COMSEC/CRYPTO Briefing

advertisement
CRYPTO Users Briefing
1
OVERVIEW
•
•
•
•
•
•
•
What is COMSEC/CRYPTO?
Devices/CRYPTO
Access
Safeguarding
Reproduction
Destruction
Reporting Requirements
2
WHAT IS COMSEC?
COMSEC (Communications Security) –
Broad term used to describe the measures and
controls taken to deny unauthorized persons
information derived from telecommunications and
ensure the authenticity of such
telecommunications.
3
WHAT IS CRYPTO?
CRYPTO – Marking or designator identifying all COMSEC
key material used to secure or authenticate classified
telecommunications
Key Material – Sequence of random binary digits used to
set up, and periodically change, operations performed
by crypto equipment to encrypt, decrypt, and
authenticate electronic telecommunications
(When written in all capital letters, CRYPTO has the
meaning defined above. When written in lower case
letters it’s an abbreviation for cryptographic)
4
What is COMSEC?
Handled in 2 separate channels:
1. COMSEC channel – is used to distribute items that
are accountable by the COMSEC Custodian to the
National Security Agency (NSA)
2. Administrative channels – are used to distribute
other COMSEC information and material not
accountable by the COMSEC Custodian but rather
through the site’s Document Control system
When in doubt, contact the COMSEC Custodian
5
WHAT IS COMSEC?
• For purposes of this briefing, we’re concerned
with the 1st channel: items that are
accountable by the COMSEC Custodian to the
NSA
• These items can be further categorized into:
– Controlled Cryptographic Items (CCI)
– Classified devices
– Cryptographic key material (CRYPTO)
6
DEVICES
CONTROLLED CRYPTOGRAPHIC ITEM
•
•
•
•
Unclassified cryptographic device
Protected as high value property
Accountable to NSA
Examples:
– STE
– Data Transfer Device (DTD)
– KIV 7
7
DEVICES
CCI
• STE
• Secure point-to point voice/data communications
up to Top Secret
• Unclassified without the Crypto Ignition Key (CIK)
or it is zeroized
8
DEVICES
CCI
• Data Transfer Device
(DTD)
• Used to store
electronic keys then
load into crypto
equipment
• Unclassified without
key material or CIK
9
DEVICES
CCI
• KIV 7
• Provides secure Line of Site Communications
• Unclassified without classified keying material
loaded into device
10
CRYPTO
Cryptographic key material (CRYPTO)
• Unclassified to Top Secret
• Requires higher degree of protection than other
classified
• Comes in various forms; key tape within plastic
canister, floppy disk, electronic, algorithms on
paper, PROMS
11
CRYPTO
Key Tape
• Issued by canister
• Contains multiple segments
• Each canister unique
12
ACCESS
• The following minimum conditions must be met prior
to granting access to CRYPTO:
– Final Secret clearance or interim Top Secret
– Need-to-Know determination
– Receive Cryptographic Access Briefing from
COMSEC Custodian, Alternate, or their written
designated representative and input into EPSS
13
ACCESS
As a condition of access you must acknowledge:
- that you may be subject to a non-lifestyle,
counterintelligence scope polygraph exam only
encompassing questions concerning espionage,
sabotage, or unauthorized disclosure of classified
information
-this examination will be administered in accordance
with DoD Directive 5210.48 and applicable laws
14
SAFEGUARDING
CRYPTO Storage
• All CRYPTO must be stored in a GSA approved safe
that is either;
1. inside a Closed Area and
2. Under IDS control or covered by guard patrols
every 4 hours
• Do not use lockbar containers for storing CRYPTO
15
SAFEGUARDING
Keyed CCI & Classified Hardware Storage
Requirements:
• If being used, must be located in a Closed Area
• If not being used, must be stored in a GSA safe
Storage of unkeyed CCI
• May be stored like a high value item (e.g. within
locked cabinet or storage room) but regularly
sighted.
• For STE, see COMSEC Custodian for briefing
16
SAFEGUARDING
Do NOT:
• store COMSEC safe combinations electronically (not
even on a classified computing system)
• place CRYPTO on any computer system (not even if
the system is approved for it) until you’ve received
written permission from the COMSEC Custodian
• move any COMSEC equipment or CRYPTO (not even
temporarily) to another location without the
COMSEC Custodian’s prior written permission
17
SAFEGUARDING
Hand Receipt Items
• Items Hand Receipted to you by the COMSEC
Custodian become your personal responsibility
and may never be transferred by you to another
person or organization
• To initiate transfer for any of your items, you must
contact the COMSEC Custodian
• Another properly cleared and briefed person may
use your items but this does not relieve you of its
responsibility
18
SAFEGUARDING
Key Disposition Record
• Completed by users as they load key material to ensure a continuous chain
of accountability (Records are classified at least CONFIDENTIAL for
CONFIDENTAL key and above. Unclassified key disposition Records are
marked Unclassified/FOUO)
• The following are the only disposition records you might have to use:
– Electronic Key Disposition Record or
– Key Tape Disposition Record
– Electronic Key loader Disposition Forms
• The COMSEC custodian will provide you with the required
disposition form and instructions.
19
REPRODUCTION
Reproduction of CRYPTO
• NOT Authorized unless:
– COMSEC Custodian receives written approval
from key material Controlling Authority and
– COMSEC Custodian provides you written
permission
• Permission does have to formal and in writing from
the controlling authority.
20
DESTRUCTION
Destruction of CRYPTO
Requires 2 persons both being;
1. appropriately cleared,
2. CRYPTO briefed and
3. knowledgeable of destruction procedures
4. fully trained and knowledgeable on Status
messages and usage factors
•
•
One person performs destruction while the other
serves as witness
Never sign the record without personally sighting
the destruction
21
DESTRUCTION
• If you have no approved destruction method
available to you, return the superceded key material
to the COMSEC Custodian within the 12 hour time
frame
• Failure to do the above may result in a violation
22
DESTRUCTION
• Destruction of key
tape segments is
authorized by use of
the NSA approved
disintegrator
23
DESTRUCTION
Electronic Key
• Destruction is done by
deleting the key or particular
key segment on the DTD and
Then Annotating it on
Electronic Key Disposition
Form
24
REPORTING REQUIREMENT
Examples of COMSEC/CRYPTO Violations
• COMSEC safe left unsecured
• Removal of future keying material from its
protective packaging
• Disclosing short title, edition and effective
dates of CRYPTO by unsecured means
• Loss of COMSEC equipment/material
• Falsification of COMSEC records
25
REPORTING REQUIREMENT
Reporting Espionage Attempts
• Foreign Intelligence Services prize the acquisition of
CRYPTO/COMSEC information
• Extreme measures may be taken to coerce or force
persons to divulge CRYPTO/COMSEC info
• Personal and financial relations with representatives
of foreign governments or their interests could make
you vulnerable and/or targeted
26
REPORTING REQUIREMENT
Why is reporting so important?
• If COMSEC information or techniques are
breached at any point, all classified
information protected by the system might be
compromised
• If a security breach is not reported, it may
never be detected
27
REPORTING REQUIREMENT
• Consider for a moment how much traffic passes over
that circuit in a week, month, year, or its lifetime and
the damage that can cause
• If reported, steps can be taken to lessen an
adversaries advantage gained through the
compromised information
• If any incident occurs, contact your COMSEC
Custodian immediately
28
CONTACTS
29
QUESTIONS?
30
Download