Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANNUAL REFRESHER SECURITY TRAINING FOR CLEARED PERSONNEL

Published byGarey Hodge Modified over 7 years ago

Similar presentations

Presentation on theme: "ANNUAL REFRESHER SECURITY TRAINING FOR CLEARED PERSONNEL"— Presentation transcript:

1 ANNUAL REFRESHER SECURITY TRAINING FOR CLEARED PERSONNEL
Welcome to the Annual Refresher Security Training for Cleared Personnel brought to you by the National Academy of Sciences’ Office of Program Security. This refresher security training is all about awareness and informing you of your responsibilities as a cleared individual. (National Industrial Security Program Operating Manual ((NISPOM) )

2 WHAT BUSINESS ARE YOU IN?
YOU’RE IN THE SECURITY BUSINESS The work of the National Academies spans all areas of science, technology, and medicine. There is a shared obligation to protect and secure any national security classified information or sensitive information that we have access to in the course of our work. Here at the Academies, we strive to provide high quality work products, and comply with security regulations. You might say, whatever business you think you’re in…You’re in the Security Business. The work of the National Academies spans all areas of science, technology, and medicine. Each study addresses a unique challenge or issue facing our sponsors. However, one common denominator that we all share is the obligation to protect and secure any classified or restricted information that we have access to in the course of our work. The National Academies’ mission calls upon us to ensure we provide both high quality work products as well as security compliance. We cannot sacrifice one in favor of the other. Therefore, no matter the business you think you’re in, you’re also in “the security business.” 3

3 YOUR OBLIGATION When you received your security clearance, you signed a Non-Disclosure Agreement Form. By signing this agreement, you, as an agent of the National Academies: Accept a lifelong obligation to protect classified & restricted information. Will avoid unauthorized disclosure, retention, or handling of this information. Understand the potential criminal and financial consequences of violating this agreement. (NISPOM 3-105) When you received your security clearance, you signed the SF 312 Non- Disclosure Agreement Form. By signing this agreement, you, as an agent of the National Academies , agreed to: - Accept a lifelong obligation to protect classified and restricted government information. - You Pledged to avoid: Unauthorized Disclosure of Classified/Sensitive Materials, Unauthorized Retention of Classified/Sensitive Materials, and Negligent Handling of Classified/Sensitive Materials You also verified by your signature that you understood the consequences of violating this Non-Disclosure Agreement. (NISPOM 3-105) Standard Form 312 Classified Information Nondisclosure Agreement 4

4 LEGAL AND BINDING Violating the statutory obligations of handling and protecting classified information can lead to a prison sentence and/or fines up to $10,000 per violation. For example, under Title 18, violations include: Gathering, Transmitting, or Losing Defense Information. Delivering Defense Information to Aid a Foreign Government. Disclosure to Unauthorized Personnel. Under Title 50, violations include: Violation of Security Regulations or Orders. (DoD Standard Form 312; NISPOM 3-105) While there are a number of statutes mentioned in this agreement, there are two statutory provisions that provide specific punishments for violations. Violating any of the statutes under Title 18 or Title 50 can lead to: - Prison sentences from 1 year to life - Fines from $1,000 to $10,000 - Both These punishments are for EACH violation. This annual refresher training is provided to you to remind you of the appropriate handling measures for information, your obligations, your reporting requirements, and your responsibilities as a result of this agreement. ((DoD Standard Form 312; NISPOM 3-105; 3-107) 6

5 TYPES OF GOVERNMENT INFORMATION
UNCLASSIFIED UNRESTRICTED – material that does not require a security clearance or special handling requirements and is approved for public release. UNCLASSIFIED RESTRICTED – material that has special safeguarding or handling requirements and is not approved for public release. CLASSIFIED – material that has special safeguarding and handling requirements, requires security clearance, a need-to-know, and is not approved for any authorized disclosure. (Executive Order 13526; NISPOM 4-100; NISPOM 5-508) There are three categories of government information that you may deal with in your current role: - UNCLASSIFIED UNRESTRICTED – material that does not require a security clearance or handling requirements and is approved for public release. - UNCLASSIFIED RESTRICTED – material that has special safeguarding and handling requirements and is not approved for public release. - CLASSIFIED – material that has special safeguarding and handling requirements, requires security clearance, a need-to-know, and is not approved for any authorized disclosure. (Executive Order 13526; NISPOM 4-100): 7

6 UNCLASSIFIED UNRESTRICTED INFORMATION
This type of information may be released to the public without restriction. For Federal Advisory Committee Act (FACA) Section 15 compliant activities, unclassified unrestricted information received by a committee should be listed in the committee’s Public Access File. Unclassified Restricted information is publicly releasable information that does not fall into any of the exemption categories under the Freedom of Information Act (FOIA). This information does not have any special safeguarding or handling requirements. The National Academies is subject to the information disclosure provisions of Section 15 of the Federal Advisory Committee Act (FACA). Unclassified unrestricted information received by a study committee should be listed in the project Public Access File (PAF). Only information the NAS Office of the General Counsel determines to be exempt from public disclosure under FOIA may be withheld from the public. 8

7 UNCLASSIFIED RESTRICTED INFORMATION
Unclassified Restricted Information can be sensitive and in some cases can have special safeguarding and handling requirements. A few examples are listed below. International Traffic in Arms Regulations (ITAR) Information Export Administration Regulation Information (EAR) (“dual-use technologies”) Sensitive Security Information (SSI) Safeguards Information (SGI) Controlled But Unclassified (CUI) Proprietary Personally Identifying Information (PII) The Office of Program Security and Office of the General Counsel will provide you with specific guidance on handling materials that contain these types of markings or fall into one of the other FOIA information categories. (NISPOM 5-508) Unclassified Restricted Information can be sensitive and in some cases can have special safeguarding and handling requirements. A few examples are listed here. Please note this list is not exhaustive. The Office of Program Security, in collaboration the Office of the General Counsel will provide you with specific guidance on handling materials that contain these types of markings or fall into one of the other FOIA information categories. (NISPOM 5-508) 8

8 CLASSIFIED INFORMATION – DEPARTMENT OF ENERGY
Categories of Department of Energy (DOE) Nuclear Weapons-Related Information Restricted Data (RD) – All data concerning the (1) design, manufacture, or utilization of atomic weapons; (2) production of special nuclear material; and/or (3) use of special nuclear material in the production of energy Formerly Restricted Data (FRD) – Classified information that has been removed from the Restricted Data category after DOE and DOD jointly determine that it (1) relates primarily to the military utilization of atomic weapons, and (2) can be adequately safeguarded in a manner similar to NSI. “FORMERLY” DOES NOT MEAN UNCLASSIFIED. National Security Information (NSI) – is information which requires protection against unauthorized disclosure in the interest of the national security of the United States and which has been determined to be classified in accordance with the provisions of Executive Order or any predecessor or successor order. (Atomic Energy Act; 10 CFR §1045; Executive Order ) The Department of Energy (DOE) has special classification markings to protect Nuclear Weapons-Related Information from Unauthorized disclosure. Here are a few of the DOE specific classification category markings frequently encountered in NAS activities. - Restricted Data (RD) – All data concerning the (1) design, manufacture, or utilization of atomic weapons; (2) production of special nuclear material; (3) use of special nuclear material in the production of energy. - Formerly Restricted Data (FRD) – Classified information that has been removed from the Restricted Data category after DOE and DoD jointly determine that it (1) relates primarily to the military utilization of atomic weapons, and (2) can be adequately safeguarded in a manner similar to NSI. “FORMERLY” DOES NOT MEAN UNCLASSIFIED. - National Security Information (NSI) – is information which requires protection against unauthorized disclosure in the interest of the national security of the United States and which has been determined to be classified in accordance with the provisions of Executive Order or any predecessor or successor order. (Atomic Energy Act; 10 CFR §1045; Executive Order 13526) 9

9 CLASSIFIED INFORMATION – DEPARTMENT OF DEFENSE
There are three distinct classification levels within the Department of Defense system Top Secret – Information that if compromised can cause exceptionally grave damage. Secret – Information that if compromised can cause serious damage. Confidential – Information that may cause damage. (Executive Order 13526) There are three distinct levels of classification within the Department of Defense system: Top Secret – information that when compromised could result in exceptionally grave damage to our national security. Secret – information that when compromised could result in serious damage to our national security. Confidential – information that when compromised could expect to cause damage to national security (Executive Order 13526; NISPOM Appendix C) 9

10 ACCESS TO CLASSIFIED INFORMATION
In order to have access to classified information, an individual must: Have the appropriate level of clearance and access authorization. This means A DOD collateral clearance (e.g. SECRET, TOP SECRET) and/or DOE clearance (e.g. “L”, “Q”) Must have “Need-to-Know” In addition to clearance authorization, an individual must require access to the information in order to perform contractual duties Curiosity, office position, or access authorization alone DO NOT qualify as need-to-know. (NISPOM Appendix C; NISPOM 6-102) Access to DOE and DOD classified information requires a personnel security clearance and a “need-to-know” the information in order to perform an individual’s contractual duties. By adhering to this need-to-know principle you will limit the chances that this materials could be compromised through inadvertent disclosure or release, and in turn keep our Nation and its secrets more secure. Curiosity, office position, or access authorization alone DO NOT qualify as need-to-know. (NISPOM 6-102) 9

11 WORKING ON A CLASSIFIED PROJECT
STEP 1: The need to access classified information is identified within project GBEC prospectus. STEP 2: NRC Governing Board Subcommittee on Classified, Controlled, Restricted Activities (CCRA) reviews and approves the classified project. STEP 3: RSO / Office of Contracts and Grants(OCG) provide a signed and executed project contract along with a Contract Security Specification (e.g. DD 254 Form, CSCS Form, or other equivalent specification form). STEP 4: RSO and OSEC meet to discuss security requirements. STEP 5: RSO and OSEC (coordinating with NRC Executive Office, Office of the General Counsel (OGC) develop project specific guidelines. A classified project is one where access to classified information is necessary to complete the terms of the project contract. All classified projects must be approved through the Governing Board Executive Subcommittee on Classified Controlled, Restricted Activities Subcommittee of The National Research Council. Once the approval process is completed, the Responsible Staff Officer (RSO) with the Office of the Contracts and Grants (OCG) ensures that the contract has a sponsor specific security specification form (e.g. DD 254 FORM, CSCS, or other equivalent specification form) that details the project specific security requirements. As soon as the project is in place, the RSO and project staff then schedule a meeting with OSEC. This meeting is necessary at the start of the project to ensure that the requirements of a particular project are being met and that they will be adhered to during the course of the study. This meeting may also involve representatives from the NRC Executive Office, the Office of General Counsel (OGC), and the Office of Contracts and Grants (OCG). This way, all parties involved are aware of their roles and responsibilities from the security perspective. 10

12 HANDLING A CLASSIFIED MEETING
Adherence to proper procedures for handling and safe- guarding classified and restricted information during meetings is required, whether the activity is Federal Advisory Committee Act (FACA) compliant or Non- FACA compliant. Classified and restricted meetings must be held in appropriately secured rooms coordinated through OSEC. Agenda, attendee list, and IT requirements for the meeting should be provided no later than 10 working days before the meeting. Each individual attending must hold a verified security clearance at appropriate level and have a valid need- to-know. (NISPOM 2-200) During a classified meeting, classified information is disseminated to meeting attendees during designated classified sessions either through presenter briefings, meeting discussions, or both. When applicable and in compliance with the Federal Advisory Committee Act (FACA), permission to hold classified sessions during a committee meeting should be obtained from the Office of the General Counsel (OGC) prior to the scheduling of the meeting. For select activities which are not subjected to FACA, all meeting participants are still bound to handle and safeguard the material according to the mandated security procedures. Classified sessions and meetings scheduled at NAS facilities must be reserved through the Office of Program Security. Space is limited, so coordination should take place as early as is possible and no later than 10 business days before the meeting date. The Office of Program Security should be provided with meeting planning information (date, time, classification level, attendee list, etc.) for the classified sessions as soon as possible, so that we may begin the work needed to support the meeting activities. Each individual in attendance at a classified session will need to hold a security clearance at the corresponding level at which the meeting will be held. (FACA Section 15; NISPOM 2-200) 11

13 HANDLING CLASSIFIED INFORMATION
You must: Safeguard this information at all times. Ensure that all classified material is properly secured at the end of each classified meeting day. Secure and immediately report to OSEC if you find classified material unattended. Please note: Classified material shall NOT be taken home under any circumstances Classified material must be properly destroyed and shall NOT be disposed of in wastebaskets. If you have questions about handling classified information, contact the Office of Program Security (OSEC) at (202) or Remember classified materials are specifically marked and easily identifiable to remind you what you have and to safeguard it appropriately. Classified materials and information in your possession are your responsibility to protect from unauthorized disclosure. The U.S. government is depending on you. This is the primary reason you received a security clearance. Based on your character and integrity, the government granted you the privilege of working with our national secrets. The Office of Program Security will brief you on the specific rules for handling classified information that apply to your responsibilities. Some standard procedures that apply to everyone are listed below. Classified information that is not safeguarded in an approved security container shall be constantly under the control of a person having the proper security clearance and need-to-know. An end-of-day security check isrequired to ensure that all classified material is properly secured at the conclusion of a classified session/meeting. If you find classified material left unattended in a National Academies facility, (for example, in a rest room or on a desk,) it is your responsibility to ensure that the material is properly protected. Take possession of the classified material and immediately contact the Office of Program Security or take the classified material directly to the Office of Program Security Office. Classified material shall not be taken home, and you MAY NOT, under any circumstances, work on classified material at home, or any other location other than those specified in the project contract. Classified information shall not be disposed of in the wastebasket. It will be maintained in a designated GSA-approved security container within the Office of Program Security awaiting destruction by an approved destruction method. Classified information cannot be sent via unsecure or other unsecure electronic means. In fact, and the Internet create many opportunities for inadvertent disclosure of classified information. Before sending an , posting to a bulletin board, publishing anything on the Internet or adding to an existing web page you must be absolutely certain none of the information is classified or restricted (i.e., FOIA- exempt). (NISPOM 4-210; 5-101; 5-102; 5-704; 5-705; 5-708) 12

14 MARKING CLASSIFIED INFORMATION
Original Classification The initial decision about what information should be classified. This authority is granted only a limited number of government officials. Derivative Classification The process of using existing classified information to create new material, and marking that newly- developed material consistent with the classification markings that apply to the source information. All cleared personnel who use or reference material from classified sources are Derivative Classifiers. (NISPOM 4-101; 4-102; 4-104; ISL – Revised 12/04/13) The initial decision about what information should be classified is called original classification. Because this is a very important, sensitive decision, the Government has granted only a limited number of government officials the authority to perform original classification. Derivative classification is different. It is the process of using existing classified information to create new material, and marking that newly- developed material consistent with the classification markings that apply to the source information.   All cleared DoD and authorized contractor personnel who generate or create material from classified sources are derivative classifiers. All such cleared personnel must complete the required DSS Derivative Classification Training. Similarly, personnel who access and relay classified information have derivative classification responsibilities to ensure proper classification level is maintained. (NISPOM 4-101; 4-102; 4-104; ISL – Revised 12/04/13) 13

15 PHYSICAL SECURITY/ ACCESS CONTROLS
The National Academies Facilities are protected through a number of physical security and access measures. 24-hour monitoring Video monitoring through CCTV Guard force Facility badged access controls NAS secure spaces have additional controls and access measures including: Intrusion Detection Systems Badged access controls GSA safes and containers Perimeter Controls and Bag Checks Other security and access controls (NISPOM 5-103; through 5-314) The National Academies protects its facilities by means of a number of physical security measures and access controls. Several of the measures the Academies has in place are listed here. The NAS Secure Spaces have additional security features and access controls to protect sensitive information. A few of the additional security features found in our secure spaces are provided here. 13

16 BADGING Uncleared Staff Badge
One of the ways that we protect our facility is through mandatory staff access badges (NISPOM 5-313). These badges tell you information about the person, such as whether he or she is: cleared, has unescorted access in the building, is a temporary employee, or is a contractor employee, etc. Staff must always wear staff badges in plain view while in the facility. Remove or conceal your badge when exiting the facility to protect yourself from becoming an intelligence target. Politely challenge anyone on the premises without a badge. Report lost or stolen badges immediately! Uncleared Staff Badge One of the ways that we protect our facility is through mandatory staff access badges. These badges tell you information about the person, such as whether he or she is: cleared, has unescorted access in the building, is a temporary employee, or is a contractor employee, etc. Staff must always wear staff badges in plain view while in the facility. *Remove or conceal your badge when exiting the facility to protect yourself from becoming an intelligence target. Politely challenge anyone on the premises without a badge. Report lost or stolen badges immediately! (NISPOM 5-313) Cleared Staff Badge 17

17 ACCOUNTABILITY All classified materials and some types of restricted materials are maintained by the Office of Program Security (OSEC). Do Not use unapproved computer systems for classified, or restricted information processing. Any destruction of classified material for National Academies’ activities is handled by OSEC. Contact OSEC for guidance on proper destruction of restricted information. Security regulations require full accountability of all classified information and systems. Transmission of Classified Materials All classified material—regardless of the level of its classification—must be received through or brought by a cleared authorized courier immediately to the Office of Program Security, logged into the classified material accountability system, and controlled through the use of the Security Information Management System (SIMS). Likewise, the permanent or temporary dispatch or transmission of classified material outside the facility will be handled and monitored by OSEC. Use of Information Technology Related to Classified Materials - DO NOT use unapproved computer systems to generate classified, potentially classified, or restricted unclassified information! If you have questions in this regard, contact OSEC staff immediately. - DO NOT create documents (including and/or attachments) referencing classified or restricted information related to a project when using an unclassified or unapproved computer system. Destruction of Classified Material Hackers and industrial spies have long used “dumpster diving” as a method for gathering information. Therefore, classified information shall not be discarded in the wastebasket. Instead, it must be thoroughly destroyed by appropriate GSA-approved destruction equipment before being discarded. OSEC handles all classified material destruction. Destruction of Restricted Materials Restricted information must be destroyed in a manner that prevents unauthorized persons from having access . Contact OSEC for specific destruction guidance appropriate to the type of restricted information you are accessing.   (NISPOM 5-400; 5-401; 5-708; and 8-105; 14

18 Never CLASSIFIED INFORMATION IN THE PUBLIC DOMAIN Comment, Confirm, or
Deny Classified information in the public domain is still CLASSIFED! You should never comment on or further disseminate this type of information. You are recognized as a knowledgeable expert and comments you make could be very damaging. (NISPOM 4-106) references to Classified Activities in the Public Domain. Classified information in the public domain is still CLASSIFED! You should never comment on or further disseminate this type of information. You are recognized as a knowledgeable expert and comments you make could be very damaging to national security. 15

19 CYBERSECURITY THREAT AWARENESS
One of the biggest challenges in safeguarding classified and restricted information is related to cybersecurity. To protect electronic information: Don’t Share Passwords. If you encounter a virus, get help immediately. Avoid certain types of websites. Pornography, music sharing, foreign intel services, etc. Be careful of what you download. Cookies, Subscriptions, News Groups, Java Applets/Active X Controls Be careful what you post. For questions regarding unclassified systems, contact the ITS Helpdesk. For questions regarding classified systems, contact the Office of Program Security (OSEC). One of the biggest challenges in safeguarding classified and restricted information is related to CYBERSECURITY. To protect electronic information: Don’t share passwords. Passwords are like toothbrushes. You never want to share your toothbrush with anyone, similarly, don’t share your passwords with anyone. If you encounter a computer virus or malware, get help immediately. If you suspect or confirm that your system has a virus or other malware– do not panic! Stop what you are doing and don’t attempt to handle the issue on your own. For classified systems at NAS facilities, notify the Office of Program Security immediately. For unclassified systems, contact the NAS IT Helpdesk immediately. Avoid websites where you are likely to encounter viruses and malware or attract attention of foreign intelligence services. Pornography, illegal music sharing, foreign intelligence service websites are just a few examples. Be careful of what you download. Sometimes you may unknowing download items that capture information about your internet using and habits such as cookies, subscriptions, News Groups, and Java Applets/Active X Controls. Be careful what you post. Social networking is another area where many cleared personnel are not aware of how to protect themselves against potential targeting. Social networking tools while sometimes useful and appealing, can pose a major threat to the network infrastructure of an organization as they attract attackers more than any other target in recent years. Never post information related to your participation in a classified activity. Remember There is No Security on the Internet! NO SECURITY ON THE INTERNET!!! 16

20 SECURITY INFRACTIONS Compliance with Security Requirements is an ongoing part of your responsibilities as a cleared individual. Any security incidents should be reported immediately to the Director of the Office of Program Security or his designee. Security infractions which breach either The National Academies and/or government regulations relating to the safeguarding of classified information fall into two categories: Minor Infraction – A minor infraction is any incident resulting from willful disregard, negligence, or unintentional failure to comply with security regulations or requirements and which does not result in compromise or suspected compromise of classified information. Major Infraction – A major infraction is the willful disregard of the security regulations, or the failure through negligence to comply with any security regulations or requirements which does result in compromise or suspected compromise of classified information. Serious major infractions may rise to the level of statutory security violations and give rise to criminal and financial consequences. Compliance with Security Requirements is an ongoing part of your responsibilities as a cleared individual. Any security incidents should be reported immediately to the Director of the Office of Program Security or his designee. Security infractions which breach either The National Academies and/or government regulations relating to the safeguarding of classified information fall into two categories: Minor Infraction – A minor infraction is any incident resulting from willful disregard, negligence, or unintentional failure to comply with security regulations or requirements and which does not result in compromise or suspected compromise of classified information. Major Infraction – A major infraction is the willful disregard of the security regulations, or the failure through negligence to comply with any security regulations or requirements which does result in compromise or suspected compromise of classified information. Serious major infractions may rise to the level of statutory security violations and give rise to criminal and financial consequences. 18

21 THE GRADUATED SCALE OF DISCIPLINE
INCIDENT REPORTING & THE GRADUATED SCALE OF DISCIPLINE OSEC is required to submit a written account of all “serious” incidents to the Cognizant Security Authority (CSA) upon notifying the NRC Executive Officer and the President of NAS. A copy shall be maintained in the employee’s (or consultant’s) permanent security file. The National Academies addresses these infractions on a Graduated Scale. OSEC is required to submit a written account of all “serious” incidents to the Cognizant Security Authority (CSA) upon notifying the NRC Executive Officer and the President of NAS. A copy shall be maintained in the employee’s (or consultant’s) permanent security file. The National Academies addresses these infractions on a Graduated Scale. For minor infractions: 1st security violation - individual will be counseled by his/her manager and reminded of appropriate security procedures by Director of the Office of Program Security. 2nd security violation - individual may be reassigned from any duties requiring access to classified information. 3rd security violation - disciplinary action will be considered depending upon the nature and seriousness of the incident and previous compliance. This may affect continuing employment/affiliation with the institution. For major infractions: 1st security violation - individual may be given a written warning which may include probation from accessing classified information and will be rebriefed by the Director, Office of Program Security. 2nd security violation - individual will be given written counseling and may be reassigned from any duties which require access to classified information. This may affect continuing employment/affiliation with the institution. For minor infractions: 1st security violation - individual will be counseled by his/her manager and reminded of appropriate security procedures by Director of the Office of Program Security. 2nd security violation - individual may be reassigned from any duties requiring access to classified information. 3rd security violation - disciplinary action will be considered depending upon the nature and seriousness of the incident and previous compliance. This may affect continuing employment/affiliation with the institution. . For major infractions: 1st security violation - individual may be given a written warning which may include probation from accessing classified information and will be rebriefed by the Director, Office of Program Security. 2nd security violation - individual will be given written counseling and may be removed from access to classified information. This may affect continuing employment/affiliation with the institution. 18

22 REMEMBER, YOU ARE A TARGET
You are a target for espionage, from both foreign and domestic sources. Economic espionage = seeking company proprietary info to gain competitive advantage. Military espionage = seeking military info to gain advantage on the battlefield. Remember, you are a target for espionage. Military and economic espionage are the games and the players want to know what you know or have access to. They want company proprietary information to gain a competitive advantage in the market place. They want military technology to gain the advantage on the battlefield. Our institution has both types of information and the adversary will target you because you are affiliated with us. 2014 Targeting U.S. Technologies A Trend Analysis of Cleared Industry Reporting 19

23 THREAT AWARENESS According to the FBI, threats to national security include foreign intelligence activities aimed at: U.S. intelligence, foreign affairs, or government officials. Critical technology. U.S. industrial proprietary economic information. Defense establishments and national preparedness. Weapons of mass destruction. Active measures. The FBI considers the following to be threats to national security regardless of the country involved. Any foreign intelligence activity which is: targeting U.S. intelligence and foreign affairs information and U.S. government officials. directed at critical technology. directed at the collection of U.S. industrial proprietary economic information. directed at the collection of information relating to defense establishments and national preparedness. involving the proliferation of special weapons of mass destruction. involving active measures. If you become aware of or suspect any foreign intelligence activity aimed at the areas referenced in the above list, notify the Office of Program Security immediately. 20

24 TARGETED TECHNOLOGY AND INFORMATION
According to the 2014 Targeting U.S. Technologies: A Trend Analysis of Cleared Industry Reporting , the Defense Security Service has determined adversaries target the following types of technology and information: Technology information, which may include classified and/or unclassified Militarily Critical Technology: Any technology that would allow potential adversaries to make significant advances in the development, production, and use of military capabilities Dual Use Technology: Technology that has both military and commercial use Contingency plans Personnel information Programs, deployments, response procedures Critical program information The Defense Security Service has also identified the 10 Most Frequently Targeted Technologies as: Information Systems; Aeronautics Systems (including technology related to unmanned aerial vehicles (UAVs); Lasers and Optics; Sensors; Marine Systems; Positioning, Navigation, and Time; Electronics; Military Critical Technologies List Technologies; Armaments and Energetic Materials; and Materials Processing. (Targeting U.S. Technologies: A Trend Analysis of Cleared Industry Reporting, 2014) 21

25 SUSPICIOUS CONTACTS You should report to the Office of Program Security the following types of contacts or any other situation that makes you feel something is suspicious: Any efforts by any unauthorized individual to obtain access to classified national security information or sensitive unclassified information, Any efforts by an individual to compromise a cleared individual, Contact by a cleared individual with known or suspected intelligence officers from another country, Any contact which may suggest a cleared individual may be the target of an attempted exploitation by the intelligence services of another country, Requests for information—written, phone, or electronic—from undocumented sources, and Computer hacking—whether successful or not. You should report to the Office of Program Security the following types of contacts or any other situation that makes you feel something is suspicious: Any efforts by any unauthorized individual to obtain access to classified national security information or sensitive unclassified information, Any efforts by an individual to compromise a cleared individual, Contact by a cleared individual with known or suspected intelligence officers from another country, Any contact which may suggest a cleared individual may be the target of an attempted exploitation by the intelligence services of another country, Requests for information—written, phone, or electronic—from undocumented sources, and Computer hacking—whether successful or not. 24

26 DEALING WITH SUSPICIOUS REQUESTS
Your main defense against espionage is awareness and reporting your foreign contacts. If you report, we can alert you when you are dealing with a known foreign intelligence operative, or you may identify a foreign intelligence operative. If you do find yourself in contact with a foreign intelligence operative, there is no need to be afraid---only careful. If the contact goes so far that you are asked to provide information, perhaps as a “consultant” you should: Remain calm. Listen carefully. Be observant. Remember as many details as possible. Be Noncommittal neither agreeing nor refusing to cooperate. Ask for Time, and Report immediately to your security office. (NISPOM 1-302b) Your main defense against espionage is awareness and reporting your foreign contacts. If you report, we can alert you when you are dealing with a known foreign intelligence operative, or you may identify a foreign intelligence operative. If you do find yourself in contact with a foreign intelligence operative, there is no need to be afraid---only careful. You are much more likely to be charmed by a “friend” than blackmailed by an enemy. If the contact goes so far that you are asked to provide information, perhaps as a “consultant” you should: Listen carefully, Be observant, Remember as many details as possible. Keep all options open by neither agreeing nor refusing to cooperate. Remain calm, Be Noncommittal, ask for Time and Report immediately to your security office. (NISPOM 1-302b) 24

27 FOREIGN INTELLIGENCE COLLECTION PLAN
The only thing you can be certain of is that you are a potential target if you have access to classified or restricted information. That's why it's important to be careful what you say when talking with ANY person outside of a secure environment. Not just careful of what you say about your work but also careful of what you say about yourself and your co-workers. Don't talk about the cost of putting two sons through college at the same time, or the cost of medical help for your daughter's leukemia. Don't talk about your stupid boss, how you hate the IRS, problems with your spouse, or your colleague's drinking problem. A foreign intelligence operative may interpret any of these as clues that you (or your colleague) may be worth cultivating. The only thing you can be certain of is that you are a potential target if you have access to classified, restricted, or proprietary information. That's why it's important to be careful what you say when talking with ANY person outside of a secure environment. Not just careful of what you say about your work but also careful of what you say about yourself and your co-workers. Don't talk about the cost of putting two sons through college at the same time, or the cost of medical help for your daughter's leukemia. Don't talk about your stupid boss, how you hate the IRS, problems with your spouse, or your colleague's drinking problem. A foreign intelligence operative may interpret any of these as clues that you (or your colleague) may be worth cultivating. 23

28 THE ROAD TO RECRUITMENT
STEP 1 Initial Contact Scientific conferences, seminars, exhibits, and meetings of all types where networking is encouraged offer ideal opportunities for a foreign agent to make a large number of initial contacts in a short period of time. Foreign Agents use this initial contact to confirm whether or not you have information of value. STEP 2 Operational Contact Foreign agents then look for some indication of exploitable vulnerability or susceptibility. STEP 3 Developmental Contact Next, a foreign agent attempts to establish a relationship of friendship and trust in order to start you down the road of providing information. This usually begins with innocent requests for professional advice, discussion of developments in your professional field, or discussion of your work colleagues STEP 4 Trusted Source A trusted source is regular source of useful information that is trusted in the sense that the foreign intelligence organization believes their source is telling the truthful useful information and is not reporting the contact to his/her security office. REPORT : If you think you are the target of a foreign intelligence agent, you should immediately report it to the Office of Program Security! The Road to Recruitment by a foreign agent has a number of key stops along the way. Step 1 Initial Contact: Scientific conferences, international business development programs, seminars, exhibits, and meetings of all types where networking is encouraged are spy heaven. They offer ideal opportunities for making a large number of initial contacts in a short period of time. Foreign Agents use this initial contact to confirm whether or not you have information of value. Step 2 Operational Contact: Foreign agents then look for some indication of exploitable vulnerability or susceptibility. Step 3 Developmental Contact: At this point, the goal is to establish a relationship of friendship and trust. Start you down the road of providing information, beginning with easy and innocent requests for professional advice, discussion of developments in your professional field, discussion of your work colleagues and the best way to deal with them. Step 4 Trusted Source: Of each 10 developmental contacts, maybe three can be developed into trusted sources. These are regular sources of useful information. They are trusted in the sense that the foreign intelligence organization believes their source is telling the truth and is not reporting the contact to his/her security office. If you think you are the target of a foreign intelligence agent, you should immediately report it to OSEC! Your goal is to recognize this process and report it to your security officer. The foreign intelligence operative's goal is to make it so easy for you to get involved, or to put yourself in a compromising position, that you won't want to report or will be afraid to report it to your security office. For more information about foreign intelligence recruitment and how to protect yourself, see the attached pamphlet on Foreign Intelligence Recruitment. Foreign Intelligence Recruiting Pamphlet 22

29 REPORTING RESPONSIBILITIES
As cleared personnel, you are required to report changes in personal status, adverse information, foreign travel, security incidents, and suspicious contacts (NISPOM 1-302): As cleared personnel, you are required to report changes in personal status, adverse information, foreign travel, security incidents, and suspicious contacts (NISPOM 1-302): 25

30 PERSONNEL STATUS REPORTING
As cleared personnel, you are required to report any of the following conditions or life changes: Marriage or divorce, Cohabitation, Change of name, Foreign travel (foreign contacts)—business or pleasure, Termination of employment, Any change in the naturalized citizenship of you or your spouse, Becoming a Representative of a Foreign Interest (RFI), Any intention to marry or cohabitate (including a roommate) with a foreign national, Media contact related to your job or our organization Bankruptcy, Lawsuits where you could lose more money that you cannot possibly afford, and Termination of your participation on a classified contract or transfer to another contract that does not require access to classified information, Any affiliation with a foreign interest – an individual acting as a representative, official, agent or employee of a foreign government, firm, corporation, etc. You are required to report any of the following conditions or life changes to the Office of Program Security: Marriage or divorce, Cohabitation, Change of name, Foreign travel (foreign contacts)—business or pleasure, Termination of employment, Any change in the naturalized citizenship of you or your spouse, Becoming a Representative of a Foreign Interest (RFI), Any intention to marry or cohabitate (including a roommate) with a foreign national, Media contact related to your job or our organization Bankruptcy, Lawsuits where you could lose more money that you cannot possibly afford, and Termination of your participation on a classified contract or transfer to another contract that does not require access to classified information, Any affiliation with a foreign interest – an individual acting as a representative, official, agent or employee of a foreign government, firm, corporation, etc. (NISPOM 1-302) 28

31 ADVERSE INFORMATION REPORTING
Adverse information is any information that adversely reflects on the integrity or character of a cleared individual which suggests that his or her ability to safeguard classified information may be impaired, or that his or her access to classified information may not be in the interest of national security. You are required to report the following: Frequent unexplained travel for short durations, especially out of the country, Receipt of classified information that you are not cleared to receive and do not have a need-to know, Treatment for mental or emotional disorders, Unreported continuing contact with a foreign national, Unreported foreign travel, and Any incident or condition that would cause concern about a cleared individual’s suitability for accessing classified information. Garnishment of wages, regardless of reason, Abuse of prescription drugs, Any use of illegal substances, Arrest of a cleared individual, Bizarre or notoriously disgraceful behavior, Criminal activities, Excessive indebtedness, Financial difficulties followed by sudden affluence, Sudden unexplained affluence, You are also required to report adverse information. Adverse information is any information that adversely reflects on the integrity or character of a cleared individual which suggests that his or her ability to safeguard classified information may be impaired, or that his or her access to classified information may not be in the interest of national security. As a cleared individual, you are required to report any of the following circumstances to the Office of Program Security: Garnishment of wages, regardless of reason, Abuse of prescription drugs, Any use of illegal substances, Arrest of a cleared individual, Bizarre or notoriously disgraceful behavior, Criminal activities, Excessive indebtedness, Financial difficulties followed by sudden affluence, Sudden unexplained affluence, Frequent unexplained travel for short durations, especially out of the country, Receipt of classified information that you are not cleared to receive and do not have a need-to know, Treatment for mental or emotional disorders, Unreported continuing contact with a foreign national, Unreported foreign travel, and Any incident or condition that would cause concern about a cleared individual’s suitability for accessing classified information. (NISPOM 1-302) 28

32 FOREIGN TRAVEL REPORTING
Cleared individuals must report any and all foreign travel in writing to the Office of Program Security. If you are approved for access to Sensitive Compartmental Information (SCI) or selected Special Access Programs (SAPs), additional foreign travel reporting requirements may apply. Complete a Foreign Travel Reporting Form for each trip: Before you travel After you travel Report any suspicious contacts or incidents you encounter during a trip abroad. Suspicious contacts of any kind must be immediately reported through OSEC to the Defense Security Service and the Federal Bureau of Investigation. (NISPOM ) Cleared individuals must report any and all foreign travel. A cleared individual, must inform OSEC in writing of all foreign travel 30 days prior to departure using the Foreign Travel Reporting Form, and complete post travel reporting using the Post-Foreign Travel Reporting Form. If you are approved for access to Sensitive Compartmental Information (SCI) or selected Special Access Programs (SAPs), additional foreign travel reporting requirements may apply. The Office of Program Security should be notified if you encounter any suspicious contacts during a trip abroad. Suspicious contacts of any kind must be immediately reported to the Defense Security Service and the Federal Bureau of Investigation by the Office of Program Security. (NISPOM 1-302) Foreign Travel Reporting Forms 26

33 FOREIGN TRAVEL: YOUR ACTIVITIES AND BEHAVIOR
Maintain a low profile. Never discuss classified information outside of a secure space. Never leave sensitive information unattended. Report any attempted surreptitious monitoring of you and your activities (i.e. surveillance). Never take photos of military personnel, installations, etc. Remember communications and correspondence may be subjected to monitoring and censorship. When traveling abroad, in all of your activities, show discretion and common sense. -MAINTAIN A LOW PROFILE: NEVER engage in any illegal activity, excessive drinking or gambling, and avoid any situation which may allow a foreign intelligence agency the opportunity to coerce or blackmail you. -DO NOT DISCUSS CLASSIFIED OR SENSITIVE INFORMATION OUTSIDE OF A SECURE SPACE: In any public place your conversation may be overheard, or you may be monitored. Do not discuss classified or sensitive information in a vehicle, restaurant, hotel room, hotel lobby, etc. If you need to call the U.S. to discuss classified or sensitive information locate a secure telephone by contacting the Regional Security Officer at the U.S. Embassy. -NEVER LEAVE SENSITIVE INFORMATION UNATTENDED: Never leave luggage or a briefcase that contains sensitive information unattended. This includes not leaving your briefcase in your hotel room and not leaving sensitive documents in hotel safes. We encourage you to keep your briefcase containing sensitive information immediately in your possession. Personnel frequently report occurrences of their luggage or briefcase being searched or rummaged through. If this happens to you report the incident to the Office of Program Security as soon as you return.    -REPORT ANY SURVEILLANCE ATTEMPTS OR EQUIPMENT DISCOVERED. If you locate any possible surveillance equipment, such as microphones, telephone taps, miniature recording devices or cameras, do not try to neutralize or dismantle it. Assume the device is operable and that active monitoring is ongoing. Report what you have found to the U.S. Embassy or Consulate and the Office of Program Security. Foreign intelligence services may place you under physical surveillance or you may suspect that you are being watched. It is better to ignore the surveillance than attempt to lose or evade it. Report any such surveillance attempts to the U.S. Embassy or Consulate and the Office of Program Security. -NEVER TRY TO PHOTOGRAPH MILITARY PERSONNEL, INSTALLATIONS OR OTHER “RESTRICTED AREAS”: It is best to also refrain from photographing police installations, industrial structures, transportation facilities, and border areas as well. -REMEMBER LETTER MAIL, , AND INTERNET ACCESS MAY BE SUBJECTED TO MONITORING AND CENSORSHIP. Never refer to any classified or sensitive information in your correspondence. 27

34 FOREIGN TRAVEL: YOUR ACTIVITIES AND BEHAVIOR
Do not accept packages and agree to transport them back to the U.S. Use well-traveled roads; avoid setting routines. Beware of overly friendly or solicitous people that you meet.    If detained or arrested, contact the U.S. Embassy or consulate immediately. Don’t Be Afraid to Say No. Trust Your Instincts. -DO NOT ACCEPT PACKAGES AND AGREE TO TRANSPORT THEM BACK TO THE U.S., even if your friends, relatives, and professional contacts make the request do not accept the package. -TRAVEL SAFELY: Avoid any areas where there is political or ethnic unrest, demonstrations or protests. Use well-traveled highways and avoid establishing routine schedules.    -BEWARE OF OVERLY FRIENDLY OR SOLICITOUS PEOPLE THAT YOU MEET. Do not establish personal or intimate relationships with these individuals as they may be employed by the intelligence service. Do not share any work related information with anyone who does not have a need to know. -IF DETAINED OR ARRESTED, CONTACT THE U.S. EMBASSY OR CONSULATE IMMEDIATELY: Should you be detained or arrested for any reason by the police or other officials, be cooperative, and contact the U.S. Embassy or Consulate immediately. Do not make any statements or sign any documents you do not fully understand until you have conferred with an Embassy representative. -DON’T BE AFRAID TO SAY NO. Business culture is focused on customer service. The expression “the customer is always right” is well known. Social engineers take advantage of this. When encountering a bit of resistance they will boldly press on. They may also impersonate a senior manager or claim to be from their office. In the military this is known as “awe of rank.” Don't fall for it. When someone asks you to violate policy or procedure hold firm and do what's right. Management will support your decision. A social engineering attempt is a serious security incident. If you encounter a social engineer, take note of as many details as possible (e.g., the phone number from caller ID, background noise, the time, the conversation). At the conclusion of the incident immediately contact the Office of Program Security. -TRUST YOUR INSTINCTS. When investigating a security incident it is often discovered that people knew or suspected that something was going on before the incident occurred. From time to time people may raise a false alarm and that is OK. It happens to security professionals occasionally and is to be expected. Trust your instincts and use your best judgment. When you call to report an incident, provide as much detail as possible. 28

35 Security Is A Team Effort & An Individual Responsibility
The National Academies’ Security Program provides protection for classified information and material, and ensures that only authorized persons are permitted such access. Our program utilizes “Security in Depth” which involves alarms, identification badges, visitor control, safes, access control, and other measures. While any one of these safeguards represents a strong barrier - our strongest PROTECTION is YOU. As an approved user of classified information, you are personally responsible for the protection and control of this information. You must safeguard this information at all times to prevent loss or compromise and unauthorized disclosure, dissemination, or duplication. Unauthorized disclosure of classified material is punishable under federal criminal statutes and organizational policies. The security program provides protection for classified information and material, and ensures that only authorized persons are permitted such access. Our program utilizes “Security in Depth” which involves alarms, identification badges, visitor control, safes, access control, and other measures. While any one of these safeguards represents a strong barrier - our strongest PROTECTION is YOU. We’re counting on you … security is a team effort, but an individual responsibility! 29

36 OFFICE OF PROGRAM SECURITY (OSEC) STAFF
Detra Bodrick Interim Director/ Facility Security Officer Max Nguyen Information System Security Manager Shayla Savoy Junior Security Administrator Kamilya Kamilova Personnel Security Administrator Enita Williams Information Compliance Administrator Jenny Franco Facility Security Officer – Beckman Center If you have any questions or require additional information, please contact a member of the Office of Program Security. Main Line: Main Main Fax: If you have any questions related to the topics covered in this training or require additional information, please contact a member of the Office of Program Security. Office of Program Security (OSEC) Staff Directory 30

37 DEPARTMENT OF DEFENSE HOTLINE
Just A Phone Call Away… To Report, Without Fear of Reprisal, Serious Security Irregularities or Infractions The Defense Hotline Program provides an opportunity to report significant instances of fraud, waste, abuse of authority, serious security irregularities or infractions, and mismanagement. You can reach the Defense Hotline via phone at or online at Remember, comments and questions made during these contacts must be kept unclassified. Comments and Questions Must Be Kept Unclassified 31

38 ACKNOWLEDGEMENT FORM Congratulations! You have successfully completed the Annual Security Refresher Briefing for Cleared Personnel. Please print and sign the acknowledgement confirming you have read and agree to comply with the information contained in this briefing. Return the signed form to the Office of Program Security via at or fax at Additional helpful reference materials and forms are provided in the links below. Annual Security Refresher Briefing Acknowledgement Form Congratulations! You have successfully completed the Annual Security Refresher Briefing for Cleared Personnel. Please print and sign the acknowledgement confirming you have read and agree to comply with the information contained in this briefing. Return the signed form to the Office of Program Security via at or fax at Supplement training and reference materials are provided in the links here and are also available through OSEC. Office of Program Security (OSEC) Staff Directory Foreign Intelligence Recruiting Pamphlet Sample Standard Form 312 Classified Information Nondisclosure Agreement Foreign Travel Reporting Forms 2014 Targeting U.S. Technologies A Trend Analysis of Cleared Industry Reporting 33

39

Download ppt "ANNUAL REFRESHER SECURITY TRAINING FOR CLEARED PERSONNEL"

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Annual Security Refresher Briefing. General Information Edmonds Enterprises Services (EES) and Logistics Applications Inc. (LAI) as Defense Contractors.

Annual Security Refresher Briefing. General Information Edmonds Enterprises Services (EES) and Logistics Applications Inc. (LAI) as Defense Contractors.
An introduction to Child Protection and Safeguarding www.worcester.ac.uk.

An introduction to Child Protection and Safeguarding
Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.

Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.
Student Code of Conduct Revision 2009 - 2010. Process Student Code of Conduct Committee Assistant principals, parents, interventionists, AEA representatives.

Student Code of Conduct Revision Process Student Code of Conduct Committee Assistant principals, parents, interventionists, AEA representatives.
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.

Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.
FERPA The Family Educational Rights and Privacy Act.

FERPA The Family Educational Rights and Privacy Act.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
Defensive Travel Briefing Cheryl L. Wieser Regional Security Officer US Department of Commerce (206) 526-6653 (206) 526-4543 Fax Updated 10/03/11 Security.

Defensive Travel Briefing Cheryl L. Wieser Regional Security Officer US Department of Commerce (206) (206) Fax Updated 10/03/11 Security.
1 Brown Bag Luncheon Series Training 09/25/2008 EXPORT CONTROLS AT YALE.

1 Brown Bag Luncheon Series Training 09/25/2008 EXPORT CONTROLS AT YALE.
9/15/20151 Initial Security Indoctrination. 9/15/20152 Agenda Physical Security Personnel Security Information Security Information Assurance Public Release.

9/15/20151 Initial Security Indoctrination. 9/15/20152 Agenda Physical Security Personnel Security Information Security Information Assurance Public Release.
ESPIONAGE INDICATORS. ESPIONAGE INDICATORS GUIDE BRIEFING DEPARTMENTAL ADMINISTRATIVE ORDER (DAO 207-12) NOAA ADMINISTRATIVE ORDER 207-12 (NAO 207-12)

ESPIONAGE INDICATORS. ESPIONAGE INDICATORS GUIDE BRIEFING DEPARTMENTAL ADMINISTRATIVE ORDER (DAO ) NOAA ADMINISTRATIVE ORDER (NAO )
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Similar presentations

Ads by Google