SCI Overview Seminar SCI Today 4/13/2017 UNCLASSIFIED SCI Overview Seminar SCI Today Welcome to the pilot running of the DSSC SCI Initial Access and Awareness Seminar. This presentation is includes the requirements of DCID 6/4, Personnel Security Requirements for Access to Sensitive Compartmented Information, Annex E. It also includes information regarding two specific DCI Security Control Systems. DNI Special Security Center v. July 2007 UNCLASSIFIED

Welcome and Objectives 4/13/2017 Welcome and Objectives Classification level Seminar room/SCIF No cell phones or other personal electronic devices Only authorized classified discussion area Seminar Objectives Reinforce the fundamental security basic practices Describe your responsibilities in security and in the protection SCI Correlate our changing world to your responsibilities Inform of changes in SCI and the security world

Your Seminar Host DNI Special Security Center 4/13/2017 Your Seminar Host DNI Special Security Center Established “To strengthen security in the Intelligence Community and wherever SCI and intelligence information is processed or held.” Government and contractor personnel dedicated to: Security policy creation and implementation Security coordination and liaison Security services

About You… Your Organization Your job responsibilities 4/13/2017 About You… Your Organization Your job responsibilities Greatest security challenge What do you hope to get from this session

Security Fundamentals A Refresher… 4/13/2017 UNCLASSIFIED Security Fundamentals A Refresher… Most of you have already signed an NDA with your security officer when your SCI was granted. However, we would like to reiterate and walk you through the NDA to ensure you have a clear understanding of your responsibilities and so that you have an opportunity to ask questions. For those who have not yet been “read in,” we want to ensure that you wish to continue with this process prior to signing the SCI Non-Disclosure Agreement (NDA). Is there anyone who has not yet signed an NDA?

Personnel Security – You Must Report… 4/13/2017 Personnel Security – You Must Report… Changes in personal status Marriage, separation, divorce, cohabitation Personal problems Drugs & alcohol –misuse, abuse Finances Legal involvements Litigation, arrest, court summons, etc. Improper solicitations for information Foreign-based outside employment Adverse information about others Contact with media Personnel Security

Report Foreign Travel Report foreign travel in advance 4/13/2017 Report Foreign Travel Report foreign travel in advance Day trips to Mexico or Canada can be reported upon return Pre-travel briefing may be required Report unusual trip incidents Personnel Security

Report Foreign Contacts 4/13/2017 Report Foreign Contacts Reportable Close continuing relationship, business or personal, with a citizen, resident or representative of foreign country (this includes contact via internet; email, chatrooms) Not reportable Casual contacts at social gatherings unless Foreign contact displays strong interest in employment Is not satisfied with answers Follow up contact is sought Personnel Security

Report Security Incidents 4/13/2017 Report Security Incidents Violations Involve loss, compromise, or suspected compromise of classified information and/or Involve gross security carelessness Infractions When the rules have not been followed Systemic weaknesses and anomalies Internal, Disgruntled Employees: external-Activist Groups Personnel Security Protecting unclassified information is also a critical responsibility. Bits and pieces brought together can indeed provide insight into classified information.

Pre-publication Review 4/13/2017 Pre-publication Review Any written material that contains or purports to contain SCI Material may contain description of activities that produce or relate to SCI Anything entering public domain must be approved Speeches, articles, white papers, advertisements Web pages, web sites Internet is an unclassified communication system Do not write “around” classified subjects Personnel Security

Unauthorized Disclosure 4/13/2017 Unauthorized Disclosure DCID 6/8 Currently being re-written to reflect the Office of the Director of National Intelligence Will be titled Intelligence Community Directive (ICD) 708 and 708.1 Purpose Emphasizes the responsibilities of the IC to protect intelligence information Defines a process and establishes roles and responsibilities to deter, investigate and promptly report unauthorized disclosures, security violations, compromises of intelligence information Ensures appropriate protective and corrective actions are taken Personnel Security

Unauthorized Disclosure (cont) 4/13/2017 Unauthorized Disclosure (cont) Policy To guard against, investigate report and redress unauthorized disclosures and other security violations Continuously emphasize security and counterintelligence awareness Promptly notify ODNI of any security violation, unauthorized disclosure of other compromise Notification requirement includes persons deliberately disclosing classified information to the media – “leaks” Includes classified information accidentally or intentionally disclosed across computer systems – “spills” Personnel Security

What Should You Do? Gather your facts Report it immediately 4/13/2017 What Should You Do? Gather your facts Report it immediately Notify your immediate supervisor Notify your security office Personnel Security

Physical Security Sensitive Compartmented Information Facility (SCIF) 4/13/2017 Physical Security Sensitive Compartmented Information Facility (SCIF) Sole place for producing, processing, storing or discussing SCI Only SCI approved persons are unescorted Locked and alarmed when unattended Classified talk stops at SCIF door Physical Security

Information Systems Security 4/13/2017 Information Systems Security Information systems security is a significant IC concern Information sharing is a significant government initiative Information Systems Security

Information Systems Security 4/13/2017 Critical to ISS Configuration integrity critical for approved SCI systems Media: declared and approved “Once in the SCIF, always in the SCIF” Security review prior to removal of any media or printed output Information Systems Security CONFIDENTIALITY: Prevention of unauthorized disclosure of sensitive information INTEGRITY: Protection and assurance against unauthorized, unanticipated or unintentional modification or destruction of sensitive information AVAILABILITY: Timely and reliable accessibility to data by authorized users and/or processes and prevention of denial of service

Information Systems Security Password Protection 4/13/2017 Passwords build security integrity Protection Techniques Memorize passwords Do not share them Use a smart password - see your ISSO Combination of a minimum of 8 numbers, letters, special characters and capitalization Change every six months Information Systems Security C!mePasu2

Information Systems Security 4/13/2017 Viruses Information Systems Protection Techniques Have ISSO scan incoming media React to any virus suspicion Notify ISSO or system administrator immediately Information Systems Security

Telephone Communications 4/13/2017 Telephone Communications Non-Secure (Open) Telephones No talking around classified information Ensure classified conversations cannot be picked up by open line Secure Lots of colors – Red, Grey, Green STUIII/STE Key to common level Telephone protocol - confirm to whom you are talking Information Systems Security

Personal Electronic Devices 4/13/2017 Personal Electronic Devices Electronic devices that can store, record and/or transmit digital text, digital image/video, or audio data. May interact electrically or optically with other information systems in an accredited SCIF Learn PED ground rules for the SCIFs you work in See ISSO before introducing and PEDs into a SCIF Information Systems Security DCID 6/9, Physical Security Requirements for SCIFs, Annex D, is currently under revision. While these types of devices are neat gadgets, they represent a risk to SCI if introduced without proper authorization and review.

Information Systems Security 4/13/2017 Internet Discipline The Internet is an unclassified communication system Do not “write around” classified subjects The U.S. Government has invested significantly in classified information systems for the purpose of performing classified work Use them! Information Systems Security CONFIDENTIALITY: Prevention of unauthorized disclosure of sensitive information INTEGRITY: Protection and assurance against unauthorized, unanticipated or unintentional modification or destruction of sensitive information AVAILABILITY: Timely and reliable accessibility to data by authorized users and/or processes and prevention of denial of service

Classification Management 4/13/2017 Classification Management Process for determining nature of information and assigning proper classification, markings, dissemination and declassification instructions Required by EO 12958, as amended; Director of Central Intelligence Directives (DCIDs) E.O. 12958 establishes 3 levels of classification TOP SECRET: may cause exceptionally grave damage to national security SECRET: may cause serious damage CONFIDENTIAL: may cause damage Classification Management

National Security Information 4/13/2017 National Security Information Military plans, weapons systems or operations Foreign government information Intelligence activities (including special activities), intelligence sources and methods or cryptology Foreign relations or diplomatic activities of the US, including confidential sources Scientific, technological or economic matters relating to national security, which includes defense against transnational terrorism Program for safeguarding nuclear materials or facilities Vulnerabilities or capabilities of systems, installations, infrastructures, projects/plans relating to national security Foreign Government Information and weapons of mass destruction Classification Management

4/13/2017 UNCLASSIFIED Espionage Spies, Lies and Myths UNCLASSIFIED

Espionage Since World War II 4/13/2017 Espionage Since World War II 151 persons convicted of espionage 140 male/11 female 100 government/51 non-government Most held “Secret” clearances or above Six million non-spies held clearances during the period The latest case: Brian Regan

4/13/2017 Brian Regan “If I commit esponage (sic) I will be putting my self and family at great risk. If I am caught I will be enprisioned (sic) for the rest of my life, if not executed for this deed.” In a letter to Saddam Hussein, Brian Regan demanded $13 million in exchange for providing data such as detailed information about US reconnaissance satellites

Brian Regan Facts USAF assignee to NRO (7/95 – 8/00) 4/13/2017 Brian Regan Facts USAF assignee to NRO (7/95 – 8/00) Considered espionage in late 1998 to solve financial problems ($100,000+) Began downloading from Intelink in 1999 Removed 15,000 pages, CD-Roms and video tapes from NRO Hired by TRW October 2000 Brought back to NRO but monitored Surfs Libya, Iraq and China on Intelink Arrested/indicted/convicted (8/01 – 2/03) (Attempted espionage and gathering national security information)

Brian Regan’s Behavior 4/13/2017 Brian Regan’s Behavior The Telltale Indicators Deeply in debt Worked odd hours Foreign national spouse Late nights in copy room Non-reporter of foreign travel “Top Fifty” user of Intelink

Source: www.fbi.gov and www.ncix.gov 4/13/2017 Myths About Spies Get rich Are insane Realize they are bad people Consumed by guilt Driven by excitement Plan their final escape Display deteriorating job performance Show outwardly suspicious behavior Caught by co-workers Control their own destiny Source: www.fbi.gov and www.ncix.gov

4/13/2017 UNCLASSIFIED Sensitive Compartmented Information (SCI) A special category of national intelligence information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems UNCLASSIFIED

National Security Information 4/13/2017 National Security Information National Defense Information (military plans, weapons, OPS) Collateral (C/S/TS) SAPs Foreign Relations and Foreign Government Information Homeland Security Information (Infrastructure, national resources, vulnerabilities and capabilities) Scientific/Technological/ Economic Information Nuclear Information (program for protecting nuclear materials/ facilities) Collateral (Q/L) National Intelligence Information (terrorism, international threats, sources, methods) - SCI - Non-SCI Weapons of Mass Destruction (WMD) Information

National Security and SCI Protection Policies 4/13/2017 National Security and SCI Protection Policies National security policies Come from National Security Council In the name of President As Executive Orders, Presidential or National Security Decision Directive SCI protection policies In name of DNI as IC Directives (ICDs) formerly DCIDs DNI SSC Facilitated and coordinated rewrite of security series of ICDs Executive Orders; Presidential Decision Directives EO 12958 EO 12968 EO 12333 President George W. Bush DCID 6/3 DCID 6/4 DCID 6/9 DNI J. M. McConnell

How We Collect Intelligence 4/13/2017 How We Collect Intelligence Open Source Intelligence (OSINT) Geospatial Intelligence (GEOINT) Human Intelligence (HUMINT) Signals Intelligence (SIGINT) HUMINT: US government personnel engaged in collecting intelligence are referred to as “Intelligence Officers”. Foreigners collecting intelligence on the US are referred to as “Spies” US Citizens who divulge classified information to a foreign entity are referred to as “Traitors”

Signals Intelligence (SIGINT) 4/13/2017 Signals Intelligence (SIGINT) Collecting verbal and nonverbal signals from land, sea and satellite Protected within COMINT Control System managed by D/NSA Categories: Communications Intelligence (COMINT) Electronic Intelligence (ELINT) Foreign Instrumentation Signals Intelligence (FISINT)

COMINT (SI) Control System 4/13/2017 COMINT (SI) Control System Special access program designed to protect signals intelligence Named for first product it afforded protection: COMINT (Communications intelligence) Also called Special Intelligence Control System SI Control System Its information is only available to holders of SI access approval Managed by D/NSA

COMINT (SI) Control System 4/13/2017 COMINT (SI) Control System The original SIGINT Intercepted communications: Telephone, email, fax, etc. Still referred to as Special Intelligence or SI Must protect What was collected How collection was accomplished – tactics, equipment Intelligence implications Degree of success Plans and targets Sharing with foreign partners

TALENT-KEYHOLE (TK) Control System 4/13/2017 TALENT-KEYHOLE (TK) Control System SAP established by DCI for products from satellite reconnaissance (1960) To protect most sensitive details of satellite collection capabilities and derived information Consistent with EO 12333 and EO 12958 directing DCI to develop programs to protect intelligence sources and methods and analytical procedures

TALENT-KEYHOLE (TK) Control System 4/13/2017 TALENT-KEYHOLE (TK) Control System Must protect What’s being collected Collection techniques Intelligence implications System effectiveness Plans and targets Operational information formerly known as “B” material Operational, engineering and technical information

IC Program Managers Director, CIA National Clandestine Service 4/13/2017 IC Program Managers Director, CIA National Clandestine Service HUMINT Control System Manual Open Source Intelligence (OSINT) Center Director, NSA/CSS SIGINT Program Signals Intelligence Security Regulations Director, NRO National Reconnaissance Program RESERVE Control System Manual Director, DIA GDIP MASINT Program MASINT Policy Series Executive Assistant Director, National Security Branch Counterterrorism Counterintelligence Director, NGA Geo-spatial Intelligence (GEOINT) Imagery Policy Series

4/13/2017 A Changing World

The Day That Changed The World… 4/13/2017 The Day That Changed The World… September 11, 2001 The Pentagon World Trade Center Shanksville, PA

“We will never be the same” 4/13/2017 The Post 9/11 World “We will never be the same” New threat matrix Terrorism in forefront Espionage still here New Security perspectives From nation states to threatening groups Global view with moving targets Focus on foreign involvements and influences Hardening of facilities Greater emphasis on information sharing Analysis and risk management

Today’s Delicate Balance 4/13/2017 Today’s Delicate Balance INFORMATION PROTECTION (NEED TO KNOW) VS. INFORMATION SHARING (Criteria for Access) DCID 6/3, Protecting Sensitive Compartmented Information within Information Systems. Information systems security combines all facets of security. DCID 6/3 describes the certification and accreditation process, the roles and responsibilities of key players and an overview of system life cycle C&A activities. Any system used for processing SCI must be certified and accredited BEFORE it is used. A System Security Plan must be approved as a part of the C&A process.

Extracted from Spies in the Digital Age, H. Keith Melton 4/13/2017 Global Warfare Current state of affairs The world's major intelligence agencies employ the latest technologies available in collection, communication and analysis of information from abroad Counterintelligence agencies employ other technologies in efforts to identify and eliminate foreign spies at home Extracted from Spies in the Digital Age, H. Keith Melton

Extracted from Spies in the Digital Age, H. Keith Melton 4/13/2017 Global Warfare Some important changes to come The primary targets of spies for all intelligence services have shifted The traditional roles of "friends and foes" continue to blur New technologies are changing the traditional methods and techniques (called "tradecraft") by which spies operate Traditional tradecraft of spies are applied in new ways Extracted from Spies in the Digital Age, H. Keith Melton

Extracted from Spies in the Digital Age, H. Keith Melton 4/13/2017 National Threats The single greatest threat to world peace in the early part of this century will be the utilization of weapons of mass destruction―nuclear, chemical, biological and digital―by fundamentalist terrorist organizations Extracted from Spies in the Digital Age, H. Keith Melton

Extracted from Spies in the Digital Age, H. Keith Melton 4/13/2017 National Threats Terrorist organizations are already using Internet to: Recruit and communicate members with similar fundamentalist beliefs Coordinate terrorist activities with other aligned groups that share interests in a common outcome Raise money through computer based cyber-crime Attack national information infrastructures of hostile countries from thousands of miles away Extracted from Spies in the Digital Age, H. Keith Melton

DONE The 911 Commission (2004) Concluded we should: Recommendations 4/13/2017 The 911 Commission (2004) Concluded we should: Attack terrorist organizations Curb growth of radical Islam Prepare for and protect against terrorist attacks Recommendations Create a National Counterterrorism Center (NCTC) Unify IC under a DNI Strengthen FBI and homeland defenders Unify and strengthen Congressional oversight DONE

Intelligence Reform Act of 2004 4/13/2017 Intelligence Reform Act of 2004 Establishes a Senate-confirmed Director of National Intelligence (DNI) Re-designates the National Foreign Intelligence Program (NFIP) as the National Intelligence Program (NIP) DONE

Director of National Intelligence (DNI) 4/13/2017 Director of National Intelligence (DNI) Intelligence Reform and Terrorism Prevention Act of 2004 Title 1, Reform of the Intelligence Community Section 1001, Subtitle A, Establishment of the Director of National Intelligence On 17 February 2005, the President nominated Ambassador John D. Negroponte to the first Director of National Intelligence. The President also nominated Lt Gen Michael V. Hayden to the position of Principal Deputy Director of National intelligence. The legislation states that all DCI responsibilities will be transferred to the new DNI.

DNI Roles in Security Promote intelligence information sharing 4/13/2017 DNI Roles in Security Promote intelligence information sharing Protect intelligence sources and methods Promote uniform procedures for SCI Join government-wide security clearance reform Reciprocity of security clearances Process for investigation and adjudication to be performed quickly

New Intelligence Community 4/13/2017 New Intelligence Community Independent Agency DoD Intelligence Elements Departmental Intelligence Elements

National Intelligence Strategy 4/13/2017 National Intelligence Strategy Protection of National Intelligence Objective 7 “Create clear, uniform security practices and rules that allow us to work together, protect our nation’s secrets, and enable aggressive counterintelligence activities.” “Dramatically change the basis of IC security and counterintelligence policies in order to remain effective.” Rigorously assess threat, vulnerability and protection requirements Establish uniform and reciprocal guidance

4/13/2017 Parting Words Presidential direction: “. . .take the strongest possible precautions against terrorism by bringing together the best information and intelligence. In the war on terror, knowledge is power.” Your part: you have an individual responsibility and role in protection of SCI assets

Director of National Intelligence Organization Charts 4/13/2017 UNCLASSIFIED Director of National Intelligence Organization Charts UNCLASSIFIED

Civil Liberties Protection Officer 4/13/2017 ODNI Civil Liberties Protection Officer Mr. Alexander W. Joel Inspector General Mr. Edward Maguire Director of National Intelligence Mr. J. M. McConnell General Counsel Mr. Benjamin A. Powell Equal Employment Officer Mr. John M. Robinson Principal Deputy Director of National Intelligence LTG Ronald Burgess, Acting ADNI & Chief Information Officer Maj. Gen. Dale W. Meyerrose, Ret. ADNI for Science & Technology Dr. Eric C. Haseltine NCIX Mr. Joel Brenner ADNI & Acting Director of Intelligence Staff Mr. David R. Shedd DDNI for Customer Outcomes “Want It” LTG Ronald Burgess, USA DDNI for Analysis “Know It” Dr. Thomas Fingar DDNI for Collection “Get It” Mrs. Mary Margaret Graham DDNI for Acquisitions “Build It” Ambassador Patrick F. Kennedy Iran Mission Manager Ms. S. Leslie Ireland NCPC Ambassador Kenneth C. Brill NCTC VADM J. Scott Redd, Ret. North Korea Mission Manager Ambassador Joseph DeTrani Cuba-Venezuela Mission Manager J. Patrick Maher, Acting

DNI Special Security Center (SSC) 4/13/2017 DNI Special Security Center (SSC) DDNI for Acquisitions Ambassador Patrick F. Kennedy ADDNI for Security Ambassador Eric J. Boswell Director, Special Security Center Mr. John P. Fitzpatrick Legal Counsel Mr. Sandy Sagalkin Executive Officer TBD Administrative Assistant Ms. Kathleen Guisti Deputy Director, Special Security Center Ms. Gina Otto Deputy Director, Policy and Planning Mr. Rick Hohman Deputy Director, Community Services Mr. William F. O’Neill Deputy Director, Oversight and Liaison Mr. Glenn Stampler Deputy Director, CAPCO Mr. Wayne Belk