1

PDS Annual Security Refresher Briefing 2018

SECURITY TEAM:Karl Eichholtz, Facility Security Officer 214-647-9662Lorri Bloom, Security Administrator 214-647-9612

We can be reached at: Security@pdstech.com

PDS SECURITY PORTAL for past and present Security Briefings, Training, Notification of Foreign Travel Forms and Visit Requests:https://security.pdstech.com

2

This Briefing is Unclassified/Company Proprietary

PDS Tech, Inc. is required to provide an annual security refresher briefing to individuals who hold Department of Defense (DoD) clearance. We understand that you are briefed at your job site for the specific program that you are on however this is a requirement that must be met with no exceptions. The purpose of this briefing is to remind you of your personal responsibilities and liabilities under United States espionage and procedures established for the protection of classified information.

If you have an active security clearance, you are expected to understand all of your responsibilities associated with protecting classified information.

This briefing will meet the necessary DoD requirements for the periodic Security Refresher as outlined in the National Industrial Program Operating Manual (NISPOM).

3

We are bound by Department of Defense(DoD) rules and regulations to properlyprotect and control all classified materialin our possession.

You, as an employee, are equally bound under the lawto provide the same protection and control.

4

Topics to be Covered• Non-Disclosure Agreement

• Overview of the Security Classification System

• OPSEC

• Threat Awareness

• Defensive Security

• Employee Reporting Obligations and Requirements

• Traveling foreign and domestic

• Espionage

• Reporting Fraud, Waste, Abuse & Corruption (FWAC)

• Security Disciplinary Actions

• Security Procedures and Duties Applicable to the Employee's Job.

5

We Must Understand Our Obligations to Protect Those in Danger.

6

Classified Information Nondisclosure Agreement (SF 312)

When you received your security clearance, you signed a nondisclosure agreement form. The SF 312 is a contractual agreement between the U.S. Government and you. The primary purpose of the SF 312 is to inform you that:

► a special trust has been placed in you;► this agreement is binding upon you for life (even if you are no

longer require a security clearance)► you are responsible to protect classified information from

unauthorized disclosure; and,► there are serious consequences for not complying with the terms

of this agreement.

While there are a number of statues mentioned in this agreement, there are two titles that provide specific punishments for violations. Disobeying any of the statutes of Title 18 or Title 50 can lead to:• Prison sentences• Fines,• or both

Punishments for Violations

• While there are a number of statues mentioned in this agreement, there are two titles that provide specific punishments for violations. Disobeying any of the statutes of Title 18 or Title 50 can lead to:

• Prison sentences• Fines,• or both

7

8

Types of National Security Information

SECRET

CONFIDENTIAL

TOP SECRET

RESTRICTED

FOR OFFICIAL USE ONLY

NATO CNWDI

COMSEC

Unclassified Sensitive Information

9

LEVELS OF CLASSIFIED INFORMATION

TOP SECRET – Release of this material could GRAVELY damage national security

SECRET – Release of this material could SERIOUSLY damage national security

CONFIDENTIAL – Release of this material could DAMAGE national security

10

Classified Material can includeANY of these:

MachineryDocumentsApparatus

DevicesModels

PhotographsRecordings

ReproductionsNotes

SketchesMaps

LettersProducts, Substances or Materials

11

How Do I Identify Classified Information?

• Documents are boldly marked with the highest classification

• Individual Paragraphs have markings: (C), (S), (TS)

• Use the Program Security Classification Guide

• If you believe information is over-classified, contact the Security Office for help

CONFIDENTIAL

SECRET

TOP SECRET

?

(C)

(S)

(TS)

12

CLASSIFIED COVER SHEETS

SECRET

SECRETNational Security Information. Unauthorized Disclosure Subject to Criminal Sanctions. National Security Information. Unauthorized Disclosure Subject to Criminal Sanctions.

CONFIDENTIAL

13

Classified Information:

Must never be left unattended. Must never be discussed in public places. Must be discussed on secure telephones or sent via secure faxes. Must be under the control of an authorized person. Stored in an approved storage container. Never be processed on your computer unless approved by the Designated Approval Authority.

14

Classified Material may only be released from the facility after obtaining proper approval from the Security Officer.

15

It is your personal responsibility to know that the personyou are dealing with is both

properly clearedand has a

need to know.

You must never reveal or discuss classified informationwith anyone other than those that are

properly cleared and have a need to know.

16

CLEARANCEAdministrative action, usuallyinvolving a form of backgroundinvestigation.

NEED TO KNOWDuties that require you towork with classified material.

+ ACCESSAvailability of classified material/information.=

17

Protection of Classified RelationshipsIt is every employee’s responsibility to protect classified information. We

do not discuss any companies involved with any classified program.

What Companies Are You Working With?

Who is Sponsoring your Programs?

18

Unclassified Government InformationUnclassified material can be very sensitive information to our company , the client facility that you are working at and your job duties. In some cases, the material may have special handling and destruction requirements. Unclassified material that is co-mingled with classified material must be marked unclassified.

This type of data will normally be marked For Official Use Only (FOUO). Another unclassified marking is Controlled Unclassified Information (CUI). These types of information are not for public disclosure.

The statement of work provide with your tasking or the overall contract document will provide specific instructions on the handling of these types of materials. For further guidance, check with your site program manager, supervisor, or contracting officer, if you have materials that contain these types of marking labels.

19

PUBLIC RELEASE OF INFORMATION

Public release of Governmentinformation must first beapproved by the Public AffairsOffice.

Operations Security (OPSEC)OPSEC is a systematic and proven process in which the U.S. Government and its supporting contractors can deny potential adversaries information about capabilities and intentions, by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive Government activities.

OPSEC has five components:• Identify Critical Information

• Analyze Threat

• Analyze Vulnerabilities

• Assess Risk

• Initiate Countermeasures

20

Implementing OPSECUnclassified information may reveal sensitive or classified details about a program, also known as indicators.

OPSEC Indicator - Friendly detectable actions and open-source information that can be interpreted or pieced together by an adversary to derive critical information. Indicators can include: • When you go to work • What you do at work • Financial transactions • Countermeasures:

– Alter your itinerary or routes – Avoid discussing details about your employment – Protect your PIN when using ATMs, shred receipts

21

Threat Awareness

22

• People are the Weakest Link• Threats Target People, Not Physical Defenses• They Target People Through Malicious Email, Casual

Conversation, or even Befriending Those With Access to Classified Information

Threat AwarenessThe threat to the United States from foreign economic intelligence collection and industrial espionage has continued unabated and foreign entities continue to try to illegally acquire U.S. technology, trade secrets, and proprietary information

As a cleared defense contractor, we are responsible to protect the information entrusted to us from these collection attempts. The first line of defense is to be aware of the attempts and be able to identify them.

23

Threat AwarenessWhile the direct request is the most common method, you should be aware of several collection methods. The following is a list of the methods used to solicit information: • Direct Request - email requests for information, examples: marketing surveys,

requests from individuals claiming to represent universities or customers, etc. • Suspicious Internet Activity - confirmed or attempted intrusion, network

attack, or spam • Solicitation and marketing of services/seeking employment - offering technical

or business services, sales, offers and resume submissions • Foreign Visits - unannounced visits by a foreign national or questions beyond

the scope of the work they are performing • Targeting at conventions/seminars - solicitations to attend a convention, offers

of paid travel to a seminar, or direct request for specific technology

24

Defensive Security

25

Defensive/Proactive SecurityWe do Not Want to Have to Clean up Security Messes; We Want to Prevent Them From Happening.

– Protect Classified Information in Your Possession

– Be Aware of Those Around You and Their Access Level/Need-To-

Know

– Do Not Discuss Details of Your Job Outside of Work

– Do not Send Emails Discussing Your Work

26

27

“I don’t understand #11 . . .Thou shalt report...”

28

YOU are responsible for reporting certain information to Security.

29

Change of:

Name

Marital Status

Citizenship

You must report…

30

Adverse information

You must report…

31

Reporting RequirementsAdverse Information - Any information about yourself or another cleared person that adversely affects the ability to protect classified information.

Arrests and criminal conduct. Substance abuse: illegal drug use and prescription substance abuse, alcohol abuse, and treatment programs when mandated or when not completed successfully. Court ordered deductions against your paycheck including garnishment of wages, liens, etc.

Legal Involvement:Subpoenas, witness involvement, civil cases (notify your CPSO)

Jury duty does not have to be reported to Security Financial situations such as excessive debt, delinquency on debts over 90 days, bankruptcy, foreclosures, unexplained affluence Treatment and counseling for mental and emotional disorders. Excludes: (non-violent) grief, family, or marital counseling, and treatment related to adjustment from service in a military combat environment, unless medication has been prescribedTickets and fines greater than $300

Security infractions and violations Self-report any actual or suspected security infractions and/or violations immediately. (i.e. classified material is unprotected or mishandled.)

32

All contacts with known or suspected intelligenceofficers from any country, orany contact which suggeststhe employee may be thetarget of an attemptedexploitation by theintelligence services of another country.

You must report…

33

Loss, compromise, (or suspected

loss or compromise) of classified

or proprietary information,

including evidence of

tampering with a container

used for storage of

classified information.

You must report…

34

If you find an unlocked

security container which

is unguarded or left

unlocked after-hours.

You must report…

35

If a member of your immediate family (or your spouses immediate family)takes up residence outside the United States,

or if you acquire relatives(through marriage) who are residents or citizens of a foreign country.

You must report…

36

NOTIFY YOUR

SECURITY REPRESENTATIVE OF

EMPLOYMENT BY A FOREIGN INTEREST.

! ! !

You must report…

37

Foreign Interest:

A foreign government

Any business enterprise organized under the laws of any country other than the U.S. or itspossessions.

Any form of business enterprise which is ownedor controlled by a foreign government, firm, corporation or person.

Any person who is not a citizen or national of the U.S.

38

ALL LOST BADGES MUST BE IMMEDIATELY

REPORTED TO SECURITY

You must report…

39

PRIOR NOTICE IS REQUIRED.

CALL or EMAIL YOUR FACILITY SECURITYOFFICER AT PDS ON YOUR LAST DAY

FOR DEBRIEFING.

Karl Eichholtz, FSO214-647-9662

SECURITY@PDSTECH.COM

TERMINATING EMPLOYMENT / LEAVE OF ABSENCE

40

HOTLINE REPORTS

Your immediate supervisor at your designated work place AND Karl Eichholtz, your Facility Security Officer at PDS (214) 647-9662

Defense Hotline (800) 424-6653 (last resort)

To report any security irregularity and/or infractions, contact:

41

Protecting Yourself in an Uncertain World

• When traveling on company business or for personal reasons, plan and prepare well.

• Develop a personal travel plan and give it to your office and family.

• Learn about the culture, customs and laws of countries you visit.

42

Unfortunately, just existing in today's worldequals exposure to the threat of terrorism.

Traveling abroad carries a potentially higher threat level but we are not immune in the United States.

43

When traveling overseas, be cautious about providing information about yourself and your Company to those you do not know. The wrong response could place you in serious jeopardy.

44

Maintain a low profile.Don’t attract attention to any official US Government affiliation.

45

Be careful of visitors or callers. When staying in a hotel, identifyvisitors to your room before opening the door. If in doubt, call the hotel desk.

46

Use the “BUDDY” system.(when exploring in unfamiliar places)

47

Consult your PDS Security Officerbefore you travel. You are required to complete a Foreign Travel form.

NOTIFICATION OF FOREIGN TRAVEL FORM IS LOCATED ON

THE PDS SECURITY PORTAL

48

Espionage is a Real ThreatTargeted Technologies

• Information systems • Sensors • Aeronautics • Electronics • Lasers and optics • Positioning, navigation, and time • Marine systems • Armaments and energetic materials • Ground systems• Materials and processing• Space systems

49

EspionageThe role of the spy, “the Secret Agent”, has become so sensationalized and exaggerated that it is very easy to think that spies exist only in the minds of fiction writers, that spying belongs in the same category as science fiction and westerns.

DON’T BELIEVE IT!

Robert Phillip Hanssen

50

Economic Espionage

The American society of Industrial Security recently conducted a survey of trade secret theft. This survey found, that the most common targets were customer related information.

USE CAUTION when sharing these types of information with competitors

• Business Volume• New Product Information• Financial Data• Manufacturing Process Information

51

Vigilance is the Word of the Day

“I want to emphasize that the ‘fall of communism’ has not reduced the level or amount of espionage and other serious intelligence activity conducted against the United States. In many cases, the targets have not changed at all…”

Louis Freeh, DirectorFederal Bureau of Investigation

Testimony before the SenateSubcommittee on Counter-Intelligence - January 28, 1998

52

Adverse Effects of Compromised Data

Aldrich Ames was arrested and charged with spying for the Soviet Union in 1994. Since 1985, Ames made $4.6 million. The information provided by him led to the compromise of at least 100 U.S. Intelligence missions and to the execution of at least 10 U.S. Sources. Serving a life sentence.

53

Adverse Effects of Compromised Data

In 1985, Walker’s ex-wife turned him in to the FBI after he failed to make his alimony payments. It was found that he was selling classified documents to the Soviet Union. Walker provided enough code-data information to alter significantly the balance of power between Russia and the United States. Serving a life sentence.

54

In America’s history, the breaking of the Japanese secret code helped bringU.S. victory in the Pacific during World War II. On the other hand, the lossof key U.S. secrets greatly aided the interests of the Soviet Union. Today, theft of U.S. technology and key Industrial proprietary information can put us out of business. Spy craft is no game.

Your future WILL be affected if you become involved in illegal acts!

55

Reporting Fraud, Waste, Abuse & Corruption

(FWAC)The Defense Hotline Program Provides an Opportunity to Report Significant Instances of Fraud, Waste, Abuse of Authority, and Mismanagement without fear of reprisal

Toll Free Number 1–800-424-9098

Defense HotlineThe PentagonWashington, DC 20301-1900

Email: Hotline@dodig.Osd.Mil/hotline

Comments and Questions Must Be Kept UNCLASSIFIED

The following slides are posters you will find in your DoD areas displaying the hotline number

Note: Some Special Access Programs may use other government hotlines. Program specific hotline numbers should be posted in all program areas at your work location. Please notify security@pdstech.com if they are not.

56

Reporting FWAC

POSSIBLE $500,000 REWARD FROM THE

GOVERNMENT

FOR REPORTING FRAUD, WASTE AND

ABUSE

57

Reporting FWAC

What should be reported?

• Intentional misuse of government assets • Knowingly making false claims or

statements to the government • Acceptance of gratuities not permitted by

law or regulation • Falsification of test results • Intentional falsification of time charging • Purposefully charging government

contract costs improperly • Misuse of company resources (i.e.

computers, Internet)

58

Security Violations BringDisciplinary Actions

Minor Violations MAY Include:• Verbal Counseling• Written Counseling

Major Violations MAY Include:• Same as minor violations• Loss of your security clearance• Arrest• Imprisonment or fines

Keep in mind that each facility will have their own disciplinary actions.

59

PDS DISCIPLINARY ACTIONS

CONTRACTOR SECURITY INFRACTIONS AND/OR VIOLATIONS

NISPOM Reference: 1-304

Security Infractions:First Offense: Oral Briefing on security procedure by the FSOSecond Offense: Written briefing signed by the employee and witnessed by the FSOThird Offense: Conference with the General Manager and FSOFourth Offense: Written reprimand placed in personnel file, and used in the next performance review. Retained in file for one year.Fifth Offense: Consideration given by the General Manager for transfer to a position not requiring a PCL. If a transfer is not possible, consideration is given for suspension without pay.

Security Violations:First Offense: Re-indoctrination by FSO and written reprimand from supervisor to be placed in personnel file for a period of one year.Second Offense: Counseling and a letter of warning from the General Manager to be placed in personnel file for a period of two years and used in the next performance review.Third Offense: Consideration given by the General Manager for suspension without pay and possible termination for cause.

Computer Access Control Requirements

Although each facility is different and you will need to follow the requirements of the Program Security for the facility you are working at, the below items are standard best practice and must be met before you are granted a computer account:

– Must have the appropriate clearance– Must have a Need-to-Know– Formal Access approval– Must be program briefed – Have completed information systems

security training – Complete an IS general user

acknowledgement form

60

61

User Responsibilities• Lock your workstation (Ctrl-Alt-Del-Enter) when away from your desk • Log off your workstation when you walk away from a terminal.• Follow approved startup and shutdown procedures for periods processing

(i.e. shared computer with multiple program removable hard drives) • Immediately report any security incidents, potential threats, or

vulnerabilities to the appropriate CPSO or IAO AND to security@pdstech.com

• Protect your authenticators (i.e. User ID and Passwords) and report an suspected compromise.

• Protect terminals and workstations from unauthorized access.• Inform the IAO or System Administrator when access is no longer needed. • Observe all policy and procedures governing secure operation and

authorized use of an IS.

62

Responsibilities (con’t)

General Users Will NOT do the following:

• Introduce any malicious code, unauthorized software, firmware, or hardware into any system.

• Relocate or change computer equipment or network connectivity.

• Bypass, strain, or test security mechanisms.

63

“All I did was give a friendof mine some informationon a competitor’s proposal.”

Be familiar with your security responsibilities --ignorance does not excuse you from disciplinary action

or criminal prosecution should an infraction/violation occur.

64

UNDERSTAND YOUR RESPONSIBILITIES!

65

Questions regarding how all this applies to your work?

Call the Security Officer.

66

Discussing Your Job

ResumesDo not use digraphs, trigraphs, code words or platform names on your resume. As applicable, you may state that you have a DoD clearance (Confidential, Secret, Top Secret), and type of investigation (ex. Single Scope Background Investigation) along with the date. If applying for a position which requires a polygraph, list polygraph examination type along with the date. These dates can be obtained from Security. Ensure performance appraisals and resumes are Unclassified and are void of specific job duties that may compromise a program. NEVER identify the programs on which you work on a resume.

67

Discussing Your JobHow to Discuss Your Job (Open Environment)

Do not disclose the fact that you work on classified information or programs. When talking about your job, give a generic unclassified definition , i.e., engineer, technician, mechanic, admin, etc. If an individual asks unnecessary or intrusive questions about your job and remains persistent after you have provided generic unclassified information, report it to Security as a suspicious contact.

You are responsible for knowing what information is classified. If there is any question, ask an appropriately

cleared CPSO or Security representative.

68

If at any time you are

UNSURE

on what you can or can’t do

CHECK WITH THE

SECURITY OFFICE!

69

NATIONAL SECURITY

Congratulations!

70

You have just completed the annual DOD security education refresher requirement.

Please go to file, print and select “print current slide only.” Sign, date and return the Refresher Training Record form to

security@pdstech.com or fax to 866-422-9391

Remember, Security is everyone's responsibility

Thank you for your time and cooperationPrint Name _____________________

Signature ______________________

Date ___________