COMSEC (Communications Security)
84
COMSEC (Communications Security)
description
COMSEC (Communications Security). Overview. The types of COMSEC information you may access The handling of COMSEC items and keying material The directives and rules which prescribe those safeguards - PowerPoint PPT Presentation
Transcript of COMSEC (Communications Security)
COMSEC(Communications Security)
Overview• The types of COMSEC information
you may access
• The handling of COMSEC items and keying material
• The directives and rules which prescribe those safeguards
• The penalties you will incur for willful disclosure of COMSEC information to unauthorized persons
•EKMS/KMI Transition
COMSEC Definition• COMSEC is the general term used
for all steps taken to protect information of value when it is being communicated
• This includes measures which are taken:
– To prevent unauthorized persons from gaining access to telecommunications that are related to national security
– To ensure the authenticity of such telecommunications
Elements of COMSEC
COMSEC
TransmissionSecurity
A B C D W X Y Z
CryptographicSecurity
PhysicalSecurity
EmissionSecurity
Transmission Security
Transmission Security or TRANSEC is the component of COMSEC which is designed to protect transmissions from unauthorized intercepts, traffic analysis, imitative deception and disruption.
TransmissionSecurity
Types of TransmissionsRadio: The most widely used form of electronic transmission. No matter the type of end equipment in use, in most cases at some time between transmittal and receipt, radio signals are used for delivery.Because radio signals are sent out through the open air, they are one of the least secure forms of transmission.
Telephone: One of the most widely used, and most convenient forms of communication. Not only are telephone lines used for voice communications, but data is also transferred over these lines.Telephone lines are easily tapped, making the phone a very unsecure form of communication.
Types of Transmissions
Cell Phones: Very popular and widely used today. However, they are even less secure than regular phones because their transmissions can be picked up just like radio signals.
Email: This has become one of the most widely used forms of communications, and one of the greatest risks to the security of classified and sensitive information. They can be easily intercepted or can be found stored on servers and copied.
U.S. Postal & Courier Services: This is when data or materials are transferred through registered mail or hand delivered by bonded couriers. In most cases this is a very secure means of communication, but is not useful when time constraints exist.
Types of Transmissions
Face to Face: This is when two or more parties meet and talk with each other.Hand Delivery: This is when data in written or hardcopy form is hand carried from point of transmission to point of receipt.
NOTE: The security of face to face and hand delivery transmissions is totally dependent on the parties communicating.
Cryptographic Security
A B C D W X Y Z
CryptographicSecurity
Cryptographic Security or Cryptosecurity is the component of COMSEC which results from the use of technically sound cryptosystems, and from their proper use.
Cryptographic Security
Change tothe next
encryptionkey at 10:00
tonight.
Cryptographic Security includes correctly applying encryption equipment to protect voice and data communications.
Change tothe next
encryptionkey at 10:00
tonight.
klasfaslkk;lkkasiupodf;llsaifuasppfosjpoifpsoos
When properly applied, encryption can secure all electronic transmission.
Cryptographic Security
Includes the development of Key Management Plans and Procedures that provide instructions for the operation and protection of the Cryptographic devices and their key material.
COMSECMaintenance
Manual
COMSEC
Includes all measures taken to ensure only authorized personnel install, operate and perform maintenance on cryptographic devices.
Physical Security
Physical security is the component of COMSEC that results from all physical measures to safeguard cryptographic materials, information, documents and equipment from access by unauthorized persons.
PhysicalSecurity
Physical Security
Includes Storage Facilities
And Security Containers
Physical SecurityStorage of Classified Materials:The preferable storage requirement for items classified as Top Secret, Secret and Confidential is a vault. When necessary, such items can be stored in a GSA approved security container.
Storage of FOUO and SBU:These items may be stored using the same methods as classified materials.When other methods are not available, a filing cabinet equipped with a locking bar and GSA changeable combination lock is the most preferable.However, in most cases it is acceptable to use any lockable container or room, but you should check with your COMSEC Custodian.
Physical SecurityIt includes applying methods to ensure only authorized persons have access to classified, sensitive and COMSEC materials and information.These methods include but are not limited to:
Badges, Guards and Alarm Systems
It includes the proper handling and accounting for all classified, sensitive or COMSEC information/materials on a continuous basis.
Inventories of these materials must be taken semi-annually as required by NSA.
Physical Security
Whenever classified, sensitive or COMSEC materials are removed from storage, the person removing these materials or information must maintain constant control or surveillance over them.
No matter how important a task may be, if it involves classified, sensitive or COMSEC materials or information:You may NEVER take it home or away from its secure area to be completed.
Physical SecurityIncludes the proper disposal of classified and sensitive materials and information no longer needed.Some approved methods of destruction are:• Burning• Disintegration• Chopping• High Security Crosscut Shredding• Classified Trash Receptacle
Shredding
ClassifiedTrash
BurnBag
Most of you will not be performing the destruction of the materials. Most of you will either shred or burn your COMSEC items that need to be destroyed.
Physical SecurityThe destruction of COMSEC materials is even more strict than those of other classified materials.
For this reason, there are even fewer personnel authorized to perform this destruction.
For more information contact your COMSEC Custodian.
COMSEC
COMSECMaintenance
Manual
Emissions Security
EmissionSecurity
Emissions Security is the component of COMSEC which results from all measures taken to prevent compromising emanations from cryptographic equipment or telecommunications systems.
Emissions Security
How do we control these radiated RF signals from being intercepted by unauthorized parties?
1. We use TEMPEST rated equipment
2. We use Red/Black separation3. We shield and filter our
facilities and sensitive areas
TEMPEST
Rated
This is TopSecret!
All electronic equipment produces and radiates RF signals.
Three Types of Access
COMSEC Access
• Access to classified COMSEC information may be afforded U.S. citizens who:
– Have been granted a final security clearance by the U.S. Government.
– Have a need-to-know.
– Personnel who have been granted an interim TOP SECRET clearance may be granted access to COMSEC material, but only at the SECRET level and below. An interim SECRET clearance is not valid for access to any classified COMSEC information.
CCI Access
Know and Obey the Rules Governing Use of the vIPER, Omni or STE
• Access to Controlled Cryptographic Items (CCIs) will be limited to U.S. citizens who have a need-to-know.
• When CCI equipment is keyed, individuals loading the key or otherwise operating the equipment must possess a security clearance at least equal to the classification level of any key contained within. A security clearance is not required for visual access, if properly escorted.
Cryptographic Access
Jimmy
• Cryptographic access control (CAC) is an approach to securing data by encrypting it with a key, so that only the users in possession of the correct key are able to decrypt the data and/or perform further encryptions.
• Access to classified Cryptographic information may be afforded U.S. citizens who:
- Possesses a security clearance appropriate to the level of classification of the cryptographic information to be accessed.
- Have a need-to-know.- Receives a security briefing appropriate to the
cryptographic information to be accessed.
COMSEC Briefings• Initial Briefing. U.S. Government entities and contractors will ensure
that all individuals having a need for access to the types of COMSEC information will receive the COMSEC briefing.
• COMSEC briefings shall be administered by the COMSEC Custodian or Alternate COMSEC Custodian of U.S. Government entities and contractor facilities.
• For contractor facilities, when the FSO is the COMSEC Custodian or Alternate COMSEC Custodian or is assigned duties that require access, the FSO must be briefed by a U.S. Government representative.
• Periodic COMSEC re-briefings and debriefings are not required.
• Briefings are maintained for a minimum of five years upon clearance or employment termination.
Cryptographic Briefings• Individuals who have a continuing need for access to TOP SECRET
and SECRET key and authenticators that are designated CRYPTO, and to classified cryptographic media, will receive the cryptographic access briefing.
• The cryptographic access briefing shall be administered by the COMSEC Custodian or Alternate COMSEC Custodian of U.S. Government entities and contractor facilities.
• For contractor facilities, when the FSO is the COMSEC Custodian or Alternate COMSEC Custodian or is assigned duties that require access, the FSO must be briefed by a U.S. Government representative.
• Cryptographic debriefings are required• Briefings are maintained for a minimum of
five years upon debriefing, clearance or employment termination.
TPI Requirement• Access to Top Secret cryptographic keying material can be conducted only
under the Two Person Integrity (TPI) requirement.• The TPI requirement is mandated until the keying material has been
converted or has been properly stored or destroyed, in accordance with approved procedures.
COMSEC/Crypto Access Verification
• COMSEC access and/or Cryptographic access may be verified by contacting your respective COMSEC Custodian, FSO, or the ISSO assigned to the lab in which you are working.
Security Oversight• Security oversight for the operation of most COMSEC accounts is
shared between the National Security Agency (NSA) and the Defense Security Service (DSS).
Role of NSAThe NSA:
• Functions as the Central Office of Record (COR) and receives all transaction reports (receipt, generation, destruction, and inter-facility transfers) from the COMSEC Custodian.
• Serves as the U. S. Government’s central library for all publications related to COMSEC.
• Dispatches NSA auditors to the COMSEC Account approximately every5 years to conduct assessments.
Role of DSS
The DSS:
• Oversees implementation of the NISPOM, through periodic audits and inspections.
• Coordinates with NSA regarding COMSEC issues between the COMSEC Custodian and foreign governments.
COMSEC Accounts• A COMSEC account is required when a contract has a DD254 with the
11.h. box checked.
11.h. Request a COMSEC Account
COMSEC Accounts• To open a new COMSEC account with NSA, you must complete the
COMSEC Account Application Form L-7187. It can be obtained by going to the NSA Key Support Central Facility website at: https://www.iad.gov/COR/index.cfm. If you have any questions, contact NSA Registration at 410-854-8523.
• NSA sends an appointment letter within 7 to 14 days. You will then submit a signature card to NSA.
• All new COMSEC Custodians and Alternates must take the COMSEC Custodian Training Course (IAEC-2112) within six months after being appointed. More information can also be found regarding the course on the Key Support Central Facility website.
• COMSEC and Cryptographic briefings must be completed, as required.
• To apply for access to the NSA Key Support Central Facility website go to: https://www.iad.gov/COR/index.cfm and click to join.
COMSEC ITEMS• Classified and unclassified keying material, both
hard copy and digital formats.• Classified and unclassified encryption equipment
embedded with cryptographic firmware.• Classified and unclassified material, data, hardware, and software
under development – which embodies, implements, or describes cryptographic logic.
• Classified and unclassified documents relating to the maintenance and operation of COMSEC equipment.
• In most cases, one of the following labels will be displayed on the outside of such items: “Controlled Cryptographic Item, CCI, /TSEC, or CRYPTO”.
COMSEC ITEMS
vIPER secure phone – secure point-to-point voice/data communications up to Top Secret
Omni encryptor - secure point-to-point voice/data communications up to Top Secret
STE III phone – secure point-to-point voice/data communications up to Top Secret
Talon card - encrypts traffic sent through it (an in-line Network Encryptor) primarily with a laptop
COMSEC ITEMS
RASKL- used to store electronic keys then load into crypto equipment
KG-175D Encryptor – provides network communications security on Internet Protocol (IP) and Asynchronous Transfer Mode (ATM) networks
Data Transfer Device (DTD) - used to store electronic keys then load into crypto equipment
Simple Key Loader - used to store electronic keys then load into crypto equipment
Procurement of COMSEC Equipment
– CCI must be used ONLY for the purpose for which it was obtained.
– If unclassified and “unkeyed,” CCI must be protected and stored as “high value property,” physically accessible only to COMSEC briefed personnel, and secured within a locked cabinet or area.
– If classified or “keyed,” CCI must be protected at its assigned security classification level and/or at the classification level of its key and secured within an approved security container or closed area when unattended.
• The procurement of CCI should always be coordinated through GFE, FMS, or Company Owned channels.
• The following conditions apply to ALL CCI:
Keying Material
• If unclassified, keying material must be protected, accessible only to COMSEC-briefed personnel, and secured within an approved security container or closed area.
Obey the rules.
• The procurement of keying material should always be coordinated through the COMSEC Custodian.
• The following handling conditions apply to ALL keying material:– Keying material can be used only
for the purpose for which it was obtained.
– All keying material has a “controlling authority,” which authorizes distribution, usage on specific CCI, and the duration of usage (effective period/crypto period).
Keying Material
• Top Secret keying material marked “CRYPTO” must be accessed and stored only under TPI controls.
• When issued to a Hand Receipt Holder, specific instructions will be provided by the COMSEC Custodian regarding usage of the keying material, its effective crypto period, its suppression rate, and the time superseded segments must be destroyed.
• If classified, keying material must be protected at its assigned security classification level, accessible to only properly cleared and briefed personnel, and secured within an approved security container or closed area.
Keying Material• If keying material is classified, the key’s effective date and crypto
period are classified at the Confidential level and (along with the key’s nomenclature and edition identifier) should never be mentioned outside secure channels.
• It is permissible to mention the key’snomenclature or the key’s edition – but never together (which would be classified).– For instance, in the unclassified
example – “USKAT 1539, Edition G, is effective 1 June 1998” – it would be permissible to say, “We’re currently on Edition G,” or “We’re currently using USKAT 1539.” But it would not be permissible to say, “We’re currently using Edition G, USKAT 1539.”
• The effective date and/or crypto period of unclassified keying material is For Official Use Only (FOUO), which must not be disclosed in the public domain.
Keying Material• Keying material must be destroyed and/or equipment be
zeroized when its crypto period has expired and/or when the key has been superseded.
• Keying material designated CRYPTO, which has been issued for use, must be destroyed within 12 hours following the expiration of individual key segments and/or supersession.
• If special circumstances prevent compliance with the 12-hour standard (e.g., facility unmanned over weekend or holiday period), the chief of the U.S. Government entity or FSO (if applicable) may authorize an extension to a maximum of 72 hours.
• Destruction of physical key requires the identities and keys of the person conducting the destruction and the person who actually witnesses the destruction.
Two Types of Accounts• Traditional Account - established to support a program that is
required to hold and/or produce classified COMSEC material accountable within the CMCS.
• Seed Key-Only COMSEC Account (SOCA) - established to support a program that holds Controlled Cryptographic Item(s) and the associated Seed Key.
• The COMSEC Custodian is responsible and accountable for all COMSEC material charged to the COMSEC Account.
COMSEC Accounting• The COMSEC Distributed INFOSEC Accounting System (DIAS)
automates the accounting and tracking procedures for handling all items (classified and unclassified) controlled under the COMSEC Material Control System (CMCS). DIAS is a user-friendly application that allows users to store and transfer accounting information electronically between COMSEC accounts and the Central Office of Record (COR).
COMSEC Accounting• Accounting reports are prepared on an SF-153. These reports are
prepared electronically using either the NSA Distributed INFOSEC Accounting System (DIAS) or another NSA COR (I5131) approved automated system.
• All transactions (e.g., receipt, transfer, destruction, etc.) for COMSEC items are controlled through the DIAS or other NSA COR approved automated system.
• Items which must be transferred outside the COMSEC Custodian’s immediate control (whether inside or outside the facility) must be transferred via an SF 153 (COMSEC Material Report).
Transferring COMSEC Items
• COMSEC items can be received as Government Furnished Equipment (GFE), Company Owned Equipment, or property furnished under Foreign Military Sales (FMS).
• Regardless of how received (and for what purpose), the following condition must be adhered to, under the NSA/CSS Policy Manual No. 3-16: Packages addressed to the “COMSEC Account (or COMSEC Custodian)” must be delivered to COMSEC personnel unopened.
• Depending on the classification level, COMSEC items under cognizance of the CMCS can be forwarded via U.S. Postal Services, a bonded trucking/transportation company, Defense Courier Service (DCS), or overnight air service.
Hand Receipts
• Other personnel who use the COMSEC items must be aware of the required controls, briefed to the appropriate level of classification, and under continuous operational control of the Hand Receipt Holder.
• The person who receives COMSEC items from the COMSEC Custodian is called a “Hand Receipt Holder,” because the SF 153 (used for local transfers) is called a “hand receipt”.
• The Hand Receipt Holder is responsible for the control, safeguarding, storage, and usage of the items issued to him/her.
Hand Receipts
• The Hand Receipt Holder is relieved from responsibility only when the items have been returned to the COMSEC Custodian.
• The Hand Receipt Holder cannot reissue COMSEC items to another individual outside his/her span of control.
• If items need to be reissued, they must be returned first to the COMSEC Custodian for reissuance.
Special Handling
– If not controlled through the COMSEC Custodian, the document may be reproduced – unless there is a notice on the document to restrict reproduction.– If controlled through the COMSEC Custodian, a TOTAL
reproduction of the document is not allowed without authorization from the NSA or the originating office.–Extractions and partial reproductions are allowed so
long as the information which is extracted or reproduced is identified as COMSEC information, identified via the same means as the source document.
• COMSEC documents can be ordered through the COMSEC Custodian from NSA.
• Depending on the type of document received, disbursement may be through the COMSEC Custodian or through document control personnel.
• In any event, the following special handling conditions apply to ALL COMSEC documents:
Storage/Destruction/Transfer
• Classified COMSEC documents must be protected at the assigned security classification level; i.e., stored in an approved container or closed area with access provided only to appropriately cleared and briefed personnel.
• Destruction and transfer of COMSEC documents must be coordinated through the entity that disbursed the documents.
• Unclassified COMSEC documents must be protected from unauthorized personnel; i.e., secured in a locked file cabinet with access provided only to COMSEC-briefed personnel.
COMSEC Shipments• All shipments of COMSEC items controlled through the
CMCS must be coordinated through the COMSEC Custodian.
• The shipment of those not controlled through CMCS must be coordinated through document control.
• The method of shipment must be approved by the COMSEC Custodian or document control before any shipping documentation is prepared.
• The functional organization responsible for the use or delivery of the item must obtain authorization for the shipment (e.g., approval from the Contracting Office, Government Property, Contracts, etc.) and must prepare any shipment document required within the company.
• The COMSEC Custodian and document control will prepare external receipt documentation, which is required separately from any other company or government documentation that may accompany the shipment.
OvernightDelivery
WayOut
Facilities Operations
• Each combination to a security container or closed area which stores any classified COMSEC material must be changed upon initial use and upon departure/termination of anyone who possesses the combination.
• If the combination permits access to a container or area which is used to store classified COMSEC material controlled under the CMCS, it must be changed at least once every two years.
• All facilities and operations must be approved by the COMSEC Custodian prior to storage and/or use of COMSEC materials which are controlled under CMCS.
• Additional approvals may be required if the facilities and/or operations will involve classified information.
Combination Changes• Combination changes for security containers which
contain COMSEC material controlled under the CMCS must be coordinated through the COMSEC Custodian.
• Security containers which contain classified COMSEC material controlled under the CMCS must have – posted inside the container – a listing of all cleared and briefed personnel who have access to the combination (names, home addresses, and home telephone numbers).
• All closed security areas dedicated to COMSEC operations – where open storage of classified COMSEC materials is required and/or operational classified crypto equipment is keyed and unattended – must have an access list, authenticated by the COMSEC Custodian, displayed inside, near the entrance to the area.
Visitors
• The register must identify all visitors entering and leaving the area.
• All classified COMSEC material must be concealed from view to prevent unauthorized access by the visitor, and the visitor must be escorted by an authorized, properly cleared and briefed person at all times while in the area.
• A visitor register must be maintained for all persons other than those listed for access to the closed area.
Inspections/Audits/Inventories
– Semi-annual Inventory – a 100% inventory of all COMSEC items controlled under the CMCS, conducted by the COMSEC Custodian every six months, and also whenever the COMSEC Custodian is changed.
– NSA Audit – conducted by an auditor from the NSA approximately every 5 years.
– DSS Inspection – conducted by a representative from the DSS “annually”.
– Policy-Mandated Audit – conducted by the COMSEC Custodian whenever a national policy pertaining to a special COMSEC system mandates that an audit be conducted.
• The COMSEC Custodian and personnel to whom COMSEC material is issued are subject to the following:
Inspections/Audits/Inventories
The COMSEC Custodian will coordinate all inspections, audits, and inventories in advance, whenever possible.
No entity should be allowed to access any COMSEC material during inspections, audits, and/or inventories, without the coordination and approval of the COMSEC Custodian.
Emergency Guidelines
– Notify the Fire Department and/or other appropriate emergency personnel.
– As necessary, evacuate all personnel not required to secure the material.
– Remove or clear all classified cryptographic keys from any COMSEC equipment.
– Secure all material, starting with classified.
– Inform the COMSEC Custodian and on-site security of what has happened.
• In cases of natural disaster – such as earthquake, fire, tornado, or the like – what action should on-scene personnel take if personal safety and time permit? They should:
Emergency Guidelines• As necessary, emergency
personnel must be permitted access into the area, in performance of their duties.
• After the emergency, determine if any COMSEC material has been lost, destroyed, or accessed by unauthorized personnel.
• Also, conduct a damage assessment to determine if the area can still provide adequate safeguarding– Are security containers functional? Damaged? – Are alarm systems damaged?– Can the area be secured?
• When appropriate determinations have been reached, report the results immediately to the COMSEC Custodian and on-site security.
Practices to Avoid• This should never happen!!!
– Using equipment and key on the wrong contract, for the wrong purpose, and/or in an unauthorized manner• “But this is the way we do it in the
Navy.”– Loaning equipment outside the control of
the Hand Receipt User• “I knew it would be returned and not
lost!”– Pulling “future” key segments out of their
protective packaging and using them prior to authorized, effective dates • “We were having problems with today’s
key segments, so we pulled the others to see if we would have problems with them.”
Practices to Avoid
• Receiving and distributing COMSEC material outside the COMSEC channels, even though the packaging containing the material clearly indicates that the material is to be delivered to the COMSEC Custodian by name– “I saw that, but – you’ve got to
understand! – it was a shortage item which we had to process.”
• Not destroying superseded keying material in a timely manner – “I didn’t think it was important since it had already been used.”
• Modifying someone else’s entry on a Disposition Record– “I know he did it, but he isn’t here to correct it himself.”
Disclosure of Information
Disclosure of information, quite simply is when information passes from one party to another.
When dealing with classified, sensitive or COMSEC information, it is the responsibility of the party possessing the information to ensure it is not disclosed to parties who do not have a need for or a right to the information.
Authorized DisclosureDisclosure of classified, sensitive or COMSEC information is authorized only when the party receiving the information has the proper clearance or background check, can be properly identified and has a need to know.
Need to Know does not mean because a person holds a high management position that they automatically need access to the information.
Unauthorized DisclosureUnauthorized disclosure of classified, sensitive or COMSEC information is when the party receiving the information does not have the proper clearance or in most cases a need to know.
In most cases, unauthorized disclosures are unintentional and due to poor planning or a failure to think by the possessing party.
Unaware of Surroundings
One of the leading causes of unintentional disclosures is simply people not being aware of their surroundings.
Discussing classified, sensitive or COMSEC information when you are unsure or unaware of your surroundings can quickly lead to this information being disclosed to the wrong people.
Awe of Position
We all want to please our management, and work very hard each day to do so.
We must remember, just because they are our supervisors, we can’t always give them the information they request.
If a higher-up requests anything that is classified, sensitive or COMSEC in nature, we must make sure they meet all the requirements for access to this information just like everyone else.
Trapped by TimeWhenever we feel rushed, or have a deadline that we can’t see ourselves making, we tend to cut corners.
When we are in this type of situation and working with classified, sensitive or COMSEC information, the corners we cut could very likely lead to an unintentional disclosure.
We must remember when working with classified, sensitive or COMSEC information, the job must be done by the book, no matter how long it takes.
Emotional HazardEmotions play a very big part in our lives, and affect each of us on a daily basis.
When we let emotions cloud our thinking, the classified, sensitive or COMSEC information we are working with is at risk of an unintentional disclosure.
Note: Emotions are one of the most difficult of all the unintentional disclosure risks to control.
Security Incidents
Security Incidents are events or incidents that may jeopardize the security of any of the COMSEC Elements, classified or sensitive information or materials.
Security IncidentsSecurity incidents can be broken into three categories that are:
Personnel Physical Cryptographic
Personnel Security Incidents
Personnel security incidents are events or incidents that involve acts of espionage and sabotage, or the willful or unwillful disclosure of information to hostile or foreign agents by personnel having authorized access to the information.
Physical Security Incidents
Physical security incidents occur when the control over classified, sensitive, and/or COMSEC equipment, materials or information is lost.
That crypto keyhas to be here
somewhere!
Cryptographic Security Incidents
Cryptographic security incidents are willful or unwillful actions or inactions that place any element of a Cryptosystem in jeopardy of compromise.
Security Incidents
Also includes:
Reporting the incident.
Investigating the cause.
Correcting the problem.
Performing preventive measures.
Incident Reporting• All incidents involving COMSEC material and/or
violations of COMSEC security requirements must be reported immediately to the COMSEC Custodian.
• The COMSEC Custodian will conduct an internal inquiry into the incident/violation.
• Depending on the type and severity of the incident/violation, a preliminary report may be required by the NSA within 24 hours and – if keying material is involved – also to the Controlling Authority.
• A final report is required within 72 hours.
• Personnel associated with the incident/violation are subject to disciplinary action by the company and/or the U.S. Government, based on the findings of the investigation.
Reporting the Incident
Any event or incident that jeopardizes any of the COMSEC Elements, classified or sensitive information or materials must be reported immediately.
Report theIncident to your
ResponsibleCOMSEC OfficerIMMEDIATELY!
Reporting the Incident
Don’t Report in This MannerI left the safe open and now I can’t find
the Crypto Keys!Do Report in this MannerI have an issue, could you come see
me!
We must be careful when reporting an incident, because, on most occasions, the initial report will be made over some type of unsecure means of communications.
Importance of Reporting Violations?
• Particularly important to the protection of COMSEC equipment and material is an understanding of all security regulations and the timely reporting of any compromise or security problem involving these items.
• If a COMSEC system was compromised and not reported, the continued use of that system could result in a loss of all information on that system.
• If a compromise was reported, steps should be made to change the system or replace the keying material to reduce the damage.
• It is each individual’s responsibility to protect the COMSEC equipment and material to which they have access and report any violations.
Correcting the Problem
The first priority is to correct the problem. Two solutions are:
Taking the affected equipment or system out of service.
Securing an unsecure area or container.
Incident InvestigationThe COMSEC Custodian will perform an investigation into the cause of the incident.
All involved persons are expected to cooperate fully with the investigation.
Incident Investigation
The investigation determines the severity of the incident.
There four levels of severity:
Dangerous PracticeCompromise ImprobableCompromise Not Ruled OutCOMPROMISE
COMPROMISE CANNOT BE RULED OUT
NO COMPROMISE
Preventive MeasuresPreventive Measures are anything performed to prevent a recurrence of the same type of incident:
YIELDChanging Procedures
Personnel Changes
Arrest and Conviction
U.S. Laws and Acts Apply to COMSEC
• All individuals are subject to the following U.S. laws, which cover the improper transfer of national defense and/or economic property, data, and information:
– U. S. Title 18
– U. S. Title 50
– Economic EspionageAct of 1996
• Individuals found guilty of violating applicable laws may incur severe fines, imprisonment, or both.
EKMS/KMI Transition• The Key Management Infrastructure (KMI) is the National Security
Agency (NSA) infrastructure project to meet the Department of Defense (DoD) Global Information Grid Information Assurance (GIG-IA) strategy.
• NSA is replacing current Electronic Key Management System (EKMS) with Key Management Infrastructure (KMI).
• KMI requires SIPRnet for connectivity to NSA.
• On December 31, 2017, NSA will terminate operational support for use of the EKMS Local Management Device (LMD)/Key Processor (KP), including support for key ordering, retrieval, distribution, and local generation. Operational LMD/KPs must be replaced by a Key Management Infrastructure (KMI) Management Client (MGC) in order to sustain the key provisioning services.
EKMS/KMI Transition• Large companies may request SIPRnet to distribute key within their
company.
• Small companies will have KMI options available to choose from to handle their key requirements.
• KMI release schedule is January 2013 through December 31, 2017.
• After December 31, 2017, NSA will not provide any other Key Material distribution support other than KMI.
Questions?
