1 Preventing Compromises The Policies and Procedures for Ensuring Classified Information is not Inadvertently Released.

Slides:



Advertisements
Similar presentations
FOIA Exemption 1 & E.O Classified National Security Information
Advertisements

Merlin RAMCo Inc Initial Security Education.
Background Presenters Work done in preparation for WHS changes
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Presented by: Kathryn Hodges, NH
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Department of the Navy Information Security Program
Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!
The Department of Defense Intelligence Oversight Program
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Information Systems Security Officer
Regulatory Body MODIFIED Day 8 – Lecture 3.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Virginia Army National Guard Personnel Security
Do You Need an Export License? Purpose of Export Controls To serve the national security, foreign policy, nonproliferation, and short.
EPR-Public Communications L-03 Types of Radiation Emergencies and Communicating Safety.
Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
HIPAA PRIVACY AND SECURITY AWARENESS.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters Air Force FOIA Exemptions Brief Della Macias HAF/IMII.
ISP Preparation Series 3- Chapter 6. NISPOM Chapter 6- Visits and Meetings  General- anticipate discussion  Classified visits- minimum and.
Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.
ISP Preparation Series 1- Chapter 3. CHAPTER 3: SECURITY TRAINING AND BRIEFING SECTION 1: SECURITY TRAINING General (3-100) - Provide all with training.
Theme: classification & distribution of government control of FEA.
MARKING CLASSIFIED MATERIAL
Marking OUO Documents Office of Health, Safety and Security Office of Classification Office of Quality Management 1.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
DEFENSE SECURITY SERVICE DSS Role in International Security.
The Linguistics Department Institutional Review Board Committee Silvina Montrul, chair Fred Davidson Irene Koshik Ryan Shosted September 22, 2008.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.
Unit 3: Identifying and Safeguarding Vital Records Unit Introduction and Overview Unit objective:  Describe the elements of an effective vital records.
SECURITY BRIEFING A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations.
Session 8 Confidentiality and disclosure. 1 Contents Part 1: Introduction Part 2: The duty of confidentiality Part 3: The duty of disclosure Part 4: Confidentiality.
Sensitive But Unclassified (SBU) Information
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Managing a “Data Spill”
CLASSIFICATION. Classification Marking requirements Test CONTENTS.
How To Conduct An Administrative Inquiry (AI) Due To A Security Violation
Information Security. Your responsibilities as a Government of Canada employee.
For Official Use Only (FOUO) and Similar Designations NPS Security Office
Meet your Regulator Workshop with FANR licensees October 2011 Dr. John Loy Director, Radiation Safety Federal Authority for Nuclear Regulation.
Declassifying the Foreign Relations Series Bringing the Official Record to light.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Providing Access to Your Data: Handling sensitive data
Introduction to the Federal Defense Acquisition Regulation
Export Controls Update
Office of the President of the Philippines Memorandum Circular No. 78
Derivative Classification Overview
An Introduction to Public Records Office of the General Counsel
Post Government Service Employment Restriction Counseling (18 U. S. C
Disability Services Agencies Briefing On HIPAA
Government Data Practices & Open Meeting Law Overview
Good Spirit School Division
Government Data Practices & Open Meeting Law Overview
Export Controls – Export Provisions in Research Agreements
HQ Expectations of DOE Site IRBs
Presentation transcript:

1 Preventing Compromises The Policies and Procedures for Ensuring Classified Information is not Inadvertently Released

2 Purpose To familiarize individuals who generate classified information, intentionally or unintentionally, with the policies and procedures for preventing its inadvertent release

3 Classification The identification of that matter we need to protect in the interest of the national security Security The protection of classified matter versus

4 LIMIT ACCESS TO CERTAIN INFORMATION Only to those with a NEED TO KNOW! Why is Classification Important? PROTECT NATIONAL SECURITY

5 CLASSIFICATION BUYS TIME!! Delays proliferation –Adversaries must utilize resources to develop technologies –Allows time for political solutions Provides time to correct vulnerabilities Provides time to correct vulnerabilities

6 What is a Compromise? Disclosure of classified or unclassified controlled information to unauthorized person(s) – –Strips away the protection afforded by the classification and security system – –Results in a security infraction

7 What is Unclassified Controlled Information (UCI) Unclassified Controlled Information meets the requirements to be any of: Unclassified Controlled Information meets the requirements to be any of: –Unclassified Controlled Nuclear Information (UCNI) –Official Use Only (OUO) –Export Controlled Information (ECI) –Is not for public dissemination and may carry other access restrictions All details of nuclear technologies, if not classified, are at least UCNI or ECI All details of nuclear technologies, if not classified, are at least UCNI or ECI Many non-nuclear technologies in ORO’s domain prospectively have classified or ECI information attributes. Many non-nuclear technologies in ORO’s domain prospectively have classified or ECI information attributes.

8 What Are the Categories of Classified Information? Restricted Data (RD) Formerly Restricted Data (FRD) Atomic Energy Act Classification Category Authority Executive Order National Security Information (NSI)

9 What is Restricted Data? Certain data concerning the 1) 1)Design, Manufacture, or Utilization of Atomic Weapons 2) 2)Production of Special Nuclear Material 3) 3)Use of Special Nuclear Material in the Production of Energy

10 What are the Major Areas of Restricted Data? Nuclear Weapon Design Nuclear Material Production –Production Reactors –Isotope Separation (e.g., Gaseous Diffusion, Gas Centrifuge) –Quantities Naval Reactors

11 What is Formerly Restricted Data (FRD)? Classified information which has been removed from the Restricted Data category after DOE and DoD jointly determine that it 1) relates primarily to the military utilization of atomic weapons and 2) can be adequately safeguarded as national security information “FORMERLY” DOES NOT MEAN UNCLASSIFIED

12 What are Examples of Formerly Restricted Data? Stockpile quantities Weapons safety & storage Yields Locations Caution: Historical information may still be classified FRD

13 What is National Security Information (NSI)? Information which pertains to the national defense or foreign relations (National Security) of the United States and has been classified in accordance with an Executive Order (currently Executive Order 12958)

14 What are Major Subject Areas of NSI? Safeguards and Security Arms Control Negotiations Nonproliferation Chemical/Biological Defense Intelligence/Counterintelligence Foreign Relations Radiological Emergency Response

15 What are the Classification Levels? Top Secret RD/FRD/NSIExceptionally Grave Damage Secret RD/FRD/NSISerious Damage Confidential RD/FRD Undue Risk to the Common Defense and Security which can be described NSI Identifiable Damage LevelRelease could result in

16 What are Your Individual Classification Responsibilities? Ensure that each document – –Generated in a classified subject area receives a classification review – –That is suspected of containing classified information receives a classification review Report incidents of security or classification concern

17 What are Classified Subject Areas? Information that falls within the definition of RD, FRD, or NSI Within ORO common classified subject areas include :

18 Current and Historic Classified Subject areas for the Oak Ridge Office Current and Historic Classified Subject areas for the Oak Ridge Office Security: Security: –Physical Security –Operational Security –Communications Security –Security Plans –Homeland Security –Security Vulnerabilities and Shortcomings –Nuclear Materials Inventories

19 Technology: Technology: –Uranium Separation Techniques  Calutron (Electro-Magnetic Isotope Separation)  Gaseous Diffusion  Atomic Vapor Laser Isotope Separation (AVLIS)  Plasma Separation Process (PSP) –Lithium Separation

20 Weapons: Weapons: – –Nuclear Weapons Production and Science – –Details and Materials – –Chemical/Biological Warfare Threats: Threats: – –Description – –Messages – –Design Basis Threat

21 Work for Others: Work for Others: – –Research for others – –Other federal agencies – –In association with other governments Counterintelligence Counterintelligence

22 Who Must Conduct Classification Reviews? Only Derivative Classifiers (DC) – –Required by DOE Manual B, Manual For Identifying Classified Information – –Trained in derivative classification – –Authorized in specific subject areas – –Have up-to-date classification guidance for subject areas of authority – –Appointed by the local Classification Officer

23 How Does a DC Make Decisions? Documents for Review Confidential (RD/FRD/NSI) Confidential (RD/FRD/NSI) Confidential CG-SS-4 Chapter 1: INTRODUCTION Chapter 2: PROGRAM MANAGEMENT Chapter 3: PROTECTION PROGRAM OPERATIONS Chapter 4: INFORMATION SECURITY Chapter 5: NUCLEAR MATERIAL CONTROL AND ACCOUNTABILITY APPENDICES OFFICIAL USE ONLY Classification and UCNI Guide for Safeguards and Security Information U.S. DEPARTMENT OF ENERGY Technical Guidance Division Office of Nuclear and National Security Information Washington, DC Contains Circumvention of Statute Information. OFFICIAL USE ONLY Department of Energy approval required prior to public release. OFFICIAL USE ONLY September 2000 Derivative Classifiers use classification guidance to determine if a document contains RD, FRD, or NSI or is unclassified Classification Guidance Unclassified From: Les Bright Sent: August 13, 2007 To: B. Safe Subject: Work at Site B ____________________________ ____________________________ ____________________________ ____________________________ ____________________________ Les Bright

24 How Does a DC Make a Decision? Must base decision on published classification guidance Must base decision on published classification guidance Source documents not authorized for RD, and only in certain circumstances for NSI Source documents not authorized for RD, and only in certain circumstances for NSI Information in the public domain relating to a classified subject area should not be used to make a classification decision. Must always confirm the classification status with a DC Information in the public domain relating to a classified subject area should not be used to make a classification decision. Must always confirm the classification status with a DC

25 What Makes Classification Difficult? Person making decision must be aware of all classification guidance applicable to the subject area Information published in one context may be unclassified but may be classified in a different context Example –Physics phenomenon discussed in basic science or research is unclassified –The same phenomenon discussed in the context of weapon science may be classified “Context”

26 What Makes Classification Difficult? Two pieces of unclassified information placed together to reveal classified information through their association Association could be within one document (i.e., weapon + material) Association could be created by combining unclassified information from separate documents into one “Association” + *fictitious weapon The U.S. has weapons with a dial-a-yield (DAY) capability ___________________ Document #1 UNCLASSIFIED __________________ The W-110 * is an air- delivery weapon ___________________ Document #2 UNCLASSIFIED Dial-a-Yield Report Page 3 The W-110 * is an air- delivery weapon UNCLASSIFIED CLASSIFIED

27 Why Are Some Documents Not Reviewed, as Required? “I am confident that this document doesn’t need a review.” “All of this information is from the public domain, so it’s not classified and doesn’t need a review.” “I’m in a hurry and I’m pretty sure it’s not classified.” Common Pitfalls

28 “This Document Doesn’t Need a Review.” Pitfall #1 - Overconfidence Why it’s a pitfall – –You can only be confident if   You are a DC with the proper guidance available   You have previously discussed the exact (not similar) information with a DC and learned that it isn’t classified   The same information has been discussed in subject matter-related classification awareness briefing Solution - Don’t be overconfident, consult a DC

29 “The information is from the Public Domain, so it’s not classified.” Pitfall #2 – Bad Assumption Why it’s a pitfall – –You can’t always be sure information in the public domain is unclassified – –The appearance of classified information in the public domain DOES NOT mean it is unclassified – –Even if information is unclassified as it appears in the public domain, it may be classified in the context of your document Solution - Consult a DC to verify the classification status of information in classified subject areas that appears in the public domain before using it in any document

30 “I’m in a hurry...” Pitfall #3 – Bad Practice Why it’s a pitfall – –Risks the release of classified information – –It takes longer to deal with a possible security infraction, investigation and computer sanitization than to get a DC review Solution - Take the time to have a DC review documents in a classified subject area

31 From: B. Safe Sent:Monday, August 13, :59 PM To:Les Bright Cc: Subject:FW: Weapons Committee Meeting Where are we are meeting? My badge will get me in the building, so I will park at the nearest entrance. Thanks, B. Safe From: Les Bright Sent:Tuesday, August 14, :59 PM To:B. Safe Cc:D. Brown Subject:FW: Weapons Committee Meeting Room E-401. See you there. From: Les Bright Sent:Wednesday, August 1, :18 PM To:B. Safe, R. Smart, I. M. Careful, Cc:D. Brown Subject:Weapons Committee Meeting The weapons committee will meet at HQ Germantown, MD on August 31, 2007 from 10 AM to 12 PM. Please send your clearance by August 15. Contract Ms. Brown when you reach the guard desk. - I.M. Weapons Committee Secretary Department of Energy Room number associated with  Date  Time  Fact of classified meeting Classified!! Room number is not classified - by itself unclassified Room number associated with this is still unclassified Examples of Compromises Threads

32 Material X will be shipped to Site B. Page 20 Examples of Compromises UNCLASSIFIED draft report Weapon not specified U Specified weapon U Material X used in Weapons Classification Guide for Materials Material Y used in Weapons Weapon not specified U Specified weapon CRD and Y ^ CLASSIFIED Edits to the draft make the document CLASSIFIED due to association of material Y with the W-110 *fictitious weapon Draft Documents Environmental Report For the Demilitarization of the W-110*

33 Association From: Les Bright Sent:Monday, August 13, :59 PM To:B. Safe Cc: Subject:Work at Site B We are experiencing technical difficulties with the computers in the project to recover material Y during the demilitarization process. The response from computer support has been inadequate. Please advise me of a point of contact I may call to correct these problems. Les Bright Examples of Compromises is CLASSIFIED because of the association between the W-110 (Site B) and material Y CLASSIFIED DOE DOE confirms Site B work on The W-110* Press Release T he W-110 is the only weapon currently being worked on at Site B. ___________________________ *fictitious weapon ___________________________

34 What is a Security Infraction? Failing to classify information, documents, or material requiring classification Misclassifying information, documents, or material Failing to obtain classification guidance, thereby causing a compromise or potential compromise of classified matter

35 What Happens when a Security Incident is Reported?  The incident is investigated –May be a security infraction (subject to administrative penalties) –May also be a security violation (subject to civil or criminal penalties)  If a compromise occurred all computers containing the information must be sanitized (including persons who receive the information via )  All copies of compromised documents, drawings and other media must be retrieved  Information in any form must be cleaned up ( Secret

36 What are Possible Penalties? Infractions – –Administrative penalty   Verbal admonishment   Written reprimand   Suspension or termination Violation – –Civil penalty of up to $100,000 – –Criminal penalty of Maximum of 10 years (without intent) Maximum of Life (with intent)

37 Remember Do not create a document (including ) in a classified subject area on an unclassified computer before your plans are reviewed, in order to determine that it will not be classified Subsequent drafts may add information which changes the context or adds an association so that the document becomes classified – make sure proposed subsequent drafts are discussed beforehand

38 If you think you may have received classified information on an unclassified system, or a document that is not marked as classified properly, immediately discuss it with a DC – securely. Take no other action unless directed by Security (e.g., Do not forward or erase ) If you think you may have received classified information on an unclassified system, or a document that is not marked as classified properly, immediately discuss it with a DC – securely. Take no other action unless directed by Security (e.g., Do not forward or erase ) Don’t be overconfident, check with a DC when appropriate

39 Where Can You Get Help? Know who your Derivative Classifiers (DC) are for your your work area, and/or who the Classification Officer (CO) is for your facility/ subject area, they are: Dave Hamrin for ORNL and UT-Battelle Subcontractors ( ); John Preston for ETTP and Bechtel Jacobs subcontractors ( ); Gregg Peed for USEC ( ); and Gabe Marciante for DOE ORO and all other supporting subcontractors ( )

40 Where Can You Get Help? COs are authorized by the government to decide when matter or a communication contains classified information. They designate DCs to assist them in that work

41 The originator of any document/media or proposed communication which is or may be classified, involves a potentially classified subject, or is originated in a classified subject area, must be reviewed by a DC or CO. You are responsible for understanding what is classified or potentially classified about your work. Ask your supervisor or CO for training. If discussing potentially classified information, use classified means of transmission. Discussions must be in secure areas designated for classified discussions.