|
Industrial Security & You: Protecting Assets with Counter Measures |
Greetings!
Happy Patriot Day! September is a busy month with children heading back to school, Labor Day, Patriot Day, and being National Preparedness Month. Are you prepared? Are you using counter measures to protect your company's assets?
Many of the regulations (NISPOM, ISLs, DCIDs, etc.) we comply with on a daily basis are primarily counter measures to mitigate risk -- not avoid risk altogether. Being prepared is a motto many of us are familiar with from scouting or family or military experiences. Preparing your staff is very important and as the FSO you are uniquely qualified to train them.
May the new format of this newsletter and the articles below assist you in being prepared and training your staff.
Enjoy, |
|
|
COMSEC -- Have IT? Want It? Know the Basics? |
 by Ed Fitzgerald, FSO, SCCI
STE, STU, SIPR, KOI, KIV, the list of strange acronyms goes on forever. It is all a part of the language of Communications Security, most often referred to as COMSEC, and it is truly a language unlike any other. What exactly is COMSEC? It is measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. COMSEC includes cryptosecurity, emission security, transmission security, and physical security of COMSEC material. The COMSEC program comes under the purview of the National Security Agency Central Security Service and is covered in NSA/CSS Manual 3-16. In fact, if you look in the NISPOM for information on COMSEC, the very first sentence in paragraph 9-400 states, "This section was prepared by NSA." NSA/CSS Manual 3-16 sets forth very specific rules regarding clearance and access requirements, briefing and debriefing requirements, storage, destruction, ordering, and simply all things COMSEC. If you are a seasoned security professional who gets a new contractual requirement to have a COMSEC account or if you're relatively new to security and are being assigned COMSEC duties, the first thing you want to do is get scheduled for training. Why? Because completion of COMSEC Custodian Training (Course IAEC 2112) is mandatory for all persons appointed as a COMSEC Custodian or Alternate. It is also very important to help you learn and understand the language, become familiar with the requirements, and will allow you and your company to enjoy a properly functioning COMSEC program. The course schedule for the required training can be found on-line at http://www.ccmit.org/t-comsec.aspx. Most of the classes are offered at the Linthicum Heights, MD facility, so please be advised there will be some travel involved, especially for those of us deep in the heart of Texas. |
|
Escorting Visitors, Vendors, and Others |
|
Meet Rosita above. She is pure Watussi and a very good mother to her calves. She is also the head cow of our herd of eleven. She is very social, well behaved, and schooled in securing the Walker Ranch. Her expertise includes escorting or supervising visitors to the ranch. Once she has greeted you, obtained her fill of the cow treats, and ensured that Mom has a chaperone, she will discreetly follow and supervise visitors.
We (my husband Dan, Mom, and I) had borrowed a friend's trailer to bring a couple of new Watussi heifers to the ranch. John (the friend who owned the trailer) joined us upon our return and requested permission to scrounge up some tin to reinforce the roof of the trailer we had borrowed. While we continued to talk with another friend who had come out to the ranch, John visited approximately five different areas where we might have had left over tin stored. As he left each spot for the next, Rosita discreetly followed him and ensured that all was as it should be. As John rejoined our group to show his findings and to wish us well prior to reclaiming his trailer, Rosita ambled over to the corral for a drink and to check on grain recently disbursed. Are your staff trained to observe visitors, vendors, contractors, and other staff for actions out of the ordinary?
Would your staff know if an action by a visitor, vendor, contractor, or staff member was inappropriate or a danger to your facility. With the advent of so many technical advances in audio/visual recording devices and their disguises, sometimes body language or a person's actions may be the only clue that something might be wrong. To protect national secrets, your facilities' trade secrets and proprietary information, your staff must be trained to recognize each type of data, know if there are restrictions on handling or viewing, and when and how to report if they have a suspicion or actual incident to report. Incorporate physical security, counter intelligence awareness and training as a part of your company culture and find automatic countermeasures securing your facility. |
|
Industrial Security Training Available |
|
 Don't Miss Out! Register Now!
Last Chance for 2009 Training
An intensive hands-on JPAS & e-QIP training session for those who are new to JPAS and/or e-QIP, or want an immersion into the complete JPAS & e-QIP applications. You receive hands-on Lab practice time, a review of recent updates to JPAS and/or e-QIP challenges. Bring your specific challenges and obtain solutions.
Our Price: $600.00 per attendee
(full day training with lunch and laptop provided)
for IJPAS-0921
for IJPAS-1005
FSO/SSO Personnel Security  Admininistration
An initial overview for beginning FSOs/SSOs, or a refresher for seasoned FSOs/SSOs meant as a supplement to any required training such as the DSSA's FSO Management courses. A training session that is primarily lecture/discussion with occaisional Lab Practice sessions where attendees will access resources mentioned.
Our Price: $600.00 per attendee
(full day training with lunch and laptop provided)
for PSA-1019 |
|
Hiding in Plain Sight - OPSEC in an Industrial Security and Defense Contractor Entity |
 by Jeffrey W. Bennett, ISP
While on vacation this summer I had the opportunity to bump into a famous actress. Actually, I didn't even notice her until my wife pointed her out. But, there she was walking right pas us in Dollywood, USA. At first, I did not recognize her because I really was not looking for her. Also, she had not been dressed in the fashion of her TV career. A moment later I asked my wife to continue with the children while I back tracked to get a better look.
I turned back and finally caught up with the actress and her group. Since I only wanted to verify my sighting and not bother her, I continued to walk past her, took a right and pretended to be lost. I looked around as if searching for something. After taking a discreet look I was able to finally recognize her as the TV personality. I then made my way back to my family smiling and nodding to the actress as I walked by. "I'm not sure, but I think that was her," I later told my wife. "Good sighting." Later that night, after returning to our vacation cabin my wife came running up to me. "See, I knew that was her." My wife held open a gossip magazine with the actress and her famous boyfriend in a photo walking along a resort beach. In the picture, the actress had worn the same pink trucker hat and brown sunglasses we had seen her in earlier that day. I couldn't believe it, it had been a good sighting. "So, why didn't you talk to her?" asked my wife. "Well, I really didn't know what I would say. Plus, I really think she just wanted to enjoy her holiday," I replied.
I've been thinking of the event on and off since returning from our vacation. This actress had made an attempt at assuming a normal life on a normal vacation taken by normal people. However, instead of really blending in she stood out enough to be recognized by my wife (who has also been able to spot other celebrities at airports during our travels).
Our actress had attempted to blend in dressing in clothing to be somewhat incognito. However, the hat and sunglasses really made her stand out. Here in the South, many like to wear baseball caps. That day, few people wore hats. Those who did wore regular baseball caps and not the mesh type of trucker hats; especially not hot pink ones. The sunglasses were oversized and clashed with the hat (and outfit) and kind of made the appearance of someone doing everything wrong in an attempt to look like everyone else.
Not that I am a sound fan of fashion, but I am looking at this in an OPSEC or security point of view. Our actress attempted to have fun at a theme park while not drawing attention to herself or her celebrity status. However, her attempt to blend in may have failed because of her unusual dress.
Cleared professionals could learn a lesson from this story. Defense contractor and Government work should be performed in such a way not to bring attention to the operation. This applies for both classified and unclassified efforts. Practicing good OPSEC includes taking a look at your operations through the eyes of someone wanting to exploit your vulnerabilities. A good question to ask is "how would an adversary recognize our effort and how will they attempt to learn more about it?" Security managers should study the surroundings, situation, and environment to ensure performance on contracts, proprietary data and otherwise privileged information remains low key. Teach employees to work in a way to not draw unwanted attention. | |
Thank you for reading my newsletter. If you know of someone who could benefit from the information shared, please pass it on. If you know of someone who could use my expertise please tell them about me and pass their contact information to me at ajsconsulting@earthlink.net so I may assist them.
What I do best is assist you with solutions to difficult industrial security challenges. How may I assist you today?
Sincerely,
Ann J. Martick, ISP AJ's Consulting P.S. How do you like the new format of the newsletter? |
|
|
Great facilities and instructor...Ann really was helpful and made the system easy to use. Very organized.
Kenneth Browning
Round Rock, TX |
Ann was very knowledgeable not only in JPAS, but also DISCO information and Reg's, etc. She conducts the training in a clear & concise manner.
Elizabeth Marcotte
Little Rock, AR |
|
Local Meetings |
|
|
|
CT - GA2SP
Monthly Meeting
ARL:UT
Austin, TX
September 16, 2009
Social Networking vs. Personnel Security
R.S.V.P.
===============
R3 Summit
Readiness Response Recovery September 22, 2009
September 11th
Commons Center
10100 Burnet Road
Austin, TX 78758
9:00-12:00 PM
Seminar Cost: $20/Person
==============
Austin Area Benchmarking Event on Import/Export
Indicate interest in attending by
|
|
Best money spent on consulting services in my career.
Current Customer |
| Remembering 9-11 |
|
|
|
September is also National Preparedness Month - below are a few links you may find useful in prepping your companies or in training your staff to be prepared.
|
Training was great. The reference book provided has been a lifesaver...
Joseph Cole
Pepperell, MA
|
| DSS & JPAS Updates |
 |
|
(09/10/09) DISCO Will Temporarily Record Dual Adjudication Actions in JPAS: Beginning Aug. 24, 2009, Joint Personnel Adjudication System (JPAS) users may have noticed that the Defense Industrial Security Clearance Office (DISCO) began issuing two adjudications for individual cases. This is not an error, but a temporary "fix" while DISCO implements Case Management Tracking System (CATS), a new case management system. This system allows for electronic transmission of investigative reports from the Office of Personnel Management to DISCO, and it is anticipated this will save 4 to 7 days on mail time to receive the product. DISCO will use CATS to adjudicate electronic investigations, and CATS will update JPAS. In order for JPAS to provide the necessary notification to the affected Security Management Office, a second (dual) adjudication must be manually entered in JPAS. The Defense Security Service and the Business Transformation Agency are working to develop a JPAS modification, eliminating the need for dual entry of actions. Dual recording of adjudication actions will have no adverse affect on an individual's clearance record.
|
|
 |
|
| |
|
