Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Preventing Compromises The Policies and Procedures for Ensuring Classified Information is not Inadvertently Released.

Published byDulcie Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Preventing Compromises The Policies and Procedures for Ensuring Classified Information is not Inadvertently Released."— Presentation transcript:

1 1 Preventing Compromises The Policies and Procedures for Ensuring Classified Information is not Inadvertently Released

2 2 Purpose To familiarize individuals who generate classified information, intentionally or unintentionally, with the policies and procedures for preventing its inadvertent release

3 3 Classification The identification of that matter we need to protect in the interest of the national security Security The protection of classified matter versus

4 4 LIMIT ACCESS TO CERTAIN INFORMATION Only to those with a NEED TO KNOW! Why is Classification Important? PROTECT NATIONAL SECURITY

5 5 CLASSIFICATION BUYS TIME!! Delays proliferation –Adversaries must utilize resources to develop technologies –Allows time for political solutions Provides time to correct vulnerabilities Provides time to correct vulnerabilities

6 6 What is a Compromise? Disclosure of classified or unclassified controlled information to unauthorized person(s) – –Strips away the protection afforded by the classification and security system – –Results in a security infraction

7 7 What is Unclassified Controlled Information (UCI) Unclassified Controlled Information meets the requirements to be any of: Unclassified Controlled Information meets the requirements to be any of: –Unclassified Controlled Nuclear Information (UCNI) –Official Use Only (OUO) –Export Controlled Information (ECI) –Is not for public dissemination and may carry other access restrictions All details of nuclear technologies, if not classified, are at least UCNI or ECI All details of nuclear technologies, if not classified, are at least UCNI or ECI Many non-nuclear technologies in ORO’s domain prospectively have classified or ECI information attributes. Many non-nuclear technologies in ORO’s domain prospectively have classified or ECI information attributes.

8 8 What Are the Categories of Classified Information? Restricted Data (RD) Formerly Restricted Data (FRD) Atomic Energy Act Classification Category Authority Executive Order 12958 National Security Information (NSI)

9 9 What is Restricted Data? Certain data concerning the 1) 1)Design, Manufacture, or Utilization of Atomic Weapons 2) 2)Production of Special Nuclear Material 3) 3)Use of Special Nuclear Material in the Production of Energy

10 10 What are the Major Areas of Restricted Data? Nuclear Weapon Design Nuclear Material Production –Production Reactors –Isotope Separation (e.g., Gaseous Diffusion, Gas Centrifuge) –Quantities Naval Reactors

11 11 What is Formerly Restricted Data (FRD)? Classified information which has been removed from the Restricted Data category after DOE and DoD jointly determine that it 1) relates primarily to the military utilization of atomic weapons and 2) can be adequately safeguarded as national security information “FORMERLY” DOES NOT MEAN UNCLASSIFIED

12 12 What are Examples of Formerly Restricted Data? Stockpile quantities Weapons safety & storage Yields Locations Caution: Historical information may still be classified FRD

13 13 What is National Security Information (NSI)? Information which pertains to the national defense or foreign relations (National Security) of the United States and has been classified in accordance with an Executive Order (currently Executive Order 12958)

14 14 What are Major Subject Areas of NSI? Safeguards and Security Arms Control Negotiations Nonproliferation Chemical/Biological Defense Intelligence/Counterintelligence Foreign Relations Radiological Emergency Response

15 15 What are the Classification Levels? Top Secret RD/FRD/NSIExceptionally Grave Damage Secret RD/FRD/NSISerious Damage Confidential RD/FRD Undue Risk to the Common Defense and Security which can be described NSI Identifiable Damage LevelRelease could result in

16 16 What are Your Individual Classification Responsibilities? Ensure that each document – –Generated in a classified subject area receives a classification review – –That is suspected of containing classified information receives a classification review Report incidents of security or classification concern

17 17 What are Classified Subject Areas? Information that falls within the definition of RD, FRD, or NSI Within ORO common classified subject areas include :

18 18 Current and Historic Classified Subject areas for the Oak Ridge Office Current and Historic Classified Subject areas for the Oak Ridge Office Security: Security: –Physical Security –Operational Security –Communications Security –Security Plans –Homeland Security –Security Vulnerabilities and Shortcomings –Nuclear Materials Inventories

19 19 Technology: Technology: –Uranium Separation Techniques  Calutron (Electro-Magnetic Isotope Separation)  Gaseous Diffusion  Atomic Vapor Laser Isotope Separation (AVLIS)  Plasma Separation Process (PSP) –Lithium Separation

20 20 Weapons: Weapons: – –Nuclear Weapons Production and Science – –Details and Materials – –Chemical/Biological Warfare Threats: Threats: – –Description – –Messages – –Design Basis Threat

21 21 Work for Others: Work for Others: – –Research for others – –Other federal agencies – –In association with other governments Counterintelligence Counterintelligence

22 22 Who Must Conduct Classification Reviews? Only Derivative Classifiers (DC) – –Required by DOE Manual 475.1-1B, Manual For Identifying Classified Information – –Trained in derivative classification – –Authorized in specific subject areas – –Have up-to-date classification guidance for subject areas of authority – –Appointed by the local Classification Officer

23 23 How Does a DC Make Decisions? Documents for Review Confidential (RD/FRD/NSI) Confidential (RD/FRD/NSI) Confidential CG-SS-4 Chapter 1: INTRODUCTION Chapter 2: PROGRAM MANAGEMENT Chapter 3: PROTECTION PROGRAM OPERATIONS Chapter 4: INFORMATION SECURITY Chapter 5: NUCLEAR MATERIAL CONTROL AND ACCOUNTABILITY APPENDICES OFFICIAL USE ONLY Classification and UCNI Guide for Safeguards and Security Information U.S. DEPARTMENT OF ENERGY Technical Guidance Division Office of Nuclear and National Security Information Washington, DC 20585 Contains Circumvention of Statute Information. OFFICIAL USE ONLY Department of Energy approval required prior to public release. OFFICIAL USE ONLY September 2000 Derivative Classifiers use classification guidance to determine if a document contains RD, FRD, or NSI or is unclassified Classification Guidance Unclassified From: Les Bright Sent: August 13, 2007 To: B. Safe Subject: Work at Site B ____________________________ ____________________________ ____________________________ ____________________________ ____________________________ Les Bright

24 24 How Does a DC Make a Decision? Must base decision on published classification guidance Must base decision on published classification guidance Source documents not authorized for RD, and only in certain circumstances for NSI Source documents not authorized for RD, and only in certain circumstances for NSI Information in the public domain relating to a classified subject area should not be used to make a classification decision. Must always confirm the classification status with a DC Information in the public domain relating to a classified subject area should not be used to make a classification decision. Must always confirm the classification status with a DC

25 25 What Makes Classification Difficult? Person making decision must be aware of all classification guidance applicable to the subject area Information published in one context may be unclassified but may be classified in a different context Example –Physics phenomenon discussed in basic science or research is unclassified –The same phenomenon discussed in the context of weapon science may be classified “Context”

26 26 What Makes Classification Difficult? Two pieces of unclassified information placed together to reveal classified information through their association Association could be within one document (i.e., weapon + material) Association could be created by combining unclassified information from separate documents into one “Association” + *fictitious weapon The U.S. has weapons with a dial-a-yield (DAY) capability ___________________ Document #1 UNCLASSIFIED __________________ The W-110 * is an air- delivery weapon ___________________ Document #2 UNCLASSIFIED Dial-a-Yield Report Page 3 The W-110 * is an air- delivery weapon UNCLASSIFIED CLASSIFIED

27 27 Why Are Some Documents Not Reviewed, as Required? 1. 1. “I am confident that this document doesn’t need a review.” 2. 2. “All of this information is from the public domain, so it’s not classified and doesn’t need a review.” 3. 3. “I’m in a hurry and I’m pretty sure it’s not classified.” Common Pitfalls

28 28 “This Document Doesn’t Need a Review.” Pitfall #1 - Overconfidence Why it’s a pitfall – –You can only be confident if   You are a DC with the proper guidance available   You have previously discussed the exact (not similar) information with a DC and learned that it isn’t classified   The same information has been discussed in subject matter-related classification awareness briefing Solution - Don’t be overconfident, consult a DC

29 29 “The information is from the Public Domain, so it’s not classified.” Pitfall #2 – Bad Assumption Why it’s a pitfall – –You can’t always be sure information in the public domain is unclassified – –The appearance of classified information in the public domain DOES NOT mean it is unclassified – –Even if information is unclassified as it appears in the public domain, it may be classified in the context of your document Solution - Consult a DC to verify the classification status of information in classified subject areas that appears in the public domain before using it in any document

30 30 “I’m in a hurry...” Pitfall #3 – Bad Practice Why it’s a pitfall – –Risks the release of classified information – –It takes longer to deal with a possible security infraction, investigation and computer sanitization than to get a DC review Solution - Take the time to have a DC review documents in a classified subject area

31 31 From: B. Safe Sent:Monday, August 13, 2007 4:59 PM To:Les Bright Cc: Subject:FW: Weapons Committee Meeting Where are we are meeting? My badge will get me in the building, so I will park at the nearest entrance. Thanks, B. Safe From: Les Bright Sent:Tuesday, August 14, 2007 4:59 PM To:B. Safe Cc:D. Brown Subject:FW: Weapons Committee Meeting Room E-401. See you there. From: Les Bright Sent:Wednesday, August 1, 2007 4:18 PM To:B. Safe, R. Smart, I. M. Careful, Cc:D. Brown Subject:Weapons Committee Meeting The weapons committee will meet at HQ Germantown, MD on August 31, 2007 from 10 AM to 12 PM. Please send your clearance by August 15. Contract Ms. Brown when you reach the guard desk. - I.M. Weapons Committee Secretary Department of Energy Room number associated with  Date  Time  Fact of classified meeting Classified!! Room number is not classified - e-mail by itself unclassified Room number associated with this e-mail is still unclassified Examples of Compromises E-Mail Threads

32 32 Material X will be shipped to Site B. Page 20 Examples of Compromises UNCLASSIFIED draft report Weapon not specified U Specified weapon U Material X used in Weapons Classification Guide for Materials Material Y used in Weapons Weapon not specified U Specified weapon CRD and Y ^ CLASSIFIED Edits to the draft make the document CLASSIFIED due to association of material Y with the W-110 *fictitious weapon Draft Documents Environmental Report For the Demilitarization of the W-110*

33 33 Association From: Les Bright Sent:Monday, August 13, 2007 4:59 PM To:B. Safe Cc: Subject:Work at Site B We are experiencing technical difficulties with the computers in the project to recover material Y during the demilitarization process. The response from computer support has been inadequate. Please advise me of a point of contact I may call to correct these problems. Les Bright Examples of Compromises E-mail is CLASSIFIED because of the association between the W-110 (Site B) and material Y CLASSIFIED DOE DOE confirms Site B work on The W-110* Press Release T he W-110 is the only weapon currently being worked on at Site B. ___________________________ *fictitious weapon ___________________________

34 34 What is a Security Infraction? Failing to classify information, documents, or material requiring classification Misclassifying information, documents, or material Failing to obtain classification guidance, thereby causing a compromise or potential compromise of classified matter

35 35 What Happens when a Security Incident is Reported?  The incident is investigated –May be a security infraction (subject to administrative penalties) –May also be a security violation (subject to civil or criminal penalties)  If a compromise occurred all computers containing the information must be sanitized (including persons who receive the information via e-mail)  All copies of compromised documents, drawings and other media must be retrieved  Information in any form must be cleaned up ( Secret

36 36 What are Possible Penalties? Infractions – –Administrative penalty   Verbal admonishment   Written reprimand   Suspension or termination Violation – –Civil penalty of up to $100,000 – –Criminal penalty of Maximum of 10 years (without intent) Maximum of Life (with intent)

37 37 Remember Do not create a document (including e-mail) in a classified subject area on an unclassified computer before your plans are reviewed, in order to determine that it will not be classified Subsequent drafts may add information which changes the context or adds an association so that the document becomes classified – make sure proposed subsequent drafts are discussed beforehand

38 38 If you think you may have received classified information on an unclassified system, or a document that is not marked as classified properly, immediately discuss it with a DC – securely. Take no other action unless directed by Security (e.g., Do not forward e-mail or erase e-mail) If you think you may have received classified information on an unclassified system, or a document that is not marked as classified properly, immediately discuss it with a DC – securely. Take no other action unless directed by Security (e.g., Do not forward e-mail or erase e-mail) Don’t be overconfident, check with a DC when appropriate

39 39 Where Can You Get Help? Know who your Derivative Classifiers (DC) are for your your work area, and/or who the Classification Officer (CO) is for your facility/ subject area, they are: Dave Hamrin for ORNL and UT-Battelle Subcontractors (865-574-6752); John Preston for ETTP and Bechtel Jacobs subcontractors (865-574-9951); Gregg Peed for USEC (740-897-3729); and Gabe Marciante for DOE ORO and all other supporting subcontractors (865-576-0754)

40 40 Where Can You Get Help? COs are authorized by the government to decide when matter or a communication contains classified information. They designate DCs to assist them in that work

41 41 The originator of any document/media or proposed communication which is or may be classified, involves a potentially classified subject, or is originated in a classified subject area, must be reviewed by a DC or CO. You are responsible for understanding what is classified or potentially classified about your work. Ask your supervisor or CO for training. If discussing potentially classified information, use classified means of transmission. Discussions must be in secure areas designated for classified discussions.

Download ppt "1 Preventing Compromises The Policies and Procedures for Ensuring Classified Information is not Inadvertently Released."

Similar presentations

FOIA Exemption 1 & E.O Classified National Security Information

FOIA Exemption 1 & E.O Classified National Security Information
Merlin RAMCo Inc. 2012 Initial Security Education.

Merlin RAMCo Inc Initial Security Education.
Background Presenters Work done in preparation for WHS changes

Background Presenters Work done in preparation for WHS changes
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Presented by: Kathryn Hodges, NH

Presented by: Kathryn Hodges, NH
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Department of the Navy Information Security Program

Department of the Navy Information Security Program
Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.

Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!

HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!
The Department of Defense Intelligence Oversight Program

The Department of Defense Intelligence Oversight Program
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Information Systems Security Officer

Information Systems Security Officer
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Similar presentations

Ads by Google