annual security refresher training - o'keeffe cpa files/annual security-refresher briefing.pdfn-627...

N-627 1

Annual Security Refresher Training

N-627 2

Purpose National Industrial Security Program (NISP) Threat Awareness Briefing Defensive Security Briefing Security Classification System Employee Reporting Requirements Security Procedures and Applicable Job Duties

Agenda

N-627 3

The NISP was established by Executive Order (E.O.) 12829 in order to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. E.O. 12829 was signed into effect as of January 6, 1993 by President George Bush. The purpose of the National Industrial Security Program (NISP) is to safeguard classified information that may be released or has been released to current, prospective, or former contractors, licensees, or grantees of United States agencies. The NISP is applicable to all executive branch departments and agencies. The National Industrial Security Program Operating Manual (NISPOM) is issued in accordance with the NISP. It prescribes the requirements, restrictions, and other safeguards to prevent the unauthorized disclosure of classified information. It controls the disclosure of classified information released by U.S. Government Executive Branch Departments and Agencies to their contractors. It prescribes the procedures, requirements, restrictions, and other safeguards to protect special classes of classified information including: Restricted Data (RD); Formerly Restricted Data (FRD), intelligence sources/methods; SAP, and SCI information.

National Industrial Security Program (NISP)

N-627 4

Failure to follow the rules and regulations that are set forth by the National Industrial Security Program Operating Manual (NISPOM) could result in –

–Loss of your security clearance –Loss of your job –Possible loss of the Christopher J. O’Keeffe,

CPA, LLC facility clearance –Federal arrest, fines, prosecution, and

imprisonment

N-627 5

Threat Awareness Briefing

N-627 6

Adversaries & Threats

to the NISP

N-627 7

Espionage: The act of obtaining, delivering, transmitting, communicating, or receiving information in respect to the national defense with an intent or reason to believe that the information may be used to the injury of the US or to the advantage of any foreign power. Foreign Intelligence Service (FIS) Agents: Citizens of a foreign country who are in the US to commit espionage to benefit their country of citizenship. Corporate Espionage: Foreign or US citizens engaging in espionage activities against other corporations or the government to benefit their own corporation. Traitors: US citizens (born or naturalized) who commit acts of espionage.

Adversaries & Threats to the NISP Human-Induced (Intentional)

N-627 8

FIS Information Objectives: Advanced Technology Economic Sociological Biographical Scientific Political Military

Suspicious Contacts Foreign Intelligence Services

N-627 9

Suspicious Contacts

What is a Suspicious Contact? –Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared employee.

–All contacts by cleared employees with known or suspected intelligence officers from any country

–Any contact which suggests an employee may be the target of an attempted exploitation by the intelligence services of another country.

Importance of Reporting –Reporting of suspicious contacts makes it possible for the Government and private industry to monitor foreign entities/competitors, provide warnings, and detect/neutralize foreign threats

N-627 10

Suspicious Contacts

Top Targeted Technologies (from DSS 2015 report) –Electronics –Command, Control, Communication & Computers –Armaments and Energetic Materials –Software –Marine Systems –Armament & Survivability –Optics –Materials” Raw and Processed –Radars –Energy Systems

N-627 11

Suspicious Contacts Top Methods of Operation

– Academic Solicitation – Peer or scientific board reviews of academic papers/presentations, request to study/consult with faculty, or application for admission into academic institutions, departments/majors/programs as faculty, students, or employees

– Attempted Acquisition of Technology– Attempts to acquire protected information via direct purchase of firms, via front companies, or by third countries

– Suspicious Network Activity – Via cyber intrusion, viruses, malware, backdoor attacks, acquiring user names/passwords, and similar methods, these are attempts to carry out intrusion on cleared contractor networks and exfiltrate protected information

– Solicitation or Marketing – Sales, representations, agency offers, or response to tenders for technical or business services, these are attempts to establish a connected with a Cleared Defense Contractor (CDC) vulnerable to the extraction of protected information

N-627 12

Suspicious Contacts Top Methods of Operation (cont)

– Requests for Information – Via phone, email, or webcard, these are attempts to collected protected information under the guise of price quotes, marketing surveys, or other direct/indirect methods

– Seeking Employment – Via resume submissions, applications, and references, these are attempts to introduce persons who will thereby gain access to protected information that could prove useful to agencies of a foreign government

– Official Foreign Visits & Targeting – Visits to CDCs that are either pre-arranged by foreign contingents or unannounced, these are attempts to gain access to & collect protected information beyond that permitted

– Exploitation of Relationships – Establishing connections such as joint ventures, official arrangements, foreign military sales (FMS), business arrangements, these are attempts to play on existing legitimate relationships to gain unauthorized access to protected information

N-627 13

Suspicious Contacts Top Collector Affiliations

– Commercial– Entities whose span of business includes the defense sector

– Government Affiliated– Research Institutes, laboratories, universities, or contractors funded by , representing, or otherwise operating in cooperation with a foreign government agency, whose shared purpose may include acquiring access to U.S. sensitive, classified, or export- controlled information

– Unknown– Instances in which no attribution of a contact to a specific end user could be directly made

– Individual– persons who for financial gain or ostensibly for academic or research purposes, seek to acquire access to U.S. sensitive, classified or export-controlled information , or technology, or the means of transferring it out of the country

– Government-- Ministries of Defense and branches of the military as well as foreign military attaches, foreign liaisons officers, and the like

N-627 14

Suspicious Contacts Other Methods of Operation

– Conferences, trade shows, conventions – Suspicious activity such events by taking pictures, making sketches, or asking detailed technical questions

– Targeting U.S. Travelers Overseas – Via airport searches, hotel room incursions, computer/device accessing, telephone monitoring, personal interchange, these are attempts to gain access to protected information through the presence of cleared contractors employees traveling abroad as a result of invitations and/or payment to attend seminars, provide training, deliver speeches, etc.

– Criminal Activities – Via theft, these are attempts to acquire protected information with no pretense or plausibility of legitimate acquisition

N-627 15

Suspicious Contacts

Suspicious Indicators To help you determine if you have had or are having suspicious contact, here are some indicators

– Email requests have an address in a foreign country – Requestor identifies themselves as a “student” or “consultant” – Request is related to a defense contract – Requestor is unknown to you – Requestor says disregard if it creates a security problem – Requestor states no need for export licenses – Requestor indentifies their employer as a foreign government or foreign

company – Requestor offers to offshore software support – Requestor offers to act as sales or purchasing agent in a foreign country – An invitation to present a lecture in a foreign country with all expenses

paid – Wandering visitors – Last minute people added to visitor list

N-627 16

Suspicious Contacts Reporting All employees are required to report all suspicious contacts. If you receive a suspicious contact, notify Security Managers and FSO IMMEDIATELY! The following information that your report should contain:

– What information was targeted – Who solicited the information – name, affiliation, email,

postal, previous contact – Circumstances and background – Suspicious activity – received an email asking for

information, non related information requested

N-627 17

Types of Adversaries & Threats to Assets Espionage – Foreign

http://www.cbsnews.com/8301-18560_162-57431837/more-spies-in-u.s-than-ever-says-ex-cia-officer/

http://www.businessweek.com/news/2012-04-08/american-universities-infected-by-foreign-spies-detected-by-fbi

http://www.circleid.com/posts/us_government_networks_thoroughly_penetrated_by_foreign_spies/

http://usnews.nbcnews.com/_news/2012/10/04/14213457-feds-high-tech-smuggling-ring-sent-us-electronics-to-russian-spy-military-agencies?lite

N-627 18

Types of Adversaries & Threats to Assets Espionage – Corporate

http://www.cnn.com/2014/05/27/us/edward-snowden-interview/

http://blogs.reuters.com/financial-regulatory-forum/2012/03/12/corporate-governance-boardrooms-fret-over-corporate-espionage-and-federal-guidance-regimes/

http://www.independent.co.uk/news/business/analysis-and-features/the-art-of-industrial-espionage-7782482.html

Edward Snowden 'was trained as a spy,' he tells NBC

N-627 19

Terrorist Categories

Crusaders: Ideologically inspired individuals or groups Criminals: Commit terrorist acts for personal gain Crazies: People who commit terrorist acts during periods of psychiatric imbalance

N-627 20

Terrorist Goals Obtain recognition for their cause. Cause over or under reaction by government. Harass, weaken, embarrass security forces. Obtain money and equipment. Destroy facilities or disrupt communications. Discourage foreign investment/assistance. Influence legislation, elections, Government

decisions. Free prisoners. Satisfy vengeance. Turn the tide in a guerilla war.

N-627 21

Adversaries & Threats to Corporate Assets Cyber Adversaries

N-627 22

Adversaries & Threats to the NISP Cyber Threat

N-627 23

Defensive Security Briefing

N-627 24 UNCLASSIFIED

Defensive Security DEFENSE AGAINST…

ESPIONAGE DEFENSE AGAINST…

TERRORISM

DEFENSE AGAINST… CYBER THREAT

Do not discuss personal or professional (MSS or customer) information with strangers.

Participate in annual Antiterrorism Training (the FSO can tell you how).

Do not use company or customer information systems for other than approved duty functions.

Ensure that your family members understand the dangers of revealing information to strangers.

Remain vigilant concerning news about terrorist activities.

Be careful about what you place on social media sites. Remember, once you post it, it is always out there.

If you know you are subject to exploitation of specific vulnerabilities, self-report the vulnerabilities.

Constantly be observant concerning your surroundings.

Do not open e-mails and/or e-mail attachments from people you do not know without confirming the validity of the sender first.

Ensure you receive a travel briefing from the FSO prior to any departure from the U.S.

Ensure both you and your family members understand the dangers of revealing information to strangers.

Remain vigilant concerning news about cyber threat activities.

DO NOT discuss or reveal your security clearance status with anyone other than official personnel.



Have the FSO’s cell phone number and the reporting phone numbers cited in this briefing with you at all times.

If you encounter a questionable situation or when in doubt, CALL AND ASK FOR GUIDANCE!

N-627 25

QUESTION: Okay, we now know the threats but how are the human-induced threats able to compromise our security? ANSWER: Through vulnerabilities

Defensive Security

N-627 26

Defensive Security Vulnerability Areas

N-627 27

Threat Awareness The Human Element

N-627 28

Threat Awareness Human – How it starts

ANSWER If you are Doug Evans or

Melissa Bullinger, the adversary simply looked on the internet

and discovered you. These examples were provided

by Ryan Dube of Top Secret Writers

(http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-

secret-security-clearance/) In her presentation,

Cyber/Social Networking Briefing, FBI Agent Stacey

Arruda demonstrates how she built a profile on an individual she discovered posting a PCL

on the net. Remember, if you post

information about yourself, someone will find it!

http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-secret-security-clearance/

N-627 29

ANSWER Locating you was not that hard either since you were nice enough to post your photo on various web sites.

Geotag…you’re it!


N-627 30

– Casual conversation at a public/work place

– Uncommon interest in your job/abilities

– Request for seemingly harmless information

– Exploit personal vulnerability

After I’ve Found You…It’s Time For The Approach

What do I hope to learn about you?


N-627 31

– Greed – Excessive Indebtedness – Political and Religious Beliefs – Substance Abuse – Sex – Disgruntled Employee – Super Ego – Family/relations in Foreign Country – False Flag – Volunteer Spy – Criminal Activity


ANSWER

These are the vulnerabilities

that adversaries

will attempt to learn about

you. If you reveal

anything they can use to

force you to work for them,

you are hooked!

N-627 32

Threat Awareness Human – SPY or just Stupid?

We have now covered the THREAT AWARENESS portion of the briefing

and it is time to move on to…

N-627 33

Security Classification System

N-627 34

Classified Information – Official information that has been determined, pursuant to Executive Order 12958 as amended, to require protection against unauthorized disclosure in the interest of national security and which has been so designated. The term includes National Security Information (NSI), Restricted Data (RD), and Formerly Restricted Data (FRD). Information is classified under EO 12958 as amended, by an original classification authority and is designated and marked as Top Secret, Secret, and Confidential.

–Top Secret – classified information, the unauthorized disclosure of which could be expected to cause exceptionally grave damage to national security.

–Secret – classified information, the unauthorized disclosure of which could be expected to cause serious damage to national security.

–Confidential – classified information, the unauthorized disclosure of which could be expected to cause damage to national security.

N-627 35

Personnel must meet the following three criteria before they can have access to classified information: Must have a SECURITY CLEARANCE (eligibility +

access). Must have a “NEED TO KNOW.”

Must be able to SAFEGUARD the information.

N-627 36

Derivatively Classifying From Multiple SourcesPortion Marking

When using more than one classified source document in creating a derivative document, portion mark the classified information incorporated in the derivative document with the classification level indicated on the source documents. In the example shown, paragraph one of the derivative document incorporates “Secret” information from paragraph one of Source 1 and paragraph two of the derivative document incorporates “Confidential” information from paragraph one of Source 2. The remainder of the derivative document is “Unclassified”.

Sour

ce 1

Der

ivat

ive

(S)

(S)

(U)

(C)

Sour

ce 2

(C)

Overall Classification MarkingThe derivative document will be conspicuously marked at the top and bottom with the highest classification level of information found in any portion of the document. The overall classification shown here is “Secret.” If the derivative document contains more than one page, each page will be marked with an overall marking. (Refer to page 6 for review.)

Sour

ce 1

(S)

Der

ivat

ive

(S)

(U)

(C)

SECRET

Sour

ce 2

SECRET

SECRET

(C)

CONFIDENTIAL

CONFIDENTIAL

16

Derivatively Classifying From Multiple Sources

Portion Marking

When using more than one classified source document in creating a derivative document, portion mark the classified information incorporated in the derivative document with the classification level indicated on the source documents. In the example shown, paragraph one of the derivative document incorporates “Secret” information from paragraph one of Source 1 and paragraph two of the derivative document incorporates “Confidential” information from paragraph one of Source 2. The remainder of the derivative document is “Unclassified”.

Source 1

Derivative

(S)

(S)

(U)

(C)

Source 2

(C)

Overall Classification Marking

The derivative document will be conspicuously marked at the top and bottom with the highest classification level of information found in any portion of the document. The overall classification shown here is “Secret.” If the derivative document contains more than one page, each page will be marked with an overall marking. (Refer to page 6 for review.)

Source 1

(S)

Derivative

(S)

(U)

(C)

SECRET

Source 2

SECRET

SECRET

(C)

CONFIDENTIAL

CONFIDENTIAL

16

17

N-627 37

Handling Classified Information

Classified information: – Must never be left unattended – Must never be discussed in public places – Must be discussed on secure telephones or sent via secure faxes – Must be under the control of an authorized person – Stored in an approved GSA storage container – Never be processed on your computer unless approved by the

Designated Approving Authority (DAA) – Never place classified materials in unclassified distribution boxes – Never co-mingle classified and unclassified in distribution boxes – Never place weapons or sensitive items such as funds, jewels,

precious metals or drugs in the same container used to safeguard classified information

– All incoming and outgoing mail (FedEx, Registered and Certified) Must be considered Classified until determined otherwise.

N-627 38

Storage of Classified Information

Lock up all classified material in a GSA approved security container located in the restricted room in Building 1 at the end of the day and when it is not needed.

Sign-out material when removed from a safe.

N-627 39

Classified Discussions

Classified information should be discussed at cleared locations and on cleared phones. When using a commercial phone, remember:

– DO NOT discuss classified…DO NOT attempt to “talk around” the classified information

– Terminate a call if the caller attempts to discuss classified information

– Be alert to classified discussions happening in and around the area your phone call is taking place

– Be aware that your non-secure phone call can be monitored

N-627 40

Non-disclosure Agreement (SF 312)

All persons authorized access to classified information are required to sign a nondisclosure agreement as a condition of that access. The primary purpose of the SF 312 is to inform you that: – A special trust has been placed in you – This agreement is binding on you for life (even if you no longer

require a security clearance) – You are responsible to protect classified information from

unauthorized disclosure – There are serious consequences for not complying with the terms

of this agreement – Breech of Agreement may result in clearance termination,

employment termination and/or criminal prosecution

N-627 41

Security Violations

Security violations can and do occur under all circumstances. Violations are classified as deliberate or inadvertent compromises. In most cases, a violation occurs because procedures were not followed due to lack of attention to detail or lack of knowledge. Each employee, as defined by the NISPOM has signed a Graduated Scale of Discipline which outlines security violations and methods of disciplinary actions. If you need to review your copy, please email your FSO, Tori Young.

N-627 42

Employee Reporting Requirements

N-627 43

NISPOM 1-300

Contractors are required to report certain events that have an impact on –

– The status of the facility clearance (FCL) – The status of an employee’s personnel security

clearance (PCL) – That affect proper safeguarding of classified information,

or – That indicate classified information has been lost or

compromised


N-627 44


Reports to be Submitted your FSO and the Cognizant Security Agency (CSA) (DSS)

– Adverse information – Suspicious contacts – Change in cleared employee status (FSO only)

Death Name change Termination of employment Change in citizenship When the possibility of access to classified information in the future has been foreclosed

N-627 45

Employee Reporting Requirements (cont)

– Citizenship by naturalization Contractors shall report if a non-U.S. citizen employee granted a Limited Access Authorization (LAA) becomes a citizen through naturalization

– Employees desiring not to perform on classified work

– Refusal to sign the “Classified Information Nondisclosure Agreement” (SF312)

N-627 46


N-627 47

Employee Reporting Requirements DSS Hotline link also on www.cokeeffe.com

The Whistleblower Protection Enhancement Act of 2012 and Non-Disclosure Policies, Forms, and Agreements. http://www.dss.mil/documents/about/WPEA.pdf

The mission of the Inspector General (IG) is to promote the economy, efficiency, and integrity of DSS personnel, programs, and operations in support of DSS' National Industrial Security mission. To support DSS, the IG conducts independent and impartial investigations, reviews, inspections and oversight to promote a systemic program to verify compliance; identify fraud, waste, abuse, and mismanagement while also identifying and promoting agency best practices. The IG also addresses both internal and external Hotline complaints, as well as coordination with other federal agency Inspectors General.

http://www.dss.mil/documents/about/WPEA.pdfhttp://www.dss.mil/documents/about/WPEA.pdf

N-627 48

Security Procedures and

Applicable Job Duties

N-627 49

Security Procedures: – All personnel will adhere to the corporate security

procedures contained in Standard Practices and Procedures

– Contract site personnel will also adhere to customer security procedures

Applicable Job Duties: – All personnel will be briefed on company job

security procedures within 10 days of initial hire date

– Contract site personnel will be briefed on the customer site security procedures prior to being allowed to work shift in a non-OJT status

Annual Security Refresher TrainingSlide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Suspicious ContactsSuspicious ContactsSuspicious ContactsSuspicious ContactsSuspicious ContactsSuspicious ContactsSuspicious ContactsSuspicious ContactsSlide Number 17Slide Number 18Slide Number 19Terrorist GoalsSlide Number 21Slide Number 22Slide Number 23Slide Number 24Slide Number 25Slide Number 26Slide Number 27Slide Number 28Slide Number 29Slide Number 30Slide Number 31Slide Number 32Slide Number 33Slide Number 34Slide Number 35Slide Number 36Handling Classified InformationStorage of Classified Information Classified DiscussionsNon-disclosure Agreement (SF 312)Security ViolationsSlide Number 42Slide Number 43Slide Number 44Slide Number 45Slide Number 46Slide Number 47Slide Number 48Slide Number 49

annual security refresher training - o'keeffe cpa files/annual security-refresher briefing.pdfn-627...

Documents