comsec awareness training security solutions group

COMSEC

Awareness Training

Security Solutions Group


Why Are You Here?

You are here because your current position has a bearing on the safeguarding of Communications Security (COMSEC) Equipment, Systems, or Materials.


Elements of COMSEC

COMSEC

TransmissionSecurity

A B C D W X Y Z

CryptographicSecurity

PhysicalSecurity

EmissionSecurity


Transmission Security

Transmission Security or TRANSEC is the part of COMSEC that includes all measures taken to protect information from interception and exploitation while being electronically transmitted.

TransmissionSecurity


Types of Transmissions

Radio: The most widely used form of electronic transmission. No matter the type of end equipment in use, in most cases at some time between transmittal and receipt, radio signals are used for delivery.

Because radio signals are sent out through the open air, they are one of least secure forms of transmission.



Telephone: One of the most widely used, and most convenient forms of communication. Not only are telephone lines used for voice communications, but data is also transferred over these lines.

Telephone lines are easily tapped, making the phone a very unsecure form of communication.



However they are even less secure than regular phones because their transmissions can be picked up just like radio signals.

Cell Phones: Very popular and widely used today.



Email: This has become one of the most widely used forms of communications, and one of the greatest risks to the security of classified and sensitive information.



Messages sent via email can be easily intercepted or can be found stored on servers and copied. There are some methods for protecting emails but currently none are approved for protecting classified data.

MailServer



Face to Face: This is when two or more parties meet and talk with each other.

Hand Delivery: This is when data in written or hardcopy form is hand carried from point of transmission to point of receipt.

NOTE: The security of face to face and hand delivery transmissions is totally dependent on the parties communicating.



US Postal & Courier Services: This is when data or materials are transferred through certified mail or hand delivered by bonded couriers. In most cases this is a very secure means of communication, but is not useful when time constraints exist.


Cryptographic Security

A B C D W X Y Z

CryptographicSecurity

Cryptographic Security or Cryptosecurity is the part of COMSEC that includes the design, implementation, protection and use of technically sound cryptographic systems.



Change tothe next

encryptionkey at 10:00

tonight.

Cryptographic Security includes correctly applying encryption equipment to protect voice and data communications.

Change tothe next

encryptionkey at 10:00

tonight.

klasfaslkk;lkkasiupodf;llsaifuasppfosjpoifpsoos

When properly applied, encryption can secure all electronic transmission.



Includes the development of Key Management Plans and Procedures that provide instructions for the operation and protection of the Cryptographic devices and their key material.

COMSEC

Maintenance

Manual CO

MSEC



Includes all measures taken to ensure only authorized personnel install, operate and perform maintenance on cryptographic devices.


Physical Security

Physical security is the part of COMSEC that results fromtaking all measures necessary to physically safeguard allCOMSEC classified and sensitive materials and information.

PhysicalSecurity


Physical Security

Includes Storage Facilities

And Security Containers


Physical Security

Storage of Classified Materials:The storage requirement for items classified as Secret and Confidential is preferably a Class B vault.

When necessary, such items can be stored in a GSA approved security container


Physical Security

Storage of FOUO and SBUThese items may be stored using the same methods as classified materials.

When other methods are not available, a filing cabinet equipped with a locking bar and GSA changeable combination lock is the most preferable.

However, in most cases it is acceptable to use any lockable container or room, but you should check with your RCO.


Physical Security

It includes applying methodsto ensure only authorized persons have access to classified, sensitive and COMSEC materials and information.

Badges, GuardsAnd Alarm Systems

These methods include but are not limited to:

First SecuritiesInc.

George Washington


Physical Security

It includes the proper handling and accounting for all classified, sensitive or COMSEC information/materials on a continuous basis.

Inventories of these materials must be taken once per shift, whenever the storage container is opened, or at a minimum of once a week, when the container remains closed.


Physical Security

Whenever classified, sensitive or COMSEC materials are remove from storage, the person removing these materials or information must maintain constant control or surveillance over them.


Physical Security

No matter how important a task may be, if it involves classified, sensitive or COMSEC materials or information:

You may NEVER take it home or away from its secure area to be completed.


Physical Security

Includes the properdisposal of classifiedand sensitive materialsand information nolonger needed.

Some approved methods ofdestruction are:

Old C

lassified

PulverizingIncineratingShredding


Physical Security

The proper disposal of classified and sensitive materials and information in electronic form is some what different.

Two methods are:Project Sand Sweep

Overwriting

10101010101010101

Degaussing


Physical Security

Most of you will not be performing the destruction of the materials.

Most of you will place them in either a Burn Bag or a Classified/Sensitive Trash Receptacle.

BurnBag

ClassifiedTrash


Physical Security

The destruction of COMSEC materials is even more strict than those of other classified materials.

For this reason, there are even fewer personnel authorized to perform this destruction.

For more information contact your RCO.

CO

MSEC

COMSEC

Maintenance

Manual


Emissions Security

EmissionSecurity

Emissions Security is the part of COMSEC that denies unauthorized persons the ability to derive classified/ sensitive information from the interception of unintentional emanations.


Emissions Security

All electronic equipment produces and radiates RF signals.

This is TopSecret!


Emissions Security

How do we control these radiated RF signals from being intercepted by unauthorized parties?

1. We use TEMPEST rated equipment.

2. We use Red/Black separation.

3. We shield and filter our facilities and sensitive areas.

TEMPEST

Rated


Information Classifications

Information is classified based on the amount of damage it could cause if disclosed to the wrong parties.



Top Secret This classification is given to information when its loss or compromise would cause exceptionally grave damage to the security of United States.

SecretThis classification is given to information when its loss or compromise would cause serious damage to the security of the United States.

ConfidentialThis classification is given to information when its loss or compromise would cause damage to the security of the United States.



For Official Use OnlyThis classification is given to information when its loss or compromise would pose a threat to the operations or missions of the Classifying Agency.

Sensitive But Unclassified COMSEC

This classification is given to COMSEC information that is not classified but its loss or compromise would pose a threat to the operations or missions of the holding agency.

Security Solutions Group Disclosure of Information

Disclosure of information, quite simply is when information passes from one party to another.

When dealing with classified, sensitive or COMSEC information, it is the responsibility of the party possessing the information to ensure it is not disclosed to parties who do not have a need for or a right to the information.


Authorized Disclosure

Disclosure of classified, sensitive or COMSEC information is authorized only when the party receiving the information has the proper clearance or background check, can be properly identified and has a need to know.

Need to Know does not mean, because a person holds a high management position, he or she automatically needs access to the information.

Security Solutions Group Unauthorized Disclosure

Unauthorized disclosure of classified, sensitive or COMSEC information is when the party receiving the information does not have the proper clearance or in most cases a need to know.

In most cases, unauthorized disclosures are unintentional and due to poor planning or a failure to think by the possessing party.

Security Solutions Group Unaware of Surroundings

One of the leading causes of unintentional disclosures is simply people not being aware of what is happening around them.

Discussing classified, sensitive or COMSEC information when you are unsure or unaware of your surroundings can quickly lead to this information being disclosed to the wrong people.


Awe Of Position

We all want to please our management, and work very hard each day to do so.

We must remember, just because they are our supervisors, we can’t always give them the information they request.

If a higher-up requests anything that is classified, sensitive or COMSEC in nature, we must make sure they meet all the requirements for access to this information just like everyone else.


Trapped by Time

When ever we feel rushed, or have a deadline that we can’t see ourselves making, we tend to cut corners.

When we are in this type of situation and working with classified, sensitive or COMSEC information, the corners we cut could very likely lead to an unintentional disclosure.

We must remember when working with classified, sensitive or COMSEC information, the job must be done by the book, no matter how long it takes.


Emotional Hazard

Emotions play a very big part in our lives, and affect each of us on a daily basis.

When we let emotions cloud our thinking, the classified, sensitive or COMSEC information we are working with is at risk of an unintentional disclosure.

Note: Emotions are one of the most difficult of all the unintentional disclosure risks to control.


Security Incidents

Security Incidents are events or incidents that may jeopardize the security of any of the COMSEC Elements, classified or sensitive information or materials.


Security Incidents

Security incidents can be broken into three categories that are:Personnel Physical Cryptographic

A B C D A B C D

Security Solutions Group Personnel Security Incidents

Personnel security incidents are events or incidents that involve acts of espionage and sabotage, or the willful or unwillful disclosure of information to hostile or foreign agents by personnel having authorized access to the information.

Security Solutions Group Physical Security Incidents

Physical security incidents occur when the control over classified, sensitive, and/or COMSEC equipment, materials or information is lost.

That crypto keyhas to be here

somewhere!

Security Solutions Group Cryptographic Security Incidents

Cryptographic security incidents are willful or unwillful actions or inactions that place any element of a Cryptosystem in jeopardy of compromise.

A B C D A B C D


Security Incidents

Also includes:

Reporting the incident

Investigating the cause

Correcting the problem

Performing preventive measures


Reporting the Incident

Any event or incident that jeopardizes any of the COMSEC Elements, classified or sensitive information or materials must be reported immediately.

Report theIncident to your

ResponsibleCOMSEC OfficerIMMEDIATELY!


Reporting the Incident

Don’t Report in This MannerI left the safe open and now I can’t find

the Crypto Keys!

Do Report in this MannerI have an issue, could you come see

me!

We must be careful when reporting an incident, because, on most occasions, the initial report will be made over some type of unsecure means of communications.


Correcting the Problem

The first priority is to correct the problem. This could mean anything from:

To taking the affected equipment or system out of service

Securing an unsecure area or container


Incident Investigation

The RCO and CAM will perform an investigation into the cause of the incident.

All involved persons are expected to cooperate fully with the investigation.


Incident Investigation

The investigation determines the severity of the incident.

There four levels of severity:

Dangerous PracticeCompromise ImprobableCompromise Not Ruled OutCOMPROMISE


Preventive Measures

Preventive Measures are anything performed to help stop a reoccurrence of the same type of incident. YIELDChanging Procedures

Personnel Changes

Arrest and Conviction


Conclusion

This concludes the COMSEC Awareness Training.

If you have any further questions with regard to the protection of COMSEC, classified and sensitive information and materials, contact your Responsible COMSEC Officer.