CRYPTO Users Briefing 1 OVERVIEW • • • • • • • What is COMSEC/CRYPTO? Devices/CRYPTO Access Safeguarding Reproduction Destruction Reporting Requirements 2 WHAT IS COMSEC? COMSEC (Communications Security) – Broad term used to describe the measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. 3 WHAT IS CRYPTO? CRYPTO – Marking or designator identifying all COMSEC key material used to secure or authenticate classified telecommunications Key Material – Sequence of random binary digits used to set up, and periodically change, operations performed by crypto equipment to encrypt, decrypt, and authenticate electronic telecommunications (When written in all capital letters, CRYPTO has the meaning defined above. When written in lower case letters it’s an abbreviation for cryptographic) 4 What is COMSEC? Handled in 2 separate channels: 1. COMSEC channel – is used to distribute items that are accountable by the COMSEC Custodian to the National Security Agency (NSA) 2. Administrative channels – are used to distribute other COMSEC information and material not accountable by the COMSEC Custodian but rather through the site’s Document Control system When in doubt, contact the COMSEC Custodian 5 WHAT IS COMSEC? • For purposes of this briefing, we’re concerned with the 1st channel: items that are accountable by the COMSEC Custodian to the NSA • These items can be further categorized into: – Controlled Cryptographic Items (CCI) – Classified devices – Cryptographic key material (CRYPTO) 6 DEVICES CONTROLLED CRYPTOGRAPHIC ITEM • • • • Unclassified cryptographic device Protected as high value property Accountable to NSA Examples: – STE – Data Transfer Device (DTD) – KIV 7 7 DEVICES CCI • STE • Secure point-to point voice/data communications up to Top Secret • Unclassified without the Crypto Ignition Key (CIK) or it is zeroized 8 DEVICES CCI • Data Transfer Device (DTD) • Used to store electronic keys then load into crypto equipment • Unclassified without key material or CIK 9 DEVICES CCI • KIV 7 • Provides secure Line of Site Communications • Unclassified without classified keying material loaded into device 10 CRYPTO Cryptographic key material (CRYPTO) • Unclassified to Top Secret • Requires higher degree of protection than other classified • Comes in various forms; key tape within plastic canister, floppy disk, electronic, algorithms on paper, PROMS 11 CRYPTO Key Tape • Issued by canister • Contains multiple segments • Each canister unique 12 ACCESS • The following minimum conditions must be met prior to granting access to CRYPTO: – Final Secret clearance or interim Top Secret – Need-to-Know determination – Receive Cryptographic Access Briefing from COMSEC Custodian, Alternate, or their written designated representative and input into EPSS 13 ACCESS As a condition of access you must acknowledge: - that you may be subject to a non-lifestyle, counterintelligence scope polygraph exam only encompassing questions concerning espionage, sabotage, or unauthorized disclosure of classified information -this examination will be administered in accordance with DoD Directive 5210.48 and applicable laws 14 SAFEGUARDING CRYPTO Storage • All CRYPTO must be stored in a GSA approved safe that is either; 1. inside a Closed Area and 2. Under IDS control or covered by guard patrols every 4 hours • Do not use lockbar containers for storing CRYPTO 15 SAFEGUARDING Keyed CCI & Classified Hardware Storage Requirements: • If being used, must be located in a Closed Area • If not being used, must be stored in a GSA safe Storage of unkeyed CCI • May be stored like a high value item (e.g. within locked cabinet or storage room) but regularly sighted. • For STE, see COMSEC Custodian for briefing 16 SAFEGUARDING Do NOT: • store COMSEC safe combinations electronically (not even on a classified computing system) • place CRYPTO on any computer system (not even if the system is approved for it) until you’ve received written permission from the COMSEC Custodian • move any COMSEC equipment or CRYPTO (not even temporarily) to another location without the COMSEC Custodian’s prior written permission 17 SAFEGUARDING Hand Receipt Items • Items Hand Receipted to you by the COMSEC Custodian become your personal responsibility and may never be transferred by you to another person or organization • To initiate transfer for any of your items, you must contact the COMSEC Custodian • Another properly cleared and briefed person may use your items but this does not relieve you of its responsibility 18 SAFEGUARDING Key Disposition Record • Completed by users as they load key material to ensure a continuous chain of accountability (Records are classified at least CONFIDENTIAL for CONFIDENTAL key and above. Unclassified key disposition Records are marked Unclassified/FOUO) • The following are the only disposition records you might have to use: – Electronic Key Disposition Record or – Key Tape Disposition Record – Electronic Key loader Disposition Forms • The COMSEC custodian will provide you with the required disposition form and instructions. 19 REPRODUCTION Reproduction of CRYPTO • NOT Authorized unless: – COMSEC Custodian receives written approval from key material Controlling Authority and – COMSEC Custodian provides you written permission • Permission does have to formal and in writing from the controlling authority. 20 DESTRUCTION Destruction of CRYPTO Requires 2 persons both being; 1. appropriately cleared, 2. CRYPTO briefed and 3. knowledgeable of destruction procedures 4. fully trained and knowledgeable on Status messages and usage factors • • One person performs destruction while the other serves as witness Never sign the record without personally sighting the destruction 21 DESTRUCTION • If you have no approved destruction method available to you, return the superceded key material to the COMSEC Custodian within the 12 hour time frame • Failure to do the above may result in a violation 22 DESTRUCTION • Destruction of key tape segments is authorized by use of the NSA approved disintegrator 23 DESTRUCTION Electronic Key • Destruction is done by deleting the key or particular key segment on the DTD and Then Annotating it on Electronic Key Disposition Form 24 REPORTING REQUIREMENT Examples of COMSEC/CRYPTO Violations • COMSEC safe left unsecured • Removal of future keying material from its protective packaging • Disclosing short title, edition and effective dates of CRYPTO by unsecured means • Loss of COMSEC equipment/material • Falsification of COMSEC records 25 REPORTING REQUIREMENT Reporting Espionage Attempts • Foreign Intelligence Services prize the acquisition of CRYPTO/COMSEC information • Extreme measures may be taken to coerce or force persons to divulge CRYPTO/COMSEC info • Personal and financial relations with representatives of foreign governments or their interests could make you vulnerable and/or targeted 26 REPORTING REQUIREMENT Why is reporting so important? • If COMSEC information or techniques are breached at any point, all classified information protected by the system might be compromised • If a security breach is not reported, it may never be detected 27 REPORTING REQUIREMENT • Consider for a moment how much traffic passes over that circuit in a week, month, year, or its lifetime and the damage that can cause • If reported, steps can be taken to lessen an adversaries advantage gained through the compromised information • If any incident occurs, contact your COMSEC Custodian immediately 28 CONTACTS 29 QUESTIONS? 30