COUNTERINTELLIGENCE AND REPORTING REQUIRMENTS - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

COUNTERINTELLIGENCE AND REPORTING REQUIRMENTS

Description:

... (SF 312). REPORTS REGARDING AN INDIVIDUAL S SUITABILITY FOR ACCESS TO CLASSIFIED INFORMATION (continued) Violations of the NISPOM which: ... – PowerPoint PPT presentation

Number of Views:285
Avg rating:3.0/5.0
Slides: 22
Provided by: XPU48
Category:

less

Transcript and Presenter's Notes

Title: COUNTERINTELLIGENCE AND REPORTING REQUIRMENTS


1
COUNTERINTELLIGENCE AND REPORTING REQUIRMENTS
2
ALL THE WEIRD STUFF AN FSO OR CLEARED CONTRACTOR
IS SUPPOSED TO REPORTAND WHO THEY ARE SUPPOSED
TO REPORT IT TOAND WHILE WERE AT IT, SOME SPY
STUFF TOO
s
3
RULE NUMBER ONE
  • Reporting requirements are in Section 1-300 of
    the NISPOMso never hesitate to look it up if
    youre not sure

4
RULE NUMBER TWO
  • Feel free to call me anytime you have a question
    on any of this
  • Richard L. Harper
  • Manager, Investigations/Counterintelligence/Intern
    ational Security
  • Lockheed Martin Missiles and Fire Control
  • 972-603-9398

5
RULE NUMBER THREE
  • The easiest way to remember this stuff is as
    follows
  • Any report of possible, probable, suspected or
    known espionage, sabotage, or terrorism goes to
    the local office of the FBI
  • Verbal report OK, but must be followed by written
    report with a copy to DSS
  • Anything else goes to DSS

6
General Guidelines Regarding Reports to DSS
  • Cleared contractors are required to report events
    that
  • impact the status of the facility clearance (FCL)
  • impact an employee's personnel security clearance
    (PCL)
  • affect proper safeguarding of classified
    information
  • indicate classified information has been lost or
    compromised.
  • appear to be suspicious contacts
  • Cleared contractors must establish procedures to
    ensure that cleared employees are aware of their
    individual reporting responsibilities

7
REPORTS REGARDING EVENTS AFFECTING YOUR FCL
  • (1) Any change of ownership, including stock
    transfers that affect control of the company.
  • (2) Any change of operating name or address of
    the company or any of its cleared locations.
  • (3) Any change to the information previously
    submitted for key management personnel including
  • names of the individuals they are replacing
  • whether the new key management personnel are
    cleared and if so to what level and when
  • DPOBs, SSNs, and citizenship of the new key
    management personnel
  • whether they have been excluded from access or
    whether they have been temporarily excluded from
    access pending the granting of their clearance.
  • (4) Action to terminate business or operations
    for any reason, including imminent adjudication
    or reorganization in bankruptcy
  • (5) Any material change concerning the
    information previously reported by the contractor
    concerning foreign ownership, control or
    influence (FOCI).

8
REPORTS REGARDING THE LOSS, COMPROMISE, OR
SUSPECTED COMPROMISE OF CLASSIFIED INFORMATION
  • reasonable time ruleif you cant find it
    quickly, assume its lost
  • Preliminary Inquiry - immediately capture the
    circumstances of the disappearance
  • Initial report confirms the loss and provides
    the known information
  • Final report provides
  • Material and relevant information that was not
    included in the initial report
  • Name/SSN individual(s) primarily responsible,
    including any record of prior loss, compromise,
    or suspected compromise for which the individual
    had been determined responsible
  • Statement of the corrective action and any
    disciplinary action
  • Specific reasons for reaching the conclusion that
    loss, compromise, or suspected compromise
    occurred or did not occur.

9
REPORTS REGARDING EVENTS AFFECTING YOUR
FACILITIYS ABILITY TO SAFEGUARD CLASSIFIED INFO
  • Changes in Storage Capability
  • Any change in the storage capability that would
    raise or lower the level of classified
    information the facility is approved to
    safeguard.
  • Inability to Safeguard Classified Material
  • Any emergency situation that renders the facility
    incapable of safeguarding classified material.
  • Security Equipment Vulnerabilities
  • Significant vulnerabilities identified in
    security equipment, intrusion detection systems
    (IDS), access control systems, communications
    security (COMSEC) equipment or systems, and
    information system (IS) security hardware and
    software used to protect classified material.
  • Unauthorized Receipt of Classified Material
  • Receipt or discovery of classified material that
    the contractor is not authorized to have. The
    report should identify the source of the
    material, originator, quantity, subject or title,
    date, and classification level.

10
REPORTS REGARDING AN INDIVIDUALS SUITABILITY FOR
ACCESS TO CLASSIFIED INFORMATION
  • Change in Cleared Employee Status
  • Death
  • termination of employment
  • change in citizenship
  • possibility of access to classified information
    in the future has been reasonably foreclosed.
  • Citizenship by Naturalization (when a non-U.S.
    citizen employee granted a Limited Access
    Authorization (LAA) becomes a citizen through
    naturalization).
  • city, county, and state where naturalized
  • date naturalized
  • Name of the court
  • certificate number.
  • Employees Desiring Not to Perform on Classified
    Work (employee no longer wishes to be processed
    for a clearance or to continue an existing
    clearance)
  • Refusal by an employee to execute the "Classified
    Information Nondisclosure Agreement" (SF 312).

11
REPORTS REGARDING AN INDIVIDUALS SUITABILITY FOR
ACCESS TO CLASSIFIED INFORMATION (continued)
  • Violations of the NISPOM which
  • indicate a deliberate disregard of security
    requirements.
  • indicate gross negligence in the handling of
    classified material.
  • were not deliberate in nature but involve a
    pattern of negligence or carelessness.
  • Must include description of administrative
    actions taken against the culpable employee
  • Adverse Information
  • Cleared employee
  • No rumor or innuendo
  • Subsequent termination of employment of an
    employee does not obviate the requirement
  • If the individual is employed on a Federal
    installation, send a copy of the report to the
    head of the installation.
  • Becker vs. Philco and Taglia vs. Philco (389 U.S.
    979) contractor is not liable for defamation of
    an employee because of reports made to the
    Government under the requirements of this Manual

12
REPORTS REGARDING SUSPICIOUS CONTACTS PER
NISPOM 1-302B
  • efforts by any individual, regardless of
    nationality, to obtain illegal or unauthorized
    access to classified information or to compromise
    a cleared employee.
  • all contacts by cleared employees with known or
    suspected intelligence officers from any country
  • any contact which suggests the employee concerned
    may be the target of an attempted exploitation by
    the intelligence services of another country

13
(No Transcript)
14
REPORTS REGARDING SUSPCIOUS CONTACTS PER THE
SCHOOL OF HARD KNOCKS
  • Personal, Telephone, E-mail And Written
    Communications Asking Questions Beyond The
    Scope.
  • Company Info
  • Classified Info
  • Tech Info
  • Illegal Acts
  • Incidents During Travel
  • Luggage/Belongings Tampered With
  • Same Hotel Room Every Trip
  • Sense Of Being Followed/Observed
  • Detention By Host Country Law Enforcement Or
    Intelligence Services
  • Confiscation Of Passport Or Personal Papers
  • Any Attempt At Coercion
  • Any Attempt At Elicitation
  • Any Attempt By A Foreign Citizen To Establish
    Long-term Relationship

s
15
SUSPICIOUS CONTACTS - WHO IS CONTACTING US AND
WHAT DO THEY WANT?
  • 106 countries targeted US Technologies last year.
  • 80 of data targeted was OPEN information-NOT
    CLASSIFIED information.
  • What are they looking for?
  • -Dual-use technology
  • -DATED Military technology
  • -Infrastructure-supportive technology
  • What arent they looking for?
  • The Crown Jewels.

s
16
SUSPICIOUS CONTACTS - HOW DO THEY DO IT?
  • They ASK for it.
  • They employ use of Internet.
  • They go to trade shows.
  • They sit at bars/restaurants and LISTEN.
  • They task students, visiting scientists, etc.
  • They dont play by U.S. rules.
  • They are patient. They gather info a piece at a
    time. They dont want or need the big picture.

s
17
  • Most Frequently Reported Foreign Collection
    Methods of Operation (MO)
  • Requests for Information - 34.2
  • Acquisition of Controlled Technology 32.2
  • Solicitation of Services - 9.6
  • Exploitation of Relationships - 5.3
  • Suspicious Internet Activity - 5.3
  • Exploitation of a Foreign Visit - 4.6
  • Targeting at Conventions,
  • Expositions, or Seminars - 4.3
  • Cultural Commonality - 0.9
  • Foreign Employees - 0.6

18
SUSPICIOUS CONTACTSSIGNS THAT YOUR FRIENDLY
VISITOR MAY NOT BE YOUR FRIEND
  • Foreign Liaison Officer or embassy official
    attempts to conceal official identity during
    commercial visits
  • Suspected hidden agendas versus the original
    purpose of the visit
  • Last minute and unannounced persons are added
    to the visiting party
  • Presence of wandering visitors who act offended
    when confronted
  • Foreign entity attempts a commercial visit or
    uses U.S. based third party to arrange a visit
    after the original foreign visit request is
    denied
  • Visitors ask questions outside the scope of the
    approved visit to receive a courteous or
    spontaneous answer
  • Visitors claim business-related interest but
    lack experience researching and developing
    technology
  • Visitors ask to meet personnel from their own
    countries and attempt to establish continuing
    contact with them

19
Todays foreign/domestic intelligence-gatherer.
  • IS NOT A 007!!!
  • He or she IS
  • Visiting foreign Student/Intern
  • Defense Attaché
  • Émigré
  • Businessman/Scientist/Researcher
  • External contact (phone, e-mail, letter)
  • Insider

s
20
SUMMARY DO YOU REMEMBER
  • What you have to report?
  • events which
  • impact the status of the facility clearance (FCL)
  • impact an employee's personnel security clearance
    (PCL)
  • affect proper safeguarding of classified
    information
  • indicate classified information has been lost or
    compromised.
  • suspicious contacts
  • potential or actual acts of espionage, sabotage,
    or terrorism
  • Who you report them to?

21
  • Thank You Questions?

s
Write a Comment
User Comments (0)
About PowerShow.com