Security Education for the Facility Security Officer

1
Security Education for the Facility Security
Officer

• Presented by
• Stephen B. Grant
• Industrial Security Representative
• Defense Security Service, San Diego Field Office
• stephen.grant_at_mail.dss.mil

2
Objectives

• To understand what security education is and why
  it is so important.
• To review security education requirements.
• To obtain effective tools to build and implement
  an effective security education program.
• via samples and a practical exercise

3
What is Security Education?

• It is the cornerstone of an effective security
  program.
• This, along with management support, are two of
  the most important factors of a program.
• It is one of the most important parts of the
  program, in terms of alleviating problems.

4
Why is it so important?

• The protection of national security.
• It is a government requirement.
• NISPOM, Chapter 3
• It makes everyones (employee, FSO, and IS Rep)
  job easier.

5
General Requirements

• Contractors shall provide all cleared employees
  with security training and briefings commensurate
  with their involvement with classified
  information.
• All cleared employees will execute an SF 312,
  Non-Disclosure Agreement, prior to access to
  classified information.

6
Training of the FSO

• The FSO, and others performing security duties,
  will be appropriately trained as required by the
  Cognizant Security Agency.
• Based on the facilitys involvement with
  classified information.
• If required, should be completed within one year
  of appointment.

7
Government Provided Briefings

• Initial briefings for the FSO (and management if
  requested).
• Assignment of a new FSO.
• Special category access briefings for the FSO and
  others.

8
Initial Briefing

• Threat awareness briefing.
• Defensive security briefing.
• Overview of the classification system.
• Employee reporting requirements.
• Security procedures and duties applicable to the
  employees job.
• Execution of the SF 312 and espionage and
  sabotage statutes.

9
(No Transcript)
10
Refresher Briefings

• At a minimum, it should reinforce the information
  provided during the initial briefing.
• Include changes in security regulation
• Reinforce reporting requirements.
• Requirement may be satisfied by using various
  formats.

11
Debriefing

• Upon termination of employment.
• Discharge, resignation, or retirement
• PCL is terminated, suspended, or revoked.
• Termination of FCL.
• Minimum requirement is verbal debrief.
• Debriefing section of the SF 312 is not required
  to be executed

12
Special Category Briefings

• North Atlantic Treaty Organization (NATO)
• Communications Security (COMSEC)
• Cryptographic Access (CRYPTO)
• Secure Telephone Unit-Third Generation (STU-III)
• Critical Nuclear Weapons Design Information
  (CNWDI)

13
Special Briefings (continued)

• Automated Information System (AIS) User Briefing
• Foreign Government Information (FGI) Briefing
• Courier Briefing
• Overseas Assignment Briefing

14
NATO Access Briefing

• Employees must receive an initial briefing, an
  annual refresher briefing, and a debriefing.
• Briefing/Debriefing certificates must be kept for
  2 years after debrief.
• Briefing should include a written summary of the
  main points covered.
• Marking requirements.
• Final Personnel Clearance (PCL) required.

15
(No Transcript)
16
COMSEC Access Briefing

• An initial briefing is required.
• Briefing records should be maintained 2 years
  after last access.
• The types of COMSEC information.
• Why the special safeguards are necessary.
• The rules that apply to those safeguards.
• The penalties for unauthorized, willful
  disclosure.
• A final PCL is required.
• Exception Individual with INTERIM TS may access
  SECRET COMSEC.

17
(No Transcript)
18
Cryptographic Access Briefing

• An initial and debriefing are required.
• Briefing/debrief certs must be maintained for 2
  years after debrief.
• Required for access to TS and S key and key
  marked CRYPTO.
• Classified cryptographic media, that include
  cryptographic logic.
• Includes, but not limited to cryptographic
  maintenance manuals, descriptions, drawings,
  specifications, and software.
• Final PCL is required.

19
(No Transcript)
20
STU-III User Briefing

• Required prior to a cleared employees use of a
  STU-III in secure mode.
• STU-III users who only insert CIKs for the
  purpose of transmitting classified.
• These individuals do not require COMSEC brief.

21
CNWDI Access Briefing

• An initial and verbal debrief are required.
• Briefing records must be maintained two years
  after debrief.
• Briefing should cover the definition of CNWDI,
  the sensitivity of the info, employees
  responsibility to safeguard, and limitation of
  circulation.
• Also marking, subcontracting, and transmission.
• Final PCL is required.

22
(No Transcript)
23
AIS User Briefing

• Must be provided prior to assigning an individual
  access to an AIS.
• Provide update briefing as needed.
• Signature may be required, depending on the
  requirement specified in the AIS Security Plan.

24
(No Transcript)
25
FGI Access Briefing

• PCLs issued by the U.S. Government are valid for
  access classified FGI of a corresponding level.
• Briefing should include info on storage, control,
  accountability, disclosure, export controls,
  transmission, reproduction, disposition, and
  compromise.
• Briefing should be signed by the employee.

26
Classified Courier Briefing

• Must be briefed on their responsibility to
  safeguard the information.
• Should have an I.D. card or badge.
• Material must stay in courier possession at all
  times.
• If employee is to return with the info an
  inventory should be completed at departure and
  return. If it is not returned, a receipt shall
  be issued.
• Use of passenger aircraft, NISPOM 5-411

27
Overseas Assignment Briefing

• Required for a cleared employee who is being
  assigned outside the U.S.
• Briefing should include security requirements of
  the assignment, to include handling, storage, and
  disclosure of classified info overseas.
• Detailed in NISPOM 10-602.

28
On-Line Resources

• Defense Security Service (DSS)
• www.dss.mil
• Procedural guidelines, counterintelligence
  information, and training resources.
• Industrial Security Awareness Council (ISAC)- San
  Diego Chapter
• www.sdisac.org
• A "clearing house" to more effectively manage
  educational resources and reduce duplication of
  effort. Provide awareness programs which can
  reach smaller defense contractor facilities.
  Enhance the realization of company managers and
  employees that sound security practices are
  essential to contracts, profits, and jobs.

29
On-Line Resources (continued)

• United States Intelligence Community
• www.odci.gov/ic/index.html
• Includes link to the Director of Central
  Intelligence and the 13 members of the
  intelligence community.
• CIA, DIA, NSA, NRO, NIMA, Army, Navy, AF, and
  Marine Intelligence, FBI, and the Dept. of
  Treasury, Energy, and State.
• National Counterintelligence Center
• www.nacic.gov
• Open source counterintelligence information from
  a government entity.

30
On-Line Resources (continued)

• Military Critical Technologies List (MCTL)
• www.dtic.mil/mctl/
• Tracks the systematic ongoing assessment and
  analyses of technologies to determine which
  technologies are Militarily Critical. Through
  deliberation and consensus of working groups of
  technical experts whose membership comes from
  Government, Industry and Academia.
• Defenselink
• www.defenselink.mil
• Links to several DoD sites, and DoD policy
  information.

31
On-Line Resources (continued)

• Extranet for Security Professionals (ESP)
• isp.hpc.org
• Counterintelligence and security information.
  Includes a bulletin board, visit control info,
  and many miscellaneous resources.

32
On-Line Resources (continued)

• American Society for Industrial Security
• www.securitymanagement.com
• ASIS is an international organization for
  professionals responsible for security, including
  managers and directors of security.
• Travel Advisories
• travel.state.gov
• U.S. State Dept. site which provides detailed
  travel information on multiple nations.