Civil Air Patrol Advanced Communications User Training

Slides:



Advertisements
Similar presentations
CRYPTO Users Briefing.
Advertisements

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
UNCLASSIFIED1 COMSEC BRIEFING Having been selected to perform duties which will require access to classified COMSEC information, it is essential you be.
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
AFAMs and Civil Air Patrol PIOs August CAP Mission Summary CAP Mission Summary Training and Qualification Changes Training and Qualification Changes.
Incident Command System Basic Course
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Information Systems Security Officer
CASCOM -TRAINING DIRECTORATE QUARTERMASTER TRAINING DIVISION
Unclassified Controlled Cryptographic Item Access Briefing
Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.
Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
An Educational Computer Based Training Program CBTCBT.
ESCCO Data Security Training David Dixon September 2014.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Web Mission Information Reporting System Quick Start Training Texas Wing Civil Air Patrol Operations Directorate.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
APAN Group Owner Training. APAN Groups Overview FOUO PII Other types Information Categories Aggregate data impacts OPSEC Group Owner Responsibilities.
Privacy Act United States Army (Managerial Training)
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
ACS ACTIVATION. The first section of this presentation describes the initial activities of the ACS Staff. The second section describes the initial activities.
For Official Use Only (FOUO) and Similar Designations NPS Security Office
1 Information Collection/Imagery Brief 601 AOC/JA Current as of 13 Dec 2010 CONR-1AF (AFNORTH) AF Auxiliary/CAP.
Use of CAP Radios on Federal Installations Produced by the Southeast Region Communications Team in cooperation with the AFAUX/CAP Spectrum Manager.
CAP Communications Equipment Management – Squadron Level CAP Communications Equipment Management Developed by: Capt Karl Falken SWR-TX
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Information Security and Privacy By: Mike Battestilli.
Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.
The Future of the Communications Program Mr. Malcolm Kyser HQ CAP/DOK Civil Air Patrol CITIZENS SERVING COMMUNITIES.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Payment Card Industry (PCI) Rules and Standards
Protecting PHI & PII 12/30/2017 6:45 AM
Information Technology (IT) Audits
Managing a Security Container
Administrative Practices Outcome 1
CITIZENS SERVING COMMUNITIES
Unit Organization 1. Unit Organization. NC is comprised of one group and three squadrons. Each semester, the three flights will be established.
SAFE WORK INSTRUCTIONS
Introduction to the Federal Defense Acquisition Regulation
Information Security Seminar
Installation & User Guide
Chapter 3: IRS and FTC Data Security Rules
Internal Controls.
Civil Air Patrol Advanced Communications User Training
SAFE WORK INSTRUCTIONS
Civil Air Patrol Vision Forward: Internet Remote LMR Mr. Malcolm Kyser Chief of Communications LtCol Ed Wolff ReadyOp Project Manager 24 August 2018.
Employee Privacy and Privacy of Employee Information
Civil Air Patrol USCG Auxiliary Briefing Col Henry Irizarry CAP National Liaison to USCG Auxiliary 22 August 2018 Rank is normally abbreviated Use of.
COMSEC & OPSEC LtCol Ed Wolff CAP/DOKS August 2018 Anaheim, CA
Civil Air Patrol Communications Plans and Requirements Lt Col. Michael Marek CAP/DOKP August 2018 Anaheim, CA Rank is normally abbreviated Use.
County HIPAA Review All Rights Reserved 2002.
Civil Air Patrol Advanced Communications User Training
Civil Air Patrol Advanced Communications User Training
HIPAA Overview.
Government Data Practices & Open Meeting Law Overview
Continuity of Operations Planning
Unit 3 Overview This unit introduces you to the Incident Command System (ICS) Functional Areas and roles of the Incident Commander and Command Staff.
Civil Air Patrol Advanced Communications User Training
Government Data Practices & Open Meeting Law Overview
HQ Expectations of DOE Site IRBs
Civil Air Patrol Advanced Communications User Training
Civil Air Patrol Advanced Communications User Training
Instructor Materials Chapter 5: Ensuring Integrity
Property Control Asset Forms
Internal Controls.
CAP Property Management 10 August 2019
Internal Controls.
Presentation transcript:

Civil Air Patrol Advanced Communications User Training 28 Oct 97 January 2019 Communications Webinar LtCol David Rudawitz Director of Communications Oregon Wing Communications - Voice of Command Capt Derrell Lipman

Civil Air Patrol Advanced Communications User Training 28 Oct 97 Topics Communications and Operations Security ORWG January 2019 Communications Webinar Capt Derrell Lipman

COMSEC & OPSEC LtCol Ed Wolff CAP/DOKS 22-23 August 2018 Anaheim, CA Civil Air Patrol COMSEC & OPSEC LtCol Ed Wolff CAP/DOKS 22-23 August 2018 Anaheim, CA UNCLASSIFIED One Civil Air Patrol, excelling in service to our nation and our members!

“Traditional” security programs Personnel Security Personally Identifiable Information Names, telephone numbers, addresses, call signs Physical Security Security of repeater sites Security of radio equipment Communications Security Using encryption on VHF Using off line encryption Information Security Encrypting files posted to the internet Using password protected, member access web sites as compared to public facing sites

OPSEC Program 18 August 2017 CAP OPSEC Officer and Asst OPSEC Officer Appointed LtCol Ed Wolff, HQ OPSEC Officer LtCol Brian Falvey, HQ Asst OPSEC Officer Approved to establish joint CAP-USAF OPSEC Working Group with HQ CAP-USAF Initial Critical Information List (CIL) developed CAP-USAF staff assignment to OPSEC WG pending

Do we need a security program? XX Wing- PDF file that provides calls signs X Region Communications Guidebook providing calls signs XX Wing- Communications Exercise Plan with names, phone numbers, call signs, etc. XX Region- CW15 Exercise Plan XX Wing- Call sign list document XX Wing- Call sign list XX Wing- Call signs on web page XX Region- Call sign list

When should OPSEC be used? Communications Training Exercises Communications Plans and Standard Operating Procedures Communications Methods, Sources, and Technical Tradecraft (Code Plugs) Software and Source Code, P/W protect code plugs PIO/PAO releases Personal social media published information

Every Person Is An OPSEC Sensor! Every person in your squadron, group, wing, region is a part of the security solution by: Knowing the threats Knowing what to protect Knowing how to protect it!

Identify Critical Information You need to know what you need to protect if you expect to be able to protect it! Personally Identifiable Information (PII) Call signs Frequencies Net schedules Mission specific details Operations and Exercise Plans Repeater locations

Open Source Intelligence AKA- One of the greatest threats to any organization Publically available information that any member of the public may lawfully obtain my request or observation. Unclassified information that has limited public information or access 80-85% of intelligence can be gathered using OSINT Source: re-configure.org

“It” never goes away! When you put information on the net, via your blog, Facebook, email, etc., you have to assume that it’s going to stay there forever. Same thing with newspapers, magazines, and other media. The only safe bet is to make sure that it never gets there in the first place!

A note on public websites: Certain things should not be found on public websites, blogs, etc., including: Sensitive Operations Plans Sensitive Communications Plans Alerting Lists, With Names By Name Personnel Lists Locations of Sensitive Assets (Vehicles, Airplanes, Radios, etc.) Locations of Sensitive Facilities (EOC's, COOP Sites, etc.)

COMSEC What is COMSEC? What is a Controlled Cryptographic Item (CCI)? Examples of CCI Access Safeguarding Reporting Requirements Contacts

What is COMSEC? COMSEC (Communications Security) Broad term used to describe the measures and controls taken to deny unauthorized persons information derived from various communication sources and ensure the authenticity of such communications.

What is COMSEC? These items can be further categorized into: Cryptographic key material (CRYPTO) Controlled Cryptographic Items (CCI) Classified devices For purposes of this briefing, we’re concerned with Unclassified CCI only

Communications Security P25 digital mode adds a level of security to the network USAF funded the P25 transition almost 20 years ago and supplied radios per the NHQ TA Type 3 AES encryption provides a higher level of security for voice communications on missions, especially CD and discrete AF missions New TA includes KVLs for deployment to the field Currently using the NLECC KMF for key management NHQ/DOKS is the single POC with the NLECC

Communications Security CAP has four keys assigned at the NLECC 2 static and 2 dynamic keys Interop keys are loaded on a case by case basis with approval of NHQ/DOKS All radios will have place holders in the code plug for all 20 interop keys Keys for other agencies will only be loaded with the approval of NHQ/DOKS, this is a liability issue If a radio is lost, stolen, or a member refuses to return a radio that is key loaded it may cause the entire country (all radios across all federal-state-local agencies to require re-keying!

Communications Security KVL security A KVL is considered a controlled item and will be issued based upon a hand receipt A KVL must be secured in a locked cabinet when not in use and is the responsibility of the assigned custodian A KVL is not to be packed in checked luggage, left in an unattended vehicle, left in an unattended office, etc.

Enforcement CAP does NOT have a COMSEC account. CAP is only a user of unclassified but controlled equipment supplied by another agency. This is not your typical CAP equipment accountability. CAP and its members are legally liable for the improper access, storage, or use of CCI equipment. Title 18, United States Code, sections 641, 793, 798, and 952.

Physical Security of CCI COMSEC Material Control System is used to distribute accountable COMSEC items to include unclassified CCI equipment, maintenance manuals, and keying equipment. Some military departments have been authorized to distribute CCI equipment through their standard logistics system. The recipient (CAP) must get a hand receipt for acceptance of the equipment and complete any supplying agency required training and briefings.

CONTROLLED CRYPTOGRAPHIC ITEM Devices CONTROLLED CRYPTOGRAPHIC ITEM Unclassified cryptographic device Protected as high value property Accountable to the National Security Agency Identified by nomenclature: NSA issued short title Examples of short titles: PRC117G AN ARC 231 V C KSV 21 CCI can always be identified by the “Controlled Cryptographic Item CCI” marking on the item’s faceplate

KSV 21 card for STE Secure Telephone Equipment (STE) Secure point-to point voice/data communications up to Top Secret Unclassified with out the KSV 21 card Only the KSV 21 card is accountable KSV 21 card is CCI

PRC 117G Controlled Cryptographic Item (CCI) Unclassified without classified key material loaded

Access Requirements Pursuant to Title 18 USC the following minimum conditions must be met prior to granting access to Unclassified CCI: Need-to-Know determination United States Citizenship Receive Unclassified CCI Access Briefing from the agency providing the CCI equipment and have completed this generic CAP CCI over-view briefing.

Safeguarding Unclassified CCI If not being used or attended by a briefed individual, must be secured behind a locked door, storage room, etc. and sighted regularly If installed in an aircraft, authorization to leave unattended depends on the physical security controls in place to prevent removal of the installed equipment from the aircraft. As a rule it will not be left unattended but if it must be then security must be in place. Only persons with direct access need to be briefed.

Safeguarding Do NOT: Provide supplied CCI equipment to anyone without verifying completion of a CCI access briefing Move CCI to another location (permanent location) without coordinating hand receipt movement with the Communications Security Division or designee. Cadet members may not be left in sole possession or control of any CCI equipment.

Safeguarding Hand Receipt Items Items Hand Receipted to you by the entity providing the CCI equipment becomes your personal responsibility and may never be transferred by you to another person or organization without authorization. To formally transfer CCI, you must contact the originally issuing entity that “owns” the CCI equipment. Another properly briefed person (not a cadet) may use your items but this does not relieve you of its responsibility

Reporting Requirements Report any suspected tampering or misuse of CCI to the COMSEC Custodian immediately Why is it so important to protect CCI? The War Fighter will eventually communicate classified information with these devices Attempts to reverse engineer the CCI Ultimately accountable to the National Security Agency

Conclusion OPSEC is what you make of it The way ahead Annual OPSEC training requirements in compliance with AFI 10-701 OPSEC Survey OPSEC evaluations of CAP web sites (already started from the DOK side) OPSEC awareness emphasis at the Squadron, Group, Wing, Region and National levels New emerging missions will drive this requirements for enhanced OPSEC awareness

What does this mean to us? Insure all personnel receive training Follow COMSEC/OPSEC guidance Build and maintain a culture of security ORWG January 2019 Communications Webinar

ORWG January 2019 Communications Webinar Discussion ORWG January 2019 Communications Webinar