Air Force Communications SecurityPresented by ACC CYSS

28 August 2018

Overview• COMSEC Program• National and Air Force Policy• COMSEC Audits Program• Audit Trends Under New Policy• Potential Risk Impact• Mini-Crypto (MC)• Questions

COMSEC Program• Joint program lead by NSA with DoD CIO oversight

• Regulated through Executive Orders and NSA directives on protection and encryption of classified information

• A cradle-to-grave program managed by CYSS that includes: • Policy lead• Compliance/reporting for Air Force accounts & Field Support• Development, fielding, management, accountability, sustainment of crypto

devices, and crypto key management

COMSEC Policy• National Security Systems Instruction (CNSSI) No. 4005,

Safeguarding COMSEC Facilities and Methods

• Air Force Manual 17-1302-O, 3 February 2017, Communications Security (COMSEC) Operations

• Methods and Procedures Technical Order (MPTO) 00-33B-5001, Air Force Accounting Procedures

Audit Trends Under New Policy• Mar 17 COMSEC policy changes increased the program standard, rise

in “Unsat” scores• 70% required to pass (Critical and Non-Critical)

• Previously Critical 50%, Non-Critical 70%• Find & fix option removed• Loss of Classified keying material = automatic failure

• Common findings:• Accountability errors• Unaccomplished inventories• Mishandling COMSEC incidents• Missing required training

• Way Ahead: Early Involvement• SAV• SAV• Contact COMSEC Audits Office• Contact Field Support Office

COMSEC Audit Program• CYSS executes AF enterprise’s COMSEC audit mission• Each account audited every 3 years • Jan 17 – Jul 18 Audits

• Total accounts audited: 138• Sat Ratings: 127 (92%)• Unsat Ratings: 11 (8%)

• Contributing causes for Unsat ratings:• Lack of Leadership involvement• Personnel management• Account manager’s execution of the program

• Poor sub-account training programs• Failure to conduct semi-annual inspection/inventory

• Lost COMSEC keys & equipment*with repeat failure

Risk Algorithm Use Impact

Mini Crypto (MC)• An AF ACAT III secret and below capability meant platforms with Size,

Weight and Power constrained, unmanned Small Form Factor (SFF) devices operating in the tactical environment

• Remote rekeys

• Impacts coalition and joint forces

• Low cost / Losable

• Non-repairable

DSN: 779-CYSS (2977)

Comm: 618-229-CYSS (2977)Option 6

Booth: ACC CYSS #266

Email: james.huggins.3@us.af.mil

Questions

SEE CYSS AT THE AF PORTAL: SEARCH FOR “CYSS”SEE CYSS’ SHAREPOINT PORTAL: HTTPS://CS2.EIS.AF.MIL/SITES/11439/SITEPAGES/HOME.ASPX

UNOFFICIAL FACEBOOK PAGE: HTTPS://WWW.FACEBOOK.COM/CYBERSPACESUPPORTSQ/COMSEC FIELD SUPPORT EMAIL: AF.COMSEC.FIELD.SUPPORT@US.AF.MIL

COMSEC AUDITS EMAIL: CYSS.CYZ.AFCOMSECAUDITS@US.AF.MIL