, requires annual training, and AOR briefs w/i two months of travel, including Canada (DPTMS, PEM, provides monthly). Includes all overseas travel while on Official Orders, and personal vacations / trips. Military, civilian employees and family members require Foreign Travel Briefings. Contractors should attend the training.As you can see by all of the mandated training, security is important to DOD and the Army.Training available on Fort Drum’s MountaiNet -> Garrison Patch -> Garrison Links -> SID -> Training PERSEC. INFSEC, Info papers, News Letters, Memo’s, Travel Warnings, Training, JPAS & eQIP info, etc.While the basic responsibility for safeguarding government information rests with the individual, The Security Manager is tasked with educating individuals, keeping security related records, and submitting timely reports.Training is an inspection item (FD Command Inspection Program & Installation Status Report (For INFOSEC: Performance Measure (all individuals) & (SM)). Keep records of those trained (including training notes and presentations).Other References: AR380-13: Acquisition and Storage of Classified Information (Non-Intel types), FORSCON Supplement 1 to AR380-5 , AR25-55 (Freedom of Information Act), AR (Foreign Visit Program), AR (COMSEC), AR (Army CI Program), and AR530-1 (OPSEC). And FORSCOM Supplement 1 to AR380-5 and FORSCOM Memorandum 380-5
7Three Categories of CLASSIFIED Information: TOP SECRET: Exceptionally Grave DamageSECRET: Serious Damage to National SecurityCONFIDENTIAL: Identifiable DamageSome categories of SENSITIVE Information:For Official Use Only (FOUO)Sensitive But Unclassified (SBUPrivacy Act InformationLaw Enforcement Sensitive (LES)Controlled Unclassified Information (CUI)As indicated on the Objective Slide – we will define classified information – for all else hinges on this understanding.What is Classified Information? Any information that has been determined pursuant to EO 12958, as amended, or any predecessor order to require protections against unauthorized disclosure and is marked to indicate its classified status when in documentary form.1. Owned by or produced for the US government, and under the control of the US gov’t.2. Must fall into one of the eight allowable categories.3. Meet definition of, if released, exceptionally, serious or recognizable damage.Top Secret unauthorized disclosure is expected to cause exceptionally grave damage to the National SecuritySecret unauthorized disclosure is expected to cause serious damage to the National SecurityConfidential unauthorized disclosure is expected to cause recognizable damage to our National SecuritySome classified information has special rules: Restricted Data (nuc’s and nuclear material), older term “Formerly Restricted Data” (dealt with use of nuc’s), COMSEC information (SIG guys), and Sensitive Compartmental Information (SCI) and Special Access Program (SAP) stuff (G2 / Intel type).If holding TS material, may need a Top Secret Control Officer (TSCO). Material may have to be accounted for using DA Form 3964 (Classified Control Record), and DA Form 455 (Mail/Doc Register). Disclosure of Material may have to be recorded using DA Form 969 (Disclosure Sheet). Material may have to be inventoried (100% annually, 10% monthly & Special Inventories). Accountability Controls will not be implemented unless Continuous Administrative Accountability (CAA) is required by Originator.To be Designated as Classified the material must be owned by, produced by, produced for, and under the control of the US government. It must also fall into one of the eight categories of information the government allows to be classified. Then, somebody must determine that it requires protection against unauthorized disclosure, and designates it so.HOW IS INFORMATION CLASSIFIED? Originally and Derivatively.
8How is information classified? Original ClassificationDerivative ClassificationA: Originally and Derivatively.Two Types of Classification AuthorityOriginalMust show reasonMust specify declassification date or eventDerivativeUsed for extracts, compilations, etcDeclassified IAW original document(s)Hard to Originally Classify something. Not many people allowed to classify stuff world wide, 1200 in DoD.Can only classify certain information. Step-by-step process.Then the Originator has to communicate it.How does the G3 classify? Derivatively (usually using a classification guide).
9Original Classification Authority (OCA) Specified by E.O and DoD R – Only about 1,200 DoD positions have classification authority.As it relates to Fort Drum:Top Secret: Commanding General, U. S. Army Forces CommandSecret and Below:FORSCOM DCG, DCofS G-2 and DCofS G-3CG, 10th Mountain Division (Light)Must be trained in the Original Classification ProcessOriginal Classification:Must have written authority to originally classify information! Only about 1,200 DoD positions have classification authority.- Commanding General only authorized Originally Classifying Authority on Fort Drum- Has never originally classified anything (that I know of).- And he can only classify information to the Secret level.Must be TRAINED.- CG never trained as an Original Classifying. Authority. Why? No need. It is also hard to originally classify information as you will see in the next few slides.- 10 step process (next slide)Original Classification Authorities– In ’07: US wide, approx. 4,042 total.- About 1,200 in DOD. < Only!!- Only 1,032 for TS, 2,912 for Secret and 98 for Confidential.It also costs a lot of $$. The estimated total US security classification costs for ’06 was 9.5 Billion.
10Original Classification Process Determine the current classification statusDetermine if official government information.Determine if in an authorized category. *Determine if prohibited intent or type. **Determine likelihood of damage to national security and be able to identify or describe the damage.Weigh advantages and disadvantages.Determine the level of classification.Make a decision about the duration of classification.Communicate the decision (Classification Guides).To Originally classify something, and Originator has to:First (1) Determine the current classification status. Is the information already classified?2. Determine if official government information. Official government information is owned by the government, produced by or for the government, or under the control of the government.3. Determine if in an authorized category. Like military plans, intelligence information.* See next slide.4. Determine if prohibited intent or type. Classification of material must never be used as a smoke screen to cover-up or promote wrong doing. ** See Below5. Determine likelihood of damage to national security and be able to identify or describe the damage (Exceptionally grave, Serious damage or Identifiable damage). Will unauthorized disclosure of the information cause damage to national security? The OCA must be prepared to indicate what the damage would be if the information is disclosed. The OCA must be able to defend his/her choice.6. Weigh advantages and disadvantages. Determine (list) the advantages and disadvantages to classifying information. If the OCA has a significant doubt about classification, the information should not be classified.7. Assign a level of classification. Determine the level of classification.Determine the duration of classification (only as long as necessary, but (usually) 10 year, and no longer that 25 years). *** In ’06, 60% of the material originally classified, was classified for 10 years or less.Communicate the decision. Issue a classification guide, or proportionally mark the information.* As Specified by EO Section 1.4** Cannot classify to:- Conceal violations of law, inefficiency or administrative error.- Prevent embarrassment to a person, organization or agency.- Restrain competition.- Prevent or delay the release of information that does not require protection in the interest of national security.*** Exceptions to the 10 Year Limit – very sensitive information. Exception to the 25 year rule – Interagency Security Classification Appeals (SCAP) process. Former X categories exempt from mandatory 10 year declassification: Intelligence, Cryptology, Weapons of Mass Destruction, Weapons Technology, Military Plans & Emergency Preparedness Plans, Foreign Government Information, Foreign Relations Information, VIP Protection Information, Anything that would violate Statute, and Treaty or International Agreement (no longer authorized). And exception to the 25 Year Limit: Confidential Human Source or Human Intelligence Source: marked 25X1 - Human.
11Authorized Classification Categories As Specified by EO 12958 Section 1.4 Military plans, weapons or operations – 1.4(a).Foreign government information – 1.4(b).Intelligence activities, intelligence sources or methods, or cryptology – 1.4(c).Foreign relations of foreign activities of the US, including confidential sources – 1.4(d).Scientific, technology or economic matters relating to national security, which includes defense against transnational terrorism – 1.4(e).US government programs for safeguarding nuclear materials or facilities.Vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans, or protection services relating to the national security, which includes defense against transitional terrorism – 1.4(g).Weapons of mass destruction – 1.4(h).To Originally classify something, and Originator has to determine if the material or information falls into one of the authorized category IAW EO12958 Section 1.4.** Cannot classify to:Conceal violations of law, inefficiency or administrative error.Prevent embarrassment to a person, organization or agency.Restrain competition.Prevent or delay the release of information that does not require protection in the interest of national security.In ’06: 231,995 Original classification decisions made. G2 reports on original classification decisions annual.In ’06: 20,324,450 derivative classification decisions made.Again: 80% of classified is with Industry!
12Derivative Classification Incorporating, paraphrasing, restating or generating in a new form, information that is already classifiedWritten authority is not neededMust originators communicate the classification decisions as a classification guide. Example shown is for Operation Enduring Freedom (OEF) and Noble Eagle.Posted on the MountaiNet. (Hold up example – about 50 pages).Generally, everything we, on Ft Drum, have classified was done derivatively from guides, such as this one, or from markings on previously classified documents.That is, we rephrase or state something that is already originally classified. The decision of what information is classified, and what isn’t classified has already been made.Tentative Secret material: If someone discovers information they think should be classified (meets the requirements above), that is it would cause serious damage to national security if it were disclosed to unauthorized personnel, they should mark the information “Tentative Secret” and forward the recommendation, including a justification, to the OCA that has jurisdiction over it.
13Derivative Classification - Cont. This Classification guide indicates unit locations are considered Confidential, and Allied participation, if unannounced by host country, to be Secret.Category a = PlansCategory b = Foreign Government InformationCategory d = Foreign relations / activities.X-5 = War Plans *X-6 = US & Foreign Relations *X-8 = National Security Preparedness. ** Prepared using former EO guidance (prior to 22 Sep 03) – to exempt from mandatory 10-year declassification. As specified, how long are we to classified the above information? 25 years. NOTE: Any X1 (HUMANINT) maybe exempt from the 25 year declassification rule.Enduring Freedom Telephone Books – Appendix D – “Generally Unclassified.”Soldier called asking SID how he could distribute and use a deployment “telephone book” when marked as “Secret.”Classification guides: reviewed every five years.When developing OEF OPORDS, Plans, Documents – you are derivatively classifying “new” information elements based on original guidance from the classification guide.When derivatively classifying information, you proportional mark all information elements. The process to do this is explained on the next slide.As you can see, originally classifying something correctly, is difficult. G3’s/S3’s don’t do, or don’t do correctly…(TRAINING EXAMPLE ONLY)
14Derivative Classification - Cont. Proportional Marking: (U) SECRETDerivative Classification - Cont.Proportional Marking: (U)(FOUO) SPECIFIC FORCE PROTECTION MEASURES - CLASSIFIED SECRET.(FOUO) READINESS DATA - CLASSIFIED SECRET.(S) SPECIFIC VULNERABILITIES TO OPERATIONS, EQUIPMENT OR PERSONNEL RELATED TO SIGNIFICANT TROOP MOVEMENTS - CLASSIFIED CONFIDENTIAL (UNLESS CLASSIFIED HIGHER BASED ON OTHER SECURITY CLASSIFICATION GUIDANCE).(TRAINING EXAMPLE ONLY)Why Mark? Alerts users that something is classified and at what level. Tells users degree of protection. Specifies what portions of a document contain or reveal classified information. Identifies Originator and reason for classification. Provides info on how long the information is classified for. All of this information is taken from the classification guide (That we just discussed), or from other “source” documents (discussed on the next page).What must be marked? And mark documents in this order -1st - Titles (Immediately after and to the end)2nd - Portions (paragraphs, subparagraphs, Illustrations, Captions (maybe different from illustration), headers of major sections and title and subject lines).3rd - Interior Pages (highest level of proportional markings).4th - First Page (highest level of markings on interior pages).5th - Title Page – if any (highest marking).6th - Front and Back covers – if any (highest marking).7th - Indicate Organization Identification/Date.8th - Indicate Source and Downgrading/Declassifying instructions. (Derived from “_____”). NOTE: If multiple sources, use most restrictive Downgrading/Declassification instructions. List Sources.Highest classification of entire document: Top page, Title page, first page, and back cover.9th - Indicate Applicable Warning Notices (No Reproduction)Tentative Secret material: If someone discovers information they think should be classified (meets the requirements above), that is it would cause serious damage to national security if it were disclosed to unauthorized personnel, they should mark the information “Tentative Secret” and forward the recommendation, including a justification, to the OCA that has jurisdiction over it.Can’t make you an expert here, several PowerPoint presentations are posted on the MountaiNet that you can use. (Hold up)
15Source Document Received SECRETMemo: Derivatively Classifying From a Source Document (U)(U) This paragraph is unclassified(S) This paragraph contains secret information paraphrased from the source document received(TRAINING EXAMPLE ONLY)Your DocumentSource Document ReceivedSECRETMemo: Training Only (U)1.(C) This paragraph is confidential2. (S) This paragraph is Secret(TRAINING EXAMPLE ONLY)If the source is already marked from a guide or from another source document, you can simply cut and paste portions.You will still have to use the 9-step process to properly mark all portions of your document.
16Associated Markings (Title Page): SECRETSPECIFIC FORCE PROTECTION MEASURES (U)25 Apr 06Defense Interoperability Agency4444 Dove St, Springfield, Virginia 22150Derived from: Multiple SourcesDeclassified on: 29 Jun 2031(most restrictive)Date of source: 29 Jun 06 (most recent)Sources: Laser Widget Test, DIVA, 14 Mar 01Laser Demo, DIVA, 29 Jun 06(TRAINING EXAMPLE ONLY)In all cases, have to place Associated Markings on all classified documents (original or derived).Includes your unit, agency, directorate, etc., address, and date. And Derived From Markings: Source information, Downgrading / Declassification Instructions.In ’06: 231,995 Original classification decisions made.Again – difficult to do. Easier to mark everything Secret. But this causes problems when individuals try and use the data. They don’t know what’s classified and what isn’t, and they don’t know when the information is no longer classified information. So they ignore the markings. Causes storage problems. Causes problems with FOIA requests. Increases exposure to unauthorized access/compromise. Bottom Line: DoD improperly classifies or restricts information all the time: hence this training.27 Apr 06 News Article: An audit by the National Archives of more than 25,000 historical documents found that more than a third did not contain sensitive information justifying classification. They said of the remaining two thirds that they were technically justified, though many contained information that had already been published in open sources or contained old secrets with little practical importance. Source: Christian Monitor.-----Working Papers – May be retained by the originator up to 180 days. Marked when created, dated when created, marked as “Working Papers,” Marked with the highest security classification of the information used, stored properly, and destroyed when not needed. Must be treated and controlled as a finished product when released outside of the activity, retained more than 180 days, filed permanently, or if the document contains TS information. Working papers may not contain TS material, or be released outside unit/directorate.NOTE: Mark documents as declassified by event or time no longer then 10 years: the longest time allowed to classify something (unless very sensitive information). Exceptions can be made for very sensitive information up to 25 years. And beyond 25 if X1 information, or brought before Interagency Security Classification Appeals process (ISCAP). Previous EO directives allowed automatic exceptions beyond 10 years for Xl through X9 material. X1-Reveal confidential human source, intel source, or intel gathering method; X2-Dev or use of wpns of mass destruction; X3-Info on US crypto systems or activities; X4-State of the art wpn systems technology; X5-War plans still in effect; X6-US & Foreign gov relations; X7-Info on President & others protection; X8-National security preparedness info; X9-Violate a treaty or statute; for up to 25 yrs. Exceptions beyond the 25 yr rule allowed for X1 material.If OADR or X1 – X8, include this information in declassification line and date of source document.This training not designed to make you all experts in marking – just to become familiar enough to recognize classified information if you see it. If you are interested I can provide a whole host of information on this subject …. Additional information on the MountaNet site.
17For Official Use Only (FOUO) What Information You Can Mark as FOUO - AR 25-55Internal Personnel Rules and Practices, and Deliberative Memos. Category #2As Exempt by Statue (e.g., NSA & Patent Information, Restricted Data and Formally Restricted Data, Nuclear Material, Communication Intelligence and Intelligence #3 Sources and Methods, Certain Technical Data, Medical Quality Data). #4Trade Secrets, or Commercial or Financial Information. #5Intra and Interagency Internal Advice, Recommendations and Evaluations; Budget information; Attorney-client Information. #6Personal, Medical and Privacy Information; Directories of Deployed Units; Names of Personnel Assigned to Sensitive Units; Information to Protect Surviving Family Members. #7Law Enforcement Records or Proceedings, Investigative Techniques, Individual Trial Information, and Confidential Sources. Information that could put Lives at Risk. #8Geological and Geophysical Information. #9Can’t just mark everything / anything FOUO. Criteria found in AR 25-55, Freedom of Information Act Program.FOUO is unclassified material that is exempt from Public Disclosure. FOUO is information that is exempt from mandatory release to the public under the Freedom of information Act (FOIA).FOUO has authorized categories like classified information … or as specified by statue, law, regulation, etc. Not just what you feel like marking FOUO.Do not need a security clearance to access.Should mark proportionally. Disseminate only to those with a need-to-know.Should control it to prevent unauthorized access. After working hours –If the government provides building security, individuals may store FOUO in unlocked containers, desks or cabinets.If the government does not provide building security, individuals should store FOUO in locked containers, desks, cabinets or bookcases.Destruction: Shred or tear into pieces and throw away.AP: Jun 07. The head of the FBI's Boston office warned top universities to be on the lookout for foreign spies or potential terrorists who might be trying to steal unclassified, yet sensitive, research.Personnel Identifying Information (PII) very desirable: identity theft.NOTE: Other laws, statues, regulations may specify that specific information may be marked FOUO.
18Questions?FORT DRUM’S MOUNTAINET WEBSITE: https://mountainet.drum.army.mil/&DEFENSE SECURITY SERVICE (DSS) ACADEMY MISSIONThe DSS Academy provides security education and training to Department of Defense (DoD) security program professionals, DoD contractors, employees of other Federal agencies and selected foreign governments. Its professional staff of instructors, technology professionals, and education support personnel combine expertise to create, collaborate and facilitate delivery of quality education and training across the security disciplines.General Security Industrial SecurityInformation Security Information Systems SecurityOperations Security Personnel SecurityPhysical Security Special Access ProgramsAdditional training:MountaiNet web siteNEXT we will discuss how to protect classified materialWhy are we going to discuss this – we don’t do it very well.Pass out attendance sign in sheet.
19Protecting Classified Information "We have an obligation to protect military, operational security, intelligence sources and methods, and sensitive law enforcement investigations."President George W. Bush, Memo Directed FBI, CIA, State, Treasury and Defense to Release Classified Information only to Four Major Congress Leaders and Intelligence Committee Members, October 5, 2001We don’t safeguard classified information very well.The CNN and Washington Post reported President Bush’s outraged that sensitive intelligence information that was shared with Congress was being reported to the news media.DA is getting upset. We can tell by the number of messages and mandatory training we keep getting.In an October 5, 2001 memo to the AG, FBI, CIA, State, Treasury and Department of Defense President Bush now restricts classified briefings to the five major leaders in congress and the chairman and ranking members of the House and Senate intelligence committee members.Pen drives available in Iraq markets!!!Classified CD’s in PC’s turned into the DOIM for re-imaging.PII information thrown in trash at Clark Hall.Classified left in jammed shredders.Classified information on Pen Drives brought back from Iraq/Afghanistan.
20Proper Security Practices Protecting ClassifiedTransmissionDestructionReporting RequirementsThis is what we are going to talk about.
21Protecting Classified at Work Properly Mark Classified InformationTitles and Paragraphs markedDocument marked at highest level of classified information contained in itCover, front and back, top and bottomClassified by lineDeclassification instructionsAlready discussed … Don’t just stamp everything Secret because the classification process is too hard …Makes using available information too hard. Example: Secret phone book when guide indicates FOUO.If too hard or too much – people will ignore the classification markings and you run the risk of compromising information: putting troops at risk.
22Protecting Classified at Work Cover sheets at work. NOTICABLE!Cover sheets between offices in the same building. On desk – when removed from storage.SF 703 (Orange) – TS Documents (Show coversheet)SF704 (Red) – S DocsSF705 (Blue) – C DocsCover sheets, if authorized courier, between buildings, and should further be safeguarded in briefcases or other opaque envelopes…Between buildings must have a courier card.What about diskettes and Pen Drives???Use cover sheets!
23Protecting Classified at Work Mark Classified Information Computer MediaAffix labels with highest classification contained withinInclude as much other information as possible, i.e. authority and declassification instructionsDVD/CD: Mark the DVD/CD and case.USB Drives: Mark the device.Don’t place classified media into unclassified automation: causes a compromise!SECRETClassified by:DAS for SecuritySECRETClassified by:DAS for SecuritySECRETPen Drives have caused problems!Pen Drives have caused classified spills on unclassified systems.Only DOIM authorized pen drives allowed on SIPRNET / NIPRNET. Use encryption.SF 706 TS Label (show labels)SF 707 S LabelSF 708 C LabelSF 710 Unclassified LabelSF 712 Classified SCIInclude source and declass instructions as much as possible.
24Protecting Classified at Work Classified information must be stored in a GSA-approved security container (safe) when not in use (For source information: https://portal.navfac.navy.mil/go/locks).DO NOT STORE CLASSIFIED IN THE FOLLOWING:Filing CabinetsOn Top of SafesWindow SillsBe aware of who can see the classified material - causally. (Watching over your shoulder)AR specifically states: Don’t store on top of Cabinets!Cannot store items only having a monitory value, or for security reasons (e.g., cash, narcotics, weapons, etc.)TS material: GSA approved containers storing TS material must have supplemental controls.S and C material: GSA approved containers storing S or C material without supplemental controls.Can you use Classified at home??? Generally, no!Permission needed from:For TS – written permission needed from SECARMYFor S – written permission needed from FORSCOM or IMCOM.And GSA container.
25Protecting Classified at Work Safe CombinationsSecurity container combinations are classified at the level of information in the safeMemorize combinations; never write them down (except on SF 700)Don’t share with anyone who does not need to knowUse SF 702 to record opened and closed by informationUse opened closed magnetic signsWho can you give the security container combination to?When do you change the safe combination?Is this container sufficient for Top Secret material?Source: https://portal.navfac.navy.mil/go/locksSF702Use an SF702 to record safe opening and closing. , so if found open, can narrow the time others may have had access to the container, to more easily determine if damage to the US, who may have left it open, and to assist in the investigation. (Give SF 702)Can’t mark the outside of the safe with classification information. Maybe externally numbered.Use reversible “Open-Closed” signs.Who can get the safe combination?- Person that has a security clearance (CDR granted access & current investigation).- Need-to-know.Change combinations when:When the container is first put into use ( ).Security container is found open or unattendedSomeone who has the the combination leaves or no longer has a need-to-know or needs access, or access has been taken away.Combination has been compromisedWhen the security container is taken out of serviceAt least annually: Every 6 months when storing NATOUse SF700 so if someone forget combination – can get into the safe. Locksmith can at about $ charge. (Show form)Container OK for TS with supplemental controls (NEXT SLIDE).Make closing safe a part of end-of-day checks on SF701. (Give from)IF FOUND OPEN: Keep area / container under guard or surveillance, notify the individual(s) listed on the interior SF700, and notify the unit security manager/commander..Must report loss, compromise or suspected loss or compromise of classified material, including evidence of tampering with a security container used for storage of classified material.Field Safes: NOT authorized to store classified information in Garrison. They MUST be secured to a permanent structure using security chain and padlock or be guardedField Safes: Are NOT authorized to store classified information in Garrison.
26Protecting Classified at Work Minimum Storage RequirementsTOP SECRET:GSA approved container with supplemental controls (4 or 5-drawer)Continuously Guarded LocationGuards checking GSA approved container every two hours15 minute IDS recallContainer within a container (security in depth)Vault with 15 minute IDS recall with security in depthGSA-approved modular vault with 15 minute IDS recall with security in depthSecure room with 15 minute IDS recall with security in depthSECRET:Same as TSGSA approved container or vault without supplemental controlsSecure room with supplemental controlsOne or two-drawer safes need supplemental control (chain and approved lock attached to immoveable object (e.g., beam or supporting post)). Meant for tactical operations.Secure room:Doors/windows secure at all times.Solid doors, interior hinges, heavy-duty closers, approve lock and strike and one-way peephole into unclassified area.Access control & logs <-Hard to do – but helps during investigations as to who had access to what when.Walls extend true floor to ceiling.Sound attenuation.Only government approved automation and communications devices (no wireless, e.g., cell phones, PDA’s, radios, etc.)Separation of classified and unclassified cables, power cables, wires, etc.Certification by qualified physical security and / or information security specialists that IDS system, access control procedures and other supplemental controls meet the standards in AR380-5, para 7-4, and 7-14 through Open storage approvals are valid for up to five years. <- Ref FORSCOM Supl 1 to AR Secure rooms must have supplemental controls for TS and S.The Command Security Manager Approves secure, open storage areas. The DOIM, working for the Fort Drum’s Designated Approving Authority (DAA), approves the use of classified and unclassified networks and associated automation.Current access lists (AR380-5, para 1-7c)Supplemental controls: safe-within-a-safe, IDS with personnel response, guards, etc.
29Security containers maybe marked with a number on the outside. DO NOT mark classification level on the outside of the containerDO NOT place items on top of containerReg specifies nothing on top. Can easily “lose” classified in the mess.
30Protecting Classified at Work Classified Briefings / MeetingsRoom / facility visually checked thoroughly and secured.Cleared guards at entrances, outside windows, etc.Access rosters.Disconnect telephones. Collect wireless devices.Cover windows.Check outside room / building for sound attenuation.Check for extra wiring, suspicious equipment, etc.Only use authorized audio / visual equipment, and automation.Secure classified waste.Any “notes” taken are classified working papers and must be secured.CONFIDENTIAL and SECRET level meetings may be approved at BN level or higher. CONFIDENTIAL & SECRET meetings may be held in US Government offices, classrooms, and conference rooms. Classified briefings should not be held in clubs, chapels, theaters, or other public places. TOP SECRET meetings can only be held in approved TOP SECRET storage facilities.NOTE: AR 25-2 and FORSCOM Reg Prohibit Cell Phones, and other Wireless Devices from MEVA’s, and other Restricted and Classified Work Areas. Specifically, the use of Portable/Hand-held Communication Devices, privately-owned cellular telephones, digital paging systems, hand-held radios, Personal Digital Assistances or other non-secure devices are prohibited from Mission Essential Vulnerable Areas (MEVA), and Restricted and Secure areas. These devices transmit in the clear, and are not allowed to be used for sensitive or classified discussions, or data transfer.CELLULAR TELEPHONES – A SECURITY RISK! Cell Phones have two major vulnerabilities: Conversations can be monitored. Phones have microphones.Monitoring – Cell Phones are basically radio transmitters. Anyone, with the right kind of radio receiver, can listen in. Although the law prohibits listening in, and provides penalties for those that do, Cell Phone calls are intercepted. By slightly modifying an electronic circuit board, scanners can easily intercept and broadcast calls. More technically advanced equipment can be purchased on-line that detect and record Cellular conversations. “Cell Phone Interceptors” even have web sites where they exchange Cell Phone numbers of "interesting" targets. Opportunistic “Interceptors” sell their best "finds" to newspapers, criminals and businesses. Criminals often place Cell Phone monitoring equipment in high Cell Phone use areas, like malls or stadiums. These criminals use captured information to steal identities, credit card information, or anything else they happen to overhear. One publicized case of Cell Phone monitoring involved former Speaker of the House Newt Gingrich. An "accidentally overheard and taped” conversation concerned the Republican strategy for responding to Gingrich's alleged ethics violations: the intercepted conversation was reported by the New York Times and in other newspapers.Microphone – Cell Phones can be used as microphones: other people, at the receiving end, can listen to local conversations. Dial out, and place your activated Cell Phone in a pocket or brief case, or on a table, and allow a distant party to listen in. Covertly leave it in a conference room, and listen in from another location to what your buddies are saying about you, about your presentation, your next deployment, or contract proposal. What happens if you accidentally fail to correctly turn-off your Cell Phone? Another way to listen in, using a Cell Phone, includes transmitting a maintenance code, on the control channel, that places the Cell Phone in a "diagnostic mode." When this is done, conversations in the immediate area of the Cell Phone can then be monitored. The Cell Phone owner will not even know the Phone is in the diagnostic mode, until he or she tries to place a call. The unit can be brought back into an operational mode by simply turning it off and then back on. Turning Cell Phones “off” and then “on” is not an uncommon occurrence when troubleshooting a malfunctioning Cell Phone. Nokia advertised a "Spy Phone," that allows owners of the Cell Phone, to program in a special control number that allows their Phone to be controlled remotely; automatically answering incoming calls without any visual or audio indicators.CAMERA PHONES: Cell Phones that take pictures are a security risk.Cell Phones – How They Work: Cell Phones send radio signals through the air on two distinct channels; one for voice and the other for control. When a Cell Phone is first turned on, it emits a control signal that identifies itself to a cell site by broadcasting its mobile identification number (MIN) and electronic serial number (ESN), commonly known as a "pair." When the cell site receives the signal pair, it determines if the requester is legitimate by comparing the requester's pair to a cellular subscriber list. Once the Cellular Telephone's pair has been recognized, the cell site emits a control signal permitting the call. Pairs can be intercepted and used by thieves to steal services.
31Protecting Classified at Work Personnel SecurityYou must limit access to authorized persons by verifying:Identification and Need to Know (For Contractors - DD Form 254 and Expected)Personnel Security ClearanceInvestigation as Recorded in JPASAccessAbility to Protect (Trained and Courier Cards or Orders) KEY POINT.Picture ID card.Access as specified in JPAS -Access as specified by owning commander (commander deems the person is trustworthy, and access is necessary for the performance of duties (Need-to-Know)).Investigation Current: TS – five years S – 10 years C -15 years.Need-to-know (just because they ask doesn’t mean the need to know the information).Visitors should not be a surprise.Investigation and access must match purpose of visit (Clearance from military does not mean that an individual representing Industry maybe given access to classified.Contractors that need access to classified information must be working under a contract is governed by a DD Form 254. This form specifies the classified information the contractor may have access to. NOT ALL CLASSIFIED INFORMATION.Never given to a Foreign National (except as approved by the State Department and specifically released to the individual on a Delegation of Disclosure Authorization Letter (DDL) by the originator. They DON’T get access to ALL INFORMATIONAbility to protect: KEY POINTMust never be left unattended.Must never be discussed in public places.Must be discussed on secure telephones or sent via secure faxes. Must be able to control the area (sound attenuation), including control of wireless devices.Must be under the control of an authorized person.Stored in an approved storage container.Never be processed on your computer unless approved to process at that level by the Designated Approval Authority.Positive ID w/clearance: Early 2007 An Arabic translator who used an assumed identity got work as a contractor for the U.S. Army in Iraq. He pleaded guilty to federal charges of possessing classified national defense documents, including sensitive material about the insurgency that he took from an 82nd Airborne Division intelligence group in ‘04. They do not even know the translator's real name: they refer to him in court documents under several of his aliases, including "Abu Hakim" and "Abdulhakeem Nour."
32Protecting Classified at Work Personnel Security ClearancesA Privilege; Not a RightMaybe revoked at any time (for cause)Investigation + CDR granted Access = Personnel Security ClearanceRequires Investigation and Reinvestigations(5/10 /15 year marks)JPAS system of record (SF312 NDA date, CDR granted access, Unit ownership, personal data, and Investigation date).Specified in JPASAccess as specified by owning commanderInvestigation Current: TS – five years S – 10 years C -15 years. Periodic reinvestigations w/i 30 day window. If deployed, w/I 90 days of return. If out of date, could affect assignments, reenlistments, promotions and schools.A Privilege; NOT a RIGHT!Based on: MOS/Specialty, or duty position. Not because nice to have … Or might need in future.In ’06, DoD processed about 1.9 million requests for a background investigation.May be revoked any time, for cause (Continuing Evaluation)Some of the Causes:Questionable loyalty to U.S. / foreign preferenceFailure to follow security proceduresCriminal misconductAct indicating poor judgment, reliability, or trustworthinessMental or emotional disordersForeign connections / vulnerability to blackmail / coercionFinancial irresponsibilityAlcohol/drug abuseFalsificationRefusal to answerSexual misconductAbuse of a government computer systemRequirement to report CREDIBLE Derogatory information (Even for those Soldiers / civilians without a clearance)Must report Adverse information concerning yourself or a co-worker.You can request JPAS training by
33Protecting Classified at Work Personnel Security Investigation Process:Unit requesting memo to SID, with attached Medical and PMO checksSID will and provide memo through unit to individual granting access to e-QIP site (30-days to initiate & 90-days to finish). SID will also return all documentation.Individual inputs personal data, electronically validates it, and prints a reviewing copy.Security Manger reviews.Individual prints and sign signature pages, then electronically submits the e-QIP produced form.Security Manager provides all documentation to SID.SID will review. If needed, SID will request finger print cards and other documents. SID will submit the personnel security application.All personal security investigation will now use the Electronic Questionnaires for Investigations Processing (e-QIP), E-QIP is a web based system, that allows individuals to electronically fill out personnel security questionnaires (SF86). E-QIP will allow individuals to electronically enter, update and transmit their personal investigative data over a secure Internet connection to SID.First step – Memo to SID requesting that an individual get an initial personnel security investigation (or a periodic update). A sample memo is posted to the MountaiNet that has all of the information we need to start the process). Ensure PMO and Medical memos attached.Second Step - SID will review the request and attached memos. If complete, SID will initiate individual e-QIP access, and return all documents.Third Step – Individual completes and validates personal data in e-QIP. Prints a copy for owning Security Manager’s review. It may take several validation attepmts.Forth Step – Security Manager reviews and validates personal data. If complete, instructs individual to print and sign signature pages, and to submit the electronic SF86.Fifth Step – Security Manager coordinates with SID to provide paper copies of the SF86, SF86 signature pages, medical and PMO check memos, and if require, finger print cards.Sixth Step – SID will review all, and if complete, forward the personnel security investigation request.E-QIP was not designed to produce SF85 or or SF85P forms.Must report changes of Name, Marital Status and Citizenship.SID will check for:Completeness (all fields filled in with valid information).Complete address (house number, street, city, state and zip code)Match residences with employment history (same locations). Must report deployments over 90 days (in both residence and employment blocks). Unemployment time is reported as code 7 with verifier information.Relatives: include “mother-in-law and father-in-law.” Include all relatives specified.
34Protecting Classified at Work Foreign Disclosure:Disclosure of Official DOD information to Foreign Governments, International Organizations, and Contacts with Foreign RepresentativesPersonnel Exchange Program (PEP)Must have a Delegation of Disclosure Authorization Letter (DDL) Outlining Information allowed to be disclosed.Foreign Disclosure Officer Ensures Compliance with Terms of the DDL.PEP Officers are not Allowed Command Assignment Positions.PEP Individuals May Not have Unsupervised Access to Automation (normally only visual / oral disclosure).PEP Individuals Can Not Obtain US Security Clearances,.PEP Individuals may not be given Security Responsibilities.Personnel Exchange Program (PEP) personnel may only have access to DoD information as specified in their DDL.DDL will specify any restrictions or limitations.accounts must identify PEP personnel.DDL will specify the name of the contact officer that is charged with ensuring compliance with the terms of the DDL.You must report all continuing contacts with foreign nationals, to include shared living quarters and marriage. You must report suspicious contacts with/by foreign nationals. You must report if a member of your immediate family (or your spouse’s immediate family) is a citizen or resident of a foreign country. You must report potential employment or service, whether compensated or volunteer, with a foreign government, foreign national, foreign organization or other entity, or a representative of any foreign interest.You must report foreign travel- SF85, 85P or SF86 Questionnaires– so as to receive Force Protection and country briefings.
35Protecting Classified at Work Transmitting Classified (Voice)Always use Secure Telephone Equipment (STE) for classified calls (e.g., NSA approved cryptographic system).Use compatible facsimile machines cleared for classified use for quick and secure document transmission.Check windows and doors before classified conferences to ensure others can not hear or see what is going on. Control access with guards.Remove unauthorized wireless devices from area.STUIII – Dec 08 is the last time DoD will generate a STUIII cryptographic variable. DoD will end STUIII use Dec 09.When discussing classified material, the telephone user must clear or control the area around them (sound attenuation).Speaker Systems in ceilings transmit sound (DOIM)!!! Like 2 cans and a string ….Do all phones have a DD Form 2056 affixed? (AR 380-5, para 6-13, & FD CIP item) (Handout)
36Protecting Classified at Work Transmission (Hand-Carrying)Secret and Confidential OnlyOn Post: DD Form 2501JPAS indicated access and investigationAcknowledgement of ResponsibilitiesOnly on Fort DrumOff Post: Orders (CONUS & OCONUS)Double wrapping and addressingReceiving and sending POC informationInventory / receiptAcknowledgement (CONUS or OCONUS)Two-way Hand-carrying not Authorized***Includes hard drives, pen drives, laptop computers and other electronic devices and components!!NOTE: G-2 produces for 10th MTN DIV Units, and DPTMS, SID for Garrison / Tenants.1st Electronic transfer Preferred (SIPRNET) – Hand carry only as last resort.2nd For Secret: US Express Mail or US Registered Mail 2nd Preferred method for transmitting classified material. Certified nor 1st Class mail allowed for Secret. Certified allowed for Confidential. Express Mail – no outdoor street side collection boxes. Don’t sign “Waiver of Signature and Indemnity” block. TS cannot be mailed!!!3rd Hand carrying – only properly cleared carriers. TS – generally not hand-carried. To transmit Top Secret SCI in any manner, call the G-2. Must use Defense Courier Service if TS out of US control, or contains SCI or COMSEC material.If on post with a DD Form 2501 – carry classified in envelope, briefcase, etc., obscuring the classified material. (Show card). 10th Mtn Div: Rich DrakeIf off post with Orders - only if can’t transmit electronically or use US Postal Service (Express or Registered).Double wrapping and packaging as if mailing (also for mail): must be done to prepare for hand carry, or US Postal (Full to and from addresses)Affords 2 layers of protectionProtects against damage and ease of detection of tamperingUse opaque envelopesInside stamped at the level of the classified material.Includes inventory and transmittal documents (e.g., DA Form 3964). (WHY inventory? IAW AR380-5, if lost – have to assess damage to US. To do this, have to know what was carried (or on disk/USB drive)). Must keep for two years.Couriers have to have a personnel security clearance at or above that which they are carrying.Overnight Travel: Material must be stored at a cleared facility. No overhead bins, CONEX’s, checked baggage, etc. No USB drives hung around somebody’s neck while sleeping. Can’t take home or to hotel. [Could have two people on orders. One wake, one sleeping.]Hand Carrying Classified Material:Individuals must be briefed on their responsibilities. Receive training on safeguarding classified.Written authorization (Card or orders).Overnight storage only at US government facility or cleared contractor with storage capability.Double wrapped.Constant surveillance (in personal possession),Material must not be read, studied, displayed, etc.Material must never be left unattended.US Carriers (unless non available).Photo ID and Authorizing memo.Exception – When part of a unit movement deploying either to an assigned contingency or training area. Still has to be controlled. Can’t lock up in shipping container and ship.
37Protecting Classified at Work AutomationTransmitting Classified (Electronic)NO Unauthorized Use of Computers!Systems must be certified and accredited PRIOR to use (both Classified and Unclassified)Users must IT-Level III TrainedAll users must have a background investigation (including contractors)Protect classified automation and communicationsSecure roomGSA approved containersSecure classified components (e.g., removableHD, TACLANE & CIK or PDS)See your IMO or IASO, or DOIM for helpAccess to government automation and networks requires that individuals receive background checks and attend IT-Level III training. Automation users must also follow directives and guidance from NETCOM and Fort Drum’s DOIM. These measures provide a level of information assurance. Information assurance (IA) protects and defends information and information systems by ensuring their availability, integrity, authenticity and confidentiality.For Unclassified automation access:For Background Investigation for Contractors – SF 85P (Questionnaire for Public Trust Position). NOT A SECURITY INVESTIGATION / CLEARANCE. Have to do enen if individual has a clearance with the NG/Reserves.Soldiers and Civilians background checked when hired.AR25-2: Auto-forwarding of official mail to non-official accounts or devices is prohibited IAW AR 25-2 para 4-20f(6) and may be punished as a violation as noted in AR 25-2 para 1-5k. Example: forwarding your .mil to a .com account . Also remember to patch your systems (e.g., use up-to-date AV, lock your system went getting up from your desk, logout when leaving your work area at the end of the day or for extended periods of time).Jan 08: Several Utility Companies attacked: utilities shutdown.Dec 07: SANS Newsbites. MI5 Warns UK Businesses of China-Sponsored Cyber Attacks. The UK government has accused China of breaking into computer systems at prominent UK businesses. The reports indicate that MI5 chairman Jonathan Evans sent a confidential letter to 300 chief executives and security chiefs at major UK companies, warning them of the attacks. Rolls Royce and Royal Dutch Shell have reportedly been targeted by the cyber attacks, but so have many smaller organizations and law firms representing companies doing business in China. Similarly, all across Washington DC, senior government and contractor officials are reacting with shock to the revelation that their systems have been deeply penetrated and taken over by unauthorized users who are stealing enormous amounts of sensitive data. Most of the penetrations were done through spear phishing s with infected attachments or with urls that took victims to web sites where their systems were infected.Jul 07: ComputerWorld. Millions of documents containing sensitive and sometimes classified information are floating about freely on file sharing networks after being exposed by individuals downloading P2P software on systems that held the data. Among the documents exposed: The Pentagon's entire secret backbone network infrastructure diagram, complete with IP addresses and password change scripts; contractor data on radio frequency manipulation to beat Improvised Explosive Devices (IED) in Iraq; physical terrorism threat assessments for three major U.S cities; information on five separate DoD information security system audits; Iraq status reports; & Social Security numbers. In addition, the ready availability of federal and state ID cards, passports, Social Security numbers, credit card information and bank account details make P2P networks a great source of information for identity thieves. Popular P2P clients, such as Kazaa, Lime Wire, BearShare, Morpheus and FastTrack, are designed to let users quickly download and share music and video files. Normally, such P2P clients allow users to download files to and share items from a particular folder. But if proper care is not taken to control the access that these clients have on a system, it is easy to expose far more data than intended.
38Number/Frequency of Attacks drive-by-downloadsCAPTCHAwireless device virusesparasitesHighexperimentationkey stroke capturing trojan“stealth” / advanced scanning techniquesBOTNETS/BOTSBOTHerdersvandalismwidgetsdenial of servicephishingcyber crimehackerismmass spamblended threatspacket spoofingmobile codewww attacksTechnical ExpertiseDDOS attackssniffersautomated probes/scanssweepersback doorsinfo warfare defensivedisabling auditsGUInetwork mgmt. diagnosticshijacking sessionspoliticsLowburglariesexploiting known vulnerabilitiesinfo warfare offensiveCompletely Automatic Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) Spammers get info w/stripper – get correct response.BOTS – cmptrs infect other cmptrs forming network, Herder of many BOTNETS.INFORMATION OPERATIONS CONDITION LEVEL FIVE (INFOCON 5)Nov 07: The Internet arm of Al Queda targeted 15 anti-Islamist sites, urging its followers to download point-and-click Electronic Jihad 2.0 software. Caused ping flood type attacks.Jun 07: A Computer system in Defense Secretary Gate’s office was hacked in June. Administration officials say China is the No. 1 suspect. Additionally, The Pentagon suspects China's PLA of operating secret cells of computer hackersApr 07: A King City, Ontario (Canada) man who is already a suspect in a card-skimming fraud case had numerous new charges filed against him. Sergeui Kokoouline and his wife, Larissa Piminova, were in possession of counterfeit credit cards; when the couple's home was searched, police found and seized credit card-making equipment, numerous phony cards and pages of credit and debit card data. The couple faces a combined 238 charges against them.Feb 07: The Naval Network Warfare Command says Chinese hackers are relentlessly targeting Defense Department networks with cyber attacks. The "volume, proficiency and sophistication" of the attacks supports the theory that the attacks are government supported. The "motives [of the attacks emanating from China] ... include technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD network for future action."How do you protect yourself electronically??? DOIM Gold Standard. Don’t load unauthorized SW. Don’t load/use peer-to-peer or chatting SW. Comply with DOIM and other Network Security Bulletins. Use Passwords (mix special and alphanumeric) & Password Protected Screen Saver. Limit access, Don’t share and chg passwords (e.g., delete unused accounts, no open shares, etc). Backup data. Keep system/applications patched. No chatting, messaging, etc., services. Don’t use Preview Window Option. Don’t open anything if you don’t know who sent it, or what it is. Don’t download publicly available software, unless you know its source. DOIM/IMO’s should approve all SW. Don’t give out Network and System Information using , Web, and Telephone (Data Mining). Don’t cruise the Internet.Islamic terrorist groups such as al-Qa‘ida, HAMAS, and Hizballah incorporate information technology to support their operations and use it for communications, fundraising, propaganda, recruitment, targeted reconnaissance, and training. Al-Qa’ida does Info Warfare very well. Info considered in every attack.: camera’s go hand-in-hand with rifles.- A statement posted on the website azzam.com used by al-Qa‘ida-related jihadists urged Muslim Internet professionals to disseminate information through , online discussion groups, and websites. The statement claimed, “The more websites, the better for us. We must make the Internet our tool.”- Islamic extremist groups use websites to provide information on their activities, organization, plans, and political, religious, and social objectives. Groups such as HAMAS and Hizballah and insurgents in Iraq use websites to glorify their violent actions by posting videos and pictures of executions and bombings and statistical updates of daily attacks against the enemy. Many sites publish online advice / statements by religious figures encouraging readers to undertake jihad, publicize speeches and declarations of their leaders, and make claims of responsibility for attacks.password crackingself-replicating codepassword guessing1980198519901995200020052010Number/Frequency of Attacks
39Protecting Classified at Work Reproduction of Classified Documents (Photocopier)Use approved equipment only (G2 is the only agency that has classified copiers)!Cannot connect to unclassified networks.Cannot leave latent images (ghosting).Classified material cannot be visible to uncleared personnel.Cannot retain electronic data (e.g., embedded HD’s, memory or other components).POSTED and authorized (FORSCOM Form 138-R).Unit SOP indicating sanitation procedures (jams and classified waste).There is a risk of leaving originals in / on reproduction equipment.If you have a cleared copier, you must add “Checked Copier” to your End of Day checks on your SF 701.HO FOSCOM Form 138-RIf the copier spools the print job – it retains data. Can’t use it for Classified.Copy only on approved/certified equipment.Generally, can’t reproduce TS material (requires originator or higher HQ consent: must be controlled).If your copier is not approved for classified copying, use FORSCOM Poster 93-R indicating so (WARNING, REPRODUCTIONOF CLASSIFIED MATERIAL WITH THIS EQUIPMENT IS PROHIBITED).Check with DOIM to determine if your unit has a copier authorized to reproduce classified.ONLY TWO APPROVED COPIERS – IN G2
41Protecting Classified at Work DestructionApproved Cross-cut Shredding, including paper and Mylar film (Disintegrator) – G2Classified waste “burn bags.” (environmental issues)Electromagnetic destruction (HD’s) – DOIMRAM, ROM, DRAM, SRAM, PROM Smart Cards, PDA’s, and other electronic devices, etc.) – DOIMDVD’s & CD’s – G2 (NSA/CSS evaluated and approved grinder, or completely destroy)Must be protected until destroyed!Use End-of-Day checks and Customizable Form 701 to check areas for classified before leaving for the day!*** Use Spring Cleaning Concept (following Records Management Regs –destroy old and unused material).NOTE: Use DA Form 3964, Classified Document Accountability Record, to record the destruction of TS material.Equipment must be NSA certified (e.g.., NSA CSS SPL & 02-02,). (Show SEM cat)Paper and diskettes: Individuals are responsible to destroy classified paper products, including Mylar film from diskettes, typewriter ribbons, tapes, etc., using NSA-approved shredders or disintegrators.G-2 controls approved Disintegrator for paper, & a grinder for CD’s & DVD’s.DOIM can wipe/destroy HD’s, also issues guidance on destroying other classified devices that retain data (e.g., Magnetic Disks (includes hard-drives), Optical Storage Devices (including Compact Disks (CD) and Digital Versatile Disks (DVD), Dynamic Random Access Memory (DRAM) and Static Random Access Memory (SRAM), Ferro-electric Random Access Memory (FRAM) and Magnetic Random Access Memory (MRAM), PROM, EPROM UVEPROM and EEPROM, Non-volatile FPGA and Volatile FPGA, and Smart Cards,Burning – dirty & ashes examined. PW maybe concerned (environmental issues). Other approved methods include Pulverizing, Pulping, Physical Destruction, Melting, and Chemical Decomposition.Record usually required for TS: not usually for Secret on Confidential material.Destroy as soon as possible. Ask question: “Why do we have this document?” Spring Cleaning – Following Records Management regs – destroy old and unused material. Generally, original material generated or created by units is a record copy and can’t be destroyed. Can be shipped to storage.Why Destroy: Reduce Holdings, Free up storage space, Save resources & money, REDUCE RISK OF COMPROMISE.Mark classified waste containers.21 Aug 07 (AP): Army Lab Documents Found in Trash Bin. Boxes of documents containing personal information from the Walter Reed Army Institute of Research were supposed to be shredded but instead turned up in a trash bin. A resident near the Army medical research's campus found the boxes and alerted police. An investigation is under way to determine precisely what information appeared off base, and to determine what happened. The records were supposed to be shredded. Destry FOUO so that it can not be reasonably be reconstructed.
42Industrial Shredder Bldg T-679 0800 – 1530 hours BY APPOINTMENT ONLY CallItems not shredded:Any PlasticDocument protectorsMap overlaysMicrofiche filmTypewriter ribbonsCassette/Video tapeFloppy DisksNo Metal (including paperclips and staples)
43Mark classified waste: and only use for classified waste.
44Protecting Classified at Work Emergency Evacuation and Destruction PlanA plan that provides for the Protection, Removal or Destruction of Classified Material in case of Fire, Natural Disaster, Civil Disturbance, Terrorist Activities or Enemy Action.Detailed procedures / responsibilities for the protection of classified material.Specific persons / positions.Minimizes injury or loss of lifeAllow senior person to deviate from the plan when necessary.Assign priorities based on damage to the USPriority 1 (TS) – Exceptionally grave damagePriority 2 (S) – Serious damagePriority 3 (C) – DamagePriority Markings are affixed to the interior of the safe drawers…When required, record the destruction of classified material.A plan for the protection, removal or destruction of classified information in case of:FireNatural DisasterCivil DisturbanceTerrorist ActivityEnemy ActionWork with higher headquarters. In your plan, who (has to have clearance), what vehicles (where are the keys), Take to whom? Box’s and packing material? Many units indicate will destroy what they have on hand? What about Hard and USB drives? What is acceptable risk?Priority is assigned for Emergency Evacuation or Destruction based on potential effect on National SecurityPriority I - TOP SECRET (TS) – Exceptionally Grave DamagePriority II - SECRET (S) – Serious DamagePriority III- CONFIDENTIAL (C) – DamageFORSCOM Memorandum to 380-5, Appendix D has a “Sample Plan for Emergency Safeguarding Classified Material.”
45End of Day Security Checks Check all areas to include safes, windows, desktops for classifiedComplete the SF 702, Security Container ChecklistComplete the SF 701,Activity Security ChecklistTurn on alarms ifappropriateLock doorsSF 701: Maintained until the first entry on new form. (AR380-5, pap 6-13)Fill in your own entries
46Protecting Classified at Work Physical SecurityPerimeter FencesEmployee and Visitor Access ControlsBadges / Common Access CardsIntrusion Detection SystemsRandom Guard PatrolsProhibited Item ControlsEntry / Exit InspectionsEscortingClosed Circuit Video MonitoringIF YOU SEE SOMEBODY JUST WALKING AROUND – STOP THEM, ASK THEM WHAT THEY ARE DOING, ASK THEM IF YOU CAN HELP….Prohibited Items? – Cell phones, pagers, PDAs, 2-way radios, or any wireless devices.Ask somebody just standing around if you can help them.You must report lost or stolen badges, or Common Access Cards.Cell phones and operate (maintenance codes) even if you turn them off. Collect all wireless devices before all individuals into rooms for classified discussions.
47Operations Security (OPSEC) OBJECTIVE: Conceal capabilities and intentions of tactical to strategic operations (G3 & DPTMS OPSEC Officer responsibility)Four Major COMPONENTS (How to do):Physical Security (fences, guards, access control, etc.)Information Security (marking, handling, transmission, storage and destruction)Signal Security (encryption and signal strength)Deception / Counter-SurveillanceProtect from the Foreign Intelligence ThreatHuman IntelligenceSignals IntelligenceElectronic WarfareIntelligenceOPSEC is a systematic process used to mitigate vulnerabilities and protect sensitive, critical or classified information.By practicing and executing Physical Security, Information Security, Signal Security, and using Deception and Counter-surveillance, you can protect yourself, your family and unit from Human and Signals Intelligence, Electronic Warfare, and Foreign Intelligence.Lock up your FOUO material.Marines coming ashore in Somali – TV cameras taking pictures: operational concern? Danger to our Marines?OPSEC training given by DTPMS, Plans, Exercises and Mobilization (PEM), 1st working Tuesday each month.
48Public release of Government information must first be approved by the Public AffairsOffice.If classified information appears in the public media, personnel will not make any statement or comment that would confirm the accuracy or verify the classified status of the information. It is essential that Army personnel are careful to neither confirm nor deny the existence of classified information or the accuracy of that information in the public media. Personnel will report such matters to the command security manager, or other official designated by the commander. The matter will then be reported to the original classification authority for the information.The news article or other medium will not be marked as classified, however, the written report detailing the discovery of the information in the public media will be classified to the level of the information believed to have been compromised. Personnel will not discuss the matter with anyone without the expressed consent of the command security manager, or an individual so designated by the command security manager or commander. An appropriate security clearance and need–to–know is required. No discussions will be made over non–secure circuits.If approached by a representative of the media who wishes to discuss information, personnel will neither confirm nor deny the accuracy of or the classification of the information, and will report the approach immediately to the appropriate command security and public affairs authorities.
49What Happens If… Report It!!! Security container is found open and unattended?Classified information is found unattended?Uncleared or unauthorized persons have accessed classified information?Other possible/actual compromise of classified information?Report It!!!Anyone who has knowledge of a security violation has a legal and moral obligation to report it.
50Preliminary Inquiry Inquiry Officer Procedures are outlined in AR 380-5, chapter 10; not a full blown formal investigation.Designed to determine if a loss or compromise of classified material occurred.Also addresses possible systemic/procedural problems and/or weaknesses.Inquiry OfficerAppointed in writing by Commander or Staff Officer in the rank of LTC or higher (Authority is Para 2-1, AR 15-6).Rank/Grade:Military: SFC or higherCivilian: GS07 or higherMust be a disinterested party (not in the rating chain or chain of command).Must be equal to or senior to the individual(s) involved in the incident.Must have or be given sufficient time to conduct inquiry.Must be cleared at the same or higher level of classified material involved in the incident.Violation: Any departure from the established rules and/or procedures for handling classified information.Open & unattended security containerUnattended classified informationCompromise: Any unauthorized access to classified information.Uncleared or unauthorized person given access to classified informationClassified information released in unclassified documents, articles, or other formsInquiry Officer:Interviews/Contacts all person with knowledge of incidentMay take written and/or oral statementsAttempts to answer all Who, What, When, Where, How, & Why QuestionsExcept in unusual circumstances, the command security manager will not be appointed to conduct the preliminary inquiry. It is typically the responsibility of the security manager, unless command policy states otherwise, to make sure that an official is appointed to conduct the preliminary inquiry and to ensure that the preliminary inquiry is completed in accordance with AR380-5, chptr 10. Advice and assistance may be requested from the supporting counterintelligence organization.Possible findings concerning classified material involved:Loss or compromise did not occur.Loss or compromise may have occurred but could not be expected to cause damage to US National Security or Foreign Relations.Loss or compromise did occur and could be expected to cause damage to US National Security or the probability/possibility of damage cannot be discounted. (Include an estimate of possible damage.)Recommendations for damage control
51Appointing AuthorityInquiry Officer provides Written Report to the Appointing Authority within 20 working days* of the incident.Is further investigation needed?Is there evidence or indications of willful intent to compromise classified material?Was this caused by an individual(s) and is disciplinary/administrative action warranted?What is recommended to correct systemic flaws and weaknesses?Review with recommendations from Appointing Authority, through the chain-of-command, to the Division or Installation Security Manager within three working days*.* Reference: FORSCOM Supplement 1 to AR 380-5Investigating individual to the appointing authority within 20 working days.The appointing authority to the Division or Installation Security Manager within three days.
52Most leaks result from: NegligenceCarelessnessCasual ConversationsReport incidences to your Security Manager/Commander through Command chains to first MACOM (FORSCOM / IMA).Incidences don’t get better with age.Investigate IAW 380-5, Chapter ten. (Assess damage to US – inventories & know what you have)Classified Meetings/VTC’s – Personnel properly cleared? Lists, badges, etc. What’s the problem with lists and badges? JPAS best.
53InspectionsAR380-5 & FORSCOM Suppl 1 to AR380-5: Subordinate Units “No less that once every other year”Fort Drum Reg 1-3: Fort Drum Command Inspection ProgramAppendix I – 01 (Information Security)Appendix I – 02 (Personnel Security)Appendix I – 03 (Antiterrorism)Appendix J – (Intelligence Oversight)For subordinate units: maintained on file and forward to next higher. (Show FD Reg 1-3)IG Commend Inspection Program: Fort Drum Reg 1-3, OIP,I 01- Information SecurityI 02- Personnel Security,I 03-Antiterrorism, and J-Intelligence Oversight.Unit inspections of subordinates’ Security Programs should include:Program ManagementRecords (including SF312’s and training records)Files (classified holdings)Personnel Security Program (process for initial submissions, timeliness of periodic review, derogatory information and incident handling)How units reproduce and disseminate classified materialManagement of security containers and storage areasViolation procedures.Units should consider After Duty Hour Checks:Individuals should be notified of the policy (in writing)Procedures have to be specified (locking of desks and what to do with discovered unsecured material).NOTE: Inspections are conducted only for the purpose of detecting improperly secured material.
54Questions? More Training available from Defense Security Service … Questions?More Training available from Defense Security Service …Remember: Classified material:Must be under the control or guarded by an authorized person or stored in a locked security container, vault, secure room or secure area.Must be discussed on secure telephones or sent via secure communications.Must be processed on approved equipment.Must be destroyed by approved methods.Must be discussed in an area authorized for classified discussions.
55WHY SECURITY?DoD Security Regulation, Directives and Programs are established to counter threats.Threats to classified and unclassified government assets includes:Insider (e.g., government employees, contractor employees and authorized visitors).Criminal and Terrorist Activities.Foreign Intelligence Services.Foreign Governments.Other then to standardize standards between Federal agencies and industry ….Jan 08: [NY Times] 3 leaders of a defunct Islamic charity were convicted of defrauding the federal government by winning tax-exempt status for their organization while concealing the fact that it supported militant fighters in Afghanistan and elsewhere. The charity was an offshoot of a Brooklyn organization, Alkifah Refugee Center, now defunct, which sent aid to a group helping fighters in Afghanistan that later helped give rise to Al Qaeda. The charity, Care International, which has no relationship to the worldwide organization of the same name, raised $1.7M between 1993 and 2003.Nov 07: [NY Times] A Lebanese-born CIA officer, who had previously worked as an FBI agent, pleaded guilty to charges that she illegally sought classified information from government computers about the radical Islamic group Hezbollah. She specifically searched computerized case files, maintained by the FBI, on Hezbollah although she “was not assigned to work on Hezbollah cases as part of her FBI duties and she was not authorized by her supervisor, the case agent assigned to the case, or anybody else to access information about the investigation in question.”
56Subversion and Espionage Directed Against the US Army (SAEDA) US Army - A Prime TargetSituations to report:Attempts to obtain information (while at Fort Drum, at home, or while traveling)Intimidation while traveling through foreign countriesExploitation of another personAct or attempt to compromise classifiedKnown or suspected deliberate compromiseNOTE 902nd MI Responsibility7 Mar 07. Source: New York City's counterterrorism chief, said: “The threat to New York City's transit system is not just theoretical." He warned House lawmakers, "There have been 22 bomb threats and 31 intelligence leads related to subway attack plots this year."12 Mar 07. Source: InfoWorld. For DuPont, Gary Min may have seemed a model employee. A research chemist at DuPont’s research laboratory in Circleville, Ohio, Min was a naturalized U.S. citizen with a doctorate from the Univ of PA who had worked for DuPont for 10 years, earning an Ohio State business degree with help from his employer. He moved up the ranks within the company, taking on various responsibilities on research and development projects within its Electronic Technologies business unit. He specialized in the company’s Kapton line of high-performance films, which are used, among other places, in NASA’s Mars Rover. But Min’s veneer of respectability began to crack in Dec. 05, when he told his employer he would be leaving his job. According to a civil complaint filed by DuPont against Min, a company search the next day revealed that Min had recently been an avid user of the company’s electronic document library, accessing almost 23,000 documents between May and Dec 05, including more than 7,300 records in the two weeks prior to his giving notice. Alarmingly, Min had strayed from his area of specialization, rummaging through sensitive documents related to Declar, a DuPont polymer that competed directly with PEEK, a product made by Min’s future employer, Victrex. With Min indicating he would relocate to a Shanghai office of Victrex, DuPont is not alone. The broad outlines of the Min case — his Chinese nationality, his links to companies operating in that country, and the broad scope of his attempted intellectual-property heist from DuPont — are in keeping with what the FBI says is an epidemic of state-sponsored economic espionage. By one estimate, there are as many as 3,000 front companies in the United States whose sole purpose is to steal secrets and acquire technology for China. UPDATE: Nov 07, Gary Min pleaded guilty to theft of trade secrets. Now sentenced to 18 months in prison and ordered to pay $14.5K in restitution and $30K fine. He was the 2nd most active user of the company's database.
57TRADITIONAL THREAT RUSSIA CHINA N. KOREA Iran Iraq Afghanistan Syria CubaArgentina27Sep07. IDG News Service . A federal grand jury indicted two men in California, Lan Lee, a US citizen, and Yuefei Ge, a Chinese national, of conspiring to steal high-tech trade secrets to develop them with venture capital funding they sought to obtain from China.22 Apr 07. Reuters. A former engineer at the largest U.S. nuclear power plant was arrested on suspicion of taking software codes and using them to download details of plant control rooms and reactors while in Iran. The software involved was used to train plant operators and there was no indication of a terrorist connection, said Deborah McCarley, an FBI spokeswoman. Electronic records show that Alavi's name and password were used to download software registration in Oct 06 from a computer in Tehran, according to an FBI affidavit. The FBI arrested Mohammad Alavi, who worked at the Palo Verde Nuclear Generating Station outside Phoenix, in Apr 07 at Los Angeles International Airport when he arrived on a flight from Iran. He is charged with a single count of violating a trade embargo that bars Americans from exporting goods and services to Iran. Alavi, 49, a U.S. citizen who was born in Tehran, denies wrongdoing, his lawyer, Milagros Cisneros, told the Arizona Republic newspaper. Export of the software, without prior authorization, is illegal, according to the affidavit. Alavi faces up to 21 months in prison if convicted of the charge.China is running aggressive and wide-ranging espionage operations aimed at stealing U.S. weapons technology that could be useful against U.S. forces. US counterintelligence officials have also detected an expansion of spy networks run by Russia, Cuba and Iran targeting the U.S. government and, in the case of Iran, U.S. military technology, according to Timothy Bereznay, assistant director of the FBI's Counterintelligence Division. China, however, has emerged as the leading espionage threat. China has "put out a shopping list" of weapons and components it is seeking to arms dealers and middlemen. Middlemen, often ethnic Chinese, operate out of shell companies in the USA. The list includes night-vision gear, radar-evading and radar- and communications-jamming equipment, missile-guidance systems and torpedoes.One accused Chinese spy, Taiwanese businessman Ko-Suen "Bill" Moo, pleaded guilty to charges he tried to buy military parts and weapons, including an F-16 fighter jet engine and cruise missiles.State Department issued 382,000 nonimmigrant & 37,000 immigrant visas to Chinese citizens in ‘06. More than 62,000 Chinese students were studying at U.S. universities.In another case, authorities recovered restricted documents on the DDX Destroyer, an advanced technology warship, and they also found tasking lists in Chinese asking Chi Mak, a US citizen, w/Secret Clearance, who worked for Power Paragon, a defense contractor, to get documents about weapons and defense technologies. His wife, Rebecca Chiu; his brother, Tai Mak, his brother’s wife, Fuk Li, and his grandson, Billy Mak were also accused of scheming to send sensitive information about Navy warships to China. Chi Mak passed information about US naval technology from his employer to his brother and that his nephew, Billy Mak, then helped encrypt the files onto CD-ROM computer disk. That disk was found hidden in the luggage of Tai Mak and his wife after they were arrested in Oct 05 at Los Angeles International Airport as they prepared to travel to Hong Kong and Guangzhou, China. Mak admitted he'd been passing information to the Chinese for two decades and had a government contact in Guangzhou, China, named "Mr. Pu." Mak allegedly told the agent that until 2001 he would take sensitive documents to his brother in Hong Kong, and his brother would pass them to Mr. Pu. His brother moved to the United States in Mak said he had passed along military secrets on an electromagnetic aircraft launch system, power distribution technology for the Aegis Spy-1 radar system and studies on the survivability of U.S. naval ships. During a search of Mak's home, investigators found hundreds of pages of documents marked NOFORN. Court papers indicate investigators found lists in Chinese asking Mak for information about torpedoes, electromagnetic artillery systems and technology used to detect incoming missiles.
58NON-TRADITIONAL THREAT FRANCES. KOREAISRAELINDIATAIWAN171 Diplomatic Missions within 2 hrs. Clarkson Foreign students working on UAV project. Lots of Tourists in NNY during the summer ….FORT DRUM??? “MAJ” Asking Hello OR rate. “And if you are from the Pentagon – wouldn’t you already have that information?” Hung up when asked for POC info.Photo’s from high points. Lost “soldier” w/o ID screwed up ACU’s. Lost people looking for Syracuse. Lost Doc that lives in Governor. Israel Driver (moving van) w/ Mexican in back at X-ray pt. Questions on X-ray machine operational times / does it break? Foreign military sales: One foreign country spying on an advisory – local merchant reported. Photographing Ft Drum from surrounding high ground (reported by concerned local).In US??? Known and alleged Al-Qaeda operators are located in Montreal and Toronto, Canada, and in Cleveland, OH, Newark, NJ, and Lackawanna and Syracuse, NY.Hezbolah is in Ottawa and Toronto. Hamas is also in Ottawa, and Hamas leaders founded the organization in the State of Indiana.Several recruited U.S. citizens and legal aliens, from OH, NY and NJ, have recently made the news and are in court for alleged terrorist activities.Law enforcement, Department of Transportation and Border Control Officers intercept illegal aliens and individuals on terrorist watch lists daily.Many alleged terrorists have attended or are attending U.S. universities on student visas.Suspected terrorist organizations like Jamaat Al-Fuqua have compounds that are located in Berrysbay, Canada, and Hancock, NY: Fort Drum is located between these two cities. One of the Al-Fuqra's half-dozen communes is located near Barrysbay; the others are in NY, SC, CA, GE and TN. Each is inhabited by up to 300 people. Known to conduct military type training. Intelligence reports them as a Muslim criminal extremist group that seeks to purify Islam and defend it against perceived enemies using violence where necessary. Involved in terrorism since ‘79, when members began conducting assassinations and bombings in the US. The U.S. government claims that al-Fuqra members were involved in 13 bombings and arsons during the 1980s and 1990s and were responsible for at least 17 murders. And many al-Fuqra members fought during the 1980s and 1990s in Afghanistan, Kashmir, Lebanon, Bosnia and Chechnya -- foreign "jihads' adventure trips" that some mounted with the assistance of the al-Kifah Refugee Center (popularly known as the Brooklyn Jihad Office).
59Ottawa and Toronto, Canada HezbollahHamas (Ottawa only)Al-QaedaHancock, NYJamaat Al-FuquaMontreal and Quebec, Canada, andVancouver, British ColumbiaAl-QaedaLackawanna and Syracuse, NYAl-QaedaWebster, NYJamaat Al-FuquaRochester, NYBerrysbay, CanadaJamaat Al-FuquaBoston, MAGamat IslamiyahNational Islamic FrontJersey City/Paterson, NJGamat IslamiyahNewark, NJAl-QaedaPhiladelphia, PAAl-MuhajirumGamat IslamiyahHAMASHizballahNew York CityAl-MuhajirumGamat IslamiyahHAMASHizballahAl-QaedaTamil Tigers“Domestic”-Herald Square Subway“Domestic”-The Al Muhajiroun TwoCleveland, OHAl-QaedaFT Dix, NJ“Domestic Terrorist” Cell-Pizza DeliveryAug 07: Buffalo, NY-Algerian-born Canadian national Hamid “Smith” arrived at the Peace Bridge and applied for admission. Customs and Boarder Protection (CBP) identified “Smith” as a Terrorist Identities Datamart Environment (TIDE) record match, classified him as inadmissible, as an immigrant without an immigrant visa, and permitted him to withdraw his application for admission. NYC: A Jordanian national Tariq “Jones” arrived at JFK International Airport from Amman, Jordan. ABDEL “Jones” presented a B1/B2 visa and applied for admission, at which point CBP classified him as a TIDE record match, and processed him for expedited removal.Aug 06. Tax Fraud. Bearing Hizbullah's fingerprints, Lebanese Americans from the Detroit area would buy boxes of cigarettes in NC, and truck them Michigan, selling them at a profit. The men would then wire earnings to Lebanon. They expanded into stolen contraband and counterfeit goods, including Viagra.Jul 07: A Dearborn, MI, charity, the Goodwill Charitable Organization, was raided by the FBI for supporting terrorist groups. Officials said the group provided funding to the Iranian Martyrs Foundation that, in turn, funded Hezbollah, Hamas and the Islamic Jihad, and aided Palestinian suicide bombers and their families.Jun 07: NYC. Law enforcement authorities arrested 4 individuals, including a former airport cargo handler, at New York's JFK international Airport, for planning to blow up buildings, jet-fuel supply tanks and pipelines. This ‘Domestic” terrorist group frequently traveled to Guyana and Trinidad, tapping into International Muslim Terrorist Organizations, to utilized their knowledge, technical expertise, financial support and contacts, to develop and plan the attack. In Jan 07, they videotaped and photographed JFK four different times. They obtained satellite photographs. They identified specific targets, planned escape routes, and evaluated airport security.Jun 06: Ontario, Canada. Authorities arrested 17 terrorists after they received bomb-making material during a Royal Canadian Mounted Police Sting. Officials charged them with plotting attacks with explosives on Canadian targets.Jun 06: Florida. Law enforcement officials arrested seven men in connection with what Federal Authorities said was a “homegrown” terrorist plot that targeted buildings in Miami and Chicago.May 07: Ft Dix, NJ. Officials arrested 6 men (4 of the men were born in the former Yugoslavia, 1 in Jordan and 1 in Turkey) for plotting to attack Fort Dix to "kill as many Soldiers as possible." Officials said that they had lived in the US for years. They viewed Internet based Islamic training and weapons videos, and they conducted surveillance and weapons training. They practiced and video taped their attacks in the Pocono Mountains in northeastern Pennsylvania. One of the suspects had a job delivering pizzas to Fort Dix (and adjacent McGuire Air Force base). They used this opportunity to conduct reconnaissance. Officials also reported that the men conducted surveillance of other military institutions, including Fort Monmouth. Officials got wind of the plot after the terrorists brought in a videotape of one of their training sessions, to a store employee, for copying onto a DVD. That employee informed authorities. Authorities arrested the six men trying to buy automatic weapons.Apr 07. York Region police broke up a counterfeit document ring. 5 Chinese nationals in Canada on student visas where charged in a massive counterfeit ring that was producing fake passports, college/university diplomas and a number of other government documents.Apr 07. NBC.com. Karunakaran Kandasamy, 50, the director of the American branch of the Tamil Tigers, a Sri Lanka-based terrorist group, was arrested in Jamaica, Queens, on charges of providing material support to a foreign terrorist organization. He allegedly oversaw and directed the group's US activities, including fundraising.Springfield/Herndon, WVHAMASAQBaltimore, MDGamat IslamiyahWashington DCGamat IslamiyahHAMASHizballah
60Subversion: Advocating or causing insubordination, disloyalty, mutiny, or refusal of duty by any DOD personnel with the intent to impair the loyalty, morale, discipline or mission of the U.S. Armed Forces.Espionage: The act of obtaining, delivering, transmitting, or communicating National Defense information with the intent or reason to believe it may be used to injure the U.S. or give an advantage to a foreign nation.902nd MI Group primary responsible for Subversion and EspionageDifference between the two: Subversion – go to jail. Espionage – you can die.Petty Officer 3rd Class Ariel J. Weinmann (pictured above) made his first contact with a foreign government in Bahrain, while on deployment (Mar 05). He then deserted his submarine, the USS Albuquerque, for more than eight months, and traveled to Austria and Mexico. Weinmann admitted to walking up to an embassy in Vienna, Austria, and offering U.S. secrets to the person who met him in the foyer [for cash]. He admitted to giving classified information to foreign governments. He receive a 12 year sentence and a DCD.Former Marine Admits Passing Secret Documents, New York Times May 05, 06, A former Marine security attaché who worked in the White House in the Clinton and George W. Bush administrations, and former FBI intelligence analyst, pleaded guilty in federal court to passing top secret information and documents to political opponents of the current Philippine government. In Jul 07, he was sentenced to 10 yrs in prison. The former marine and FNI analyst, Leandro Aragoncillo, 47, a naturalized American citizen who came to the US from his native Philippines in ‘83, also confessed that he had continued mining top secret and classified material after leaving the Office of the Vice President in the White House in He took a job as an intelligence analyst for the FBI in ‘04.
61Indicators of Espionage Attempts to expand classified accessUnauthorized removal of classifiedExtensive reproduction / transmission of classifiedWork outside normal duty hoursTries to get witness signature--without seeing destructionUnauthorized devices around classifiedUnexplained affluence ($)Money with no logical sourceFree spending / lavish display of wealthSudden reversal of financial conditionCorrespondence/Business dealings from foreign countriesContact with ANY Foreign Intelligence Service (FIS) or foreign officialsFrequent foreign tripsOffer extra income to those with sensitive jobsHomesteading undesirable jobsRepeated security violationsJoking / bragging about working for foreign intelligenceHanssen (top left) – Selling information in 100’s of thousands. Damage “especially grave.” TS and code word material. Expert in CI. Trained agents in CI. Knew indicators. Thought he would just avoid demonstrating indicators. FBI suspected, but he passed a lie detector test. Was observed driving expensive cars, vacations, summer home … A pillar in community / volunteer. Went to church. Signal was a marker / tag on stop sign – followed to drop. Brought in but couldn’t get him to talk. Knew he had gotten $500K. Vacation home. Brought in his wife. Told her we knew he was selling for $750K – $250K difference. Knew about summer home in Florida. But didn’t understand trips to Bed and breakfast in Virginia … Wife $750K???? – I knew about $500K and what B&B. Wife provided testimony. Didn’t pursue because of testimony. Hanssen got life. Wife got 63 months - 5 yrs. Not the end of the story …. Agents he betrayed killed. And their families (wives and kids). And relatives.Sgt Aaron Phillip Duffy (Not Pictured), on 21 Jun 04, captured by Indonesian police. On 4 May 04, in Seattle, BOLO issued for DUFFY, who was suspected of having links to an Islamic extremist group. DUFFY was an Army NG soldier, who deserted in ‘03. The FBI is investigating how DUFFY financed previous travel to Yemen and Indonesia, and the purpose for the travel. ???Lynne STEWART (bottom left), trial attorney for Sheik Omar ABDEL-RAHMAN, was convicted in Oct 06 (two years and four months) of assisting her imprisoned client, in communicating with a terrorist group. ABDEL-RAHMAN is currently serving a life sentence for conspiring to bomb the World Trade Center(1st time) and other US landmarks in ‘95.Not Pictured. Adam Gadahn, the Al Qaeda Propagandist who in Nov 06 became the 1st American charged with treason in half a century, went from Islamic convert to troublemaker in a couple of years. Siddiqi, a religious leader of an Orange County Islamic mosque, recalled that Gadahn declared himself a Muslim in a 1995 service but was banished two years later from the mosque after striking an elder during an argument. Though Gadahn would later write of his conversion to Islam as a turning point for a California teenager who had felt lost in life, the ejection seemed to mark the beginning of Gadahn's descent into extreme behavior. Gadahn is also known as Azzam al-Amriki, or "Azzam the American.“Brian Regan (top right) – Retired AF MST. Worked for TRW and NROAldrich Ames – Selling info to Former Soviet Union. Thought smarter that his bosses ‘ co-workers. Because of this, he didn’t think he would be caught. Expert in Soviet Union affairs for 30 yrs. Turned for money last nine yrs (late in career). Didn’t really get that much (in thousands). Got life in prison. Wife got five yrs (knew of activity: involved).Ryan Anderson (bottom right) – Converted to Islam. Volunteer to provide Intel on M1 vulnerabilities and serve/fight with AlQaeda.
62Title 50, USC, Sec. 783 War & National Defense Unauthorized Disclosure of Classified Information. It is unlawful to give classified information to an agent or representative of any foreign government that would result in harm to the National Security.Mar 07 [AP] - A former Navy Sailor was arrested for allegedly releasing classified information that ended up in the hands of a suspected terrorism financier. Hassan Abujihaad, 31, of Phoenix, is accused in a case that began in Connecticut and followed a suspected terrorist network across the country and into Europe and the Middle East. He was arrested in Phoenix on charges of supporting terrorism with an intent to kill U.S. citizens and transmitting classified information to unauthorized people. Abujihaad, also known as Paul R. Hall, is charged in the same case as Babar Ahmad, a British computer specialist arrested in 04 and accused of running Web sites to raise money for terrorism. Ahmad is scheduled to be extradited to the U.S. to face trial. During a search of Ahmad's computers, investigators discovered files containing classified information about the positions of U.S. Navy ships and discussing their susceptibility to attack. Abujihaad, a former enlisted man, exchanged s with Ahmad while on active duty on the USS Benfold, a guided-missile destroyer, in ‘00 and ‘01. In those s, Abujihaad discussed naval military briefings and praised those who attacked the USS Cole in ‘00. Ahmad showed drawings of Navy battle groups and discuss upcoming missions. He also said the battle group could be attacked with rocket-propelled grenades. Abujihaad received an honorable discharge from the Navy in ‘02, according to the affidavit.
63Title 18, USC, Sec. 794 Crimes & Criminal Procedures Sec Gathering or delivering defense information to aid of foreign governmentDelivery of defense information with intent or reason to believe that it is to be used to the injury of the United States or to the advantage of a foreign nation, shall be punished by death or by imprisonment for any term of years or for life...,Ronald N. Montaperto, a former (22-year career) Defense Intelligence Agency Chinese analyst until 2004,who held a security clearance, pleaded guilty to illegally holding classified documents and admitted in a plea agreement to passing "Secret and Top Secret" information to Chinese intelligence officials, military attaches Col. Yang Qiming, Col. Yu Zhenghe and others. The guilty plea was part of an agreement reached Wednesday in U.S. District Court in Alexandria. The conviction can carry fines of up to $250,000 and a prison term of up to 10 years. Sentencing is set for Sept. 8. A Pentagon official said Montaperto's value to China included both the secrets he shared and his role facilitating Chinese deception of U.S. intelligence by providing feedback on how those efforts were working. A senior U.S. intelligence official bluntly stated, "He was a spy for China."
64Title 18, USC, Sec. 798(1) Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law -(A) any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and (B) any of the person's property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.17 Aug 07. AP News. Jose Padilla, pictured above, a Brooklyn-born convert to Islam, was found guilty of terrorism conspiracy charges. He was involved in a terrorist plot to exploded a radioactive dirty bomb. Padilla and two co-defendants were part of a support cell that funneled fighters, money and supplies to Islamic extremists in Afghanistan, Chechnya, Bosnia, Tajikistan and elsewhere. Padilla was sentenced to 17 years and four months in Jan 08 for his role in a conspiracy to help Islamic jihadist fighters abroad.19 July 07. AP News. Roy Oakley, a contract employee at a nuclear material cleanup site in Tennessee, was charged with stealing classified data about enriching uranium. He intended to sell the information to foreign governments. He sold the sensitive material to undercover FBI agents.
65What Do You Report? Through the Chain-of-command: Loss, compromise, or suspected compromise of classified information or material – Investigate IAW AR380-5, chapter 10Security violations – Investigate IAW AR380-5, chapter 10Adverse Information (e.g., medical conditions, UCMJ, administrative or law enforcement issues, etc.) – JPAS (CDR determines continued access)Change in individuals’ status (e.g., PCS, ETS, etc.) – JPAS changes / SIDQuestionable or suspicious contacts (e.g., requests classified information, wants more information than they need to know, and acts suspiciously) – 902nd?All cleared employees must report contact with foreign nationalsLoss, compromise or suspected compromise, or security violation: notify your security manager, security manager notifies his/her commander, initiates an immediate preliminary inquiry, and appoints an investigating officer (in writing) IAW AR 380-5, Chapter 10.SAEDA / CI activities: 902ndAdverse Information:-Allegiance to USForeign influenceForeign preferenceSexual behaviorPersonal conductAlcohol consumptionDrug involvementEmotional, mental or personality disordersCriminal conductSecurity violationsOutside activitiesMisuse of Information Technology Systems.
66Espionage, Sabotage or Subversive Activities are Reported To Whom? 902d Military Intelligence GroupG-2, 10th MTN DivSecurity and Intelligence DivisionCALLSPYDO NOT tell the whole Chain of Command!DO NOT take any action YOURSELF.
67Penalties for Compromising Classified Material Access deniedSuspended security clearance (employment ramifications)Reprimand or other Administrative penaltiesSuspensionOther actions in accordance with the UCMJ, or laws and regulations
68Who is responsible for security? Final Question ….
69YOU!YOU!Who do you report security issues or problems to???? Your Security Manager, your CDR or next level of commend ….CONCLUSION:Security is a team effort … Your diligence in promptly reporting concerns and adhering to security policies and procedures will ensure the integrity of national security. As a team, we can protect our war fighters, colleagues and families from potential harm.Why are we here?AR specified that all Soldiers and civilians should receive annual refresher security training.Hopefully we provided information on security policies and practices, safeguarding classified and sensitive information, access and need-to-know, the threat, and penalties for espionage.QUESTIONS????YOU!