annual refresher security briefing - formsite · pdf fileif you know you are subject to...

N-627 1

Annual Security Refresher Training

Annual Security Refresher Training

N-627 2

PurposeNational Industrial Security Program (NISP)Threat Awareness BriefingDefensive Security BriefingSecurity Classification SystemEmployee Reporting RequirementsSecurity Procedures and Applicable Job Duties

Agenda

N-627 3

The NISP was established by Executive Order (E.O.) 12829 in order to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. E.O. 12829 was signed into effect as of January 6, 1993 by President George Bush.

The purpose of the National Industrial Security Program (NISP) is to safeguard classified information that may be released or has been released to current, prospective, or former contractors, licensees, or grantees of United States agencies.

The NISP is applicable to all executive branch departments and agencies.

The National Industrial Security Program Operating Manual (NISPOM) is issued in accordance with the NISP. It prescribes the requirements, restrictions, and other safeguards to prevent the unauthorized disclosure of classified information. It controls the disclosure of classified information released by U.S. Government Executive Branch Departments and Agencies to their contractors. It prescribes the procedures, requirements, restrictions, and other safeguards to protect special classes of classified information including: Restricted Data (RD); Formerly Restricted Data (FRD), intelligence sources/methods; SAP, and SCI information.

National Industrial Security Program (NISP)

N-627 4

Failure to follow the rules and regulations that are set forth by the National Industrial Security Program Operating Manual (NISPOM) could result in –

–Loss of your security clearance–Loss of your job–Possible loss of the Harmonia facility clearance–Federal arrest, fines, prosecution, and

imprisonment

N-627 5

Threat Awareness Briefing

N-627 6

Adversaries & Threats

to the NISP

N-627 7

Espionage: The act of obtaining, delivering, transmitting, communicating, or receiving information in respect to the national defense with an intent or reason to believe that the information may be used to the injury of the US or to the advantage of any foreign power. Foreign Intelligence Service (FIS) Agents: Citizens of a foreign country who are in the US to commit espionage to benefit their country of citizenship.Corporate Espionage: Foreign or US citizens engaging in espionage activities against other corporations or the government to benefit their own corporation.Traitors: US citizens (born or naturalized) who commit acts of espionage.

Adversaries & Threats to the NISP Human-Induced (Intentional)

N-627 8

FIS Information Objectives:Advanced TechnologyEconomicSociologicalBiographicalScientificPoliticalMilitary

Suspicious ContactsForeign Intelligence ServicesForeign Intelligence Services

N-627 9

Suspicious ContactsSuspicious Contacts

What is a Suspicious Contact?–Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared employee.

–All contacts by cleared employees with known or suspected intelligence officers from any country

–Any contact which suggests an employee may be the target of an attempted exploitation by the intelligence services of another country.

Importance of Reporting–Reporting of suspicious contacts makes it possible for the Government and private industry to monitor foreign entities/competitors, provide warnings, and detect/neutralize foreign threats

N-627 10


Top Targeted Technologies (from DSS 2012 report)–Information Systems–Lasers, Optics, and Sensors–Aeronautic Systems–Electronics–Armaments and Energetic Materials–Space Systems–Marine Systems–Positioning, Navigation, & Time–Materials and Processing–Ground Systems–Information Security–Processing and Manufacturing

N-627 11

Suspicious ContactsSuspicious ContactsMethods of Operation

– Attempted Acquisition of Technology– Attempts to acquire protected information via direct purchase of firms, via front companies, or by third countries

– Requests for Information – Via phone, email, or webcard, these are attempts to collected protected information under the guise of price quotes, marketing surveys, or other direct/indirect methods

– Suspicious Network Activity – Via cyber intrusion, viruses, malware, backdoor attacks, acquiring user names/passwords, and similar methods, these are attempts to carry out intrusion on cleared contractor networks and exfiltrate protected information

– Academic Solicitation – Peer or scientific board reviews of academic papers/presentations, request to study/consult with faculty, or application for admission into academic institutions, departments/majors/programs as faculty, students, or employees

N-627 12


– Solicitation or Marketing – Sales, representations, agency offers, or response to tenders for technical or business services, these are attempts to establish a connected with a CDC vulnerable to the extraction of protected information

– Official Foreign Visits & Targeting – Visits to CDCs that are either pre-arranged by foreign contingents or unannounced, these are attempts to gain access to & collect protected information beyond that permitted

– Conferences, trade shows, conventions – Suspicious activity such events by taking pictures, making sketches, or asking detailed technical questions

– Exploitation of Relationships – Establishing connections such as joint ventures, official arrangements, foreign military sales (FMS), business arrangements, these are attempts to play on existing legitimate relationships to gain unauthorized access to protected information

N-627 13


– Seeking Employment – Via resume submissions, applications, and references, these are attempts to introduce persons who will thereby gain access to protected information that could prove useful to agencies of a foreign government

– Criminal Activities – Via theft, these are attempts to acquire protected information with no pretense or plausibility of legitimate acquisition

– Targeting U.S. Travelers Overseas – Via airport searches, hotel room incursions, computer/device accessing, telephone monitoring, personal interchange, these are attempts to gain access to protected information through the presence of cleared contractors employees traveling abroad as a result of invitations and/or payment to attend seminars, provide training, deliver speeches, etc.

N-627 14


Reporting

All Harmonia employees are required to report all suspicious contacts. If you receive a suspicious contact, notify Industrial Security IMMEDIATELY! The following information that your report should contain:

– What information was targeted– Who solicited the information – name, affiliation, email, postal,

previous contact– Circumstances and background– Suspicious activity – received an email asking for information, non

related information requested

N-627 15


Suspicious IndicatorsTo help you determine if you have had or are having suspicious contact, here are some indicators

– Email requests have an address in a foreign country– Requestor identifies themselves as a “student” or “consultant”– Request is related to a defense contract– Requestor is unknown to you– Requestor says disregard if it creates a security problem– Requestor states no need for export licenses– Requestor indentifies their employer as a foreign government or foreign

company– Requestor offers to offshore software support– Requestor offers to act as sales or purchasing agent in a foreign country– An invitation to present a lecture in a foreign country with all expenses paid– Wandering visitors– Last minute people added to visitor list

N-627 16

Collector AffiliationsCollector AffiliationsSuspicious Contacts

NOTES– Commercial Collector

Affiliations were top target in 2010 & 2011

N-627 17

Methods of OperationsMethods of OperationsSuspicious Contacts

SRAM is an example of one of the technologies

targeted.

N-627 18

Types of Adversaries & Threats to the NISPSouth Korean company. Did their Government know?

Associated Press, July 28, 2012“US sees Israel, tight Mideast ally, as spy threat”

National Review Online, August 7, 2012“Spy vs. Spy, America vs. Israel”

N-627 19

Types of Adversaries & Threats to AssetsEspionage – Foreign

http://www.cbsnews.com/8301-18560_162-57431837/more-spies-in-u.s-than-ever-says-ex-cia-officer/

http://www.businessweek.com/news/2012-04-08/american-universities-infected-by-foreign-spies-detected-by-fbi

http://www.circleid.com/posts/us_government_networks_thoroughly_penetrated_by_foreign_spies/

http://usnews.nbcnews.com/_news/2012/10/04/14213457-feds-high-tech-smuggling-ring-sent-us-electronics-to-russian-spy-military-agencies?lite

N-627 20

Types of Adversaries & Threats to AssetsEspionage – Corporate

http://www.bloomberg.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-s-companies.html

http://blogs.reuters.com/financial-regulatory-forum/2012/03/12/corporate-governance-boardrooms-fret-over-corporate-espionage-and-federal-guidance-regimes/

http://www.independent.co.uk/news/business/analysis-and-features/the-art-of-industrial-espionage-7782482.html

N-627 21

Terrorist Categories

Crusaders: Ideologically inspired individuals or groups Criminals: Commit terrorist acts for personal gain Crazies: People who commit terrorist acts during periods of psychiatric imbalance

N-627 22

Terrorist GoalsTerrorist Goals Obtain recognition for their cause. Cause over or under reaction by government. Harass, weaken, embarrass security forces. Obtain money and equipment. Destroy facilities or disrupt communications. Discourage foreign investment/assistance. Influence legislation, elections, Government

decisions. Free prisoners. Satisfy vengeance. Turn the tide in a guerilla war.

N-627 23

Adversaries & Threats to Corporate AssetsCyber Adversaries

N-627 24

Adversaries & Threats to the NISPCyber Threat

N-627 25

Defensive Security Briefing

N-627 26UNCLASSIFIED

Defensive SecurityDEFENSE AGAINST…

ESPIONAGEDEFENSE AGAINST…

TERRORISMDEFENSE AGAINST…

CYBER THREAT

Do not discuss personal or professional (MSS or customer) information with strangers.

Participate in annual Antiterrorism Training (the FSO can tell you how).

Do not use company or customer information systems for other than approved duty functions.

Ensure that your family members understand the dangers of revealing information to strangers.

Remain vigilant concerning news about terrorist activities.

Be careful about what you place on social media sites. Remember, once you post it, it is always out there.

If you know you are subject to exploitation of specific vulnerabilities, self-report the vulnerabilities.

Constantly be observant concerning your surroundings.

Do not open e-mails and/or e-mail attachments from people you do not know without confirming the validity of the sender first.

Ensure you receive a travel briefing from the FSO prior to any departure from the U.S.

Ensure both you and your family members understand the dangers of revealing information to strangers.

Remain vigilant concerning news about cyber threat activities.

DO NOT discuss or reveal your security clearance status with anyone other than official personnel.



Have the FSO’s cell phone number and the reporting phone numbers cited in this briefing with you at all times.

If you encounter a questionable situation or when in doubt, CALL AND ASK FOR GUIDANCE!

N-627 27

QUESTION: Okay, we now know the threats but how are the human-induced threats able to compromise our security?ANSWER: Through vulnerabilities

Defensive Security

N-627 28

Defensive SecurityVulnerability Areas

N-627 29

Threat AwarenessThe Human Element

N-627 30

Threat AwarenessHuman – How it starts

ANSWERIf you are Doug Evans or

Melissa Bullinger, the adversary simply looked on the internet

and discovered you.These examples were provided

by Ryan Dube of Top Secret Writers

(http://www.topsecretwriters.com/2010/02/is-it-ok-to-publicize-

secret-security-clearance/) In her presentation,

Cyber/Social Networking Briefing, FBI Agent Stacey

Arruda demonstrates how she built a profile on an individual she discovered posting a PCL

on the net.Remember, if you post

information about yourself, someone will find it!

N-627 31

ANSWERLocating you was not that hard either since you were nice enough to post your photo on various web sites.

Geotag…you’re it!


N-627 32

– Casual conversation at a public/work place

– Uncommon interest in your job/abilities

– Request for seemingly harmless information

– Exploit personal vulnerability

After I’ve Found You…It’s Time For The Approach

What do I hope to learn about you?


N-627 33

– Greed– Excessive Indebtedness– Political and Religious Beliefs– Substance Abuse– Sex– Disgruntled Employee– Super Ego– Family/relations in Foreign Country– False Flag– Volunteer Spy– Criminal Activity


ANSWERThese are the vulnerabilities

that adversaries

will attempt to learn about

you.If you reveal

anything they can use to

force you to work for them,

you are hooked!

N-627 34

Threat AwarenessHuman – SPY or just Stupid?

We have now covered the THREAT AWARENESS portion of the briefing

and it is time to move on to…

N-627 35

Security Classification System

N-627 36

Classified Information – Official information that has been determined, pursuant to Executive Order 12958 as amended, to require protection against unauthorized disclosure in the interest of national security and which has been so designated. The term includes National Security Information (NSI), Restricted Data (RD), and Formerly Restricted Data (FRD).

Information is classified under EO 12958 as amended, by an original classification authority and is designated and marked as Top Secret, Secret, and Confidential.

–Top Secret – classified information, the unauthorized disclosure of which could be expected to cause exceptionally grave damage to national security.

–Secret – classified information, the unauthorized disclosure of which could be expected to cause serious damage to national security.

–Confidential – classified information, the unauthorized disclosure of which could be expected to cause damage to national security.

N-627 37

Personnel must meet the following three criteria before they can have access to classified information:

Must have a SECURITY CLEARANCE (eligible + access).

Must have a “NEED TO KNOW.”

Must be able to SAFEGUARD the information.

N-627 38

Derivatively Classifying From Multiple SourcesPortion Marking

When using more than one classified source document in creating a derivative document, portion mark the classified information incorporated in the derivative document with the classification level indicated on the source documents. In the example shown, paragraph one of the derivative document incorporates “Secret” information from paragraph one of Source 1 and paragraph two of the derivative document incorporates “Confidential” information from paragraph one of Source 2. The remainder of the derivative document is “Unclassified”.

Sour

ce 1

Der

ivat

ive

(S)

(S)

(U)

(C)

Sour

ce 2

(C)

Overall Classification MarkingThe derivative document will be conspicuously marked at the top and bottom with the highest classification level of information found in any portion of the document. The overall classification shown here is “Secret.” If the derivative document contains more than one page, each page will be marked with an overall marking. (Refer to page 6 for review.)

Sour

ce 1

(S)

Der

ivat

ive

(S)

(U)

(C)

SECRET

Sour

ce 2

SECRET

SECRET

(C)

CONFIDENTIAL

CONFIDENTIAL

16

N-627 39

Handling Classified InformationHandling Classified Information

Classified information:– Must never be left unattended– Must never be discussed in public places– Must be discussed on secure telephones or sent via secure faxes– Must be under the control of an authorized person– Stored in an approved GSA storage container– Never be processed on your computer unless approved by the

Designated Approving Authority (DAA)– Never place classified materials in unclassified distribution boxes– Never co-mingle classified and unclassified in distribution boxes– Never place weapons or sensitive items such as funds, jewels,

precious metals or drugs in the same container used to safeguard classified information

– All incoming and outgoing mail (FedEx, Registered and Certified) Must be considered Classified until determined otherwise.

N-627 40

Storage of Classified Information Storage of Classified Information

Lock up all classified material in a GSA approved security container located in the restricted room in Building 1 at the end of the day and when it is not needed.

Sign-out material when removed from a safe.

N-627 41

Classified DiscussionsClassified Discussions

Classified information should be discussed at cleared locations and on cleared phones.When using a commercial phone, remember:

– DO NOT discuss classified…do NOT attempt to “talk around” the classified information

– Terminate a call if the caller attempts to discuss classified information

– Be alert to classified discussions happening in and around the area your phone call is taking place

– Be aware that your non-secure phone call can be monitored

N-627 42

Non-disclosure Agreement (SF 312)Non-disclosure Agreement (SF 312)

All persons authorized access to classified information are required to sign a nondisclosure agreement as a condition of that access. The primary purpose of the SF 312 is to inform you that:– A special trust has been placed in you– This agreement is binding on you for life (even if you no longer

require a security clearance)– You are responsible to protect classified information from

unauthorized disclosure– There are serious consequences for not complying with the terms

of this agreement– Breech of Agreement may result in clearance termination,

employment termination and/or criminal prosecution

N-627 43

Security ViolationsSecurity Violations

Security violations can and do occur under all circumstances. Violations are classified as deliberate or inadvertent compromises. In most cases, a violation occurs because procedures were not followed due to lack of attention to detail or lack of knowledge.

N-627 44

Employee Reporting Requirements

N-627 45

NISPOM 1-300

Contractors are required to report certain events that have an impact on –

– The status of the facility clearance (FCL)– The status of an employee’s personnel security

clearance (PCL)– That affect proper safeguarding of classified

information, or – That indicate classified information has been lost or

compromised


N-627 46


Reports to be Submitted to the Cognizant Security Agency (CSA) (DSS)

– Adverse information (i.e. wage garnishments, DUIs, arrestsetc.)

– Suspicious contacts– Change in cleared employee status

DeathName changeTermination of employmentChange in citizenshipWhen the possibility of access to classified information in the futurhas been foreclosed

N-627 47

Employee Reporting Requirements (cont)

– Citizenship by naturalizationContractors shall report if a non-U.S. citizen employee granted

a Limited Access Authorization (LAA) becomes a citizen through naturalization

– Employees desiring not to perform on classified work– Refusal to sign the “Classified Information

Nondisclosure Agreement” (SF312)

N-627 48


N-627 49

Security Proceduresand

Applicable Job Duties

N-627 50

Security Procedures:– All Harmonia personnel will adhere to the corporate

security procedures contained in the Harmonia Standard Practices and Procedures

– Harmonia contract site personnel will also adhere to customer security procedures

Applicable Job Duties:– All Harmonia personnel will be briefed on company

job security procedures within 10 days of initial hire date

– Harmonia contract site personnel will be briefed on the customer site security procedures prior to being allowed to work shift in a non-OJT status

annual refresher security briefing - formsite · pdf fileif you know you are subject to...

Documents