Security
Appropriate organizations gather, analyze, and disseminate terrorist threat information
Forces are continuously trained in: - Maximizing the use of information derived from law enforcement liaison, intelligence, and Counterintelligence (CI) - Intelligence procedures for handing priority intelligence request for in-transit units - Implementing intelligence preparation of the battlefield and mission analysis
PL3 must result in a reasonable degree of deterrence against hostile acts, impede a hostile force, and limit damage to resources
PL4 is assigned to resources that do not meet the definitions of any other PL, but whose loss, theft, destruction, misuse, or compromise would adversely affect AF operational capability, such as fuels and liquid oxygen storage areas and AF accounting and finance vault areas
Never cut tape, string, or other wrappings on a suspicious package
Place the package in a plastic bag to prevent leakage
Every AF system has vulnerabilities and is susceptible to exploitation
A countermeasure is any action, device, procedure, or technique that meets or opposes a threat, vulnerability or attack by eliminating, preventing, or minimizing damage or by discovering and reporting the event, so corrective action(s) can be taken
Identifying potential terrorist threats to DoD personnel and assets, and how the hazards affect the mission, is the first step in developing an effective AT Program
A terrorism threat assessment requires identifying all known or estimated terrorist threat capabilities
The AF specifies in classified contracts the government information and sensitive resources that must be protected against compromise or loss while entrusted to industry
AFI 31-601: - Assigns functional responsibilities - Establishes a system of review that identifies outdated, inappropriate, and unnecessary contractual security requirements - Provides guidance for establishing on-base integrated contractor visitor groups
Commanders conduct comprehensive field and staff training at least annually to exercise AT plans, including: - AT physical security measures - Continuity of Operations Program - Critical Asset Risk Management - Emergency Management (EM) plans
AT training must: - Be as heavily emphasized as combat task training - Identify shortfalls affecting and protection of personnel, assets, and information - Include terrorism scenarios specific to the deployed location and based on current enemy TTP, and lesson learned
During work hours, reasonable steps shall be taken to minimize the risk of access by unauthorized personnel
After working hours, store the information in unlocked containers, desk, or cabinets if the building is provided security by government or government-contract personnel. If building security is not provided or is deemed inadequate, store the information in locked desks, file cabinets, bookcases, or locked rooms
Information is derivatively classified when it is incorporated, paraphrases, restated, or generated in a new form or document. Photocopying or otherwise mechanically or electronically reproducing classified material is not derivative classification
All cleared DoD personnel who create and derivatively classify material must mark it according to DoDM 5200.01 and AFI 31-401
The US Secret Service protects the President, Vice-President, President- and Vice-President-elect, all former Presidents and their spouses, and any visiting foreign heads of state
All former US Presidents who served before 1 January 1997, along with their spouses, receive Secret Service protection for their lifetimes
Government-provided hardware and software are for official and limited authorized personal use only
All personal use must be consistent with the requirements of DoD 5500.7-R
The five basic characteristics of OPSEC indicators are: - Signatures - what identifies it or causes it to stand out - Associations - its relationship to other information or activities - Profiles - the sum of each activity's signatures and associations - Contrasts - observable differences from an activity's standard profile and its most recent or current actions - Exposure - when and for how long an indicator is observed
All personnel in the AF are personally and individually responsible for protecting classified information and Controlled Unclassified Information (CUI) under their custody and control
Criminal or terrorist acts against individuals usually occur outside outside the home, particularly on the route traveled from home to place of duty or other frequented local facilities
Always check your vehicle inside and out for signs of tampering before entering, and examine the tires and trunk for fingerprints or smudges. Never touch your vehicle if you detect something suspicious
The AF protects information systems from viruses and other forms of malicious logic by using a combination of human and technological countermeasures throughout the system's life cycle
An infection is the invasion of information systems applications, processes, or services by a virus or malware code causing the information system to malfunction
There are two type of classification authority blocks: - Original classification - Derivative classification
An original classification authority block will contain the following lines: - Classified By (name of classifier) - Reason - Downgrade To (if any) - Declassify On
The IFC and its products are the primary information sources that directly support the Defense Force Commander (DFC) in making immediate decisions for ID planning
Assessment by forces occurs when a threat has been detected. Friendly forces are warned of the threat and attempts are made to defeat or eliminate the threat. Threats are delayed if they can't be defeated. If not possible, defensive measures followed by recovery actions are taken
The three most common markings on a classified document are the: - Banner lines - Centered on the page and conspicuously placed at the top and bottom of the outside front cover, title page, first page, and outside back cover - Portion markings - Uppercased marks that show the highest level of classification a document contains - Classification authority block - Appears on the face of each classified US document unless otherwise stated in DoDM 5200.01, Volumes 1.4
Authorized portion markings include: - TS - Top Secret - S - Secret - C - Confidential
Anyone who finds classified material not in proper control must: - Take custody of and safeguard the material - Immediately notify his or her commander, supervisor, or security manager
Be careful not to make any statements or comment that confirms its accuracy or verifies the information it it appears in the media
All those working with classified information are responsible for taking proper precautions to ensure unauthorized persons do not gain access
Before being granted access to classified information, a person must have: - A security clearance - Signed a Standard Form 312 - A need to know
The core IA disciplines are: - Communications Security (COMSEC) - Computer Security (COMPUSEC) - TEMPEST (formerly Emissions Security (EMSEC))
COMPUSEC ensures the confidentiality, integrity, and availability of information systems assets, including hardware, software, firmware, and information being processed, stored, and communicated
COMSEC refers to measure and controls that deny unauthorized persons national security information derived from US Government information systems and ensure the authenticity of those systems
COMSEC: - Cryptosecurity - Transmission security - Physical security
Debriefing is the process of questioning cooperating human sources
Captured documents and media may provide valuable information, but are not primarily HUMINT sources
The Personnel Security Program determines the reliability, trustworthiness, good conduct, and character of individuals prior to accessing classified information or assignment to sensitive duties
Commanders and supervisors must continually observe and evaluate subordinates and immediately report any unfavorable conduct or conditions that may bear on subordinates' trustworthiness or eligibility
Physical security means: - Include control procedures and physical barriers - Ensure continual integrity - Prevent access by unauthorized persons - Control the spread of COMSEC techniques and technology
Common physical security measures include: - Verifying personnel need-to-know and clearance - Following proper storage and handling procedures - Accurately accounting for all materials - Transporting materials using authorized means - Immediately reporting the lost or possible compromise of materials
Human Intelligence (HUMINT) is derived from information collected and provided by human sources
Counterintelligence (CI) is information gathered, and activities conducted, to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments, organizations, persons, or international terrorist activities
The teaming of ID forces creates a united, seamless defense stronger than the defensive efforts of individuals or individual units. This ensures all Airmen are trained to defend themselves and integrate into defense operations while in garrison or deployed
During ID operations, installation commanders: - Determine and prioritize installation assets - Analyze threats and the operating environment - Assess installation vulnerabilities - Make prudent decisions based on risk estimates
All classified documents are properly marked and if markings are not clear or the information does not appear to be properly classified, the holder of the information must initiate a classification challenge
Each individual is responsible for providing the proper safeguards for classified information, reporting security incidents, and understanding the sanctions for noncompliance
Every classified document must be marked to the highest classification of information contained
Every classified document must contain the overall classification of the document, portion markings indicating the classification level of specific classified information within the document, the originating office, date of origin, downgrading instructions, if any, and declassification instructions
FOUO information is the most commonly used controlled unclassified information category in the AF and DoD
FOUO is a dissemination control applied by the DoD to unclassified information when disclosure to the public of that particular record, or portion thereof, would reasonably be expected to cause a foreseeable harm to an interest protected by one or more of the Freedom of Information Act Exemptions 2 through 9
Interrogation is the systematic effort to procure information from a person in custody using direct and indirect questioning techniques
HUMINT collection personnel may develop information from: - "Walk-in" sources - Developed sources - Unwitting persons
Intelligence Preparation of the Operational Environment (IPOE) is an analytical methodology providing predictive intelligence to warfighters for planning and executing operations
IPOE supports operational decisions by providing analyzed information regarding a threat and environment, achieving the desired ID effect of "anticipate"
The four components of the IDRMP are performed in seven steps: - Develop the CA - Develop the TA and Vulnerability Assessment - Develop the RA - Risk Tolerance Decision - Present Countermeasure COAs - Decision and Implemtation
Identification and evaluation of existing threats and vulnerabilities occur during Parts 1 through 3 of the Intelligence Preparation of the Operation Environment (IPOE) process and may be supplemented with other documents, such as Antiterrorism (AT) Vulnerability Assessments
A derivative classification authority block will contain the following lines: - Classified By (name of classifier) - Derived From (identify sources) - Downgrade To (if any) - Declassify On
If substantial evidence that a document has been erroneously classified exists, submit challenges to your security manager, or the classifier
A detection occurs when a signature- or behavior-based antivirus system signals when an anomaly is caused by a virus or malware
If you are notified of a virus or malware detection, your reaction must include immediately notifying your information system security officer and following local procedures
Reportable contacts or information must be reported to AF OSI within 30 days, per AFI 71-101
Individuals affiliated with the armed services have a special obligation to report to the Secret Service information pertaining to the protection of the President of the United States
Information is only classified to protect national security. There are three levels of classification: - Top Secret - Unauthorized disclosure of information at this level causes exceptionally grave damage to national security - Secret - Unauthorized disclosure of information at this level causes serious damage to national security - Confidential - Unauthorized disclosure of information at this level causes damage to national security
Information is only classified by either original classification or derivative classification
The AF OSI is: - The lead AF agency for collection, investigation, analysis, and response to terrorist, criminal, foreign intelligence, and security services threats - Primarily focused on countering adversary intelligence collection activities - The single point of contact with federal, state, local and foreign nation law enforcement, counterintelligence, and security agencies
Installation commanders develop and implement a RAM Program of random, multiple security measures to consistently change the look of an installations's AT Program
RAM is included in AT plans and ties directly will all FPCON
Installation commanders ensure RAMs are conducted and reported the ATO
It addresses the following threats and hazards: - Terrorist insiders - Criminals - Foreign Intelligence and Security Services (FISS) - CBRNE attacks - Natural and man-made disasters - Major accidents - Release of hazardous materials - Toxic industrial materials or chemicals
Integrated Defense (ID) is a fundamental battle competency
OPSEC: - Identifies, analyzes, and controls critical information - Identifies actions observable by adversaries - Eliminates or reduces vulnerabilities of friendly actions to adversary exploitation - Closely integrates and synchronizes with other influence operations capabilities
It eliminates or reduces adversary collection and exploitation or critical information
IPOE enables the commander to visualize: - The spectrum of friendly and adversarial capabilities and weaknesses - How they are affected by environmental factors - The logical predictions of the most likely and most dangerous Enemy Course of Action (ECOA)
It is a continuous four-part process that: - Defines the operating environment - Describes the operating environment's effects - Evaluate the enemy - Determines ECOA
Information Assurance (IA) measures ensure the availability, integrity, confidentiality, authentication, and nonrepudiation of information and information systems
It provides protection, detection, and reaction capabilities for restoration of information and information systems
All classified information must be clearly identified by marking, designation, or electronic labeling
Markings: - Alert holders to the presence of classified information - Identify the exact information needing protection - Indicate the assigned classification level - Provide guidance on downgrading and declassification - Give information on the sources and reasons for classification - Warn of special access, control, or safeguarding requirements
Classified information systems should be stored in a General Services Administration-approved safe or in buildings or areas cleared for open strorage
Mobile computing devices are information systems such as portable electronic devices, laptops, smartphones, and other handheld devices that can store data and access AF-managed networks through mobile access capabilities
While many mobile computing devices may have specific security policies and procedures governing their use, all of these devices should follow them same basic requirements: - All wireless systems must be approved prior to processing DoD information - All mobile computing devices not assigned or in use must be secured to prevent tampering or theft - Users of mobile devices must sign a detailed user agreement outlining the responsibilities and restrictions for use
Never use public computing facilities or services to process government-owned unclassified, sensitive, or classified information, or to access Web-based government services
The BDOC at all locations, home station and deployed, will perform all functions of the: - Central Security Control - Law Enforcement Desk - Other Security Forces Control Centers
Nine desired effects of ID include: - Anticipate - Deter - Detect - Assess - Warn - Defeat - Delay - Defend - Recover
OPSEC analysis helps decision-makers weigh the risk they are willing to accept in specific operational circumstances
OPSEC has five distinct steps: - Identify critical information - Analyze threats - Analyze vulnerabilities - Assess risk - Apply appropriate OPSEC measures
If the BB does not include all of the BSZ terrain, the installation commander is responsible for mitigating or accepting the risks of enemy attack
Optimally, the BSZ and the BB are the same. However, the BSZ may incorporate more geographical ares, including key terrain outside the BB from which adversaries can impact air operations
Operationalize Force Protection Intelligence (FPI) to maintain optimal situational awareness throughout the BB and BSZ by developing a robust intelligence/information collaboration, analysis, and fusion capability
PL1 is assigned to resources whose loss, theft, destruction, misuse, or compromise would greatly harm US strategic capability, such as nuclear weapons, designated command, control, and communications (C3) facilities and aircraft designated to transport the President of the US
PL1 furnishes maximum means to detect, intercept, and defeat a hostile force before it is able to seize, damage, or destroy resources
PL2 is assigned to resources whose loss, theft, destruction, misuse, or compromise would significantly harm US warfighting capability, such as nonnuclear alert forces, designated space and launch systems, and intelligence-gathering systems
PL2 ensures a significant probability of detecting, intercepting, and defeating a hostile force before it is able to seize, damage, or destroy resoruces
PL3 is assigned to resources whose loss, theft, destruction, misuse, or compromise would damage US warfighting capability, such as F-16 fighters, select command, control, and communications (C3) facilities, systems and equipment, and non-unique space launch systems
All authorized users must protect information systems against tampering, theft, and loss. Ensure: - User access to information system resources and information is based upon their security clearance and need to know - Protection of applicable unclassified, sensitive and/or classified information by using encryption according to the applicable Federal Information Processing Standard 140-2 - Buildings and rooms that contain information systems are locked during non-duty horus
Protect against casual viewing of information. Place devices that display classified and sensitive information in a location that deters unauthorized individuals from reading the information
Wash hands thoroughly with soap and water if you suspect the package contains chemical or biological containments
Report suspicious mail immediately, along with a list of personnel present when the mail was identified
The Commander forwards unfavorable information to the DoD Central Adjudication Facility. Individuals receive due process and may appeal any security clearance denial or revocation
Security clearances are recorded in the Joint Personnel Adjudication System (JPAS)
Espionage is obtaining, delivering, transmitting, communicating, or receiving information about the national defense with intent or reason to believe the information may be used against the US or to a foreign nations's advantage
Subversion is inciting military or civilian DoD personnel to violate laws, disobey lawful orders, or distrupt military activities with intent to interfere with or impair the loyalty, morale, or discipline of US military forces
The inspectable space is considered the ares in which it would be difficult for an adversary with specialized equipment to attempt to intercept compromising emanations without being detected
TEMPEST countermeasures are implemented to reduce the risk of compromising emanations escaping the inspectable space and must be validated by the Certified TEMPEST Technical Authority prior to any classified processing in the facility
Sabotage is any act intended to injure, interfere with, or obstruct the national defense by willfully injuring, destroying, or attempting to injure or destroy national defense of war material
Terrorism is the calculated use of unlawful violence, of threat thereof, to instill fear
PL4 resources are secured in controlled areas and patrolled by armed security forces
The AF Antiterrorism (AT) Program deter or limits the effects of terrorist acts by: - Giving guidance on collecting and disseminating timely threat information - Training all AF members - Developing comprehensive plans to deter and counter terrorist incidents - Allocating funds and personnel - Implementing AT measures
AFI 31-601 applies both to AF personnel and on-base DoD contractors performing services under a properly executed contract and associated security agreement or similar document
The AF Integrated Defense (ID) Program's multidisciplinary active, passive, offensive, and defensive capabilities mitigate potential risk and defeat threats within the Base Boundary (BB) and Base Security Zone (BSZ)
Former US Presidents who serve after 1 January 1997, along with their spouses, receive Secret Service protection for 10 years from the date the former President leaves office
The AF OSI is the point of contact between the AF and the US Secret Service
Original classification is the initial decision by an original classification authority that an item of information could reasonably be expected to cause identifiable or describable damage to the national security subjected to unauthorized disclosure and requires protection in the interest of national security
The AF handles its classified information and CUI in accordance with national policy
While the BB may not necessarily coincide with the fenced perimeter, property lines, or legal boundaries, the Defense Force Commander (DFC) will strictly adhere to legal, jurisdictional, and host nation constraints, commander's intent and higher echelon orders and directives when conducting operations
The AF used the planning term "Base Security Zone" (BSZ) to describe the area of concern around an air base and to support the establishment and adjustment of the BB
The protection and defense of air bases requires the coordinated effort of Emergency Management (EM), Antiterrorism AT, and other mission support function forces under the Force Protection (FP) umbrella to provide a seamless progression of protection programs
The BB is not necessarily the base perimeter. It should be established based upon the factors of mission, enemy, terrain and weather, troops and support available, time available, civil considerations. These measures decrease the likelihood of fratricide, prevent noncombatant casualties and minimize damage to the property of friendly civilians
Joint and coalition forces entering the BB should inform the Base Defense Operations Center (BDOC) before entering, and monitor the BDOC's communication net while operating in the area
The BDOC, established by the DFC, is the command and control center for ID operations during routine and emergency operations
Commanders should encourage personnel to report information on individuals, events, or situations that could post a security threat
The Deputy Chief of Staff for Intelligence, Surveillance and Reconnaissance (AF/A2) and the Director for Intelligence, Surveillance, and Reconnaissance Strategy, Doctrine and Force Development (AF/A2D) are responsible for ensuring the timely collection, processing, analysis, production, and dissemination of foreign, current, and national-level intelligence regarding terrorism and force protection issues
The IDRMP analyzes an installation's defense capabilities and provides options to mitigate security risks
The IDRMP has four main components influenced by the evolving situation monitored through the Intelligence Preparation of the Operation Environment (IPOE) cycle: - Risk Assessment (RA) - Risk tolerance decision - Course of Action (COA) determination - Decision and implementation
The Integrated Defense Risk Management Process (IDRMP) provides installation commander, Integrated Defense Working Groups (IDWG), Defense Force Commanders (DFC), and defense planners to ability to produce effects-based Integrated Defense Plans (IDP) by using a standardized model to identify risks and develop risk management strategies
The IDRMP identifies at-risk assets and aids the IDWG in generating the Criticality Assessment (CA) and Risk Assessment (RA) products
Integrated Defense (ID) provides flexible planning and execution opportunities that allow owners of users of PL Level 1, PL Level 2, PL Level 3, and PL Level 4 assets to become actively involved in their defense
The IDRMP provides a more precise understanding of how the three risk factors of threat, vulnerability and asset criticality relate to each other. Understanding these relationships assists commanders in mitigating, accepting, and reducing risk
These effects are deliberately achieved using TTP based on the Integrated Defense Risk Management Process (IDRMP) and analysis
The Intelligence Fusion Cell (IFC) is an action group in which the Security Forces Staff S-2 (Intelligence) function coordinates with Subject Matter Experts (SME) from the Intelligence and AF OSI communities to collaborate and conduct Intelligence Preparation of the Operational Environment (IPOE)
The DFC should coordinate with local, state, and federal agencies in the CONUS, or host nation or area commander OCONUS, to conduct base defense tasks for terrain outside the BB but within the BSZ. If these forces/agencies are not available, the DFC should coordinate via their operational chain of command with the appropriate area commander
The appropriate Area of Operations (AO) commander should exercise Tactical Control (TACON) over defense forces operating outside the BB
No person may access information designated as FOUO unless they have a valid need for access in connection with the accomplishment of a lawful and authorized government purpose
The final responsibility for determining whether an individual has a valid need for access to information designated FOUO rests with the individual who has authorized possession, knowledge, or control of the information
It is the area outside the base perimeter from which a threat can launch an attack using standoff threats against personnel, resources, or aircraft approaching/departing
The installation commander should identify the BSZ and coordinate via the operational chain of command with local, state, federal agencies in the CONUS, or host nation or area commander OCONUS for the BSZ to be identified as the BB
TEMPEST denies unauthorized persons valuable information derived form interception and analysis of compromising emanations from cryptoequipment, information systems, and telecommunications systems
The objective of TEMPEST is to deny access to classified or unclassified information that contains compromising emanations within an inspectable space
Sanctions for disclosing classified information to unauthorized persons include: - Warning - Reprimand - Suspension without pay - Forfeiture of pay - Removal - Discharge - Loss or denial of access to classified material - Removal of classification authority - Actions taken under the UCMJ and under applicable criminal laws
The originator of a document is responsible for determining whether the information may qualify for CUI status
Classified materials must be kept under constant surveillance by authorized persons once removed form storage
These forms must be used to cover classified information outside of storage: - Standard Form 703, Top Secret - Standard Form 704, Secret - Standard Form 705, Confidential
Information systems are discrete sets of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information
They also include specialized systems such as industrial/process controls systems, telephone switching and private branch systems, and environmental control systems
If you are appointed to conduct and end-of-day security check, use Standard Form 701 to record the check
This form is required for any area where classified information is used or stored
Not all threats to our national security are conventional
Threats through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service include any circumstance or event with the potential to adversely impact: - Organizational operations - Organizational assets - Individuals - Other organizations - The nation
The goal of ID is to neutralize security threats throughout the BB to ensure unhindered AF operations
Through ID, commanders must: - Minimize mission degradation from threat activity within the BB - Coordinate necessary security operations support within the BSZ when not congruent with BB - Minimize injury and loss of life from threat activity - Protect government property and personnel
Cryptosecurity arises by providing and properly using technically sound cryptosystems
Transmission security measures protect transmissions from interception and exploitation by means other than cryptoanalysis, including the use of: - Secured communications systems - Registered mail - Secure telephone and facsimile equipment - Manual cryptosystems - Call signs - Authentication to transmit classified information
Internet-based capabilities: - Are all publicly accessible information capabilities and applications available across the Internet in locations not owned operated, or controlled by the DoD or federal government - Include collaborative tools such as simple notification service, social media, user-generated content, social software, email, instant messaging, and discussion forums
When accessing Internet-based capabilities using federal government resources in an authorized personal or unofficial capacity, individuals must comply with operations security guidance and must not represent the policies or official position of the AF or DoD
