Personnel Security learance Initial Security riefing (IS) · 6 Defensive Security 8 Security lassification System 11 Reporting Requirements 12 Initial Security riefing ertification.

Personnel Security Clearance

Initial Security Briefing (ISB)

2

TABLE OF CONTENTS

This briefing is designed to provide each newly assigned cleared employee with the minimum-security information as outlined in the National Industrial Security Program Operating Manual (NISPOM) prior to gaining access to classified information. Keep in mind that this briefing is not all-inclusive. Each Program should modify or expand this briefing to cover applicable local procedures and contractual requirements. This briefing is the next step in your being granted a security clear-ance; you will be notified in writing when your clearance has been granted.

Page Title

3 Threat Awareness

6 Defensive Security

8 Security Classification System

11 Reporting Requirements

12 Initial Security Briefing Certification

3

THREAT AWARENESS

Methods used by foreign intelligence services/foreign entities to collect information from U.S.

companies.

THE THREAT

We live in a shrinking world, where routine contact with people outside our traditional regional and national boundaries is becoming a simple fact of our daily life. The increasing globalization of the world economy and the explosive growth of electronic information systems have resulted in an ex-ponential increase in the amount of contact with persons and entities from outside of the United States. The technical, professional and social forces driving this contact are unabated, and the pro-spect for continued growth is certain. There are entities who exploit modern freedom of contact not to advance our common cause, but to position themselves for personal, economic, ideological, or nationalistic gain to the detriment of U.S. national interests. It is a simple reality that foreign intelli-gence services, non-state sponsored entities and even foreign corporations attempt to use contacts to acquire sensitive information, exploit personal or systemic vulnerabilities, disrupt our progress, or gain an illicit advantage. This exploitation undermines our national security and economic interests in general, and specifically, undermines the core mission of the Department of Defense: to provide the military force needed to deter war and to protect the security of our country and our citizens.

These attempts to acquire information can be direct, obvious, and easily recognized as something that needs to be reported, or they may be subtle and seemingly harmless, even to the practiced eye. Frequently, what begins as a seemingly innocent dialogue is developed and manipulated by foreign intelligence into an opportunity designed to collect sensitive information, identify potential agents of influence or even recruit persons willing to spy on their behalf.

The art of spying is not a game! The fate of nations can be damaged or enhanced by their enterpris-es. As history has shown us a nation’s security is greatly damaged by the efforts of a hostile nation’s intelligence services.

OBJECTIVES & TECHNIQUES

a. Objectives. The wholesale collection of information and equipment. The most sought after in-formation has been Information Systems, Sensors & Lasers, Electronics, Aeronautics Systems, Marine Systems and Space Systems. Even unclassified information that appears to be trivial in nature can also be of value when pieced together. Intelligence services use an array of tech-niques in gathering information.

b. Techniques. Techniques are the Methods of Operation (MO) used by a foreign entity to collect intelligence against a given target. As the years and technologies change so does the MO. The following MOs have been used against cleared U.S Defense companies:

Request for Information (RFI): A request for information is any request, not sought or encouraged by the cleared company, received from a known or unknown source that concerns classified, sensitive or export controlled information.

Attempted Acquisition of Technology: This MO involves foreign entities attempting to gain access to sensitive technologies by purchasing.

Solicitation and Marketing of Services: Foreign individuals with technical back-grounds offer their services to research facilities, academic institutions, and even cleared defense contractors.

4

THREAT AWARENESS Cont.

Exploitation of Foreign Visits: The term “foreign visitor” includes one- time visitors, long-term visitors (such as exchange employees, official government representatives and students) and frequent visitors (such as foreign sales representatives). Suspicious conduct includes actions before, during and after a visit. The primary factor that makes foreign visits suspicious is the extent to which the foreign visitor would request access to facilities or to discuss information outside the scope of approved activities.

Targeting at Conventions: Conventions, seminars and exhibits are rich collection targeting opportuni-ties for foreign collectors. These functions directly link U.S. programs and technologies with knowledgea-ble personnel. More important are foreign events held on the collector’s home territory because they are vulnerable to exploitation by traditional Foreign Intelligence Service (FIS) technical means (for example – electronic surveillance) and the employment of entrapment ploys (such as inducement of target into a compromising situation).

Targeting of U.S. Personnel Abroad: This involves the targeting of U.S. defense contractor employees traveling overseas. The targeting occurs at airports and includes luggage searches, unauthorized use of laptop computers, extensive questioning beyond normal security measures, etc. It may also be excessive-ly “helpful” service by host government representatives and hotel staffs. Other methods are listening de-vices, hotel room searches, intrusive inspection of electronic equipment, and positioning of personnel eavesdrops on conversations.

Internet Activity: The majority of the endeavors have been correlated with probing efforts, which ac-count for most of the activity in this category. The computer probes are most likely searching for poten-tial weaknesses in system for exploitation. Although, probing a system is not illegal, a crime is committed once a port is breached by an unauthorized entity.

RECOGNIZING THE APPROACH

a. You should be wary of glad-handing strangers who make an intensive effort at forming a friendship, and then slowly but surely begin to use that friendship to learn where one works, the nature of one’s assignment, and with whom one works. A generous and inquisitive stranger could very well be the proverbial wolf in sheep’s clothing.

b. Be aware of strangers who ask for information not related to their professed area of interest or do not seem to be particularly knowledgeable in their field. Thus, if “scientists” request data not related to their field, or do not seem to know much about their supposed areas of expertise, then they very well may be imposters.

c. Remember an operative of a foreign intelligence service need not be a foreigner, and the meeting of him/her does not need to be extraordinary. You may meet someone at a PTA meeting that could be a foreign diplomat who lives down the block, or they could be a fellow American who has been recruited as an agent by a hostile service. The spy could be a “spotter,” who reports to an intelligence service on persons he/she meets who appear to be susceptible to recruitment and arranges for intelligence officers to meet them. Usually there is a long peri-od of cultivation where conversations with the individual could be completely normal and innocuous.

5

THREAT AWARENESS Cont.

COUNTERING THE THREAT

Let’s look at what action(s) we can take to counter those threats. NOTE: Have your Facility Security Officer (FSO) review any request for information before respond-ing.

a. Employees must not respond to suspicious requests. Instead, notify your FSO.

b. Report suspicious incidents to your FSO.

c. Employees must stay abreast of changes in their surroundings that might signal an increase in intelligence gathering activity and report suspicious marketing surveys.

d. Become extra cautious when foreign visitors are present.

e. Brief escorts and personnel meeting with foreign visitors on the scope of the visit.

f. Ensure an appropriate number of escorts are available to adequately control the movement of visitors.

g. You should always consider what information is being exposed where, when, and to whom. Review all documents being faxed or mailed, and have someone translate when necessary.

h. Refuse to accept unnecessary or unauthorized foreign representatives into the facility.

i. Employees must be alert to former employees returning to the facility.

j. The FSO or delegate will debrief former employees upon termination of employment and reinforce their responsibilities concerning protecting classified, company proprietary and export-controlled information

6

DEFENSIVE SECURITY An overview of some practices to employ when you have contact with representatives from foreign countries.

GENERAL

Our nation has encouraged the expansion of cultural, trade, and commercial ties with foreign countries. These expand-ing marketing opportunities carry with them a parallel responsibility for ensuring that certain categories of information are not released, and where appropriate, proper authorization is obtained before release.

a. Individuals who are authorized access to classified information are important targets for hostile intelligence agencies. These agencies are constantly on the alert for opportunities to gain any kind of advantage that can be exploited, regardless of the country visited.

b. Hostile intelligence agencies operate worldwide and they have concentrated on those fields, which involve sci-entific and military knowledge possessed by western powers. A key source of technical and scientific infor-mation is the numerous conventions, seminars, conferences, and symposium held throughout the world each year. Other means involve tightly controlling the movement of personnel visiting their country. NOTE: From the time you apply for a visa to a country the process of gathering information about you begins. In some cas-es, an agent might be tasked to report on your every move upon entering their country or even before you de-part your current location.

EXPORT CONTROLS

The U.S. Government, by statute, Executive Order, and administrative policy, has established a number of procedures designated to control the export of certain categories of information. One of its primary objectives is the control of the export of scientific and technical information to ensure that the information made available to other countries does not work to the detriment of the U.S. national interest. Among the existing controls are:

a. A system for classifying national security information and strictly controlling its dissemination (Classified Na-tional Security Information, E.O. 13526 as amended).

b. A system to control the export of arms, ammunition, and instruments of war, including unclassified technical data and information (see the International Traffic in Arms Regulations (ITAR) issued by the Department of State) A system to control the export of U.S. commodities and unclassified technical data which would make a significant contribution to the military potential of any other nation and would prove detrimental to the na-tional security of the U.S. (see Export Administration regulations issued by the Department of Commerce).

MARKETING ACTIVITIES WITH FOREIGN COUNTRIES

Marketing personnel play a balancing act. On one hand, they must be in a position to knowledgeably discuss their products and employ all of the attributes of good salesmanship to promote a free exchange of information in order to successfully conclude marketing endeavors. On the other hand, a clear understanding of, and strict adherence to, the controlling regulations are necessary for those categories of information which cannot be disclosed, or which require prior U.S. Government approval in order to be disclosed. Marketing personnel who meet with representatives of for-eign countries must be well versed and very knowledgeable with respect to what is releasable.

7

DEFENSIVE SECURITY Cont.

Proper preplanning is essential if U.S. security interests are to be protected and requirements are to be met. The following information requires special consideration before planning a meeting with repre-sentatives from foreign countries:

a. Classified Information. Classified information may not, under any circumstances, be dis-closed to representatives from foreign countries unless authorized by the U.S. govern-ment. It cannot be assumed that all personnel are thoroughly familiar with respect to what is and what is not classified. Therefore, a thorough assessment and evaluation of the infor-mation must be taken to ensure the information is not classified.

b. Unclassified Information relating to a Classified Contract. DynCorp Contracting Office or the U. S. Government Contracting Officer Representative (COR) depending on contract and location must review all information relating to a classified contract before it is released. This process will assist in eliminating disclosure of classified or sensitive information.

c. The ITAR applies not only to the export of arms, ammunition, and implements of war, but also to both classified and unclassified technical data related thereto. Disclosure to a rep-resentative of any foreign country within the U.S. or abroad constitutes an export under the provisions of these regulations. Prior notification and, in some cases, prior approval to disclose Unclassified Technical Data must be coordinated through the DynCorp Trade Com-pliance department. Additional information may be obtained from the DynCorp Trade Compliance intranet site.

d. Technical Data subject to Export Control. Unclassified technical data on the “Commodity Control List” may require approval by the Department of Commerce before release to a representative of any foreign country. Again, release of unclassified technical information to a representative of any foreign country within this country or abroad constitutes an ex-port under these regulations. Additional information may be obtained from the DynCorp Trade Compliance intranet site.

IMPORTANT & COMPLEX

We cannot maintain our advantage in the world without your cooperation and adherence to the estab-lished laws pertaining to classified and technical data either unclassified or classified. Remember; be-fore you meet with a representative from a foreign country, consult your program Export Control Ad-ministrator, or the corporate Trade Compliance intranet site.

8

SECURITY CLASSIFICATION SYSTEM

Information is classified pursuant to E.O. 13526 by an original classification authority and is designated and marked as Top Secret, Secret or Confidential. The designation Unclassified is used to identify information that does not require a security classification. There are no other terms used to identify classified information. An original classification deci-sion can only be made by a U.S. Government official who has been delegated the authority in writing. Contractors can only perform derivative classification decisions based on the guidance provided by the Contract Security Classification Specification (DD Form 254) that is issued with each classified contract.

1) DEFINITIONS

a. Top Secret. This designation is applied only to information or material that the unauthorized disclosure of could reasonably be expected to cause exceptionally grave damage to the national security.

b. Secret. This designation is applied only to information or material that the unauthorized disclosure of could reasonably be expected to cause serious damage to the national security.

c. Confidential. This designation is applied only to information or material that the unauthorized disclosure of could reasonably be expected to cause damage to the national security.

2) DERIVATIVE CLASSIFICATION RESPONSIBILITIES

Contractors who, extract, summarize, or who apply classification markings derived from a source document, or as directed by a classification guide or a Contract Security Classification Specification, are making derivative classification decisions. Each Program Manager shall ensure that individuals who perform derivative classifica-tion actions are sufficiently trained and that they possess, or have immediate access to the pertinent classifica-tion guides and/or guidance necessary to fulfill this function. All training shall be documented.

Individual employees who copy or extract classified information from another document, or who reproduce or translate an entire document, shall be responsible for marking the new document or copying with the same classification markings as applied to the information or document from which the new document or copy was prepared.

3) SECURITY CLASSIFICATION GUIDE

a. You are required to have on hand a copy of the security classification guide and a copy of the DD Form 254, Security Classification Specification for your particular contract. It is your responsibility to understand and apply all aspects of the classification guide. The contract Security Classification Specification is a contractual specification necessary for performance on a classified contract.

b. The GCA is required to review the existing guidance periodically during the performance stages of the con-tract and to issue a revised Contract Security Classification Specification when a change occurs to the ex-isting guide or when the contractor needs additional security classification guidance.

9

SECURITY CLASSIFICATION SYSTEM Cont.

c. Upon completion of a contract you are required to dispose of the classified information in accordance with the NISPOM, Chapter 5, Section 7.

4) CHALLENGES TO CLASSIFICATION

Contractors who believe that information is classified improperly or unnecessarily or that current security considerations justify downgrading to a lower classification or upgrading to a higher classification or that the security classification guidance provided is improper or inadequate, are required to discuss such issues with the pertinent GCA for remedy. If a so-lution is not forthcoming and the contractor believes that corrective, action is still required; a formal challenge shall be made to the agency that originally classified the information. The challenge shall include a description sufficient to identify the issue, the reasons why the contractor believes that corrective action is required, and any recommendations for appropriate corrective action. You must safeguard the information as required by the NISPOM for its assigned or proposed level of classification whichever is higher until a deci-sion is made.

5) CONTRACTOR DEVELOPED INFORMATION

Whenever a contractor develops an unsolicited proposal or originates information not in the performance of a classified contract, the following rules apply:

a. If the information was previously identified as classified, it shall be classified in accord-ance with an appropriate Contract Security Classification Specification, classification guide, or source document and marked as required.

b. If the information was not previously classified, but the contractor believes the infor-mation may, or should, be classified, the contractor should protect the information as though classified at the appropriate level and submit it to the agency that has an inter-est in the subject matter for a classification determination. In such a case, the following marking, shall be used:

CLASSIFICATION DETERMINATION PENDING―Protect as though classified (TOP SECRET, SECRET, or CONFIDENTIAL).

c. This marking shall appear conspicuously at least once on the material but no further markings are necessary until a classification determination is received.

NOTE: E.O. 13526 prohibits classification of information over which the Government has no jurisdiction.

10

SECURITY CLASSIFICATION SYSTEM Cont.

6) CLASSIFIED INFORMATION APPEARING IN PUBLIC MEDIA

The fact that classified information has been made public does not mean that it is auto-matically declassified. Contractors shall continue the classification until formally advised by the USG that it has been declassified.

7) DOWNGRADING OR DECLASSIFYING CLASSIFIED INFORMATION

Information is downgraded or declassified based on the loss of sensitivity of the infor-mation due to the passage of time or on occurrence of a specific event. When authorized by the U.S. Government contractors may downgrade or classify information based on the guidance provided in a Contract Security Classification Specification, (upon written approv-al) or as shown on the material.

11

REPORTING REQUIREMENTS

Contractors are required to report events that impact on an employee’s personnel clearance (PCL), that affect proper safeguarding of classified information or that indicate classified information has been lost or compromised. Send all reports under this heading to your Facility Security Officer (FSO). The information contained below outlines some of the issues that require reporting:

Adverse Information. You have an obligation to report any adverse information about co-workers or yourself that affects his/her/your ability to safeguard classified information.

Suspicious Contacts. You must report attempts by others to obtain illegal or unauthorized ac-cess to classified information or to compromise a cleared employee. This includes incidents that may suggest you might be the target of an attempted exploitation by the intelligence ser-vices of another country.

Change in Cleared Employee Status. You must report a change in name, marital status or citi-zenship.

Representative of a Foreign Interest. If you become a representative of a foreign interest (RFI) or your status as an RFI is changed, you must report it to your FSO.

Citizenship by Naturalization. If you are grant-ed a Limited Access Authorization (LAA) and you become a citizen through naturalization you must provide the following information:

City, county, and state where naturalized

Date naturalized

The name of the Court

Certificate number

Employees Desiring Not to Perform on Classified Work. If you decide you no long-er wish to be processed for a clearance or to continue an existing clearance, you must notify your FSO.

Standard Form 312. If you refuse to exe-cute the “Classified Information Nondisclo-sure Agreement,” your FSO must report it to the Government.

Security Equipment Vulnerabilities. You must report significant vulnerabilities iden-tified in security equipment, access control system, intrusion detection system or com-munications security (COMSEC) equip-ment.

Unauthorized receipt of classified material. You must report the receipt or discovery of any classified material that you are not au-thorized to have. When reporting this make sure you include the source of the material, originator, quantity, subject or title, date and classification level.

Reports of Loss, Compromise, or Suspect-ed Compromise. Report any loss, compro-mise or suspected compromise of classified information, foreign or domestic. Classified material that cannot be located within a reasonable time shall be presumed lost un-til an investigation determines otherwise.

INDIVIDUAL CULPABILITY REPORTS

In most cases administrative action may be taken against individual(s) who violate the requirements of the NISPOM and related policies. A graduated scale will be used for violation(s) or negligence.

THE BOTTOM LINE IS:

THINK SECURITY, YOU NEVER KNOW WHO IS WATCHING!

12

Initial Security Briefing (ISB)

Certification

Full Name: __________________________________________Last 4 SSN:_______________ Job Site Address: _____________________________________________________ Note: If unknown leave blank

Each employee with a U.S. government security clearance shall execute an initial security-briefing certificate attesting

to the following.

1. I have read the above security briefing and understand my individual responsibilities as an employee.

2. I will safeguard classified information in accordance with prescribed security standards.

I am not permitted to remove any classified documents from a military site.

I am governed by the applicable security rules of the site I am working at.

3. The classified information to which I have been granted access will be used only for the purpose for which I

am given access.

4. I understand and accept that my Security Clearance may be suspended or revoked for violation of security

regulations or improper use of classified information.

5. I understand that I may be subject to action under the espionage statutes of the U.S. with respect to classi-

fied information to which access is granted.

6. I understand that upon termination of the purpose for which I was granted access, my responsibilities for

safeguarding the classified information continues unabated until the security classification is removed by

appropriate Government authority. NOTE: If I have questions concerning this briefing I will contact the Pro-

gram Security Manager, Facility Security Officer, or Office of Corporate Security.

7. I have access to DynCorp International's Security Education, Training, and Awareness (SETA) website and I

have read and understand the following:

Elicitation & Recruitment

Exploitation of Insider Access

Foreign Travel Vulnerability

Note: Return only this completed page to your security specialist so they can update your security record.

Employee’s Signature: ____________________________________Date: _______________