COMSEC/CRYPTO Briefing
Transcript of COMSEC/CRYPTO Briefing
CRYPTO Users Briefing
1
OVERVIEW
• What is COMSEC/CRYPTO?• Devices/CRYPTO • Access• Safeguarding• Reproduction• Destruction• Reporting Requirements
2
WHAT IS COMSEC?
COMSEC (Communications Security) –Broad term used to describe the measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications.
3
WHAT IS CRYPTO?CRYPTO – Marking or designator identifying all COMSEC
key material used to secure or authenticate classified telecommunications
Key Material – Sequence of random binary digits used to
set up, and periodically change, operations performed by crypto equipment to encrypt, decrypt, and authenticate electronic telecommunications
(When written in all capital letters, CRYPTO has the meaning defined above. When written in lower case letters it’s an abbreviation for cryptographic)
4
What is COMSEC?
Handled in 2 separate channels:
1. COMSEC channel – is used to distribute items that are accountable by the COMSEC Custodian to the National Security Agency (NSA)
2. Administrative channels – are used to distribute other COMSEC information and material not accountable by the COMSEC Custodian but rather through the site’s Document Control system
When in doubt, contact the COMSEC Custodian
5
WHAT IS COMSEC?
• For purposes of this briefing, we’re concerned with the 1st channel: items that are accountable by the COMSEC Custodian to the NSA
• These items can be further categorized into:– Controlled Cryptographic Items (CCI)– Classified devices– Cryptographic key material (CRYPTO)
6
DEVICESCONTROLLED CRYPTOGRAPHIC ITEM
• Unclassified cryptographic device • Protected as high value property • Accountable to NSA• Examples:– STE – Data Transfer Device (DTD) – KIV 7
7
DEVICES
CCI• STE• Secure point-to point voice/data communications
up to Top Secret• Unclassified without the Crypto Ignition Key (CIK)
or it is zeroized8
DEVICES
CCI• Data Transfer Device
(DTD)• Used to store
electronic keys then load into crypto equipment
• Unclassified without key material or CIK
9
DEVICES
CCI• KIV 7• Provides secure Line of Site Communications • Unclassified without classified keying material
loaded into device
10
CRYPTOCryptographic key material (CRYPTO)
• Unclassified to Top Secret• Requires higher degree of protection than other
classified• Comes in various forms; key tape within plastic
canister, floppy disk, electronic, algorithms on paper, PROMS
11
CRYPTO
Key Tape• Issued by canister• Contains multiple segments• Each canister unique
12
ACCESS• The following minimum conditions must be met prior
to granting access to CRYPTO:
– Final Secret clearance or interim Top Secret
– Need-to-Know determination
– Receive Cryptographic Access Briefing from COMSEC Custodian, Alternate, or their written designated representative and input into EPSS
13
ACCESS
As a condition of access you must acknowledge:- that you may be subject to a non-lifestyle, counterintelligence scope polygraph exam only encompassing questions concerning espionage, sabotage, or unauthorized disclosure of classified information
-this examination will be administered in accordance with DoD Directive 5210.48 and applicable laws
14
SAFEGUARDING CRYPTO Storage
• All CRYPTO must be stored in a GSA approved safe that is either;1. inside a Closed Area and 2. Under IDS control or covered by guard patrols
every 4 hours
• Do not use lockbar containers for storing CRYPTO
15
SAFEGUARDING
Keyed CCI & Classified Hardware Storage Requirements:
• If being used, must be located in a Closed Area• If not being used, must be stored in a GSA safe
Storage of unkeyed CCI
• May be stored like a high value item (e.g. within locked cabinet or storage room) but regularly sighted.
• For STE, see COMSEC Custodian for briefing16
SAFEGUARDING
Do NOT:• store COMSEC safe combinations electronically (not
even on a classified computing system)
• place CRYPTO on any computer system (not even if the system is approved for it) until you’ve received written permission from the COMSEC Custodian
• move any COMSEC equipment or CRYPTO (not even temporarily) to another location without the COMSEC Custodian’s prior written permission
17
SAFEGUARDING
Hand Receipt Items• Items Hand Receipted to you by the COMSEC
Custodian become your personal responsibility and may never be transferred by you to another person or organization
• To initiate transfer for any of your items, you must contact the COMSEC Custodian
• Another properly cleared and briefed person may use your items but this does not relieve you of its responsibility
18
SAFEGUARDINGKey Disposition Record
• Completed by users as they load key material to ensure a continuous chain of accountability (Records are classified at least CONFIDENTIAL for CONFIDENTAL key and above. Unclassified key disposition Records are marked Unclassified/FOUO)
• The following are the only disposition records you might have to use:– Electronic Key Disposition Record or– Key Tape Disposition Record– Electronic Key loader Disposition Forms
• The COMSEC custodian will provide you with the required disposition form and instructions.
19
REPRODUCTION
Reproduction of CRYPTO
• NOT Authorized unless:– COMSEC Custodian receives written approval
from key material Controlling Authority and– COMSEC Custodian provides you written
permission
• Permission does have to formal and in writing from the controlling authority.
20
DESTRUCTIONDestruction of CRYPTO
Requires 2 persons both being;1. appropriately cleared,
2. CRYPTO briefed and 3. knowledgeable of destruction procedures 4. fully trained and knowledgeable on Status
messages and usage factors
• One person performs destruction while the other serves as witness
• Never sign the record without personally sighting the destruction
21
DESTRUCTION
• If you have no approved destruction method available to you, return the superceded key material to the COMSEC Custodian within the 12 hour time frame
• Failure to do the above may result in a violation
22
DESTRUCTION
• Destruction of key tape segments is authorized by use of the NSA approved disintegrator
23
DESTRUCTION
Electronic Key
• Destruction is done by deleting the key or particular key segment on the DTD and Then Annotating it on Electronic Key Disposition Form
24
REPORTING REQUIREMENT
Examples of COMSEC/CRYPTO Violations• COMSEC safe left unsecured• Removal of future keying material from its
protective packaging• Disclosing short title, edition and effective
dates of CRYPTO by unsecured means• Loss of COMSEC equipment/material• Falsification of COMSEC records
25
REPORTING REQUIREMENT
Reporting Espionage Attempts
• Foreign Intelligence Services prize the acquisition of CRYPTO/COMSEC information
• Extreme measures may be taken to coerce or force persons to divulge CRYPTO/COMSEC info
• Personal and financial relations with representatives of foreign governments or their interests could make you vulnerable and/or targeted
26
REPORTING REQUIREMENT
Why is reporting so important?
• If COMSEC information or techniques are breached at any point, all classified information protected by the system might be compromised
• If a security breach is not reported, it may never be detected
27
REPORTING REQUIREMENT
• Consider for a moment how much traffic passes over that circuit in a week, month, year, or its lifetime and the damage that can cause
• If reported, steps can be taken to lessen an adversaries advantage gained through the compromised information
• If any incident occurs, contact your COMSEC Custodian immediately
28
CONTACTS
29
QUESTIONS?
30