Information Security Orientation

1
Information Security Orientation
2
Purpose

• Produce a basic understanding of the nature of
  classified information and the importance of its
  protection to the national security.
• Place employees on notice of their responsibility
  to play a role in the Information Security
  Program.
• Provide enough information to ensure proper
  protection of classified/sensitive information in
  their possession.

3
Information Security Regulations

• AR 380-5 Department of the Army Information
  Security Program, 29 SEP 00

4
The Nature of U.S. and Foreign Government
Classified Information

• Information is classified, or protected as
  sensitive, when it is in the interests of
  national security.
• Classified or sensitive information requires
  protection against unauthorized disclosure to
  safeguard national security.

5
Categories of Classified Information

• Military plans, weapons systems, or operations.
• Foreign government information.
• Intelligence activities, intelligence sources or
  methods, and cryptology.
• Foreign relations or foreign activities of the
  United States including confidential sources.
• Scientific, technological, or economic matters
  relating to the national security.
• United States programs safeguarding nuclear
  materials or facilities.

6
Categories of Classified Information

• Vulnerabilities or capabilities of systems,
  installations, projects or plans relating to
  national security.

7
Classification Principles

• Original Classification is the decision to
  designate a certain item of information as
  classified, at a particular level, and for a
  certain duration of time. This decision can only
  be made by an Original Classification Authority.
• Derivative Classification is the incorporating,
  restating, paraphrasing, or generating in new
  form, information that has already been
  classified and ensuring that it is classified and
  handled at the level the Original Classification
  Authority has already determined will be done.

8
Original Classification Authority

• SECARMY or DCSINT appoints in writing persons
  designated as Original Classification
  Authorities.
• There are relatively few persons in the Army with
  Original Classification Authority (OCA).
• The OCA will determine the length of time
  information will require classification and will
  determine an appropriate declassification date or
  event. This decision is based on the national
  security sensitivity of the information.

9
Levels of Classification

• TOP SECRET applied to information in which the
  unauthorized disclosure could reasonably be
  expected to cause exceptionally grave damage to
  national security.
• SECRET applied to information in which the
  unauthorized disclosure could reasonably be
  expected to cause serious damage to national
  security.
• CONFIDENTIAL applied to information in which the
  unauthorized disclosure could reasonably be
  expected to cause damage to national security.

10
Classification Caveats

• A CAVEAT is a supplemental handling instruction
  or limitation.
• Common U.S. and KFOR Collateral Caveats
• NOFORN not releasable to foreign nationals
• REL KFOR releasable to properly cleared members
  of KFOR with a verifiable need to know.
• REL NATO/KFOR releasable to properly cleared
  members of NATO and KFOR with a verifiable need
  to know.
• REL NATO not releasable to non-NATO KFOR members.

11
Command Security Manager

• The Command Security Manager (CSM) is the
  principle advisor on information security in the
  command.
• The CSM is responsible to the commander for
  management of the program.
• Commanders will appoint Command Security Managers
  in writing down to battalion level.
• The 11BDE CSM is CPT Peters, Brigade S2.

12
The Supervisors ResponsibilitiesAR 380-5, Para
1-8

• Ensure subordinate personnel who require access
  to classified information are properly cleared
  and are given access to only that information for
  which they have a need to know.
• Ensure subordinate personnel are trained in,
  understand, and follow, the requirements in AR
  380-5, and local command policy and procedures,
  concerning the information security program.
• Continually assess the eligibility for access to
  classified information of subordinate personnel
  and report to the CSM any information that may
  have a bearing on that eligibility.

13
The Supervisors ResponsibilitiesAR 380-5, Para
1-8

• Supervise personnel in the execution of
  procedures necessary to allow the continuous
  safeguarding and control of classified and
  sensitive information.
• Include the management of classified and
  sensitive information as a critical
  element/item/objective in personnel performance
  evaluations (counseling's, NCOERs or OERs).
• Lead by example. Follow command and Army policy
  and procedures to properly protect classified and
  sensitive information.

14
The Individuals ResponsibilitiesAR 380-5, Para
1-9

• Safeguard information, related to national
  security, that you have access to.
• Report, to the proper authority, the violations
  of others that could lead to unauthorized
  disclosure of classified or sensitive
  information.
• These responsibilities cannot be waived,
  delegated, or in any other respect, excused.
• All DA personnel will safeguard all information
  and material, related to national security,
  especially classified information, which they
  access, and will follow AR 380-5 and other
  applicable regulations.

15
Who is Authorized Access to Classified
Information?

• Persons with appropriate security clearance and a
  need-to-know.
• The CSM, SSO or their staffs are the only persons
  authorized to verify an individuals security
  clearance and access level.
• Verification methods
• Activity Security Clearance Access Roster
• Check full name
• Verify SSN
• Verify Clearance Level
• Official clearance verification credential with
  photo (SSO V Corps badge, etc.)

16
Reproduction of Classified Materials

• Use machines for which classified reproduction
  has been specifically authorized and so
  designated.
• If reproduction is authorized on an unclassified
  machine, 6 blank pages must be copied and
  shredded.
• Limitations and control procedures that apply to
  the originals must also be applied to the copies.
• Waste copies will be controlled and destroyed as
  classified material.
• Do not copy NATO materials.

17
Storage of Classified Information or Material

• Classified information must be stored in a
  locked, GSA approved, security container when not
  under the control of someone properly cleared and
  authorized access to it.
• SF 702 (security container check sheet) must be
  used for each security container with the time
  and initials noted each time you
• Open
• Close, or
• Check
• the container.

18
Storage of Classified Information or Material

• Combinations to security containers used to store
  classified information will be recorded on SF
  Form 700 and stored in the master safe for your
  command.
• Combinations will be safe guarded at the same
  level as the highest classification of
  information stored within the security container.
• Only properly cleared personnel, with a need to
  know, will be given security container
  combinations.
• DO NOT mark security containers with a
  classification level.

19
Classification Marking Policy

• Marking is the principle means of informing
  holders of classified and sensitive information
  of the classification/sensitivity level and
  protection requirements.
• Within DA, classified and sensitive material will
  be identified clearly by marking, designation or
  electronic labeling.

20
Purpose of Classification Marking

• Alerts holders to the presence of classified and
  sensitive information.
• Identifies, as specifically as possible, the
  exact information needing protection.
• Indicates the level of classification/sensitivity
  assigned to the information.
• Provides guidance on downgrading (if any) and
  declassification.
• Gives information on the source and reason for
  classification of the information.
• Warns holders of special access, control,
  dissemination, or safeguarding requirements.

21
Overall Classification Marking Concept

• Classified and sensitive documents will be marked
  to show the highest classification/sensitivity of
  information contained in the document.
• Document containing classifications at more then
  one level will have an overall marking of the
  highest level.
• Overall classifications marking will be placed at
  the top and bottom of documents, slides or
  overlays.
• Computers, external drives, floppy diskettes, ZIP
  disks, and CD-Rs will be marked with the highest
  classification level authorized for processing on
  that system.
• Note a disk used in a SECRET computer becomes
  SECRET despite the level of information stored on
  it.

22
Marking of Computer Disks

• Disks containing classified information will be
  marked with an SF 707 SECRET label
• Disks which are Unclassified but used in an
  environment where classified information is
  created or used must be labeled with a SF 710
  UNCLASSIFIED label.
• CD-Rs will have their classification written on
  them, labels should be affixed to their cases.
• If SF security labels are not available, the
  classification level will be clearly written on
  the disk label.

23
Handling of Classified Computer Disks

• Place the proper classification label on the
  diskette
• Store the diskette in a proper security container
  when
• You leave the area and no authorized persons are
  there (if there is an authorized person around,
  tell them that the classified diskette is there)
• You are not using the diskette
• Keep materials in your possession.

24
Marking of Documents

• Pages will be marked on the top and bottom with
  the highest classification of information on that
  page.
• Paragraphs will contain a portion marking of the
  highest classification of information in that
  paragraph.
• Pictures or diagrams must be marked with the
  level of classification.
• Titles of classified documents will be marked
  with a portion marking. Example of an
  unclassified title
• (U) 2BDE Information Security Program

25
Classified Markings for Drafts/Notes/etc

• Drafts or notes based on classified information
  must be marked.
• Failure to mark notes may result in a compromise
  of classified information and cause damage to
  national security.
• All notes taken in a work environment where
  classified information is processed, which are
  not properly marked, should be considered to be
  classified and destroyed as such.

26
Handling Classified Materials When They are Not
in a Security Container

• Ensure classified information or material is
  under your direct control or that of someone who
  has appropriate clearance and is authorized
  access.
• Use of the appropriate cover sheets are mandatory
• SF 703 for Top Secret (orange)
• SF 704 for Secret (red)
• SF 705 for Confidential (blue)

27
Classified Conversations and Unsecure Phones Do
Not Mix

• Do not discuss classified information near
  someone who is talking on an unsecure phone.
• Place phones on mute when notifying personnel of
  incoming calls.
• Briefings are a particular Info-Sec hazard.

28
Using Distribution Systems

• Ensure classified materials are not left alone in
  distribution boxes.
• Ensure only authorized personnel (with
  appropriate clearance and need-to-know) pick up
  classified materials.

29
Faxing Classified Information

• Use secure FAX unit.
• Follow the encryption procedures for that piece
  of equipment.
• Before transmitting, call the receiving office to
  ensure an authorized person is available to
  receive the transmission.
• Remain with the unit until the transmission or
  reception is complete.

30
End of the Day Security Check

• Activity chiefs are responsible for establishing
  a system of security checks at the close of each
  working day to ensure that all classified
  material is properly secured.
• Check the entire work area for classified
  materials.
• Check each security container to ensure it is
  locked
• Record this check on SF 701 (activity security
  checklist).

31
Preparation of Material for Transmission
(Mailing or Hand Carrying)

• When classified information is transmitted,
  it will be enclosed in two opaque, sealed
  envelopes, wrappings, or containers, durable
  enough to properly protect the material from
  accidental exposure and to ease in detecting
  tampering. (AR 380-5, Para 8-9)

32
Preparation of Classified Materials for Movement
Outside of Your TOC

• Double wrap (use opaque materials like brown
  paper or cardboard).
• The outer envelope or container must be addressed
  to an official government activity or to a DOD
  contractor with a facility clearance and an
  appropriate storage capability. E.g. Top Secret
  information cannot be sent to the Commander, 2
  BDE, 1 AD because the Brigade does not have a
  facility authorized to store that level of
  information.
• The inner envelope or container will show the
  address of the receiving activity, the address of
  the sender, and the highest classification of
  its contents.

33
Preparation of Classified Materials for Movement
Outside of Your TOC

• Place a layer of plain paper or cardboard between
  the classified document and the inner layer.
• Do not indicate classification on outside layer.
• Seal package in such a way that tampering can be
  detected (use paper tape along seams).
• A locked briefcase can be used as the outer wrap.
  

34
Example of the Inner Wrap in a Double Wrap System
for Secret Information
Both To and From addressees Must be placed on
both wrappers.
Note classification markings on top and bottom of
package.
Unclassified Example
35
Example of the Outer Wrap in a Double Wrap System
for Secret Information
Do not place classification markings on the outer
wrapper.
36
Handcarrying

• Use handcarrying as your last means for
  transmitting classified materials. Use it only
  after all other transmission methods have been
  found inadequate.
• Double wrap the materials.
• Keep materials under constant surveillance and
  personal possession.
• Do not place in detachable storage compartment,
  e.g. auto trailer, luggage rack, etc.
• Store overnight only at a U.S. government
  facility or cleared contractor facility with
  classified information storage capability.

37
Handcarrying (continued)

• Leave a record (DA 3964) of materials being
  handcarried with your activity.
• Get briefing prior to departure.
• If using a commercial airline
• Coordinate with the airline before leaving
• Have ID and letter of authorization
• Allow x-raying but do not allow direct access to
  the information
• Use U.S. flag carrier or allied flag carrier if
  U.S. is not available
• Check with your security office for more
  information on hand-carrying.

38
Courier Orders

• Courier orders are required when you travel
  outside your assigned military area or base camp.
  The courier will be in possession of the
  appropriate courier authorization form as
  indicated below
• - Travel within the country of assignment
• (use the DD form 2501, Courier
  Authorization Card)
• - Travel across international boundaries
• (use the AR 380-5E-R in English plus the
  appropriate German, Italian, Turkish or Greek,
  translation.)
• - Couriers of SCI
• (use USAREUR Form 32)
• Travel within your city of assignment does not
  require courier orders, except for SCI however,
  you must have permission from your supervisor to
  transport classified material within your area.

39
Transporting from Office to Office

• Do not attract attention to yourself when
  carrying classified materials from one office to
  another. Place the materials in a nondescript
  envelope or container.
• Place cover sheet (SF 701, 704, or 705) on
  materials prior to placing into envelope to
  remind yourself and recipient that materials are
  classified.

40
Methods for Transmitting Classified Materials

• Confidential
• Authorized electronic system, e.g, a Stu-III or
  STE in secure mode
• Handcarry (with proper authorization)
• Defense Courier service (not routinely but under
  certain circumstances)
• Registered mail (for APO/FPO outside U.S. and
  Puerto Rico for NATO outside U.S. when
  uncertain if destination within U.S. to DOD
  contractor or other executive branch agency, when
  appropriate)

41
Methods for Transmitting Classified Materials

• Confidential, continued
• U.S. postal service registered mail to/from
  APO/FPO
• U.S. postal service first class mail inside the
  continental United States with restrictions
• Use of postal collection boxes are prohibited!

42
Methods for Transmitting Classified Materials

• Secret
• - Authorized electronic system, e.g., a
  STU-III or STE in secure mode.
• - Handcarrying (with proper authorization)
• - Defense courier service (not routinely but
  under certain circumstances)
• - Registered mail (within U.S. and Puerto
  Rico)
• - Registered mail to APO/FPO but only if
  mail will not pass out of U.S. control during
  entire mail process.

43
Methods for Transmitting Classified Materials

• Secret, continued
• - Protective security service within U.S.
  boundaries if item is large and bulky (check with
  MTMC for information on the companies that
  provide this service).
• - U.S. Postal service express mail (within
  U.S. and Puerto Rico). Do not use to send to an
  APO/FPO address and do not use street-side
  collection box.
• - GSA contract holder for overnight delivery
  (currently FedEx) (within US and territories).
  See your security office for limitations and
  procedures. Do not send to an APO/FPO address.

44
Methods for Transmitting Classified Materials

• Top Secret
• - Defense courier service
• - Department of State courier service, only
  under rare conditions
• - Authorized electronic system, e.g. a
  STU-III or STE cleared for TOP SECRET
  communication
• - Handcarrying (with proper authorization)

45
Handling of Mail

• Protect mail until it has been determined whether
  or not classified materials are contained within.
• For DOD contractors ensure only cleared
  personnel receive and sign for all certified and
  registered mail.

46
Who Can Destroy Classified Materials

• User (or custodian) of the materials
• Designated destruction official(s) for your
  activity, if used
• Witness required for the destruction of Top
  Secret and NATO Secret information
• Use DA Form 3964 as Destruction Certificate
• Keep Destruction Certificate on file

47
Authorized Methods for Destruction of Classified
Materials

• Shredding, crosscut shredders are the only
  authorized shredders for destruction of
  classified information (shredding machine must
  reduce the material to shreds no greater than
  1/32nd of an inch by ½ inch crosscut)
• It is recommended that the S2 establish a shred
  bin that is shredded daily.
• Burning, (when allowed by your local
  environmental agency)
• Pulverizing
• Pulping
• Check with your security office for location of
  equipment and information on other
  methods

48
Processing Classified Information on Computer

• Computers must be accredited for processing of
  classified information.
• Secret Internet Protocol Router Network (SIPRNET)
  is authorized for processing of levels up to
  SECRET.
• Do Not process classified information on
  Unclassified Computer systems.
• The Non-Secure Internet Protocol Router Network
  (NIPRNET) is authorized to process up to
  sensitive but unclassified information.

49
Automated Information System Threat

• 126 countries have computer espionage programs
• Reported computer break-ins are expanding at over
  52
• DoD considered easy pickings by computer
  underground
• Computer crime recognized as fastest growing
  component of global organized crime
• Insiders pose a major threat to systems
• Malicious codes cause loss of information and time

50
Types of Threats
51
Information System Threat is Global
Threats to information systems do not recognize
either physical or political boundaries.
52
Where is the Threat?

• Foreign Intelligence Services
• Industrial Espionage
• Media
• Drug Smugglers
• Criminals
• Hobbyists

53
What Type of Information Do We Disclose Through
our Negligence?

• Real world contingency operations
• Exercise information
• VIP itineraries
• Logistical information
• Communication architecture
• New systems
• Special operations

54
Thanks for Your Attention
BRIEFING COMPLETED