Electronics Material Officer Course
MODULE NUMBER TWO
LESSON TOPIC TWO
ELECTRONICS SECURITY
MODULE TWO LESSON TOPIC TWO
LESSON TOPIC OVERVIEW
LESSON TOPIC TWO
ELECTRONICS SECURITY
This lesson topic presents information on security responsibilities, areas and markings, procedures, CMS, maintenance, and TEMPEST.
The LEARNING OBJECTIVES of this LESSON TOPIC are as follows:
2.8 State the purpose for inspecting operational conditions of Combat Systems Electronics division.
2.9 Describe procedures for inspecting operational conditions of Combat Systems Electronics division.
2.10 State the purpose of inspecting material conditions of Secure Processing Centers.
2.11 Describe procedures for inspecting material conditions of Secure Processing Centers.
2.12 Identify references used for the administration of security and TEMPEST.
2.13 Describe the security responsibilities in the Electronics Division chain of command.
2.14 Define the term TEMPEST.
2.15 Describe afloat TEMPEST program procedures.
2.16 Describe the purpose, content, and preparation/update of a DD Form 1435.
2.17 Prepare/update a DD Form 1435.
2.18 Describe the procedures to determine current cryptographic qualification of cryptographic technicians.
2.19 Determine current cryptographic qualification of cryptographic technicians.
2.20 Describe the procedures for re-qualifying cryptographic technicians.
The student should review the "LIST OF STUDY RESOURCES" and read the Lesson Topic LEARNING OBJECTIVES before beginning the lesson topic.
MODULE TWO LESSON TOPIC ONE
LIST OF STUDY RESOURCES
ELECTRONICS SECURITY
To learn the material in this LESSON TOPIC, you will use the following study resources:
Written Lesson Topic presentations in the Module Booklet:
1. Lesson Topic Summary
2. Narrative Form of Lesson Topic
3. Lesson Topic Progress Check
Additional Materials:
1. Assignment Sheet
2. Job Sheet
3. Answer Booklet
References:
1. Installation Criteria for Shipboard Secure Electrical Information Processing Systems, MIL-STD-1680
2. COMSEC Security Equipment Maintenance and Training, OPNAVINST 2221.3
3. Communications Security Material System Cryptographic Equipment Information/Guidance Manual, CMS-5
4. Communications Security Material System Policy and Procedures Manual, CMS-1
5. Department of the Navy Information and Personnel Security Program Regulation, OPNAVINST 5510.1
6. Fleet Communications, NTP 4
LESSON TOPIC SUMMARY
ELECTRONICS SECURITY
This lesson topic will introduce you to security as it relates to you as an EMO. It discusses responsibilities, security areas and markings, security procedures, CMS, emergency destruction, cryptographic equipment maintenance, and TEMPEST. The lesson narrative is organized as follows:
Electronics Security
A. Introduction to Security
B. Security Responsibilities
C. Security Areas
D. Classification Markings
E. Transmission of Classified Material
F. Communications Security Material
G. CMS Training and Inspections
H. Safeguarding COMSEC Material/Facilities
I. Cryptographic Equipment Maintenance
J. Emergency Destruction
K. TEMPEST
NARRATIVE FORM
OF
ELECTRONICS SECURITY
LESSON TOPIC 2.2
INTRODUCTION TO SECURITY
Electronic Material Officers must be security conscious. Electronics technicians use and have access to documents and publications that contain classified information, such as messages, frequencies, call signs, specifications, and procedures. This classified information must be safeguarded. Security awareness must be an automatic and integral part of the daily routine. Ensure that your technicians have been briefed on security precautions and requirements. The basic reference for security is Department of the Navy Information and Personnel Security Program Regulations, OPNAVINST 5510.1. The security program deals with safeguarding information that should not fall into the hands of foreign governments or foreign nationals. Compromise of this information may be detrimental to the United States. Information can be compromised by careless talk, improper handling of classified material, etc. The Department of Defense security formula is based on the premise of circulation control of classified information. According to this policy, dissemination of classified information is limited to personnel whose official duties require knowledge or possession of such material.
SECURITY RESPONSIBILITIES
COMMANDING OFFICER
The Commanding Officer is responsible for the effective management of the command Information and Personnel Security Program. This includes:
l
Designating a Security Managerl
Designating a Top Secret Control Officerl
Designating an ADP Security Officerl
Designating a Special Security Officerl
Preparing written command security instructionsl
Preparing an emergency plan for the protection of classified materiall
Reviewing and inspecting the effectiveness of the security programThe Commanding Officer designates the Command Security Manager. In commands that initiate, receive, or process Top Secret Documents, a Top Secret Control Officer is also appointed. If the command is involved in processing data in an automated system, an ADP Security Officer is designated. Additionally, certain commands may designate a Special Security Officer.
SECURITY MANAGER
The security manager is the principal advisor on information and personnel security in the command and is responsible for the management of the program. That does not mean that the security manager will personally handle all of the security duties described below. The personnel officer may handle personnel security, the administrative officer may have classified material control, and the training officer may be responsible for security training. The security manager keeps the big picture, advises the command of changes in policies and procedures, and assists in solving security problems.
TOP SECRET CONTROL OFFICER
The Top Secret Control Officer or TSCO is responsible to the security manager for the receipt, custody, accounting, and disposition of Top Secret material in the command. The TSCO maintains a system of accountability that will record the source, downgrading, movement from one office to another, current custodian, destruction, or other disposition of all Top Secret material. Top Secret messages handled by communications facilities for relay or broadcast delivery only may not be under the control of the command TSCO. Responsibility for accounting, control, and destruction of these messages is given to communications supervisors as described in Fleet Communications, NTP 4. The TSCO is responsible for the following:
l
Disseminating the absolute minimum amount necessary of Top Secret information necessary for proper planning or action. "Standard routing" of Top Secret material is forbidden.l
Delivering Top Secret material within the command by direct personal contact. The material does not have to be delivered personally by the TSCO, but it must be delivered directly to the person who is to assume responsibility for it. Top Secret material will never be left in an "IN" basket.l
Maintaining a continuous chain of signed receipts and disclosure records for all Top Secret material. Person-to-person contact is necessary for receipt.l
Ensuring that physical inventories of Top Secret material are conducted at least once per year.l
Maintaining a current roster of persons within the command who are authorized access to Top Secret information. The TSCO should know who in the command requires access and be able to assist the security manager in determining who is granted access.l
Ensuring that all Top Secret material is accounted for and properly transferred when custodians are relieved of their duties. This requirement applies to the subcustodians of the command as well as the TSCO.SECURITY ASSISTANTS
ADP Security Officer
Any command that uses Automated Data Processing (ADP) systems or equipment (including microcomputers) must designate an ADP Security Officer. The ADP Security Officer is responsible to the security manager for the protection of classified information being processed in the automated system.
Special Security Officer
Certain commands are accredited for and authorized to receive, process, and store Sensitive Compartmented Information (SCI). These commands have a designated Sensitive Compartmented Information Facility (SCIF). The Special Security Officer (SSO) is responsible for the operation of the SCIF and the security, control, and use of SCI. All matters relating to SCI or SSO requirements are referred to the SSO.
Communications Security Material (CMS) Custodian
The CMS Custodian is responsible for the maintenance of CMS material.
SECURITY AREAS
The restrictions, controls, and protective measures required for a security area vary according to the degree of security importance. To meet different levels of security sensitivity, there are three different types of security areas: exclusion, limited, and controlled. These areas must be clearly marked by signs reading:
│ │
│ RESTRICTED AREA - KEEP OUT │
│ │
│ AUTHORIZED PERSONNEL ONLY │
│ │
└────────────────────────────────┘
Exclusion Area
A space requiring the strictest control of access is designated an exclusion area (e.g., a safe or vault). This area contains classified material of such a nature that, for practical purposes, admittance to the area permits access to the classified material. An exclusion area is fully
enclosed by a perimeter barrier of solid construction. Exits and entrances are guarded, or they are secured and alarm protected. Only personnel whose duties require access and who possess appropriate security clearances are authorized to enter an exclusion area.
Limited Area
A limited area is one in which the uncontrolled movement of personnel permits access to the classified information within (e.g., CIC and Radio Central). Access to classified material inside a limited area may be prevented by escort and other internal controls. A limited area is enclosed by a clearly defined perimeter barrier. Entrances and exits are guarded, controlled by attendants to check personal identification, or alarmed. Operation and maintenance personnel who require freedom of movement within a limited area must have a proper security clearance. The Commanding Officer may authorize access to personnel who do not have clearances. In such cases, escorts or attendants and other security precautions must be used to prevent access to classified information located within the area.
Controlled Area
A controlled area does not contain classified information. It serves as a buffer zone to provide greater administrative control and protection for limited and exclusion areas. Passageways or spaces surrounding or adjacent to limited or exclusion areas may be designated as a controlled area. Proper identification is required to enter controlled areas. Additionally, these areas will have control systems sufficient to limit admittance only to those with a need for access.
CLASSIFICATION MARKINGS
MARKING CLASSIFIED MATERIAL
Classified markings serve the following purposes:
l
Identify the proper classificationl
Inform recipients of the assigned classificationl
Indicate the level of protection requiredl
Indicate information that must be withheld from unauthorized personsl
Provide a basis for derivative classificationl
Facilitate downgrading and declassification actions
On documents, the classification marking of Top Secret, Secret, or Confidential is stamped, printed, or written in capital letters that are larger than those in the text. On other types of material, the classification marking is stamped, printed, written, painted, or affixed by means of a tag, sticker, decal, or similar device in a conspicuous manner. If a marking on the material is not physically possible, written notice of the assigned classification is provided to recipients of the material.
CHANGE OF CLASSIFICATION
When classified information requires a different level of protection than presently assigned, or no longer requires protection, it is regraded or declassified. A time schedule has been established for automatically downgrading and declassifying documents originated within the Department of Defense. The automatic downgrading and declassification system was instituted to ensure that all classified matter is available to the general public when secrecy is no longer necessary. It also relieves the originators of future concern for the classified aspects of documents or materials they have produced.
TRANSMISSION OF CLASSIFIED MATERIAL
MEANS OF TRANSMISSION
Transmission of material is the transfer of custody and responsibility for a document or other material from one command to another command or to another authorized addressee. The transmission may be accomplished by messenger, mail, wire circuits, secure radio, or other means. Regardless, the information must be kept out of the hands of those not authorized to have it. The following are all available means of transmission, in order of security:
l
Messengerl
Registered maill
Approved wire circuitl
Ordinary maill
Non-approved wire circuitl
Visuall
Sound systeml
Radio
Messenger
Classified matter (Top Secret) is transmitted by messenger when security, not speed, is the paramount objective. The principal messenger agency for the Department of Defense is the Defense Courier Service (DCS), formerly the Armed Forces Courier Service (ARFCOS). This agency is responsible for the safe transmittal of classified matter for direct turnover to military addressees and certain civilian agencies throughout the world. Every item of classified material sent via DCS is in the physical custody and control of a military courier from the time of its entry into the system until the addressee or an authorized representative accepts receipt of it. Classified material that may go by registered United States mail is not transmitted by DCS.
In addition to transmitting unclassified material, the U.S. postal system is used to transmit classified material, except for Top Secret material and cryptographic aids and devices. Secret material must be sent by registered mail and must not enter a foreign postal system. Confidential material can be mailed through the U.S. Postal Service as certified or first class mail within the boundaries of the United States. U.S. Postal Service registered mail is used for the transmission of Confidential material to APO/FPO addressees and other addressees when the originator is uncertain that their location is within United States boundaries. Material addressed to Canadian government activities is permitted to pass through the Canadian postal service.
TRANSMISSION SECURITY
Radio Transmission Security
When a message is transmitted by radio, it is impossible to identify all receivers. It must be assumed that an enemy receives every transmission. Properly prepared messages transmitted via cryptographic equipment combined with the security of COMSEC material can help prevent an enemy from understanding message traffic. Traffic analysis by the enemy cannot be prevented, it can be made more difficult and less reliable by taking the following measures:
l
Maximum use of communication means other than radiol
Strict circuit disciplinel
Use of the broadcast method where possiblel
Rotation of call signs and address groupsl
Reduction of the use of service messagesl
Use coaddressed messagesl
Encrypt all classified messagesl
Reduce test transmission to a minimuml
Avoid external routing instructions
Radiotelephone Security
Radiotelephone nets are operated so frequently that operators may become careless. Remember that VHF/UHF transmissions can be intercepted for thousands of miles. All personnel that use radiotelephones should be thoroughly familiar with the following precautions:
l
Use each circuit for its intended purpose only. Reduce the number of transmissions to a minimum.l
Consider contents and wording before starting a transmission, to ensure that information of military value is not revealed.l
Write the message down prior to transmission.l
Keep all transmissions brief, concise, and clear.l
Do not transmit classified information in plain language, including plain language references to classified titles, units, places, chart references, or personnel.l
Avoid linkage between radiotelephone call signs and other call signs.l
Follow prescribed radiotelephone procedure at all times.
COMMUNICATIONS SECURITY (COMSEC) MATERIAL
The COMSEC Material Control System (CMCS) was developed to protect vital, sensitive information processed by government communications systems. COMSEC material/equipment is used to encrypt transmissions to render them unintelligible. COMSEC material/equipment must be safeguarded; compromises can allow an enemy to decipher years of communications.
DEFINITIONS AND RESPONSIBILITIES
COMSEC Material
COMSEC material is used to protect U.S. Government transmissions, communications, and the processing of classified or sensitive unclassified information related to national security. COMSEC material includes the material used to ensure the authenticity of such communications.
COMSEC Material Control System (CMCS)
CMCS distributes, controls, and safeguards COMSEC materials. CMCS consists of production facilities, COMSEC Central Offices of Records (COR), distribution and storage facilities, and CMS accounts.
National Security Agency (NSA)
The NSA develops and implements national level policy affecting control of COMSEC material. It is responsible for the production of most COMSEC material used to control communications and for the development and production of cryptographic equipment.
Department of the Navy (DON)
The DON administers its own CMCS which includes Navy, Marine Corps, Coast Guard, and
Military Sealift Command CMS accounts. The DON system implements national policy, publishes procedures, establishes own CMS accounts, and provides a Central Office of Record (COR) to account for CMS material.
Director, Communications Security Material System (DCMS)
DCMS administers the Department of the Navy CMS Program and acts as COR for all DON CMS accounts. Specific functions of DCMS are outlined in CMS-1.
Commander, Naval Computer and Telecommunications Command (COMNAVTELCOM) -implements DON CMS program.
Controlling Authority
A Controlling Authority is a command designated to be responsible for directing the establishment and operation of a cryptocircuit and managing the operational use and control of related keying material. In addition to controlling and managing assigned COMSEC material, Controlling Authorities evaluate COMSEC incidents and authorize the issue and destruction of COMSEC material under their control.
Commanding Officer
The Commanding Officer administers command CMS account and ensures compliance with policies/procedures.
CMS Custodian
The CMS Custodian (usually the communications officer) is designated in writing by the Commanding Officer and is responsible for managing COMSEC material issued to the command's CMS account.
Alternate CMS Custodian
The Alternate CMS Custodian (may be the EMO) is designated in writing by Commanding Officer and is responsible for assisting the CMS custodian and assuming the duties of the CMS custodian in their absence.
CMS Clerk
CMS Clerks are designated in writing by Commanding Officer. They assist the CMS Custodian and CMS Alternate Custodian(s) with administrative duties.
Local Holder Account/Custodian
This term applies to commands that require COMSEC material held as subaccounts of a numbered CMS account. Normally CMS material is received from a parent CMS account, rather than from a CMIO (COMSEC Material Issuing Office).
CMS User
CMS users are designated in writing by the Commanding Officer and require the use of COMSEC material to accomplish an assigned duty.
COMSEC MATERIAL CLASSIFICATION/ACCOUNTABILITY
The presence or lack of a security classification is indicated on COMSEC material using the standard security classifications covered in SWOS Division Officer Course. These classifications determine storage requirements and access to COMSEC material. Control of COMSEC material is based on a continuous chain of custody receipts, accounting records (includes periodic inventory reports, destruction records, transfer reports, and local custody records), and immediate reporting of COMSEC material incidents. Your technicians must handle and safeguard COMSEC material (e.g., keying material) based on its assigned classification and account for it based on its account legend (AL). The AL code determines how COMSEC material is accounted for within CMCS.
l
AL Code 1 - Continuously accountable by accounting number from production to destructionl
AL Code 2 - Continuously accountable by quantity from production to destructionl
AL Code 3 - Locally accountable by serial number and handled/safeguarded based on classificationl
AL Code 4 - Locally accountable by quantity and handled/safeguarded based on classification
CRYPTO Marking
CRYPTO identified COMSEC keying material is used to protect/authenticate classified/sensitive information. CRYPTO is not a classification.
Controlled Cryptographic Item (CCI)
CCI is a designation that identifies secure telecommunications or information handling equipment, or an associated crypto component. CCI is unclassified, but controlled within CMCS.
CATEGORIES OF COMSEC MATERIAL
Keying Material
Keying material is a COMSEC aid that supplies encoding for manual/automanual cryptosystems or key for machine cryptosystems. Keying material may or may not be marked CRYPTO.
COMSEC Equipment
Equipment designed to provide security to telecommunications by converting information to an unintelligible form, and subsequently reconverting it for authorized recipients.
COMSEC-Related Information
Policy, procedural, and general doctrinal publications (e.g., CMS 1), equipment maintenance manuals (KAM-410 or LMM, i.e., Limited Maintenance Manual), equipment operating instructions (e.g., KAO-207), call signs, frequency systems, and miscellaneous material. Selected limited maintenance KAMs are being/have been replaced by Limited Maintenance Manuals. LMMs are not classified and are not accountable as COMSEC or COMSEC-related material. LMMs are numbered by TMIN and NSN and are stocked at NPFC.
CMS TRAINING AND INSPECTIONS
TRAINING
Basic skills and advice/assistance training is available to train CMS custodians and users as follows:
CMS Custodian Course
A five-day course of instruction that provides basic skills necessary to fill a CMS Custodian or Clerk position.
CMS A&A (Advise and Assistance) Training Team
CMS A&A training responsibilities are divided among eleven teams responsible for a specific geographical region, identified in CMS 1. CMS A&A Training Teams provide the following:
l
CMS A&A Training Team Visit - All CMS accounts and their associated local holders are required to receive a CMS A&A Training Visit every 18 months. These visits last six to eight hours, are informal, and provide guidance for self-improvement.l
CMS for Commanding Officersl
CMS Inspector Certification/Recertificationl
CMS User Workshopsl
CMS Seminarsl
STU-III Briefsl
Automated CMS Systems Training and Assistancel
CMS Videocassette Library
INSPECTIONS
CMS accounts must undergo a formal, unannounced CMS inspection every twenty-four months. This inspection is conducted for and under the authority of the requesting ISIC.
SAFEGUARDING COMSEC MATERIAL/FACILITIES
This section identifies general information about safeguards. Specifics are provided in CMS 1.
Safeguarding COMSEC material is accomplished by access requirements (access + need to know), Two-Person Integrity (TPI), storage requirements, packaging and transporting requirements, and routine destruction. Open public display of COMSEC material and information at non-government symposia, meetings, open houses, or other non-official purposes is prohibited. Photographs, drawings, or descriptive information for press release or private use is prohibited. Exterior photographs of COMSEC equipment used for command training need not be marked "For Official Use Only".
ACCESS TO COMSEC EQUIPMENT
Keyed
Access to keyed COMSEC equipment requires a clearance equal to or higher than the classification of the equipment or keying material, whichever is higher.
Unkeyed
Access to unkeyed COMSEC equipment may be granted to U.S. citizens whose official duties require access and who possess a security clearance equal to or higher than the classification of the equipment.
TPI
TPI handling requires at least two people, authorized access to COMSEC keying material, to be in constant view of each other and the COMSEC material requiring TPI whenever that material is accessed and handled. TPI storage requires the use of two approved combination locks with no
one person authorized access to both combinations. Note that Crypto Repair Facilities (CRF), maintenance facilities, and laboratory requirements are not required to maintain TPI for fill
devices where operational key is not handled. See CMS 1 for specific requirements for storing, protecting and shipping COMSEC equipment, fill devices, and other material, and safeguarding secure communications facilities. The following material requires TPI at the custodian level:
l
All classified paper keying material marked or designated CRYPTO (except codes and authenticators classified SECRET and below)l
Fill devices containing classified keyl
Equipment that contains classified key that allows for key extraction
The following material requires TPI at the local holder/user level:
l
All classified paper keying material marked or designated CRYPTO (except codes and authenticators classified SECRET and below)l
Classified electronic key whenever it is generated, transferred, relayed , or receivedl
Fill devices containing classified key
l
Unloaded fill devices in an operational communications environment containing keyed crypto equipment from which classified key may be extractedl
Equipment that contains classified key that allows for key extraction
l
Certified key variable generator equipment installed for operational use. (Specially designed locking bars may be used to meet TPI requirements)
The following COMSEC material is completely exempt from TPI requirements:
l
PROMS (Programmable Read-Only Memories)l
ROMS (Read-Only Memories)l
MOS (Metallic Oxide Semiconductor) chipsl
Unclassified Data Encryption Standard keying materiall
Maintenance keyl
Training key not marked or designated CRYPTOl
Test Key, unclassified and not marked or designated cryptol
Repair kitsl
KAMs (limited or full cryptographic maintenance manuals)l
KAOs (cryptographic operating manuals)l
MAMMs (manufacturer maintenance manuals), SAMs (Navy maintenance procedures for COMSEC test equipment), and SAMMs (developmental R&D - new equipment)l
One-time pads and tapesl
Unclassified keying material (regardless of crypto markings)l
Unclassified, unkeyed equipment (less fill devices)l
Unclassified equipment keyed with unclassified keyl
Confidential and Secret codes and authenticators (regardless of crypto markings)
CRYPTOGRAPHIC EQUIPMENT MAINTENANCE
COMSEC equipment requires special handling during repair and maintenance. Cryptographic equipment is divided into two general types: basic and related equipment/devices. Basic cryptographic equipment is non-paper material that has a direct function in the encryption process. It includes on-line transmitters and receivers, IFF units, and off-line encryption/decryption equipment. Related cryptographic equipment and devices are non-paper items that do not have direct encryption/decryption process functions, but relate to the process (e.g., power units, remote units, extender cables, maintenance/modification kits, and cabinets).
REPAIR AND MAINTENANCE
Operator Maintenance
Operator maintenance is maintenance that is authorized for, performed by, and the responsibility of COMSEC equipment operators. This normally consists of inspecting, cleaning, servicing, preserving, lubricating, and adjusting equipment. It may also include minor parts replacement not requiring highly technical skills. Operators should receive indoctrination and training from FTSC activities or their own COMSEC equipment repair personnel (your technicians) on how to do this work. KAM or KAO manuals provide specific instructions.
Intermediate (or Field) Maintenance
Intermediate maintenance of cryptographic equipment is performed by designated maintenance activities or by qualified COMSEC equipment repair technicians attached to user commands.
Intermediate maintenance is normally limited to replacement of unserviceable parts,
subassemblies, or assemblies by cleared personnel who graduated from a crypto repair school for
a specific model or type of COMSEC equipment. This is generally the highest level of shipboard COMSEC equipment maintenance.
Depot Maintenance
Depot maintenance involves a major overhaul or complete rebuilding of parts, subassemblies, or the entire equipment. This maintenance is intended to augment stocks of serviceable equipment or to support lower levels of maintenance by using additional shop equipment and personnel with higher technical skills than are available in organizational or field maintenance activities. Overhaul of ship COMSEC equipment should normally be done by a CRF.
Maintenance Procedures
CMS custodians are responsible for ensuring that all of the equipment they hold is complete and operational at all times. Emphasis should be placed on determining defects and correcting them, and, when replacement parts are not carried or have been used up, on the expeditious submission of requisitions to the supply system. MILSTRIP forms should not be accumulated for one-time preparation and lot submission to a supply point at a later date or on a delayed basis. Replacement parts not on hand should be requisitioned as the defects occur. Cryptographic equipment turned into a CMIO (COMSEC Material Issuing Office) or into the DCMS (Director, Communications Security Material System) is cycled through a Crypto Repair Facility (CRF) before it is reissued. If cryptographic equipment is received that is not in proper operating condition, the receiving user will attempt to repair the equipment, using qualified repair personnel. If the equipment is beyond ship's force repair capabilities, the user will turn the equipment into a CRF for repair and return. All cryptographic equipment transfers must be in accordance with CMS-1 CMS Policy and Procedures Manual. See your CMS Custodian. Should operational necessity dictate, contact your CMS custodian to initiate action to obtain replacement equipment.
Detailed authorized maintenance and repair procedures for a particular cryptographic equipment are contained in the associated maintenance manuals (KAMs, SAMs, LMMs), crypto EIBs (CEIBs), and MRCs. Separate repair kits (also known as Q-kits) and spare cryptographic equipment are provided in quantities sufficient to satisfy anticipated usage or failure rates. It is the responsibility of the unit's parent CMS account, or parent local holder account, to determine the quantity of spare equipment and/or associated maintenance and repair parts to be held. These spares will be provided by DCMS when available in CMS assets. SPCC provides logistic support for cryptographic equipment. DCMS issues repair parts kits for immediate logistic support. Cryptographic repair kits contain classified and unclassified material and are CMS-accountable. An inventory list is kept in the kit. Parts/assemblies contained in the kit must be replenished/repaired as they are used. Note that while shipboard CRFs are not technically secure processing centers, physical security criteria for a secure processing center applies.
CRYPTOGRAPHIC EQUIPMENT MODIFICATIONS
Modifications to cryptographic equipment are generated to install improved or special capabilities, improve electrical processing capabilities and security, correct equipment
deficiencies, satisfy specific operational requirements, and adapt to local conditions. Modifications are mandatory, operational/special mission modifications, or repair actions. Installed modifications are indicated on the equipment modification record plate.
Mandatory Modifications
Mandatory modifications must be installed in order to ensure continued effectiveness of the cryptographic equipment and to retain its approval for use. Mandatory modifications must be installed by a predetermined, time-compliance date that is determined on the basis of security, human safety, TEMPEST, or reliability. There are two types of mandatory modifications:
l
NSA-Mandatory - These modifications are mandatory for all U.S. commands or user activities. Kits for NSA-mandatory modifications contain the necessary parts, instructions, and two report-back forms.l
Navy-Mandatory - These modifications are NSA-optional modifications that have been designated as mandatory for all DON user commands. Kits for Navy-mandatory modifications contain parts and instructions.
NSA-Optional/Special Mission Modifications
NSA-optional modifications are not required to be installed by all users. They are generally tailored to specific operational/environmental needs and may be installed at the discretion of the command or as directed by higher authority. They are issued in kit form when the required assemblies/parts are unique and not obtainable elsewhere; otherwise, modification parts are obtained through the Navy Supply System.
NSA Repair Actions
NSA repair actions are optional and do not affect the original characteristics of the cryptographic equipment. Repair actions are limited to minor electrical and/or mechanical improvements to the equipment operation, maintenance, reliability, etc. Authorized repair actions are listed in the appropriate KAM/SAM manuals.
CRYPTOGRAPHIC MAINTENANCE CERTIFICATION REQUIREMENTS
All DON military and civilian personnel involved in the installation, maintenance, and repair of COMSEC equipment must be trained and complete work in accordance with OPNAVINST 2221.3C, Communications Security Equipment Maintenance and Training and all current, applicable cryptosecurity rules, regulations, procedures, and instructions. COMSEC equipment includes cryptoequipment, cryptoancilliary equipment, cryptoproduction equipment, and authentication equipment. Formal schools operated by the military departments, agencies, and other agencies of DOD are the primary sources of training in cryptographic equipment installation, maintenance, and repair. DCMS arranges initial factory training for the implementation of new cryptographic equipment.
The complexity of modern COMSEC equipment places the maintenance technician in a critical position of responsibility that directly affects secure operation. Since technical proficiency is largely dependent on the quality and amount of maintenance training received and on the extent of experience acquired in applying this training, all DOD components must ensure the following:
l
Only personnel who are graduates of an approved course of instruction for either unlimited or limited maintenance on a specific cryptographic equipment, or associated cryptoancilliary equipment, are permitted to install, maintain, and repair such equipment. If no maintenance action or external wiring change is involved, cryptographic equipment may be installed/deinstalled by other than a certified limited or full maintenance technician. This exception does not apply to initial cryptographic installations which must be accomplished by a certified maintenance technician.l
Supervisory personnel must determine the proficiency of technicians before they are assigned the responsibility for COMSEC equipment installation and maintenance.l
Supervisory personnel must maintain the scope of and the graduation requirements for COMSEC maintenance courses at a level sufficient to ensure that technicians who install and maintain COMSEC equipment are qualified in all aspects of their assigned responsibilities.
Maintenance personnel will be trained to the minimum level (limited or full maintenance) required for accomplishment of their assigned duties. Personnel operating general purpose COMSEC Automatic Test Equipment (ATE) are not required to be trained on the individual COMSEC equipment or components being tested. Personnel performing piece-part replacement
of components on COMSEC elements, previously identified as defective by either ATE or a certified full COMSEC maintenance technician at the full maintenance site, are not required to be trained on the COMSEC equipment.
CRYPTOGRAPHIC MAINTENANCE CERTIFICATION PROCEDURES
The proficiency of trained personnel is determined and certification maintained in accordance with the DD Form 1435, COMSEC Maintenance Training and Experience Record, shown in Figure 2.2-1, and more detailed guidelines in NTP-7, Navy, Marine Corps, Coast Guard Cryptographic Equipment/Guidance Manual. You will fill out a DD Form 1435 in Job Sheet
2-2-1J.
A DD Form 1435 must be completed for each technician who completes a COMSEC maintenance course and may be used as a graduation certificate. This form constitutes a chronological record of all COMSEC training and maintenance experience received by the technician, and will become a part of the technician's permanent personnel record. Each form will be reviewed and updated every twelve months and before a permanent change of station. Technicians trained to perform only limited maintenance are excluded from this review requirement. Supervisory personnel must review each DD Form 1435 to ensure that the training and experience requirements on particular equipment are met before the technician is assigned maintenance responsibility. When (1) a previously trained and qualified technician, who no longer meets the requirements for installing and maintaining a particular equipment because they have not had training, nor experience with, the equipment in the preceding thirty-six months, or
(2) retraining is required due to major changes in the equipment, the technician will be retrained or requalified by approved examination. Certification to perform maintenance on certain
ancillaries can be granted to personnel by on the job training, provided they are presently
┌────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ COMSEC MAINTENANCE TRAINING AND EXPERIENCE RECORD │
│ (See reverse side for instructions) │
├──────────────────────────────────────────────────────────────────────┬─────────────────────────────────────┤
│1. NAME (Last - First - Middle) │2. SERVICE NUMBER/SSN │
├───────────┬─────────┬──────┬────────┬────────────────────────────────┼─────────────────────────────────────┤
│ EQUIPMENT │QUALIFIED│METHOD│ DATE │ REMARKS │ CERTIFICATION │
│SHORT TITLE│(Yes/No) │ │(YYMMDD)│(Include School or Organization)├──────────────────┬──────────────────┤
│ │ │ │ │ │ signature of │ organization of │
│ a │ b │ c │ d │ e │certifying officer│certifying officer│
├───────────┼─────────┼──────┼────────┼────────────────────────────────┼──────────────────┼──────────────────┤
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
└───────────┴─────────┴──────┴────────┴────────────────────────────────┴──────────────────┴──────────────────┘
DD FORM 1435 (82 APR) PREVIOUS EDITION IS OBSOLETE
Figure 2.2-1 COMSEC Maintenance Training and Experience Record
certified to maintain the equipment associated with the ancillaries. Individuals maintaining ancillaries must have received general TEMPEST training and any unique TEMPEST training applicable to the ancillary being maintained. TEMPEST is addressed later in this lesson topic.
REFERENCES
Note that CMS-1 supersedes CMS-4L and CSP-1A as of April 14, 1993. CMS-5, Communications Security Material System Cryptographic Equipment Information/Guidance Manual, is being revised as CMS-5A, as of this writing.
EMERGENCY DESTRUCTION
INTRODUCTION TO DESTRUCTION
Annex M of CMS-1 prescribes policy and procedures for planning, protecting, and destroying COMSEC material during emergency conditions. Every command that holds classified COMSEC or CCI material must prepare emergency plans for safeguarding such material in the
event of an emergency. These plans must be incorporated into the command Emergency Action
Plan. Planning and training must include every individual who uses COMSEC material. For commands located in CONUS, emergencies include natural disasters, e.g., fires, floods, tornados, and earthquakes. For commands located outside CONUS, emergencies include natural disasters and hostile actions, e.g., enemy attack, mob action, or civil uprising. For natural disasters, security control over the material should be maintained until order is restored. For hostile actions, COMSEC material must be safely evacuated or destroyed.
DESTRUCTION GUIDELINES
Guidelines for minimizing the number/complexity of emergency actions are:
l
Hold only the minimum COMSEC material required at any timel
Store COMSEC material to facilitate emergency removal or destructionl
As emergency situations develop, initiate precautionary destruction or evacuation of all material not immediately needed for operational effectiveness
Planning for disasters must include:
l
Fire reporting and initial firefighting by assigned personnell
Assignment of on-scene responsibility for protection of COMSEC materiall
Securing or removing classified COMSEC material and evacuating the areal
Protection of material when admission of outside firefighters to the secure space is necessaryl
Assessment and reporting of possible exposure of classified COMSEC material to unauthorized personnel during the emergencyl
Post-emergency inventory of classified COMSEC and CCI material and reporting losses or unauthorized exposure
Planning for hostile actions must include:
l
Assessing the threat of various hostile emergencies and the threat that these emergencies pose to COMSEC materiall
Availability and adequacy of physical security protection, i.e. perimeter controls, guard forces, and physical defenses, at individual buildings and other locations where COMSEC material is heldl
Emergency evacuation of COMSEC material, including an assessment of risks associated with evacuationl
Precautionary destruction of COMSEC material, particularly maintenance manuals (KAMs) and keying material which is not operationally requiredl
Establishment of specific emergency procedures
Except under extraordinary conditions, e.g., an urgent need to restore secure communications after relocation, COMSEC keying material should be destroyed rather than evacuated. Facilities and emergency procedures must also address:
l
Adequate number of destruction devicesl
Availability of electrical powerl
Secure storage facilities nearbyl
Adequately protected destruction areasl
Personnel assignments
PREPARING THE EMERGENCY DESTRUCTION PLAN
The emergency destruction plan should be prepared by the person most aware of the extent and significance of the COMSEC material on hand. The commanding officer or other responsible official must approve the plan. All destruction material, devices, and facilities must be readily available and in good working order. The plan must be realistic, workable, and effective. This is accomplished by ensuring the following:
l
All duties under the plan are clearly and concisely describedl
All authorized personnel are aware of the existence of the planl
Each individual assigned duties under the plan has received detailed instructions on how to carry out those dutiesl
All personnel are familiar with all duties so assignment changes can be madel
Training exercises are conducted periodically (quarterly exercises are recommended)
CONDUCTING EMERGENCY DESTRUCTION
Printed Matter
Destroy keying material and publications beyond reconstruction. Destroy full maintenance
manuals or, when time does not permit, remove and destroy sensitive pages by removing post/rings, inserting rod in top left binder holes, and shaking out sensitive pages.
Crypto Equipment
Render equipment inoperable. Destroy cryptographic logic beyond reconstruction if time permits.
Aboard Ship
If ship is in imminent danger of sinking in a U.S. controlled area, zeroize equipment and destroy COMSEC material as completely as possible, lock it in security containers, and permit it to sink with the ship. If ship is in imminent danger of capture or sinking in an area where foreign elements have salvage opportunities, destroy all COMSEC material and keying material.
MAINTENANCE MANUAL DESTRUCTION
In a deteriorating situation all "full" maintenance manuals (i.e., those containing cryptographic logic information) which are not absolutely essential to continued mission accomplishment must be destroyed. When there is insufficient time under emergency conditions to completely destroy such manuals, every reasonable effort must be made to remove and destroy their sensitive pages. To prepare for emergency destruction of KAMs with sensitive pages:
l
Apply distinctive markings (e.g., red stripes) to binder edge and covers of KAMs with sensitive pages.l
Remove screw posts or binder rings, or open multi-ring binder.l
Remove each sensitive page and cut off the upper left hand corner of the page so the first binder hole is removed. Do not delete text or diagrams.
TEMPEST (TELECOMMUNICATIONS ELECTROMAGNETIC PERFORMANCE
AND EMISSION STANDARDS)
INTRODUCTION TO TEMPEST
Compromising emanations (CE), generally referred to as TEMPEST, are data-related or intelligence-bearing signals unintentionally radiated from equipment and the ship's structure. If CE is intercepted or analyzed, it can disclose the classified information processed by electrical information processing equipment or systems. Classified Information Processing Systems, although commonly associated with communications systems, also include any equipment or
system that processes classified information in an electrical form. Such systems include, but are not limited to, computers and word processors, Mode 4 IFF (Identification Friend or Foe), AN/SLQ-32 countermeasures sets, Tomahawk weapons systems, LAMPS (Light Airborne Multi-Purpose System) III sonar systems, SSES (Special Signals Exploitation System), OUTBOARD (classified information processing system), and any closed circuit television system used for classified briefings and programs. Countermeasures taken to protect against CE include:
l
Equipment designs in which CE is suppressedl
Approved installation criteria that limit interaction between classified and unclassified signal lines, power lines, grounds, equipment, and systemsl
Low-level keying and signaling (discussed earlier in this chapter)l
Shielded enclosures for equipment installationsl
Proper grounding of equipment
MIL-STD-1680 (SHIPS), Installation Criteria for Shipboard Secure Electrical Information Processing Systems is the definitive guidance for TEMPEST. You must have a thorough working knowledge of the requirements outlined in MIL-STD-1680 (SHIPS) to be able to ensure that system modifications are properly installed and inspected.
TEMPEST TRAINING
Every command, activity, and contracting officer responsible for the design, development, procurement, installation, inspection, testing, evaluation, operation, maintenance, or repair of equipment or systems, which are or will be used to electrically process classified information, must take necessary actions to fulfill the responsibilities for TEMPEST. TEMPEST familiarization courses are taught at all FTSCs. Recall from Lesson Topic 1.3 that the COMNAVSURFLANT TEMPEST Instruction requires, at a minimum, that the communications officer, EMO, ERO, leading radioman, and leading electronics technician attend a TEMPEST familiarization course. The Communications Security (COMSEC) Equipment Maintenance and Training instruction requires that personnel maintaining cryptoancillaries receive general TEMPEST training.
TEMPEST INSPECTIONS
There are two types of TEMPEST inspections. One is the instrumented TEMPEST survey,
an on-site field test to determine the nature and amplitude of conducted or radiated signals that may contain compromising (classified) information. A field test normally includes detection and measurement of such signals, and an analysis to determine the correlation between emanating signals and classified information being processed. A National Policy Certification is issued to the ship when the ship's equipment has been found to meet requirements. This certification permits the ship to operate all of its information processing systems according to prescribed
procedures. Because of its cost, the instrumented survey is usually completed on only one ship of a class.
The second inspection is the Visual TEMPEST Configuration Control Inspection (VTCCI), which is conducted independently or concurrently with the instrumented TEMPEST survey, to determine whether shipboard secure electrical processing systems are installed properly. A VTCCI is required for all ships that have a secure electrical information processing system
installed. The VTCCI will include Visual TEMPEST Inspection (VTI) and configuration control plan and elevation view drawings. The VTI will determine compliance or noncompliance of the
system. The diagrams identify the type and relative location of all equipment in the system. The
most recent VTCCI report and amendments must be retained by the ship and reflect the existing configuration and all installation discrepancies that exist. Any change, however minor, in the secure electrical processing center, by forces afloat or installation activity, must be made and inspected in accordance with criteria outlined in MIL-STD-1680.
SYSTEM CRITERIA AND CHANGES
Communications systems, equipment, and conductors are designated as RED or BLACK. These designations are defined in the following paragraphs.
Red Criteria
The RED designation is applied to all cryptographic equipments, subscriber terminal equipments, and interconnecting conductors involved in processing classified plain language information. The designation also applies to primary power circuits, DC circuits, control wiring, and ground conductors serving cryptographic equipments and subscriber terminal equipments, that are designated RED. The RED designation is also applied to junction boxes, terminal boxes, distribution frames, conduit, ducts, cable racks and hangers, patching and switching panels, cabinets, AC/DC power distribution panels, and other ancillary devices serving the conductors and equipments mentioned above. To provide direct correlation with other agency definitions, RED wiring terminology is as follows:
l
Primary Red - Any conductor intended to carry classified plain language terminating in RED equipment or the RED side of cryptographic equipment is designated as primary red.l
Secondary Red - Any conductor, other than Primary RED, that connects to RED equipment, the RED side of cryptographic equipment, or the RED side of isolation devices, that does not intentionally carry classified information, but because of the coupling mechanism with the RED equipment might carry compromising information, is designated secondary red. Some examples are indicator lines, control lines, and timing lines. Power distribution panels and grounding systems serving RED conductors/equipment are also designated secondary red.
Black Criteria
The BLACK designation is applied to all conductors and equipment involved in handling or processing unclassified plain language and/or encrypted information in electrical form. It is also applied to all facilities and circuits that are not designated RED.
System Changes
Any change to a red (classified) side of a system must be followed with a Partial TEMPEST Inspection (PVTCCI). If the ship has red high level keying, any change to the black side of the processing system also requires an inspection. Additionally, if the black processor in any way interfaces with a red processor (i.e. single audio system, shared displays, shared junction boxes, etc.), the installation will require an inspection regardless of whether the red keying level is high
or low level. If alterations are performed by an industrial activity, the installing activity is
responsible for the inspection and the correction of any discrepancies found. If the installation or modification is done by ship's force, the ship is required to obtain the services of a certified Field Technical Authority (FTA) to hold a PVTCCI.
TEMPEST DISCREPANCIES
Any correspondence that mentions specific TEMPEST discrepancies must be classified at least Confidential. Discrepancies determined by the FTA inspection activity to be of a serious nature are classified Secret. Since TEMPEST discrepancies are classified, they will not be discussed on a non-secure phone. All installation discrepancies documented in a TEMPEST inspection report must be corrected. These corrections must themselves be inspected. Inspection reports that document compliance (zero discrepancies) are Unclassified. All discrepancies identified in a VTCCI report are assigned a correction priority. Priority 1 requires immediate correction, since these violations greatly increase the possibility of compromising classified information. All other discrepancies must be corrected in a timely manner. Discrepancies that cannot be corrected in a timely manner because they require an industrial assist to correct must be documented on the CSMP. The CSMP must reference the discrepancy number only, NOT the discrepancy narrative or MIL-STD-1680 paragraph number. Relating a ship name or hull number to a TEMPEST discrepancy makes the CSMP at least Confidential.
TEMPEST PUBLICATIONS
Ensure that you have the following documents aboard your ship: OPNAVINST 5510.93, MIL-STD-1680, and TEMPEST Survey Results.
Installation Criteria for Shipboard Secure Electrical Information Processing Systems (MIL-STD-1680)
This standard sets forth the design and installation criteria applicable to shipboard secure electrical information processing systems. This includes definitions, detailed hardware and equipment requirements, applicable inspection, reporting procedures, and documentation. It is of utmost importance that installation and maintenance managers of these processing systems be well versed in the contents of this standard. Specifically, this instruction provides requirements regarding:
l
Red and black signal and control line interfacesl
Red and black primary power and power line filtersl
Rotary or tone dial telephone installations in a secure processing centerl
Landline terminationsl
Parallel datal
NTDS communicationsl
Isolation of clocking and control circuitsl
Equipment, equipment cabinets, relay devices, cable-connecting enclosures, cable junction boxes, patch panels, and temporary installationsl
Cables, conduit, conductors, waveguides, and bondingl
Perimeter barriers, accesses, and alarmsl
TEMPEST Inspectionsl
Inspection check-off sheets
The installation standards of MIL-STD-1680 must be implemented as specified to reduce or eliminate CE. In new construction ships and ships undergoing a major rip-out to the exterior communications system, the secure electrical information processing system should be installed using a red low level signaling distribution system. There are no TEMPEST related installation requirements for cryptographic equipment in a portable configuration. This includes, but is not limited to, cryptographic attachments to portable radio sets, vehicular mounted equipment used in a flight or hanger deck applications, and cryptographic devices used to load or fill a cryptographic system.
PROCEED TO ASSIGNMENT SHEET 2-2-1A IN THE ASSIGNMENT BOOKLET. UPON COMPLETION, TAKE THE ASSIGNMENT BOOKLET TO THE LEARNING CENTER INSTRUCTOR. AFTER REVIEWING ASSIGNMENT SHEET 2-2-1A WITH THE LEARNING CENTER INSTRUCTOR, PROCEED TO JOB SHEET 2-2-1J. UPON COMPLETION TAKE THE ASSIGNMENT BOOKLET TO THE LEARNING CENTER INSTRUCTOR.