Radioman Training Series
Contents
1. 2 Assess life safety hazard 3 Evacuate facility 1f necessary 4 Initiate loss control procedures E Figure 4 13 Fire emergency response 4 28 e Substitute other procedures If increased cost or degraded service can be accepted temporarily it may be possible to use other procedures If printer capability is lost print tapes could be carried to a backup facility for offline printing It might also be possible to substitute batch processing for online processing temporarily In some cases where compatible hardware is not available it maybe feasible to maintain a second software package that is functionally identical to the regular package but technically compatible with the offsite AIS hardware that is available for backup use Modify tasks to reduce run time To stretch available backup resources it might be feasible to eliminate or postpone portions of a task such as information only reports or file updates that are not time urgent In some cases it might help to double the cycle time for a task that is run a daily task every other day instead By considering these possibilities for each task the AIS technical manager can develop the specifications for the minimum backup requirements AIS hardware resources and hours per day necessary for adequate backup To evaluate alternate backup modes and offsite facilities consider such factors as e AIS hardware usage e Transportation of military an2. A system status containing accounting information pertinent to all the messages on a hold queue will be displayed to the router via the VDT when the router queue is empty or upon demand by the operator The router can then retrieve any message on the hold queue by its PSN If the router rejects the message the system will record it and print a reject notice on the service log Any message determined by the LDMX NAVCOMPARS system to be duplicated will be rejected to the service printer with the proper annotation After all routing is appended to the message the system assigns the language and media format LMF QUEUE MSG DISPLAY IS ROUTER N ee Oe ff TRANSMIT OUTGOING MSG ise da oe N pen SHEEN REFORMAT MESSAGE ASSIGN AT CAN N queve message i Nase AA TO JANAP 128 A OSRI SSN OF ESAS FOR TRANSMISSION o o al A Y Y Y NOTICE TO MSG can Y Print Msc FOR DISTRO pa pai DATA Perrera lt Sretanassion gt J ROUTINE AA LY N ana DISPLAY IS RMJAQO0O15 THE ROUTER Figure 2 8 Steps for processing automatic outgoing messages 2 16 JANAP 128 content indicator code CIC JANAP 128 originating station routing indicator OSRD station serial number SSN and time of file TOF to the message The message is then paged and sectioned according to JANAP 128 and queued for transmission Data pattern messages may be introduced into the system via card or magnetic tap
3. and the following station To establish a termination with a NCTAMS or NAVCOMTELSTA a ship must send a request what minimum time in advance ds 24 he 2 48 hr F T2 DE 4 90 Hr When it needs to shift broadcast guard a ship sends what type of message Ls Termination request message 2 Communications guard shift 3 Service message 4 Broadcast screen request Broadcast screen requests should be sent to what organization la Broadcast rerun station Le Broadcast radiating station cr Broadcast control station 4 Broadcast keying station A COMMSPOT report should be sent under what circumstances Ty As soon as unusual communication difficulties arise Zi As soon as communication difficulties are corrected 3 Whenever unusual communication difficulties are expected de During solar flare ups What type of message is placed in the cryptocenter file SPECAT SPECAT SIOP ESI TICON NATO Hm CG N EP Lo Authentication Codes Ciphers Radio silence Monitoring Identification Friend or Foe IFF Figure 2A IN ANSWERING QUESTIONS 2 67 THROUGH 2 14 SELECT THE SECURITY DEVICE OR PROCEDURE FROM FIGURE 2A THAT IS BESC DESCRIBED IN LAB QUES TLON Vues Oe Any cryptologic system in which arbitrary symbols or groups of symbols represent units of plain text 1 A Zan Sa E 4 F Uses electromagnetic transmissions to which equipment carried by friendly fo
4. results 1 24 Supervise computer operations Review job control logs To determine how to go about scheduling work on your facility s computer system you should depend on which of the following factors La Ze Jy 4 The number of jobs to be scheduled The system configuration only The operating mode of LL the system only The system configuration and operating mode Which of the following is NOT an example of a computer operating mode Hm GW N e Prime time Real time Online Baten As scheduler you will be concerned with precomputer processing for which of the following reasons 1 To see that the work is performed accurately Zo To see that sufficient magnetic media are avallable to store the data on To ensure that all inputs are received on time according to prearranged schedules 4 To ensure users are complying with standard operating procedures If you schedule so much work for the computer that you overload the computer system which of the following results is likely CO OCEUE A AIS services are underutilized Dx User service deteriorates a4 Precomputer processing service deteriorates 4 Fach of the above As a scheduler which of the following actors must you know about the files in use I Where to find them in the magnetic media LiD rary 2 Where to store them in the magnetic media library 3 The record sizes and blocking factors of each file 4 How to
5. Naval Warfare Publications Library NWPL 2 32 administration binders 2 34 clerk 2 32 custodian 2 32 entry of changes L2 35 extracts 2 35 maintenance publication notice 2 35 publications 2 35 watch to watch inventory 2 35 Naval Warfare Publications Library NWPL publications allied communications _ 2 36 communications information bulletins CIBs 2 36 fleet telecommunications 2 36 Joint Army Navy Air Force 2 36 naval telecommunications 2 36 naval warfare 2 36 receiving or revised 2 36 NAVCOMMAREA 2 4 NCS 2 1 Networking 1 9 NTS Z2 NWPL 2 32 INDEX 5 O Online processing 1 9 Operating system 1 9 1 10 1 22 Operation orders 2 3 OPORDs 2 3 OTAR OTAT 3 11 Output products 1 1 1 4 P Physical security 4 8l 5 4 cipher locks 5 5 combinations containers data file protection 4 8 natural disaster protection 4 8 physical access controls 4 8 physical security protection 4 8 storage 5 4 Physical security measures 4 8 environmental security fire protection 4 9 hardware protection 4 10 lighting 4 8 physical security 4 8 physical structure security 4 9 power supply protection 4 9 Postcomputer processing 1 9 Precomputer processing 1 9 Priorities Processing time 1 14 Production control daily operations output reports 1 21 production control coordinator 1 8 1 9 11 17 Production control and schedul
6. REMOTE i TAL IWINS l ba RADIO POSITIONS low PREPA ARATION nl a OOF READING CALITO reanstsson TRANSMISSION RMJA0014 VERIFICATION ING f a REPRODUCTION a hit y amp y PROCESSING OUTGOING MESSAGES Outgoing messages are those messages originated by e The command e Commands served by the communications center e An afloat command if a flag officer is embarked e An addressable unit onboard the ship as well as all messages accepted for relay The flow chart in figure 2 7 shows the actions required to process outgoing messages HANDLING AUTOMATICALLY PROCESSED OUTGOING MESSAGES Those messages introduced into the LDMX NAVCOMPARS from a PCMT VDT paper tape reader data speed reader DSR card reader or magnetic tape are considered outgoing They are prepared in JANAP 128 modified ACP 126 or other acceptable formats Most outgoing messages are destined to be delivered to distant communications centers and commands Others also have delivery requirements for in house distribution to commands y BASIC D OR m Loccnc f mp MESSAGE i y INTERNAI TRAFFIC CHECKING y FILING f DISTRIBUTION Figure 2 7 Steps for processing outgoing messages serviced by the communications center The basic steps for aa outgoing messages are shown in figure 2 8 The system recognizes whichever format is used upon entry and then validates the sta
7. Radio Silence A condition in which all or certain radio equipment is kept inoperative frequency band and or types of equipment are specified Monitoring The act of listening carrying out surveillance on and or recording the emissions of one s own or allied forces for the purpose of maintaining and improving procedural standards and Security Identification Friend or Foe IFF A system using electromagnetic transmissions to which equipment carried by friendly forces automatically responds For example by emitting predetermined IFF pulses friendly forces can distinguish themselves from enemy forces 2 28 Communications Deception Communications deception part of the field of tactical deception is the use of devices operations and techniques with the intent of confusing or misleading the user of a communications link or a navigation system EA and EP Electronic attack EA is that division of electronic warfare EW involving actions taken to prevent or reduce an enemy s effective use of the electromagnetic spectrum Enemy EA concerns the communications planner because overcoming enemy jamming and deception imposes certain restrictions on general communications operations procedures Electronic protection EP is that division of EW involving actions taken to ensure friendly effective use of the electromagnetic spectrum despite an enemy s use of electronic warfare The planner must be aware of EP capab
8. TAPE DRIVES ose 3 JOB C JOB ES JoB G f R T SPOOLER RESERVED FOR REAL TIME R T R T JOURNAL RESERVED FOR REAL TIME R T USERS APPLICATIONS USER APPLICATIONS PRINTERS SPOOLERS 38NVJ003 Figure 1 5 Resource utilization in a multiprogramming environment is difficult to obtain an optimum job mix using manual scheduling techniques but 1t can be done Most often the solution to obtaining maximum throughput in a multiprogramming environment on a continuous 24 hour basis 1s to use one of the more sophisticated automated scheduling packages These packages have all of the considerations we have been discussing programmed into the software Another piece of job related information to consider is job dependencies Most AIS facilities process both single program jobs and multiprogram systems Examples of multiprogram systems are the supply and 3 M systems These systems consist of many programs that are normally executed as separate job steps within a system Or the programs may be processed as separate jobs that must be processed in a specific sequence Therefore you must know their proper sequence It would be foolish to execute a job that prints the output of an updated file that had yet to be updated It should be just as obvious if a job abnormally terminates that all jobs following it must be canceled and rescheduled allowing sufficient time for the terminated job to be rerun Canceli
9. routing indicators special operating groups SOGs J 2 12 types 2 23 INDEX 4 Message elements 2 19 conversion of GMT local time 2 20 DTG 2 19 Greenwich mean time GMT 2 19 Julian date 2 20 time 2 19 Message logs 2 12 central message log 2 12 circuit logs 2 12 journal logs 2 15 Top Secret control log 2 12 Message precedences 2 20 FLASH 2 20 IMMEDIATE 2 20 PRIORITY 2 20 ROUTINE 2 20 Y ANKEE 2 20 Message readdressals 2 22 Message user responsibilities 2 22 drafter 2 22 originator releaser 2 22 MIJI 3 12 Military Affiliate Radio System MARS 2 5 Minimize 2 23 2 31 Multiprocessing 1 9 Multiprogramming N National Communications System NCS 2 1 Naval communications 2 1 command organization 2 1 commander 2 2 mission 2 2 NAVCOMTEL DET 2 5 NAVCOMTELSTA 2 4 NAVDAF 2 5 NCTAMS 2 4 policy 2 2 telecommunication system 2 2 Naval Communications Area 2 4 Naval Computer and Telecommunications Area Master Station NCTAMS 2 4 Naval Computer and Telecommunications Detach ment NAVCOMTEL DET 2 5 Naval Computer and Telecommunications Station NAVCOMTELSTA 2 5 Naval Data Automation Command NAVDAC 2 3 Naval Data Automation Facility NAVDAF 2 5 Naval messages 2 19 classes 2 23 message readdressals 2 22 types 2 23 Naval Security Group Departments NAV SECGRUDEPTS 2 5 Naval Telecommunications System 2 2
10. 2 10 commanding officer _2 9 communications center supervisor 2 10 communications officer 2 9 CWO 2 10 radio officer 2 9 technical control supervisor 2 10 Command ship communications 2 11 Commander Naval Computer and Telecom munications Command COMNAV COMTELCOM COMMSHIFT 2 24 COMMSPOT 2 24 Communications COMM 4 6 Communications center files 2 25 broadcast file 2 25 commercial traffic file 2 25 cryptocenter file 2 25 embarked command file 2 25 facsimile file 2 25 file fillers 2 26 file maintenance 2 26 general message file 2 25 master file 2 25 NATO allied files 2 26 retention of files 2 26 SPECAT SIOP ESI file 2 25 station file 2 25 Communications center supervisor 2 10 Communications management 2 6 evaluating performance 2 6 general administration 2 7 office management 2 7 personnel management 2 7 responsibilities Communications Officer Communications material accounting general reports 3 3 destruction 3 3 3 8 receipt 3 3 transfer 3 3 Communications material accounting general reports destruction 3 3 3 8 CMS 25 one time keying material destruction report 3 4 CMS 25B COMSEC keying material local de struction report 3 6 CMS 25MC COMSEC keying material local report 3 8 regular 3 3 Communications material accounting inventory reports 3 3 combined SF 153 3 3 fixed cycle 3 3 special SF
11. 4 9000 fathoms Which of the following areas go Ths must be covered in a command s emergency action plan i Enemy actions ae Civil disturbances oe Natural disasters 4 Fach of the above When a command implements its emergency plan the See PrLOCIEY OL destruction should be based on what Tractor le The speed at which the material can be destroyed 2 The amount of material that can be destroyed in the least amount of time 3 The potential effect on national security should the material fall into hostile hands SE 4 The number of personnel required for destruction When an emergency plan is implemented which of the following material should be destroyed first SPECAT material Special access material COMSEC material PERSONAL FOR material A WN ER SA In addition to having an emergency destruction plan all commands are required to have what other type of emergency plan Fire Evacuation Security force Watch security He CG N ER Which of the following material should NOT be destroyed during a precautionary destruction En Material of a historical nature Di Material that has been superseded She Material essential to communications 4 Material that is unneeded What should be done with superseded classified material l Retain indefinitely Ze Retain for ewe years then destroy 3s Retain for one month then destroy 4 Destroy in accordance with its prescribed time frame STUDENT
12. Figure 3C IN ANSWERING QUESTIONS 3 36 THROUGH 3 39 SELECT THE TERM FROM FIGURE ain t SC THAT 1S DESCRIBED OS Marking used to protect or authenticate national security related information on all keying material and associated equipment 1 A 2 Eo 3 42 4 D o ee Always classified and normally concerns the encryption or decryption process of a cryptosystem SN a EC ZS May be classified or unclassified normally associated with cryptomaterial but not Significantly descriptive of it HH CO PRO e J Qa W D Encompasses all associated items of cryptomaterial that provide a single means of encryption and decryption A HS G DO E B 2 D A failure that adversely affects the security of a cryptosystem is known by what term Cryptoexposure Cryptoinstability Cryptodeficiency Cryptoinsecurity Hm CG N Fe A system within a general system confined to actual encryption decryption or authentication is known by what term Cryptovariable Specific cryptosystem Secondary cryptosystem Supporting cryptosystem H CG N Fe The most frequently changed element of a cryptosystem is known by what term Primary cryptovariLable Secondary cryptovariable Crypto modifier Cryptosystem internal variable e wN What are the primary advantages of a over the air rekey and transfer ip OTAR b over the air OTAT a Requires less Circuit downtime for loading keylists and b no ope
13. In addition to hardware and software what are the other three areas of consideration for the Navy s AIS security program La Data personnel and environment La Data human resources and logistics Ss Data human resources and communications 4 Media libraries environment and communications Which of the following personnel serves as the single point of contact Lor all matters related to AIS security 1 Executive officer Za Information system security manager J Security violations officer 4 Systems security manager AIS security is not really bhat et Ee lt 0 understand What percent is a common sense and b proper training Ta a 55 b 45 Zo la 60 b 40 3a a 65 b 35 to a 70 b 30 The manufacturer s optimum temperature and humidity range specifications for AIS equipment operation are NOT available Which of the following a temperature and b humidity ranges are considered acceptable for computer operation ka a 65 52 b 55 5 e a 65 59 b 65 2 or ay TDS b 55 5 4 4 T29 2 b 65 2 In AIS environmental 3 70 security emergency lights are installed in computer facilities for what primary reason i To protect personnel 2 To assist fire fighters ce To locate AIS equipment 4 To locate fire fighting equipment Fluctuations in electrical power can adversely affect the operation of AIS equipment If your command
14. Ribbons and carbon paper must be disposed of properly Because of the large variety of ribbons and printers it is difficult to state with certainty that any and all classified information have been totally obscured from a given ribbon unless you examine that ribbon in detail Therefore printer ribbons are controlled at the highest classification of information ever printed by that ribbon until that ribbon is destroyed The same ribbon is used in the printer for classified and unclassified information consistent with the levels of physical security enforced for the area Carbons are easily readable and must be handled and disposed of in accordance with the classification of data they contain Remember regardless of what the media is it must be disposed of in accordance with the Security Manual if it ever contained classified information Basically the requirement states that the data must be destroyed beyond recognition If the media did not contain classified information follow your activity s standard operating procedures SOPs AIS SECURITY PROGRAM IMPLEMENTATION The risk analysis and higher authority instructions provide the basis for an AIS security program Even though implementation of the program depends on local instructions directives and conditions it may not be clear just where to begin AIS SECURITY PROGRAM PLANNING Following is a suggested outline to use as a basis for planning an AIS security program e P
15. Senior enlisted personnel may be assigned communications duties normally assigned to officers if there are insufficient officers to fill communications billets shows a normal shipboard communications organization Key billets are further discussed in this chapter Commanding Officer The commanding officer of a ship or a shore command is responsible for the communications of that command The only exception to this is when a flag officer is embarked aboard a ship making that vessel the flagship In such cases the embarked commander assumes control of flagship communications The commanding officer is still responsible for the proper handling of message traffic within the ship Communications Officer The communications officer COMM officer is responsible for the organization supervision and coordination of the command s exterior communications At shore stations the COMM officer is the department head Aboard ship the COMM officer may be assigned as a department head or may be assigned under the operations officer Aboard ship the COMM officer is also responsible for the management of related internal communications systems Radio Officer The radio officer is in charge of the communications center This officer is responsible for organizing and supervising assigned personnel to ensure accurate secure and rapid communications The radio officer is responsible to the communications officer for e Preparing the comman
16. Station NIF Naval Industrial Fund NMC Numerical message correction NOTAM Notice to airmen NSO Network Security Officer NTIA National Telecommunications and Infor mation Administration NTP Naval telecommunications publication NTS Naval Telecommunications System NWPC Naval warfare publications custodian NWPL Naval Warfare Publications Library NWP Naval warfare publication O OPORD Operation Order OSRI Originating station routing indicator OTAR Over the air rekey OTAT Over the air transfer P PCMT Personal Computer Message Terminal PC Personal computer PLA Plain Language Address POS Personnel Qualification Standards PRO FORMA Predetermined format PROSIGNS Procedural signs PSN Processing sequencing number R RADAY Radio day RD Restricted Data RI Routing indicator RMKS Remarks S SEF SPECAT Exclusive For SIGSEC Signal security SIOP ESI Single Integrated Operational Plan Extremely Sensitive Information SOG Special Operating Group SOP Standard operating procedure SPECAT Special Category SSN Station serial number SUBMISS Submarine missing SUBRON Submarine squadron SUBSUNK Submarine sunk SVC Service SWS Senior Watch Supervisor T TASO Terminal Area Security Officer TCC Telecommunications Center AIl 3 TICON Tight control TOD Tim
17. The embarked command file is maintained by the embarked commander s staff When embarked commanders depart their flagships they may require that their files accompany them Therefore the embarked command file is maintained separately from the flagship file Flagship communications personnel are responsible for processing outgoing and incoming messages for the embarked staff NATO ALLIED FILES Classified messages of foreign origin must be provided the same protection as U S messages of equivalent classification Foreign Restricted messages for which there is no U S equivalent must be protected the same as U S Confidential messages except that Restricted messages do not have to be stored in a security container You can find U S equivalent and foreign classifications in the Department of the Navy Information and Personnel Security Program Regulation OPNAVINST 5510 1 hereinafter called the Security Manual NATO classified messages may not be filed with U S classified message However NATO classified message files may be stored in the same storage area with U S messages provided that the NATO files are clearly marked as such FILE FILLERS Because of repeated reference to previously sent message traffic you must be able to locate all messages easily and quickly Therefore you must always return a message to the same file from which it was removed and in the proper filing order When you remove a message from a file al
18. Three 3 4 Four 4 D Who exercises coordination 2 14 Provides Naval Industrial and control of all naval FUNG ADP Services communications within each NAVCOMMAREA dl A Sis 6B 1 Officer in Charge Ja E NAVCOMMAREA 4 D La Naval Computer and Telecommunications Area Master Station on The fleet CINC in the area 4 Naval Communications Station Li When you are assigned as a 2 A communications manager what should be your first consideration di Compare the communications organization with others of similar size Za Evaluate the effectiveness of organization s communications Js Evaluate the personnel training program 4 Rotate personnel in their jobs to improve Eraining To measure the effectiveness of the operations and services provided by your communications facility you aL should establish standards of performance for which of the following areas Ta Speed Zo Security Ses Reliability 4 All of the above Fixed standards for work measurement processes present what potential 220 problem 1 They may prevent changes that are needed as a result of changing conditions 2 They limit variety in work assignments de They tend to limit individual work potential 4 They allow for individual initiative which is undesirable 12 To overcome resistance to changes in performance standards which of the following methods is recommended Ll Show the personnel concerned h
19. USN addenda to allied publications and e Miscellaneous allied publications The objective of central administration of naval warfare publications NWPs is to ensure that these publications are correct and readily available for their intended use Some NWPs contain information that is necessary for the proper performance of individual duties and is important for individual professional development Therefore NWPs must be readily available for use by individuals with a duty related need or a general professional need for the information NAVAL WARFARE PUBLICATIONS CUSTODIAN The responsibility for managing the NWPL is assigned to an officer or senior petty officer who is responsible to the executive officer department head or division officer This assignment is a collateral duty and the person assigned is known as the naval warfare publications custodian NWPC This person is responsible for the overall administration and security of the NWPL in accordance with the Naval Warfare Documentation Guide NWP 0 NWP 1 01 NAVAL WARFARE PUBLICATIONS LIBRARY NWPL CLERK The NWPL clerk is a person assigned by the NWPC The clerk is responsible for the upkeep and maintenance of the library The NWPL clerk maintains all records and receipts in the central file orders all necessary publications and changes thereto and enters all changes and amendments to publications physically held in the NWPL The clerk reports all matters of conc
20. When a message is reproduced from the sole copy of a broadcast message the original copy or a filler must be returned to the broadcast file If two ply paper is used on the circuit the top copy may be used as the master file copy and the bottom copy retained as the circuit monitor copy COMMON MESSAGE ELEMENTS Before covering the basic format of military messages we will first discuss the time system and precedence categories used in naval communications TIME Time is one of the most important elements in communications Messages are normally identified and filed by either date time group or Julian date depending on the method of transmission Date Time Group The date time group DTG is assigned for identification and file purposes only The DTG consists of six digits The first two digits represent the date the second two digits represent the hour and the third two digits represent the minutes For example 221327Z 2 19 AUG 96 means the 22nd day of August plus the time in Greenwich mean time GMT The dates from the first to the ninth of the month are preceded by a zero We will talk more about the GMT system shortly The DTG designation is followed by a zone suffix and the month and year The month is expressed by its first three letters and the year by the last two digits of year of origin for example 081050Z AUG 96 The zone suffix ZULU Z for Greenwich mean time is used as the universal time for all message
21. add 5 hours to GMT Z a Add 5 hours to local time b subtract 5 hours from GMT 3 ar Subtract o heures from GMT 2 54 W ada gt Nours to Local time a a Add 5 hours to GMT b subtract 5 hours from local time 16 Greenwich Mean Time Zo An eastbound ship crossing the international date line loses a day 1 True on False What is an important point to remember about the MIKE and YANKEE zones ie The day changes along with the time plus or minus 1 hour Dis The day remains the same but the time changes plus or minus 1 hour oF The day and the time remain the same 4 The day changes but the time remains the same How many digits make up the Julian date des Nine 2 Seven 3 Six 4 Four The precedence of a message should be based on what factor la The urgency of the message 2 The classification of the message T The number of addressees who are to receive the message 4 The importance of the subject matter What is the highest precedence that is normally authorized for administrative messages 1 Routine can ETLOLLEY Je Immediate 4 Flash LE Ta What precedence is assigned UNO to a message that is of such urgency that it must be brief Le Priority 2 Immediate Jis Yankee 4 Flash What precedence is limited to designated emergency ZOU action command and control messages within the AUTODIN system iv Priority Zi Immediate a4 Flash 4 Yan
22. and operation and e Control of voice circuits and the operation of satellite circuits where installed The combined efforts of the operational organization are performed in various spaces simultaneously In the next section we will discuss the duties and responsibilities of some of the key billets within this organization COMMUNICATIONS WATCH OFFICER CWO The CWO is responsible to the communications officer for e Ensuring that communications capabilities are accomplished in accordance with the command s mission e Incoming and outgoing traffic ensuring that all messages transmitted or received are handled rapidly and accurately in accordance with existing regulations and e Ensuring compliance with existing communications directives and monitoring the performance of on watch personnel and spaces Fleet Communications U NTP 4 contains a detailed listing of the duties of the CWO SENIOR WATCH SUPERVISOR SWS When assigned the SWS is the senior enlisted person on watch in communications spaces and is responsible to the CWO for e The proper handling of all communications e Notifying the CWO on all matters of an urgent or unusual nature e Examining operational logs and monitoring equipment alignment and operation and e Directing action necessary to prevent or overcome message backlogs In addition to the duties listed in NTP 4 the SWS is also responsible for any other duties as maybe assig
23. dial in access is allowed e Open access during abnormal circumstances Personal data that is adequately protected during normal operations may not be adequately protected under abnormal circumstances Abnormal circumstances include power failures bomb threats and natural disasters such as fire or flood The physical destruction or disabling of the AIS is not normally a primary risk to privacy However all computer systems presently in use are vulnerable to deliberate penetrations that can bypass security controls These types of security penetrations require extensive technical knowledge At present the Navy has experienced very few of these deliberate penetrations Commands designing large computer networks should consider the following risks early in the planning stage e Misidentified access Passwords are often used to control access to a computer or to data but they are notoriously easy to obtain if their use is not carefully controlled Furthermore a person may use an already logged in terminal which the authorized user has left unattended or may capture a communications port as an authorized user attempts to disconnect from it e Operating system flaws Design and implementation errors in operating systems allow a user to gain control of the system once the user is in control the auditing controls can be disabled the audit trails erased and any information on the system accessed e Subverting programs Programs
24. how to make up control or SCL statements and any special output requirements the job may call for This information can be found in the run book Job manual task folder master run manual H gt GC po pp A run sheet to be used by the computer operator should contain which of the following information Breakpoints Partition numbers Recovery procedures List of required inputs ds GW N ER If a job terminates before Going to va normal HOw vou as the I O control clerk may be required to collect which of the following data information it Output data and memory dump only Les Input data a o SCL statements only I i2 J IAput data outp t data and memory dump 4 Output data console Pride onte aa SCL statements During the SUADPS daily update for supply problems reading the current master read file MRE on disk drive 241 are encountered The job terminates prematurely leaving eight jobs to be run The computer operator calls on you as the I O control clerk to help in the recovery process You can be expected to perform all except which of the following tasks 1 Provide the operator with the input parameters and or SCL statements to recover the job 2 Remove the defective disk pack from drive 241 and forward it to the technicians to be checked out Ja See to it that the remaining jobs are rescheduled once the master file is recreated and motity the user 4 Provide the oper
25. input file has not been created yet e Out of free disk space The out of freeidisk space abort is usually a result of poor housekeeping techniques For example files that are no longer needed have not been removed Be sure housekeeping tasks are performed on a regular basis This problem also can be remedied by using some of the performance tuning initiatives discussed later in this chapter These operating system software reports are a good source of information for preparing the management reports and aiding in the performance tuning initiatives We also need these reports for background information for submitting trouble reports which are covered later in this chapter EQUIPMENT INVENTORIES With the ever increasing need to trim the budget AIS resources have become a critical area This is causing a real need for accurate and complete computer hardware inventories We must verify the accuracy of these inventories annually to ensure we can support our command s mission When new equipment is acquired it is to be added to the inventory The inventory will contain such information as e Manufacturer e Type of equipment e Model number e Serial number e Minor property number e Location and e custodian Normally a complete inventory is conducted annually with spot inventories conducted periodically throughout the year All of this will be controlled by your local SOP PERFORMANCE TUNING INITIATIVES T
26. of a unified or specified commander is obtained from the Joint Chiefs of Staff through the USMCEB Within the Department of the Navy the Naval Electromagnetic Spectrum Center NAVEMSCEN authorizes frequency assignment applications and ensures all prerequisites are completed SPECIAL HANDLING MARKINGS Certain types of messages require special handling markings in addition to that provided by the security classification Among these markings are such designations as Caveat Restricted Data RD Formerly Restricted Data FRD LIMDIS FOUO EFTO SPECAT PERSONAL FOR NATO RESTRICTED and ALLIED RESTRICTED Caveat Messages When used with special handling instructions the word caveat means a warning by authoritative orders that directs or imposes one to protect an element usually special message traffic Restricted Data and Formerly Restricted Data The marking Restricted Data RD is applied to all data concerned with the design manufacture or use of nuclear weapons Also included in this category is the special nuclear material used in energy production The marking Formerly Restricted Data FRD pertains to defense information that has been removed from the RD category but must still be safeguarded as classified defense information FRD material cannot be released to foreign nationals except under specific international agreement LIMDIS Limited Distribution The LIMDIS designator is applied only to cl
27. one character or perform degaussing e Magnetic media used to store analog video or other nondigital information Overwrite using analog signals instead of digital e Internal memory buffers registers or similar storage areas Use hardware clear switch power on reset cycle or a program designed to overwrite the storage area e Cathode ray tubes CRTs Ensure that there is no burned in classified information by inspecting the screen surface DESTRUCTION OF CLASSIFIED MATERIAL Classified material that is no longer required should not be allowed to accumulate Destruction of superseded and obsolete classified materials that have served their purpose is termed routine destruction ROUTINE DESTRUCTION There are specific directives that authorize the routine destruction of publications message files and cryptomaterials As a Radioman you should carefully study these directives so that you may properly comply with them Additionally the letter of promulgation of publications often sets forth disposition instructions about destruction requirements for that publication Other materials such as classified rough drafts worksheets and similar items are periodically destroyed to prevent their accumulation Top Secret Secret and Confidential material may be destroyed by burning pulping pulverizing or shredding Destruction must be complete and reconstruction of material impossible The most efficient method of dest
28. resources media and time needed for a particular job Some information is AIS facility related for example workload anticipated resource changes number of operators available the system capabilities and capacities and so on You will need to consider both Let s look at the job related and AIS facility related areas in a little more depth One of the most apparent pieces of job related information is that every job has resource requirements These requirements vary considerably from one job to the next One job may require 125K of memory with no other peripheral devices except a printer for output Another job may require four tape drives two disk drives a printer and only 40K of memory But a job s resources cannot be looked at in these terms alone Can you recall the terms PREcomputer and POSTcomputer processing All AIS facility resources must be considered You must consider data entry functions job setup functions and output control functions Overloading data entry can delay jobs causing them to be assembled for computer processing later than scheduled Suppose I O control is overloaded What difference would it make if jobs were processed and completed as scheduled They would only be delayed because work is backed up or personnel are not available Overutilization of resources affects service Underutilization of resources is expensive and wasteful The balance will be up to you and the efficiency of your schedule
29. s needs This results in freeing memory for the execution of production jobs TROUBLE REPORTS AND TECHNICAL ASSISTS You will be responsible for submitting trouble reports on software and hardware problems Remember to follow the instruction from the command receiving the trouble report In most cases this will be the Navy Maintenance and Supply Systems Office NAVMASSO As shown ih figure 1 9 the trouble report contains a lot of information Items 13 14 and A E gt aa 3 AE iF O pu nd 1 i eas 1 Z se oes i o ES QU O E n lod D Y 2 Y O Ma I we mA A O a Ze et E 1 ie 0D O O az i go a w 4 LZ A gt Wn AS E a 4 7 lt t I O Q aa A 15 Ee E 82 g EO p ct E ym pe lt i I BYR gt Y A 2 z 4 Qu 2 pt E O O m lt 5 LO Z Fa YN p lt A E A E lt 9 BZ I aas A E m a E x z QA gi E Z eB if 1 622 e S sa GS E i A a g lo a E EE g Ex a l i lt E gt OR E Qe Y a ESA ee ae C a F WM Oo i a O lt L SS Z Ay i II fad E E Dow a I On lt E Roe T E e Nx a L E 2 Q gt f z i i O gt n o Z En E sl aa ll A EL D O 4 z dz gt EE mah 3 ES 222858 263 gt i d k i EL pa a l A TOA Y E E i Ii a oy al p Nr gJ gt S nd 1 II pue Nor a E Z 2 PA a A K ji Nu Nal Ne es i A En lt lt Ky O lt faa O i gt I fal
30. schedules job instructions and written orders Formal communications are handled to ensure wide dissemination and accuracy of information to avoid distortions and to provide a permanent record Informal information is usually passed orally and provides guidance and instructions on work assignments Horizontal communications can be either formal or informal Personnel holding parallel positions two watch supervisors for instance can sometimes resolve problems through informal communications without involving higher authority On the other hand formal communications must be used when the subject requires approval through the chain of command Formal communications may be in the form of station directives administrative procedures or station watch bills COMMAND COMMUNICATIONS ORGANIZATION The structure of the communications organization of a command depends on command size and whether the command is ship or shore based Not all Navy ships have a communications department Basic Operational Communications Doctrine U NWP 4 NWP 6 01 designates the types of ship that should have a communications department In ships that are not so designated communications personnel are assigned to the operations department but the communications functions are the same as those for ships with a communications department Future organization may structure communication and automated systems into a combined information systems department
31. 153 3 3 Communications material accounting reports 3 3 general 3 3 inventories 3 3 Communications planning 2 27 communications plan 2 28 EP and EA 2 28 frequency management 2 29 protection 2 28 requirements 2 27 spectrum management 2 29 telecommunications service order TSO 2 29 telecommunications service request TSR 2 29 Communications planning frequency management 2 29 allocation 2 29 assignment 2 29 INDEX 2 Communications security 3 1 authentication 3 11 Communications Security Material System CMS 2 1013 1 equipment 3 11 MIL 3 12 personnel 3 2 responsibilities transmission security 3 11 Communications security authentication 3 11 challenge and reply 3 11 transmission 13 11 Communications security MIJI 3 12 harmful interference 3 12 interference 3 12 intrusion 3 12 jamming 3 12 meaconing 3 12 Communications security personnel 3 2 CMS alternate 3 2 CMS custodian 3 2 CMS local holder 3 2 CMS user 3 2 CMS witness 3 2 Communications security responsibilities 3 2 inventory 3 3 receipt 3 3 storage 3 2 training 3 2 Communications security transmission security 3 11 destruction 3 8 equipment 3 11 OTAT OTAR 3 11 two person integrity TPI 3 9 Communications Security Material System CMS complete destruction 3 9 effective keying material 3 9 keying material 3 9 superseded keying material 3 9 Commu
32. 2 A a Q A AN l Zz gt WwW A wm li A lt 4 O lt 5 Os E A O 7 O JE A OCE Se Oe eee UA E es a AS eae Sais 2 8 E O gt y A a Z 1 5 O j EZ la amp O PEGABA IE U EJ d 4 5 a Q m i Ji wl SF O O lt 8 2 gt A E 2 0 4 0 y 2S gt n E E O 2s Ss Q S la A B pa mt de n f la a e iy a En O 1 F OF W za 2 ll a E gt amp gt Fe ERR A ERE S oo lazo E 6 sa O lt O O O yn oe n A 1 Z py B O Dn O fi 7 oa D t l PASA AN x SAA Es ie re oe Oo F OW ON gt D RANA li G all Figure 1 8 Typical trouble report form 1 25 15 are reserved for the receiving command s use Most of the items are self explanatory but let s cover two that aren t as obvious Item number 3 asks for the priority assigned Critical means that you cannot work around the problem to continue operating Urgent means that you can work around the problem but a resolution is required immediately Routine means the correction is needed but you can work around the problem and live with it until it is fixed When you start to fill in item 11 remember to enter a complete detailed description of the problem you are experiencing Include the screen or menu number if applicable the option number if applicable and any error message received Various procedures will have to be followed for personal computers PCs depending on the problem For commercial software prob
33. AIS hardware e Procure needed supplies office equipment and furniture tape storage racks decollators and so forth e Verify that all needed hardware equipment and materials are on hand and in good working order Then transfer operations from the backup site to the reconstituted AIS facility If the necessary documents have been prepared and stored offsite before the emergency 1t should be possible for all but the last tasks to be completely reconstructed with minimum effort Figure 4 14 shows a simplified step diagram of a normal reconstruction effort COOP TESTING Because emergencies do not occur often 1t 1s difficult to assure adequacy and proficiency of personnel and plans without regular training and testing Therefore it is important to plan and budget for both The availability of needed backup files may be tested by attempting to repeat a particular task using onsite hardware but drawing everything else from the offsite location Experience demonstrates the value of such tests in validating backup provisions it is not uncommon to discover gross deficiencies despite the most careful planning Compatibility with the offsite facility should be verified regularly by running one or more actual tasks A number of AIS facilities conduct such tests as a part of an overall inspection LOCATE amp PROCURE NEEDED FLOOR SPACE MODIFY ELECTRIC POWER AIR CONDITIONING ETC PROCURE amp INSTALL AIS HARDWAR
34. DATE OF REQUEST 32494 Test THIS PORA 1S FORWARDED With SUAK IWIN TOKE RECORDS 11704 CHANCE MONOS Special inst Remarks TAPES 3 av CHANGE NOTICE TAPE ke 126438 097639 AND 148619 APPLY CHANGE NOTICE TAPES 3 AND INVENTORY RECORDS 1704 INTO DAILY UPDATE SHOULD ERRORS OCCUR DURING INPUT VALIDATION NOTIFY BARBARA MMEDIATELY NTULEDM IAE aANharTiaisre IND GVINCK WII TA f A MI CONTINUE JOB TO NORMAL E0S OPERATIONS USE ONLY Job Accepted id PY See Time Date 1350 3 24 94 Job Started Time Date Job Completed Time Date A A e Ee ee 38NVJ008 Figure 1 2 A typical AIS service request 1 5 INPUT INFORMATION INPUT FOR WARDED TO COMP SYS ASSIGNED zee 1505 wesroz owe wowe remsro sones nom essere veo OUTPUT INFORMATION CTRL CLK IMNITIA e aren i Figure 1 3 Job control log reference Figure 1 3 illustrates a typical layout of input control information When you receive a job make an initial entry in the log As the job progresses make additional entries as appropriate For example if you send input to data entry to be keyed record this in the log In the event a job or its accompanying input becomes side tracked misplaced or lost you still have a means of tracking down the job or its input The log can be of great help It points out such thin
35. Director Communications Security Material System DESRON Destroyer squadron DISA Director Information Security Agency DON Department of the Navy DODCAF Department of Defense Central Ad judication Facility DSCS Director Satellite Communications System DSR Data speed reader DTG Date time group E EA Electronic attack replaces electronic counter measures ECM EAM Emergency Action Message EASTPAC Eastern Pacific ECP Emergency command precedence EFTO Encrypt for transmission only EMCON Emanation control EOJ End of job EP Electronic protection replaces electronic counter countermeasures ECCM FC Fixed cycle FCC Federal Communications Commission FIFO First in first out FLTCINC Fleet Commander in Chief FOTP Fleet Operational Telecommunications Program FOUO For Official Use Only FRD Formerly Restricted Data FTOC Fleet Telecommunications Operations Center FTP Fleet training publication FXP Fleet exercise publication G GENADMIN General Administrative GHz Gigahertz GMT Greenwich Mean Time H HF High frequency HW Hardware I IDL International Date Line IDS Intrusion Detection System IFF Identification friend or foe INMARSAT International Maritime Satellite Sys tem IR Information resources ISSM Information Systems Security Manager ISSO Info
36. E When using supporting utilities AIS technical managers should consider the probability of occurrence and the effects of which of the following conditions Vandalism only Sabotage only Fire only Vandalism fire A GC N E sabotage and Excessive fluctuation in the 4 48 dc voltage applied to the hardware can be caused if the line voltage is 90 percent or less of nominal for more than what minimum number of milliseconds A WN pp A O10 N Power fluctuations in line voltage cause unpredictable results in which of the following components AO ii Logic only 24 Hardware only J Data transfer only 4 Logic hardware and data transfer In an AIS facility the effects of internal power fluctuations can be 4 50 minimized in which of the following ways ie Grounding the CPU 2 Isolating the AIS hardware from other facility loads Ep Wiring all components in parallel 4 Wiring each component with a circuit breaker The technique of connecting dei the AIS facility to more than one utility feeder has more protection value when the feeders are connected in what manner ig To the same junction box la From the same utility pole 3 To different power substations 4 To different utility meters 37 An uninterrupted power supply UPS consists of a solid state rectifier that performs which of the following functions Je Drives a solid state inverter only Zi Keeps batteries charged
37. Log The user s job log The production Log The EOJ pick up log Hm GW N e As an 1 0 control clerk If during the process of checking over the user s output products you happen to come across an error you should garry out which of the following actions ls og the job out and inform the user of the error at the time of pickup only Le Bring the error to the attention of your superior then log the job out with the appropriate comments only SP Reschedule the job as if nothing has happened and notify the user there will be a slight delay 4 Pull the job immediately bring the error to the attention of your superior so the job may be rescheduled and notify the user As an I O control clerk You will be involved with and communicating with the user Which of the following communications skills must you possess in order to maintain a good relationship with the user Refer problems to users Explain problems only Understand requests only Understand requests and explain problems H GW N E peas LZ ke LEA A scheduler does NOT perform INS which of the following tasks ly Lis i 4 Review AIS requests Prepare schedules Operate the computer to bun production Jobs Organize data processing priorities tor both scheduled and unscheduled work What method should you use to determine the accuracy of your schedules Es Za Ju 4 Monitor the jobs Review production
38. Naval Security Group Departments NAV SECGRUDEPTs of NAVCOMTELSTAs and Navy Marine Corps Military Affiliate Radio System MARS COMMANDER NAVAL COMPUTER AND TELECOMMUNICATIONS COMMAND With the merging of Automated Information Systems AIS and telecommunications the mission and responsibilities of COMNAVCONTELCOM have greatly increased You will see COMNAVCOM TELCOM continue to change and grow as telecommunications technology advances into the 21st century There have already been changes in the makeup of the COMNAVCOMTELCOM claimancy as communications stations have merged with Naval Regional Data Automated Centers NARDACs Those communications stations that do not merge with an AIS activity will become Naval Computer and Telecommunications Stations NCTSs or Naval Computer and Telecommunications Detachments NCTDs Although not all inclusive COMNAVCOMTEL COM s responsibilities include the following e Integrates and consolidates Navy common user ashore communications and information resources IR including personnel into the NAVCOMTELCOM claimancy and implements Navy IR management policy within the claimancy Advises the Director Naval Space and Warfare Command of validated communications requirements that may demand development or modification of satellite communications systems Formulates policy on and exercises authoritative control over the Navy Communications Security Material System CMS
39. Prepare production schedules Write SCL statements Make up job streams for production runs Maintain and revise production schedules Distribute production schedules Monitor production Know how jobs interface Be able to read console run sheets and logs Know the capabilities and capacities of the computer systems Know the files in use and how to reconstruct them e Know how to readjust schedules e Know the time it takes to run each production job As scheduler you will work on your own with only minimal supervision To be effective you will need more than a good working knowledge of your facility s hardware components data processing concepts operating systems and system control languages You must be able to e Work well with other people e Demonstrate tact and diplomacy Use sound judgment Be logical systematic and persuasive Demonstrate analytical ability Be a good communicator speaking listening and writing and 1 10 e Be responsive to users needs The job of a scheduler is a high visibility position You will be responsible not only for the flow of work throughout the AIS facility but also for the amount of work that will be accomplished within an allocated period of time AIS WORKFLOW ANALYSIS Every AIS facility is site unique regarding the types of hardware and operating system OS software in use However every site does have a formal or informal workload structure tha
40. TRAMAN LINDEX be ee eee shee dorados INDEX 1 111 SUMMARY OF THE RADIOMAN TRAINING SERIES MODULE 1 Administration and Security This module covers Radioman duties relating to administering AIS and communication systems Procedures and guidance for handling of classified information messages COMSEC material and equipment and AIS requirements are discussed MODULE 2 Computer Systems This module covers computer hardware startup including peripheral operations and system modification Other topics dis cussed include computer center operations media library functions system operations and troubleshooting techniques Data file processes memory requirements and database management are also covered MODULE 3 Network Communications This module covers network administration LAN hardware and network troubleshooting Related areas discussed are network configuration and operations components and connections and communication lines and nodes MODULE 4 Communications Hardware This module covers various types of com munications equipment including satellites and antennas Subjects discussed include hardware setup procedures COMSEC equipment requirements distress communications equipment troubleshooting equipment satellite theory and antenna selection and positioning MODULE 5 Communications Center Operations This module covers center opera tions including transmit message systems voice commun
41. The location and spacing of detectors should take into consideration the direction and velocity of air flow the presence of areas with stagnant air and the location of equipment and other potential fire sites Note that detectors may be required under the raised floor above the hung ceiling and in air conditioning ducts as well as at the ceiling It may also be wise to put detectors in electric and telephone equipment closets and cable tunnels e Control panel design The design of the detection control panel should make it easy to identify the detector that has alarmed This implies that the detectors in definable areas for example the tape vault the east end of the 4 20 computer room and administrative offices should be displayed as a group on the control panel In other words when an alarm sounds inspection of the control panel should indicate which area or zone caused the alarm Generally and preferably each detector includes a pilot light that lights when the detector is in the alarm state In some cases there should be a separate indicator light at the control panel for each detector It is also important to see that the alarm system itself is secure Its design should cause a trouble alarm to sound if any portion of it fails or if there is a power failure Take steps to assure the system cannot be deactivated readily either maliciously or accidentally Personnel response Meaningful human response to the detectio
42. To determine the causes of application program errors you have two areas of concern hardware and software Let s look at some of the most common causes in each of these areas Hardware Problems With respect to the hardware not only each specific piece of equipment is a possible cause of a problem but you also have external environmental concerns Some of the most frequent hardware problems are e Head crash e Tape drive damage to a tape and e Tape read write errors If tape read write errors cannot be conected by cleaning the read write heads a maintenance technician should be called For head crashes and tape drive damage a maintenance technician should always be called The most common external environmental problems are Loss of power e Voltage spikes and e Loss of air conditioning What action should be taken will depend on the damage done The operator may be able to recover the job completely by rebooting and restarting the job If the data files have been corrupted the operator may need assistance from the user and or the media librarian Software Problems Examples of the common software problems are e Wrong file specified e Program entered a loop and e File not available The preceding is only a very brief list of possible problems There are too many different causes to list in this manual because of the number of different application software programs being used To correct softwar
43. To ensure that personnel have access to the most recent and best selling novels Who is responsible for the management of the NWPL i The naval warfare publications officer di The naval warfare publications custodian os The naval warfare publications librarian 4 The naval warfare publications manager What publication provides guidance for the administration and security of the NWPL lis OPNAVINST 5510 1 Ai NTP 4 ce NWP 4 NWP 6 01 4 NWP O NWP 1 01 Who is responsible for changes or corrections to NWPL publications The NWPL clerk The primary user The NWPL custodian The communications officer Hm CG N e watch Who is considered to be a 3 18 holder under the administration of NWPL ly A person who holds NWPL publications for short terms only 2 A person who transports publications to and from the NWPL Sn A person who has permanent subcustody of publications from the NWP L 4 The NWPL custodian Which of the following files are used in NWPL maintenance cae Mace lh Signature and custody fries Z Administrative and transaction files oir Signature and administrative files 4 Custody and administrative files The NWPL administrative file is also known by what other AD term Ls Transaction file Des Office file oo A 1 file 4 Custody file Material in the administrative file must be retained for what minimum time li l yr Los DEE P O YE 4 6 mo AA What colors
44. a tape mounted at the wrong time Data loss Personal data on paper printouts magnetic tapes or other removable storage media may be lost misplaced or destroyed Improper data dissemination Disseminated data may be misrouted or mislabeled or it may contain unexpected personal information Careless disposal of data Personal data can be retrieved from wastepaper baskets magnetic tapes or discarded files Every AIS facility s technical manager and upper management should establish strict controls and procedures over individuals authorized to access the personal data files If everyone at the facility needs authority to access personal data files the security measures should adequately control system access If there are persons working on the system whose access should be limited the following risks should be considered e Open system access This means there may be no control over who can either use the AIS or enter the computer room e Theft of data Personal data maybe stolen from the computer room or other places where it is stored e Unprotected files Personal data files may not be protected from unauthorized access by other users of the AIS This applies to online files and also to offline files such as files on magnetic tapes The offline files are sometimes accessible simply by requesting a tape be mounted e Dial in access There is serious danger that unauthorized persons can access the system when remote
45. and 200 words respectively Message releasers are also kept to a minimum and must be specifically designated in writing We briefly discuss additional minimize guidelines later in this chapter NWP 4 NWP 6 01 contains information pertaining to the types of normal environmental and supply traffic that may be sent over normal channels and circuits during minimize SERVICE MESSAGES Service messages are short concise messages between communications personnel These messages have the authority of an official communication and must receive prompt attention If the action requested in a service message cannot be accomplished within a reasonable time the station originating the service message should be notified Service messages are normally assigned a precedence equal to the message being serviced Service messages deal with many topics You will find that most deal with corrections repetitions broadcast reruns and misrouted or missent messages You must remember that a service message should be promptly dealt with and retained until all actions concerning it have been completed Once action is complete it is good practice to attach a copy of the service message to the serviced message when it is filed or mark it with the DTG of the service s Requests for information through service messages should be as brief concise and accurate as possible Careful attention to detail and the use of proper operating techniques by communicati
46. are assigned to the binders for U S naval warfare publications of different classifications 1 Secret red Confidential green Unclassified white Ax Secret lt red Confidential yellow Unclassified blue or Secret red Confidential yellow Unclassified white 4 Secret ined Confidential green Unclassified blue Where is the effective date of the publication change correction found ily In the Record of Changes page 7 In the List of Effective Pages LOEP oY In the Foreword or Letter of Promulgation 4 In the Title page Which of the following colors should be used to make pen and ink corrections to NWPL publications il Green only 2x Black or blue only Ja Any dark color except red 4 Any color is acceptable UL Wheat does EAE designation LU Coordinate and standardize WNMC 6 27 On a COLTECELON communications procedures mean among U S military services Es It is the 6th message correction and will be 1 A incorporated into the 2 B publication by printed Se E change number 2 4 D 2 It is the 2nd message correction and will be 3225 Main publications used by Incorporaced LNtoO che Navy Coast Guard and publication by printed Marine personnel for change number 6 communications Se It was sent on the 2nd of June of the current 1 A year 2 B 4 It is the 6th change to 3 E the 2nd revision of the 4 D Publicat Lon LO Incorporate the results of TALA Wha
47. are usually authorized to implement the plan During an emergency personnel safety overrides the destruction priority TWO PERSON INTEGRITY Two person integrity TPI is the security measure taken to prevent single person access to COMSEC keying material and cryptographic maintenance manuals TPI is accomplished as follows e The constant presence of two authorized persons when COMSEC material is being handled e The use of two combination locks on security containers used to store COMSEC material and e The use of two locking devices and a physical barrier for the equipment At no time can one person have in his or her possession the combinations or keys to gain lone access to a security container or cryptographic equipment containing COMSEC material Neither can one person have sole possession of COMSEC material that requires TPI security CRYPTOGRAPHIC OPERATIONS AND OPERATOR REQUIREMENTS As a Radioman you will be required to learn and understand the more detailed procedures and processes involving cryptographic operations Cryptographic procedures and associated equipments are governed by many strict rules and standards To understand cryptographic operations and their importance you must understand the following terminology CRYPTO The marking CRYPTO is not a security classification This marking is used on all keying material and associated equipment to protect or authenticate national security related info
48. at the close of each working day is the best method to ensure that all classified material held is properly protected Whether your watch section 1s being relieved by the oncoming watch or you are securing an office space you should make an inspection to ensure as a minimum that e All classified material is properly stored e Burn bags are properly stored or destroyed e Wastebaskets do not contain classified material e Classified notes carbon paper carbon and plastic typewriter ribbons rough drafts and similar papers have been properly stored or destroyed As a matter of routine such items should be placed in burn bags immediately after they have served their purpose e When classified material is secured in security containers the dial of combination locks should be rotated at least four complete turns in the same direction CLASSIFIED MATERIAL SPECAT TS AND ABOVE Classified material excludes communications security COMSEC material which is handled by CMS 1 procedures Further in depth information on classified material can be found in the Security Manual and in NTP 4 1 Receive The Top Secret Control Officer TSCO is responsible for receiving maintaining cradle to grave accountability registers for distributing and destroying Top Secret SPECAT TS and above documents All Top Secret SPECAT TS and above material received or originated by a command which the TSCO is responsible for is entered
49. be expected When the risk analysis is prepared the first step to be considered is to a develop an estimate of annual Joss expectancy Di estimate the potential losses to which the AIS facility is exposed on evaluate the threats to the AIS facility 4 review the security program objectives The loss potential estimate has which of the following objectives 1 To place a monetary value on the loss estimate only ie To identify Critical aspects of the AIS facility operation only 3 To place a monetary value on the loss estimate and to identify Critical aspects of the AIS facility operation 4 To determine data replacement requirements dariy SZ The loss of program files has which of the following loss potentials i Cost to replace assets da Cost to reconstruct files oe Security compromise 4 Value of assets stolen before loss is detected Which of the following is the loss potential that may result from the indirect theft of assets Ig Cost to replace assets Dy Cost CO FSCconstruct files da Security compromise 4 Value of assets stolen before loss is detected To show replacement costs for the physical assets of the AIS facility AIS technical managers and upper management should use which of the following methods Build a graph Construct a table Produce a list Write a description H w N e The AIS technical manager should call on which of the fallowing personnel to ass
50. be reviewed to determine what the specified security operating procedures are And last the AIS facility organization chart and job descriptions should be examined to identify positions with specific security or internal control responsibilities This background material forms the basis for the development of the inspection plan A number of general questions should be considered when formulating the inspection program The following are examples e What are the critical issues with regard to security Does the AIS facility process classified or otherwise sensitive data Does the processing duplicate that of other data centers thereby providing some sort of backup or contingency capability Or is it a stand alone activity processing unique applications What are the critical applications in terms of the inspection emphasis What measures are least tested in day to day operations For example if the computer fails every day at 1615 because of power switchovers the immediate backup and recovery requirements are likely to be well formulated and tested However the complete disaster recovery plan probably has not been tested unless there is a specific policy to do so This is a key point Security measures of this type are often inadequately exercised What inspection activities produce the maximum results for least effort A test of fire detection sensors under surprise conditions tests not only the response to alarms but also the rea
51. being fully used If you aren t doing the amount of work for the number of people assigned you may have billets taken away OPERATING SYSTEM SOFTWARE REPORTS Operating system software reports are primarily used for the AIS facility s research They can cover such problems as hardware under utilization and application software aborts Hardware under utilization can be measured by excessive idle time This can be caused by no jobs to be run or no users logged on Also constant or excessive downtime for a specific piece of equipment with no effect on production will be considered as a waste of hardware Some of the most common problems that result in application software aborts are as follows e Wrong file specified The wrong file specified abort can be caused by transposing the characters in the file name or inputting an old file instead of the new file 1 23 e Job run out of sequence The job run out of sequence abort can be caused by the schedule being incomplete not listing all the jobs or the schedule not being turned in on time Another cause might be an inexperienced operator running the wrong job e File currupted The file corrupted abort is normally caused by a system failure This can be the result of a disk head crash the loss of power or a power fluctuation File not available The file not available abort is caused when the input file was not received or when the job was run out of sequence and the
52. buildings and the AIS facility building Generally speaking the degree of hazard associated with a given occupancy material depends on the amount of combustible materials the ease with which they can be ignited and the likelihood of a source of ignition The second and third fire safety factors are the design and construction of the building Five basic types of construction are described inj table 4 5 with their approximate destruction times Table 4 5 Estimated Destruction Time by Fire for Selected Construction Types Fire Resistant 2 or 3 hours Heavy Timber 1 plus hours Noncombustible 1 hour Ordinary Construction lLess than 1 hour i a o 4 19 The actual performance of a building will depend not only on the type of construction but also on design details such as e Fire walls which in effect divide a structure into separate buildings with respect to fires Fire rated partitions which retard the spread of a fire within a building Fire rated stairwells dampers or shutters in ducts fire stops at the junction of floors and walls and similar measures to retard the spread of smoke and fire within a building and Use of low flame spread materials for floor wall and ceiling finish to retard propagation of flame Understand that this discussion is very simplified However consideration of these factors as they apply to an existing or projected AIS facility will help to determine the am
53. by a commander to control all electromagnetic radiations Once EMCON is imposed general or specific restrictions may be added to the EMCON order depending on the operational intelligence or technical factors for the area affected For radiomen EMCON usually means either full radio silence or HF EMCON The most secure communications methods during EMCON reduce but do not eliminate the possibility of identification It is assumed that any electromagnetic radiation will be immediately detected and the position of the transmitting ship will be fixed by an enemy You will find detailed information on the implementation of EMCON and its degree of adjustment in Electronic Warfare Coordination NWP 3 51 1 formerly NWP 10 1 40 SECURITY AREAS Different spaces aboard ship and different areas within a shore activity usually have varying degrees of security importance The degree of security of each area depends upon its purpose and the nature of the work information equipment or materials concerned Access to security areas must be controlled in a manner consistent with the security level SANITIZING SITE AND EQUIPMENT Sanitizing an area or equipment is done to make it acceptable for access by personnel who are not cleared This 1s used to prevent unauthorized persons from gaining access that would allow them to identify the purpose or nature of your work information equipment and materials concerned To meet this situation e
54. can however solve sound security habits in the interests of naval operations most security problems and gain a knowledge of basic and our overall national security security regulations 5 13 APPENDIX GLOSSARY A ADDRESS GROUPS Four letter groups assigned to represent a command activity or unit used in the same manner as a call sign AIS FACILITY RELATED INFORMATION Work load anticipated resource changes number of operators available the system capabilities etc B BACKLOG The work waiting to be run processed on a computer BATCH PROCESSING A method of processing in which similar items are grouped together and processed all at one time BOOK MESSAGE A message for two or more addressees in which the drafter considers it unnecessary that each addressee be informed of the other s C CMS ALTERNATE CUSTODIAN Responsible to the CMS custodian and commanding officer for the CMS account is held accountable on the same level as the custodian CMS CUSTODIAN Responsible to the com manding officer for the correct accountability and maintenance of the CMS account CMS LOCAL HOLDER A command or activity that receives COMSEC material support from a CMS account command CMS USER An individual CMS user that requires COMSEC material to accomplish an assigned duty advancement study or training purpose COMMUNICATIONS CENTER SUPERVISOR Responsible for message processing circuit
55. communication stations NAVAL TELECOMMUNICATIONS SYSTEM The word telecommunications includes all types of information systems in which electric or electromagnetic signals are used to transmit information between or among points The Naval Telecommunications System NTS is comprised of all the end terminal processing equipment transmission switching cryptographic and control devices used to transmit operational information in the Navy The NTS provides electrical and optical communications from the commander in chief and naval commanders down to all naval forces under its command You should remember that the NTS is used primarily to exercise command and control over the naval operating forces not the shore establishment Most shore establishments are served through the Defense Communications System DCS Naturally there are overlapping portions of each system where necessary Operational direction and management control of the assigned elements of the NTS are the responsibility of the Commander Naval Computer and Telecommunications Command COMNAVCOM TELCOM In naval communications COMNAVCOM TELCOM determines the responsibilities of each of the various commanders whether a fleet commander or the commanding officer of a ship For example direction and control of all naval fleet broadcasts ship shore air ground and other direct fleet support telecommunications are assigned to the fleet commanders in chief Tha
56. complete destruction PRECAUTIONARY DESTRUCTION When precautionary destruction is ordered COMSEC material must be destroyed as follows CMS 25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT The individuals whose signatures appear below certify that they have destroyed the individual keytape segments on the dates indicated Retain this form in accordance with Annex T CONFIDENTIAL When filled in Seg Copy Signature Signature Date of Destruction Command Title and Account Number SHORT TITLE Classified by CMS 1 EDITION REG AL CODE Declassify on Originating Agency s Determination Required CONFIDENTIAL When filled in Figure 3 3 CMS 25MC COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT e Keying Material Superseded keying material must be destroyed first then keying material that becomes effective in 1 or 2 months e Nonessential Classified COMSEC Documents This material includes maintenance operating and administrative manuals COMPLETE DESTRUCTION When com plete destruction is ordered COMSEC material must be destroyed as follows Keying Material Keying material is always destroyed first in the following order superseded effective then reserve Superseded keying material that has been used to encrypt traffic is the most sensitive of the three categories If superseded keying material falls into enemy hands all past intercepted traffic 1s subject to comp
57. data 4 11 DCS 2 2 Defense Communications System 2 2 Defense Information System Agency 2 2 Destruction of classified material 5 10 DISA 2 2 Downtime 1 19 1 20 1 23 E EAM 2 31 EFTO 2 30 Emanations protection 4 24 EMCON 5 2 Emergency plans 5 11 fire 5 12 precautionary priorities 5 12 Emergency response planning 4 26 F Fire safety 4 18 facility fire exposure 4 19 fire detection fire extinguishment 4 21 Flagship See command ship communications 2 11 FOUO 2 30 FRD 2 30 G GMT 2 19 H Help desk support 1 20 Human resources 4 6 I Information needs 1 14 Initial scheduling phase 1 10 Interior physical protection 4 24 V O control 1 2 1 10 1 12 1 16 I O control clerk J Job control log 1 4 Job dependencies 1 16 Job monitoring 1 6 Job preparation 1 6 control parameters 1 6 output requirements 1 6 run sheet 1 6 L LIMDIS Loss potential estimates 4 14 M Management reports Managing production 1 8 MARS 2 5 Media library 1 2 1 12 Message and routing address types 2 17 broadcast screening request BSR 2 24 communications guard shift COMMSHIFT 2 24 communications spot COMMSPOT 2 24 service termination requests 2 24 tracer Message and routing addresses 2 17 address group 2 17 address indicating groups AIGS J 2 18 collective address designator CAD 2 18 message addresses 2 17
58. data risks 2 It ensures that additional security safeguards help to counter all the serious personal data security risks 5 45 oF It provides a basis for deciding whether additional security safeguards are needed for personal data 4 It considers only the risks to personal data Which of the following participants should NOT be included on the risk assessment team Le A representative of the operating facility ue An individual responsible for security ce A system programmer 5 46 4 A systems analyst Data may be misrouted mis labeled or it may contain unexpected personal information as a result of which of the following data security risks Es Input errors Les Program errors Jy Improper data dissemination 4 Mistaken processing of data 48 When security measures to adequately control system access to personal data are developed they should include protection from all except which of the following risks Ls Dial in access he Open system access a Physical destruction of the AIS 4 Unprotected files and theft of data Commands designing large computer networks should consider which of the following risks early in the planning stages 1 Eavesdropping only ae Misidentified access and eavesdropping only oe Operating system flaws and subverting programs only 4 Misidentified access eavesdropping operating systems flaws subverting programs and spoofing Information m
59. electrically during minimim periods should be returned to the originator with the reason for their return Normally nontransmitted messages will be sent via U S mail if they meet established security guidelines JCS EMERGENCY ACTION MESSAGES Joint Chiefs of Staff SCS Emergency Action Messages EAMs contain key instructions or information from high level authority and have predetermined formats pro forma Such messages are transmitted by various communications systems and normally carry FLASH Z precedence They are vital messages of an extremely time sensitive nature and rapid processing is mandatory to achieve the fast reaction required by their content Usage and handling procedures are issued by the JCS to those who have a need to know SPECAT messages come in two variations One type includes both the general SPECAT and the SPECAT Single Integrated Operational Plan Extremely Sensitive Information SPECAT SIOP ESD This type of SPECAT message 1s associated with code words or projects For example a Secret message whose subject matter deals with a special project entitled TACAMO would have a classification line reading SECRET SPECAT TACAMO SPECAT SIOP ESI messages are always classified Top Secret SPECAT less SIOP ESI messages must be classified at least Confidential The other type of SPECAT message is SPECAT EXCLUSIVE FOR SEF SEF is used only within the naval community for highly sensitive matters high leve
60. equipment and room 5 6 lights Orf 3 Close the doors as areas are evacuated but leave the doors unlocked 4 Power up the alr cond1 EL onuing equipment To ensure that all safety requirements of the AIS facility are satisfied the AIS technical manager and the operations division officer should review the protective plans with what frequency Monthly Quarterly Semiannually Annually WH CO DRO E 42 continued chapter 4 pages 4 26 General Security chapter 5 pages 5 1 Backup operations may take place onsite under which of the following conditions de A partial 1855 OL capability 2A Major damage only Ja Major destruction only 4 Major damage and destruction For the purpose of making backup resources available which of the following tasks can be set aside Short term planning Program development Weekly processing Backup processing H CG N Fe When backup alternatives are considered which of the following substitute procedures may be implemented during an emergency le A hard disk input could be used for a failed telephone input Ze Online processing could be substituted for batch processing ie Print tapes could be carried to a backup facility for offline printing 4 Both 2 and 3 above To evaluate alternate backup modes and offsite facilities you should consider all but which of the following factors le AIS hardware usage Ze Maintenance personnel for your AIS bu
61. for software testing it will never seem to be enough Problems seem to arise every time you start to test a new software system These include the system going down the system hanging up the system entering a loop or a syntax error occurring that the programmers missed New changed requirements There will be times when jobs are added to the schedule to meet special needs Examples are budget cuts extra money at the end of the month requisitions tracking and assist visit preparation Job conflicts A job with a high priority maybe submitted late Input files not available Sometimes there will be a delay in receiving the input files for a job Whatever the problem it will be the production control coordinator s job with your approval to adjust the schedule to accommodate the changes required WORKLOAD SCHEDULE DEVELOPMENT When we talk about workload schedules we are referring to how to set up the daily work schedule in an AIS facility These are the daily adjustments to the monthly production schedule and how they affect personnel requirements and staffing This is an internal 1 18 schedule that you will prepare for the AIS facility The format varies among facilities there is no wrong or right format Normally we break the day into three shifts days eves and mids The day shift is responsible for testing The eve shift is responsible for production The mid shift is responsible for finishing production a
62. guard them until the duty officer arrives The duty officer then assumes responsibility for such further actions as locking the security container recalling the responsible person or persons and reporting the security violation to the commanding officer The custodian must conduct an immediate inventory of the contents of the security container and report any loss to the commanding officer Combinations Combinations to security containers containing classified material are made available only to those persons whose duties require access to them The combinations of security containers containing classified information must be changed at least every 2 years unless more frequent change is dictated by the type of material stored within Combinations must also be changed under the following circumstances e When an individual knowing the combination no longer requires access e When the combination has been subject to possible compromise or the security container has been discovered unlocked and unattended and e When the container is taken out of service The combination of a security container used for the storage of classified material 1s assigned a security classification equal to the highest category of classified material authorized to be stored in the container Records of combinations are sealed in an envelope Standard Form 700 and kept on file in a central location designated by the commanding officer Cipher Locks Ci
63. into the command s accountability log Top Secret SPECAT TS and above message traffic handled by naval communication stations for relay or broadcast delivery only or received by an afloat command via the fleet broadcast but not addressed to that command will be accounted for and destroyed in accordance with NTP 4 Top Secret SPECAT TS and above messages addressed to the command are e Logged into the cryptocenter log e Master copy is placed in the cryptocenter file and fillers are placed in the appropriate files e One copy is given to the TSCO for entry into the command s controlled distribution register Top Secret SPECAT TS and above messages received by an afloat command but NOT addressed to the command via the broadcast 5 8 e Only the text will be removed from the monitor roll e The message will be destroyed and the monitor roll will be initialed by two witnessing officials e The broadcast serial number checkoff sheet will also be initialed by two witnessing officials 2 Destroy Top Secret SPECAT TS and above material will be destroyed by two witnessing officials Persons performing any destruction must have a clearance level equal to or higher than the material being destroyed The destruction of Top Secret SPECAT TS and above material must be recorded Destruction may be recorded on OPNAV form 5511 12 figure 5 1 or any other record which includes complete identification of the mate
64. loss potential types listed are dependent on the characteristics of the individual data processing tasks performed by the AIS facility AIS technical managers should review each task to establish which losses a facility is exposed to and which factors affect the size of the potential loss Call on users to help make these estimates To make the best use of time do a rapid preliminary screening to identify the tasks that appear to have significant loss potential An example of preliminary estimates is shown in table 4 1 Having made a preliminary screening to identify the critical tasks seek to quantify loss potential more precisely with the help of user representatives familiar with the critical tasks and their impact on other activities Mishaps and losses that could occur should be considered on the assumption that if something can go wrong it will The fact that a given task has never been tampered with used for an embezzlement or changed to mislead management in the command is no assurance that it never will be At this stage of the risk analysis all levels of management should assume the worst Threat Analysis The second step of the risk analysis is to evaluate the threats to the AIS facility Threats and the factors that influence their relative importance were listed earlier in this chapter Details of the more common threats are discussed later in this chapter and to the extent it is available general information about
65. machine H CG DM pp The vulnerability of a ship or aircraft can be determined by which of the following means L A TEMPEST survey Zi A TEMPEST vulnerability assessment 3 A TEMPEST investigation 4 An emission control test What is the purpose of EMCON ds To intercept and rebroadcast signals to confuse hostile forces Zo To prevent hostile forces from detecting identifying and locating friendly forces ce To minimize the amount of transmission time on live circuits 4 Both 2 and 3 above What is the designation of security spaces requiring ACCESS TeOntrol Controlled area Exclusion area Restricted area Limited area Hm CG N E Which of the following information should appear in a visitors log for a communications center Aes Visitor s printed name and signature 2i Purpose of visit and the escort s name ce Date and time of visit 4 Fach of the above The combination to a 5 58 classified material container must be changed at what maximum interval Monthly Every 6 months Every 12 months Every 24 months A GC N eae Which of the following statements concerning the security classification of a safe combination is correct ly All combinations are classified Secret regardless of the classification of contents stored within La All combinations are classified Confidential regardless of the classification of contents stored within 3 All combinations are handled as officia
66. manual for futher information Within the various NAVCOMMAREAs are alternate NCTAMSs They coordinate control of communications under the direction of the primary NCTAMSs NAVAL COMPUTER AND TELECOMMUNICATIONS STATION A Naval Computer and telecommunications Station NAVCOMTELSTA is a communications station with the primary responsibility for communications in a large specific area This responsibility includes all communications facilities and equipment required to provide essential fleet support and fixed communications services For example NAVCOMTELSTA Diego Garcia serves a large geographical area of the Pacific and Indian oceans It also includes facilities and equipments necessary to interface with all other NAVCOMTELSTAs or PUGET SOUND STOCKTON SAN DIEGO e NCTAMS 1798 EASTPAC WESTPAC TCuTLEN WASHINGTON JACKSONVILLE EASTPAC NCTAMS LANT SPAI Se P RICO O DIEGO GARCIA ATLANTIC RMJA0008 Figure 2 1 Naval communications areas communications detachments on all naval communications matters It also provides Naval Industrial Fund NIF AIS services to Navy customers NAVAL COMPUTER AND TELECOMMUNICATIONS DETACHMENT A Naval Computer and Telecommunications Detachment NAVCOMTELDET is a small telecommunications facility that is assigned a limited or specialized mission and has a limited number of personnel and facilities NAVAL DATA AUTOMATION FACILITY A Naval Data Automation F
67. material in the command The TSCO is normally subordinate to the security manager If a separate person is not designated as the TSCO the security manager maybe designated as TSCO The duties of the security manager and the TSCO are outlined in the Security Manual Besides the security manager and the TSCO every command involved in processing data in an automated system must designate an Information System Security Officer ISSO The ISSO is responsible to the security manager for the protection of classified information processed in the automated system Custody of Classified Material An individual who has possession of or is charged with the responsibility for safeguarding and accounting for classified material or information is the custodian of that material or information As a Radioman you are constantly in possession of classified material including messages publications and equipment Therefore you are a custodian of classified material as long as the material is in your possession 5 7 As custodian of classified material you are responsible for protecting and accounting for the material at all times You must ensure that the material is protected from disclosure to uncleared personnel such as a visitor being escorted through your working spaces If working outside of normal communication spaces you must ensure that classified material is locked in an approved security container when the material is not in use
68. nonavailability of key personnel e Neighboring hazards such as close proximity to chemical or explosive operations airports and high crime areas e Tampering with input programs and data and e The compromise of data through interception of acoustical or electromagnetic emanations from AIS hardware The preceding list of threats to the operation of an AIS facility contains only a few of the reasons why each command should have an ongoing security program adapted and tailored to its individual needs and requirements Not all threats and preventive measures can be discussed in this chapter However we will cover the more common threats and remedial measures For a thorough review of the subject refer to the Department of the Navy Physical Security and Loss Prevention OPNAVINST 5530 14 RISK ANALYSIS The AIS facility upper management should begin development of the security program with a risk analysis A risk analysis as related to this chapter is the study of potential hazards that could threaten the performance integrity and normal operations of an AIS facility Experience at various commands shows that a quantitative risk analysis produces the following benefits e Objectives of the security program relate directly to the missions of the command e Those charged with selecting specific security measures have quantitative guidance on the type and amount of resources the AIS facility considers reasonable to expen
69. notice basis Tests are best scheduled or conducted early in the inspection rather than after everyone is alerted to the presence of the inspection team Special concern guidance and instructions must be taken into consideration when the AIS facility has armed guards It is possible to test the adequacy of programmed controls and data authorization by submitting jobs that attempt to bypass these controls Take care not to destroy live data However if AIS upper management believes error detection and correction controls really work then there should be no objection to the introduction of deliberate errors to test these controls The inspection team should convene periodically preferably at the end of each day s activity to review progress and to compare notes Areas of weakness or concern should be highlighted and additional tests or interviews scheduled to investigate further any particular areas of concern Copies of the inspection working paper should be classified numbered dated and organized for ease of understanding review and comparison At the completion of the inspection a written report is to be prepared immediately while impressions are still fresh As a rule the inspection report includes e An executive summary e A description of the inspection dates locations scope objectives and so forth 4 33 e A detailed report of observations made e Conclusions drawn from the observations and e Recommendat
70. of questions multiple choice true false matching etc The questions are not grouped by type but by subject matter They are presented in the same general sequence as the textbook material upon which they are based This presentation is designed to preserve continuity of thought permitting step by step development of ideas Not all courses use all of the types of questions available You can readily identify the type of each question and the action required by reviewing of the samples given below MULTIPLE CHOICE QUESTIONS Each question contains several alternative answers one of which is the best answer to the question Select the best alternative and blacken the appropriate box on the answer sheet SAMPLE s 1 The first U S Navy nuclear powered vessel Indicate in this way on your answer sheet was what type of ship 1 Carrier 2 Submarine 3 Destroyer 4 Cruiser TRUE FALSE QUESTIONS Mark each statement true or false as indicated below If any part of the statement is false the entire statement is false Make your decision and blacken the appropriate box on the answer sheet SAMPLE s 2 Shock will never be serious enough to cause Indicate in this way on your answer sheet death 1 True 2 False MATCHING QUESTIONS Each set of questions consists of two columns each listing words phrases or sentences Your task is to select the item in column B which is the best match for the item in column A Items in colum
71. only 3 Drives a solid state inverter and keeps batteries charged 4 Synthesizes alternating Current The UPS battery supply can support a facility load for a maximum of how many minutes Lo ao 2 40 ay 4O 4 50 The control Circuitry Lor ad static transfer switch performs which of the following functions Li Senses variations in frequency 2i Senses an overcurrent condition on Switches the load to the alternate power source 4 Stops the flow of power Using multiple independent UPS units can provide which of the following benefits ls Power consumption is lowered 23 Each unit can be switched offline if it fails Jy The metering of component power consumption is facilitated 4 All of the above A If the risk analysis shows a 1 56 major loss from power outages lasting 30 to 45 minutes or longer which of the following measures should be taken AA Installing an on site generator Los Cutting Backo operations Su Relocating the facility LE 4 Adding more multiple independent UPS units Which of the following components must be large enough to support alLr COndLeLOningGg r minimum lighting as well as the UPS load 1 Generator 2 Alternator e Prime mover 4 Alternate mover Providing physical protection for an AIS 4 58 facility involves which of the following processes iy Denying access to unauthorized persons Zs Permitting access to authorized persons
72. priorities This is often difficult to do especially when resource capacities vary because of hardware failures specific shift requirements personnel on leave and unpredictable user demands Your workload can exceed capacity which has a direct effect on service Or the capacity can exceed the workload This leaves AIS resources underutilized So how do you reach a happy medium you might ask You do it by ensuring that the workload demands put upon the AIS facility s resources are balanced as much as possible and that the total resources available are kept as close to the maximum capacity as possible The effective use of resources has a lot to do with how you prepare a schedule However other things affect scheduling effectiveness One thing that disrupts schedules is the late receipt of input from the users This often results in a lot of hectic activity Data entry possibly I O control and computer operations have to try to meet original deadline commitments If they cannot you as the scheduler have to reschedule jobs while dissatisfied users complain because their jobs are not out on time But you say the user has no right to complain You are right Often the users do not realize they are the cause of the delays So what can you do Educate them Inform the users of the effects late input submis sions have on the schedule They sometimes do not realize how long it takes to prepare their input All jobs scheduled should hav
73. radiation reradiation or reflection of electromagnetic signals to disrupt enemy use of electronic devices equipment or systems In jamming operations the signals produced are intended to obliterate or obscure the signals that an enemy is attempting to receive Some common forms of jamming include e Several carriers adjusted to the victim frequency e Random noise amplitude modulated carriers Simulated traffic handling on the victim frequency Random noise frequency modulated carriers Continuous wave carrier keyed or steady and 3 12 e Several audio tones used in rapid sequence to amplitude modulate a carrier called bagpipe from its characteristic sound Interference is normally a nondeliberate intrusion upon a circuit It unintentionally degrades disrupts obstructs or limits the effective performance of electronic or electrical equipment Interference usually results from spurious emissions and responses or from intermodulation products Sometimes however interference may be induced intentionally as in some forms of electronic warfare An example of interference is the interruption of military transmissions by a civilian radio broadcast The more effective methods of dealing with MIJI are contained in Fleet Communications NTP 4 and in Reporting Meaconing Intrusion Jamming and Inteference of Electromagnetic Systems OPNAVINST 3430 18 SUMMARY In this chapter we introduced you to the basic concepts
74. reconstruct them TEZO das As a scheduler what T information must you know about the jobs you are to schedule 1 How jobs interface only te How much time it takes to run each job only oF How jobs interface and how much time it takes to run each job 4 How to operate the computer to back up Production Jobs As a scheduler you do NOT have to be proficient in dos which of the following skills 1 Sound judgment La Tact and diplomacy Se Analytical ability 4 Systems design Production control acts as liaison between the AIS facility and the user 32 community to perform which of the following functions lide Provide magnetic media support to the user Los Provide programming services to the user oF Adjust data flow and output schedules based on user and production requirements 4 Determine if errors are caused by hardware or systems applications software 1 33 What functional area receives incoming work and checks to be sure the amount of input data is approximately the amount indicated on the production schedule il Technical support Gs Quality control 3 PO gontrol 4 Data entry Source documents are received and processed by what a functional area and checked for completeness and accuracy by what bD functional area ie Data entry Quality control Data Entry Technical Scheduling Quality control Scheduling Technical Le support oy 4 Ovom omy opw
75. reports to the proper authority in a timely manner CMS 1 provides details on the responsibilities of the CMS custodian and alternates CMS Local Holder A CMS local holder is a command or activity that receives its COMSEC material support from a CMS account command The local holder command has a designated CMS custodian and alternates who are responsible to their commanding officer for the proper handling of COMSEC material and training of personnel involved For example if a ship drew all of its COMSEC material from a central account maintained by the squadron commander the ship would have to be a local holder Local holders must draw all of their material from only one CMS account and may not be local holders to two or more accounts CMS User A CMS user is an individual who requires COMSEC material to accomplish an assigned duty or who needs COMSEC material for advancement study or training purposes A CMS user must be properly cleared and authorized by the commanding officer to handle CMS material As a Radioman you will most likely become a user of COMSEC material 3 2 CMS Witness There may be times when you will be assigned as a CMS witness You will be responsible for assisting a custodian or user in performing routine administrative tasks related to the handling of COMSEC material As a witness you must be familiar with applicable CMS procedures and command directives CMS Responsibilities Whether you are a CMS u
76. responsible for safeguarding it at all times You need to be familiar with the four security modes that provide for processing classified data system high dedicated multilevel and controlled SYSTEM HIGH SECURITY MODE A computer system is in the system high security mode when the central computer facility and all of the connected peripheral devices and remote terminals are protected in accordance with the requirements for the highest classification category and type of material then contained in the system All personnel having computer system access must have a security clearance but not necessarily a need to know for all material then contained in the system In this mode the design and operation of the computer system must provide for the control of concurrently available classified material in the system on the basis of need to know DEDICATED SECURITY MODE A com puter system is operating in the dedicated security mode when the central computer facility and all of its connected peripheral devices and remote terminals are exclusively used and controlled by specific users or group of users having a security clearance and need to know for the processing of a particular category ies and type s of classified material MULTILEVEL SECURITY MODE A computer system is operating in the multilevel security mode when it provides a capability permitting various categories and types of classified materials to be stored and process
77. s mission dictates Continuous ALS support computer system should be equipped with which of the following equipment l A motor generator 2 An acp de regulator of A voltage surge PLOTectcor 4 An uninterrupted power source In regard to AIS security master control switches are used to shut off all power to your AIS spaces in the event of a fire These master control switches are normally installed at what Location Ls In the CO storage room ox In the security officer s space Js At the exit doors of the AIS spaces 4 On the master control panel of the computer Which of the following security modes does NOT apply to processing classified or level I data Dedicated System low Multilevel System high HA w N e Zo each aL For processing classified the central computer facility and all its related peripheral devices both local and remote are protected for the highest classification category and type of material contained in the system The system is said to be in what security mode Controlled System low System high Totally dedicated Ps CGO NE For processing level 1 data the central computer facility and all its related peripheral devices both local and remote are exclusively used and controlled by specific users having a security clearance and need to know for the processing of a particular category of classified material The system 1s operating in what security
78. schedules but you may never have given much thought as to what it takes to develop one To develop the monthly schedule you must know coordinators and the department head before the the requirements of all the application systems jobs to beginning of the month to which the schedule applies be run during the month Many production jobs are run is an example of part of a monthly production on a cyclic basis daily Monday Wednesday and schedule Month Year Sun Mon Tue Wed Thu Fri Sat Stock Figure 1 6 Part of a monthly production schedule 1 17 Effects on Monthly Schedules After the monthly schedule is completed and approved there will always be times when it has to be changed The subsystem coordinators are responsible for adjusting their schedule and for submitting the schedule changes to the AIS facility Some of the things that will cause the schedule to be changed are as follows e System program errors Jobs may abort because of system or program processing errors The operator will get an error message or an indication on the system console This may require the operator to reboot the system recreate an input file or rerun a job The operator will annotate the run sheet describing the problem The abort code will be the key to determining what caused the problem Software testing You will schedule an amount of time for software testing based on your best estimate No matter how much time you allow
79. staff To illustrate the effects of the physical destruction of a facility we have selected fire safety Other causes of disasters include the loss of support utilities and breaches of AIS facility physical security FIRE SAFETY Experience over the last two decades demonstrates the sensitivity of AIS facilities to fire damage resulting in disruption of operations A number of major losses Table 4 4 Threat Matrix Table have involved noncombustible buildings In the cases where vital magnetic media tapes were safeguarded and the computer hardware was relatively uncomplicated rapid recovery was possible often in a matter of days However if a large computer configuration were destroyed or 1f backup records were inadequate recovery could take many weeks or months Fire safety should be a key part of the AIS facility s security program It should include the following elements e Location design construction and maintenance of the AIS facility to minimize the exposure to fire damage e Measures to ensure prompt detection of and response to a fire emergency e Provision for quick human intervention and adequate means to extinguish fires and e Provision of adequate means and personnel to limit damage and effect prompt recovery Facility Fire Exposure The first factor to consider in evaluating the fire safety of an AIS facility is what fire exposure results from the nature of the occupancy material of adjacent
80. the following information de General guidance and assignment of responsibilities 4 7 Les General guidance and listing of responsibilities Js Detailed guidance and assignment of responsibilities 4 Detailed guidance and Listing OL responsibilities Sl rr continued chapter 4 pages 4 13 As a guideline for risk analysis which of the following EIPS publications should you use ie FIPS PUB 47 Das FIPS PUB 53 A FIPS PUB 65 4 FIPS PUB 79 The impact of a given threat may depend on all but which of the following factors Js Geographical location 2 Local environment 57 Perceived threat of vandals 4 Potential value of property to a thief Which of the following is a threat to an AIS facility i Hardware failure as Tampering with inputs programs and data oF Accidents causing nonavailability of key personnel 4 Each of the above It is recommended that the AIS facility upper management begin development of the security program with a an risk analysis inventory of equipment survey of data integrity intensive training program Hs GW NR 4 8 a9 A quantitative risk analysis produces which of the following results JE Long range planners receiving guidance on personnel requirements DAS The security program objectives directly relating to the mission of the command or Criteria generated for designing and evaluating internal controls 4 An estimate of losses to
81. the expressed purpose of improving future inspection procedures and processes The inspection plan may need to be amended or the team composition may need to be changed The emphasis of the inspection should always be positive one of helping AIS management at all levels to improve the security and control of the AIS facility DATA PRIVACY The Privacy Act of 1974 Public Law 93 579 imposes numerous requirements upon naval commands to prevent the misuse or compromise of data concerning individuals Navy AIS facilities that process personal data must provide a reasonable degree of protection against unauthorized disclosure destruction or modification of personal data whether it is intentional or results from an accident or carelessness Department of the Navy Information Systems Security INFOSEC Program SECNAVINST 5239 3 provides guidelines for use by all Navy organizations in implementing any security safeguards that they must adopt to implement the Privacy Act It describes risks and risk assessment physical security measures appropriate information management practices and computer system network security controls Department of the Navy Privacy Act PA Program SECNAVINST 5211 5 implements the Privacy Act and personal privacy and rights of individuals regarding their personal records It delineates and prescribes policies conditions and procedures for the following e Any Department of the Navy system of records pos
82. the requirements To do this you will see that the The AIS facility is tasked with the responsibility of Proposed monthly production schedule is distributed to the appropriate subsystem coordinators for their review Before the end of the current month the subsystem coordinators are to return the monthly schedule with their concurrences or changes and recommendations back to you for screening You will screen it to ensure they have not overscheduled any day and that there will be enough time for system backups and planned maintenance The screening process MONTHLY PRODUCTION SCHEDULE should include a review by the production control DEVELOPMENT coordinator who looks for any specific input output requirements For example special forms may have to be ordered This must be done early enough to have the forms when the job is to be run After screening the changes and recommendations and making any adjustments needed have a smooth copy of the schedule prepared and distributed to all subsystem providing computer support to the command This includes support to medical dental supply administration financial and maintenance Each of these areas will have a subsystem coordinator assigned to work with you on monthly schedule requirements and on processing problems You will also prepare daily workload schedules As the AIS manager you will be responsible for developing and distributing a monthly AIS operations schedule You have used monthly
83. them They have been trained and are knowledgeable in such areas as the following e General security awareness e User and customer security Security administration Security violation reporting Hardware and software security Systems design security Terminal and device related security Telecommunications security Physical security Personnel security Computer auditing Data security Risk assessment methodology Contingency and backup planning AIS security and Navy contractors Disaster recovery e Security accreditation and e Security test and evaluation From this list you can see that AIS security is a complex area and requires many specialized skills and knowledges In addition each member of the AIS security staff is responsible for ensuring that you are adequately trained in AIS security Do you know the name of your command ISSM If not seek him or her 4 7 out and find out what your responsibilities are rather than finding out the hard way through a bad experience That brings us to your responsibilities PERSONAL RESPONSIBILITY You play an important role in the success of your command s security program As we stated earlier security is everybody s job from seaman recruit to admiral Do not leave listings unattended or files open for unauthorized browsing If you see a stranger in your work area it is your job to confront challenge that individual regardless of his or her rate or rank
84. three stages Some event such as a failure of electrical insulation causes ignition An electrical fire will often smolder for a long period of time When an open flame develops the fire spreads through direct flame contact progressing relatively slowly with a rise in the temperature of the surrounding air The duration of this stage is dependent on the combustibility of the materials at and near the point of ignition Finally the temperature reaches the point at which adjacent combustible materials give off flammable gases At this point the fire spreads rapidly and ignition of nearby materials will result from heat radiation as well as direct flame contact Because of the high temperatures and volumes of smoke and toxic gases associated with this third stage fire fighting becomes increasingly difficult and often prevents people from remaining at the fire site Given the objective to discover and deal with a fire before it reaches the third stage one can see the limitation of fire detection that depends on detecting a rise in air temperature For this reason the areas in which electronic equipment is installed should be equipped with products of combustion smoke detectors Such detectors use electronic circuitry to detect the presence of abnormal constituents in the air that are usually associated with combustion In designing an effective fire detection system consider the following points e Location and spacing of detectors
85. to be done e WHY the work is to be performed 2 7 WHEN the work is to be performed HOW the work is to be accomplished WHERE the work is to be performed and WHO is responsible for completing the work PERSONNEL MANAGEMENT Good managerial traits and supervisory abilities are prerequisites for the first class or chief petty officer who is required to function as a front line supervisor and manager The RM1 or RMC will normally be the RM supervisor and will have many managerial and supervisory responsibilities added to those present at the junior petty officer level Supervision involves working with people and a major responsibility of a supervisor is production A good supervisor knows how to get a job done by getting the most out of personnel However the desire to attain an acceptable production level must not be at the expense of personnel assets People have the right to be treated as individuals and respected as such If treated in any other reamer no amount of pressure will create a permanent increase in production levels While you want to achieve a high level of production you also want your personnel to produce willingly and be interested in their work OFFICE MANAGEMENT The physical location of a communications office is normally predetermined by higher authority Furthermore the space allotted to the various sections is usually determined by competent engineers based on available space After discussing the matt
86. to or involved in any complaint for which the command has been notified Messages of historical or continuing interest Meteorological maps and summaries Monitor rolls and message tapes SPECAT SIOP ESI file TOP SECRET control log Watch to watch inventory COMMUNICATIONS PLANNING The primary objectives of communications planning are e To provide for effective connectivity to support the exercise of command and the exchange of essential information and e To advise the commander of the implications of communication capabilities and limitations for the operation plan and its execution The communications plan has to consider reliability security and speed The communications planner chooses facilities and methods that will best satisfy operational requirements The plan provides for the command and control capability by which the operation will be controlled and directed 24 Hours 30 Days 30 Days 5 Days 12 Months 30 Days 2 Years 2 Years 60 Days When Canceled 10 Days 3 Years 2 Years Permanently 2 Days 24 Hours 60 Days 60 Days 30 Days To be effective the communications planner needs comprehensive knowledge of the organizational structure established for the operation and the capabilities and limitations of the communications and command center facilities available to the force COMMUNICATIONS REQUIREMENTS The operational tasks assigned to various units require radio nets that link units eng
87. transmission In station records files logs and tapes must be retained beyond 2 24 the required retention limit if tracer action is in progress prior to the expiration date You can find detailed information concerning tracer action in JANAP 128 Termination Request Messages Ships send termination request messages to establish circuits with a NCTAMS or NAVCOMTELSTA on a limited or full time basis A termination request message must be sent to the cognizant NCTAMS at least 48 hours prior to activating the requested termination If the ship has a requirement for a full time termination it will be assigned a routing indicator by the cognizant NCTAMS NTP 4 contains detailed information pertaining to termination requests and formats Communications Guard Shift Messages Communications guard shift COMMSHIFT messages are required when a command shifts its guard from one broadcast or servicing communications center to another When possible the shift takes effect at 0001Z of the new radio day When broadcasts are shifted an overlap period before and after the effective time is observed to ensure continuity of traffic The command guards both broadcasts during the overlap period COMMSHIFT messages are sent to the NCTAMS of the communication areas from which the old and the new broadcasts originate COMMSHIFT messages are necessary because of operational considerations or changes in the deployment schedule of a ship These message
88. who know what steps to take in case of an alarm Is the alarm system regularly inspected for physical and mechanical deterioration Does the system have tamper proof switches to protect its integrity Is there an environmental or protective housing or cover on the system s Is there an alternate or separate source of power available for use on the system in the event of an external power failure Where ic tha FV MA Vd 10 LILIA located local central station or remote annnnct1 a CALILAU LINGLE Who maintains the equipment and how is it maintained contract lease equipment force account Are records kept of all alarm signals received including the time date location action taken and cause of the alarm Are alarms generated occasionally to determine the sensitivity and the When the security survey is complete it provides a picture of the existing alarm systems and the location of each It also shows the number and location of manned posts the number of personnel at these posts and the schedule of each With these facts in hand the AIS technical manager can evaluate existing access controls and protection measures identify areas where remedial measures are needed and select specific measures Always consider the use of various types of security hardware devices to augment the existing personnel protective force Through the use of such devices it may be possible t
89. AIS security CHAPTER 5 GENERAL SECURITY LEARNING OBJECTIVES Upon completing this chapter you should be able to do the following Identify the procedures for verifying the identification and clearance of o recipients eo Identify the procedures for TEMPEST requirements e Identify methods of controlling access to security areas including designation of restricted areas requirements relating to lock combinations and procedures for sanitizing sites and equipment e Identify the procedures and regulations for marking material and conducting inventories of classified material Secret and below e Identify the procedures used for clearing media and hardware of classified material Secret and below e Identify the regulations and procedures for declassification or destruction of classified hardware and the destruction of classified material Secret and below o Identify the regulations and procedures covering the receipt inspection handling destruction and verification of classified material SPECAT or Top Secret and above Your duties as a Radioman will require that you handle considerable amounts of classified information and equipment You should be able to recognize classified matter and know what to do or not do with 1t Security 1s as basic a part of your assignment as operating telecommunications equipment Safeguarding classified information is an integral part of your everyday duties The security
90. Analysis FIPS PUB 65 enclosure 3 to OPNAVINST 5239 1 e Department of the Navy Information and Personnel Security Program Regulation OPNAVINST 5510 1 e Department of the Navy Information Systems Security INFOSEC Program SECNAVINST 5239 3 AIS THREATS AND RISK ANALYSIS First when designing its security program a command must look at the potential AIS threats and perform a risk analysis AIS THREATS When planning a security program the AIS technical manager should be aware of all the types of threats that may be encountered Not every Navy AIS facility will be faced with each type of threat especially if the facility is aboard ship The impact of a given threat may depend on the geographical location of the AIS facility earthquakes the local environment flooding and potential value of property or data to a thief or the perceived importance of the facility to activists and demonstrators or subversives Examples of natural and unnatural threats include e Unauthorized access by persons to specific areas and equipment for such purposes as theft arson vandalism tampering circumventing of internal controls or improper physical access to information AIS hardware failures e Failure of supporting utilities including electric power air conditioning communications circuits elevators and mail conveyors e Natural disasters including floods windstorms fires and earthquakes e Accidents causing the
91. Another piece of job related information to consider is processing time To set aside a sufficient amount of time for processing you must know how long a job will reside in memory Processing time is normally estimated for a multiprogramming environment since most computers today process programs data in this fashion and job mix affects the overall processing time for a job Let s assume you have a static workload with no jobs being added to or deleted from the schedule Even under these conditions you can expect job processing to deviate from the schedule Why you might ask The reasons for this are the uncertainty about job processing time and disrupted processing Take for example a job that normally has a processing time of 45 minutes Today because of a large increase in input the job processing time is hour thus delaying all the following jobs by 15 minutes This is unavoidable and must be expected The same is true of disrupted processing whether it is hardware failure or software problems One way to avoid these delays is to include a specified amount of buffer time in your schedule You might add a safety factor of 10 percent to the expected processing time In our previous example where processing time increased from 45 minutes to 1 hour a buffer time of 10 percent would only give you an additional 4 5 minutes of processing time This would still have been inadequate However since all the following jobs also have buff
92. COMMENT SHEET THIS FORM MAY BE USED TO SUGGEST IMPROVEMENTS REPORT COURSE ERRORS OR TO REQUEST HELP IF YOU HAVE DIFFICULTY COMPLETING THE COURSE NOTE IF YOU HAVE NO COMMENTS YOU DO NOT HAVE TO SUBMIT THIS FORM Date FROM RATE RANK GRADE NAME FIRST M I LAST DSN ASS Commercial STREET ADDRESS APT FAX INTERNET CITY STATE ZIP CODE To COMMANDING OFFICER NETPDTC CODE N311 6490 SAUFLEY FIELD RD PENSACOLA FL 32509 5237 Subj RADIOMAN TRAINING SERIES MODULE 1 ADMINISTRATION AND SECURITY NAVEDTRA 12845 A The following comments are hereby submitted PRIVACY ACT STATEMENT UNDER AUTHORITY OF TITLE 5 USC 301 INFORMATION REGARDING YOUR MILITARY STATUS IS REQUESTED TO ASSIST IN PROCESSING YOUR COMMENTS AND IN PREPARING A REPLY THIS INFORMATION WILL NOT BE DIVULGED WITHOUT WRITTEN AUTHORIZATION TO ANYONE OTHER THAN THOSE WITHIN DOD FOR OFFICIAL USE IN DETERMINING PERFORMANCE NETPMSA 1550 41 Rev 1 96 53 DEPARTMENT OF THE NAVY COMMANDING OFFICER NETPDTC CODE N311 6490 SAUFLEY FIELD RD PENSACOLA FL 32509 5237 OFFICIAL BUSINESS COMMANDING OFFICER NETPDTC CODE N311 6490 SAUFLEY FIELD RD PENSACOLA FL 32509 5237 54 NAVEDTRA 1430 5 Stock Ordering No 0502 LP 216 0100 E ww TITLE NAVEDTRA NAME ADDRESS Last First Middle Street Ship Unit Division etc City or FPO State Zip RANK RATE SSN_ DESIGNATOR ASSIGNMENT NO DATE SUBMITTED m cq cs L usn LJ usir J active LJ INACTIVE OT
93. E PROCURE NEEDED SUPPLIES amp EQUIPMENT TRANSFER OPERATIONS FROM BACKUP SITE RMJA0037 Figure 4 14 Simplified diagram of an AIS facility 4 30 Similar tests of procedures for fire fighting loss control evacuation bomb threat and other emergencies will give assurance that plans are adequate and workable At the same time they provide an opportunity for training AIS personnel Each test should have a specific objective A team should be assembled to prepare a scenario for the test to control and observe the test and to evaluate the results This evaluation provides guidance for modifications to emergency plans and for additional training The important point is to be sure the emergency plans do in fact contribute to the security of the AIS facility SECURITY INSPECTIONS The final element of the AIS security program for every naval AIS facility should be a review or inspection process The inspection should be an independent and objective examination of the information system and its use including organizational components and including the following checks e Checks to determine the adequacy of controls levels of risks exposures and compliance with standards and procedures and e Checks to determine the adequacy and effec tiveness of system controls versus dishonesty inefficiency and security vulnerabilities The words independent and objective imply the inspection complements normal management i
94. EC material must be IAS stored separately from non COMSEC material ls COMSEC material of different classification may be stored together regardless of classification if storage limitations are al Laceot 4 Both 2 and 3 above 24 A What number of signatures is are required on the COMSEC watch to watch inventory sheet One Two Three Four Mm co N EH What is the maximum length of time that you are authorized to hold superseded a keying material marked CRYPTO and b authentication publications l a 24 hours By 24 hours Los a 12 hours b 5 days SP a 5 days b 12 hours AY a 5 days by 5 days What are the three types of keying material in descending priority of destruction i Superseded reserve effective Ds Effective superseded reserve on Reserve effective superseded 4 Superseded effective reserve Effective keying material is the most sensitive of the three types of keying material i True 2 False 35 0 What is the purpose of 3 38 Two Person Integrity is To prevent a single person from having access TO COMSEC material oy To prevent more than two persons from having access TO COMSEC material J To provide for an alternate custodian in Ta the event the primary is unavailable 4 To allow for a division of responsibilities among the custodians CRYPTO A B Cryptoinformation ae oF Crypto related information Da CEYPEOSY SES
95. ESI messages are always Top Secret PSEUDO SPECAT messages are normally unclassified messages that require limited distribution Examples of PSEUDO SPECAT messages include AMCROSS messages urinalysis test results and HIV test results SPECAT messages are handled only by those personnel who are authorized by the commanding officer in writing to view them The types of information assigned SPECAT and handling procedures can be found in NWP 4 and in Fleet Communications U NWP 4 respectively PERSONAL FOR PERSONAL FOR is the marking applied when message distribution must be limited to the named recipient Only flag officers officers in a command status or their designated representatives may originate PERSONAL FOR messages NATO RESTRICTED The United States does not have a security classification equivalent to NATO RESTRICTED NATO messages classified as restricted must be safeguarded in a manner similar to that for FOUO messages Messages originated by NATO must be handled in accordance with NATO Security Procedures U OPNAVINST C5510 101 ALLIED RESTRICTED The United States does not have a security classification equivalent to ALLIED RESTRICTED However these messages must be handled in the same manner as Confidential messages U S originated messages containng ALLIED RESTRICTED information are marked as Confidential immediately following the security classification The Security Manual contains complete inf
96. ESSING A computer processing mode that provides for simultaneous processing of two or more programs or routines by use of multiple CPU s MULTIPROGRAMMING A computer processing mode that provides for overlapping or inter leaving the execution of two or more programs at the same time by a single processor N NETWORKING A processing mode that allows separate computers joined by transmission lines to share a group of common peripherals NWPL CLERK Usually assigned by the NWPL custodian and is responsible for the upkeep and maintenance of the NWPL NWPL CUSTODIAN Is responsible for managing the NWPL usually assigned to an officer or senior petty officer as a collateral duty 0 ONLINE A method of data processing that allows users the ability to interact with the computer ORIGINATOR The authority in whose name a message is sent P PERSONAL FOR Messages distributed to a single recipient Only flag officers officers in a com mand status or their designated representative may originate PERSONAL FOR messages PLANNING PHASE The initial scheduling phase in which information is gathered from the users POSTCOMPUTER PROCESSING Ensuring out put products are complete accurate and delivered to the user PRECAUTIONARY ACTIONS OR PRECAU TIONARY DESTRUCTION An action to remove or reduce the amount of classified material on hand in case emergency destruction becomes necessary at a later ti
97. Figure 3 18 CMS 25 ONE TIME KEYING MATERIAL DESTRUCTION REPORT back 3 5 destruction of keytape segments of COMSEC of segments 1 31A must be recorded on the A keying material packaged in the VF format side and segments 1 31B on the B side figure 62 unique segments per canister Destruction 3 2 Mn AC AFT MINSA MOMIAS UA VAART BRA AIIVINIT AT W MIN aT TWO FOTN SRT Ta EA A Are CNIS 43D CUNIS EL AK YING WIALILEBRNIAL LUUAL DEST RUU LIUN KEPURK 1 NS a ee ihe individuals whose signatures appear below certty that they have destroyed the individual keytape segments on the dates indicated Retain this form in accordance with Annex T a O ee SONFIDENTIAL When filled in Seg Signature Signature Date of Destruction Figure 3 2A CMS 25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT front 3 6 W S i Ee es 3 3 A T aE Sp Y El E he O e m e E N E Y 4 E z lt 58 E x pos n r a 3 os ew i a 1 aan orm O gg E g lt d fay puna 3 BO SSS EURO cairn ae ce a be E O ES T3 E Sa 7 1 ts Q G 4 4 cs a i RF Ss 18 o x wn T y Sw E ex Y Sa ni A 5 he a mm DO 0 2 225 Y lt Q so 8S i ee sa SO g ob od g mn DE oH er aoe S dE S oc S 828 LEE G a UN Nur O 3 gt o jura sO f OO lt am N 2 ee fm S 26 ee AA A AA Mm py E N E z
98. GY FOR FIRE LOSS PREVENT DETECT MINIMIZE RECOVER CLEAN ROOM SMOKE HALON CONTINGENCY PLAN DETECTOR SECURE CABLES OFF SITE ALTERNATE AND CONNECTIONS DATA STORAGE COMPUTER USE NO SMOKING RMJA0028 Figure 4 4 An example of countermeasures against fire loss THREAT POPULATION a e NIN SABOTAGE ACCESS D a AN E NE HO INADEQUATE El NATIONS PHYSICAL qe INADEQUATE FIRE PROTECTION PROTECTION qD A RMJA0029 FIR Y COUNTERMEASURES INADEQUATE VUNERABILITIES Figure 4 5 Threats vulnerabilities and countermeasures Pa MANAGERIAL COUNTER MEASURES ii ADMINISTRATIVE ADEQUATE COUNTERMEASURES Not all attacks and events can be avoided If we cannot reasonably prevent something we want to detect the problem as early as possible minimize the damage and destruction and recover as quickly and efficiently as possible To help us minimize and recover we develop contingency plans Contingency plans backup plans provide for the continuation of an activity s mission during abnormal operating conditions These are plans for emergency response backup operations and post disaster recovery They include a preparation phase that includes the steps to be taken in anticipation of a loss to Figure 4 6 Types of AIS security countermeasures RMJA0030 4 5 lessen damage or assist recovery The action phase includes the steps to be taken after a su
99. HER Specify 1 2 3 4 1 2 3 4 1 2 3 4 AOGE Ea aaa SAO AO aE a e a Ea al wee Maa o aaa de a a ala aa de da Saa e Tah LE AO NAS NE pith edie ie a ee soD E a aa sJ ARDO OCOL aa aa aa Sa or A G aa a sOOOD eg Fr ap a ERE acer EA aaa Maa OOO a aa peel a na al pial ea a jefe eal tea Tcl ory ae EE at oa a a MS so A EE DODO 20 AOE aaa da Maia L a E E NO oe ee elk al eed ol eh de ada Aa JA AAL Pal a S ata ra a E O MERN aE aa A aa E OS AE ge a Gal cal ay a Ea Pea in a re lle i ada aa aaa Pere OP Bl OD FRAARLIArN REPRODUCED
100. IS security term is used 1 Risk Zed Likelihood oe Vulnerability 4 Countermeasure In AIS security risks are usually expressed in which of the following terms Days Dollars Equipment Personnel A OG N ER In AIS security terminology the controls to lessen Or eliminate known threats and vulnerabilities are called physical barriers security routines backup procedures countermeasures H GW N e Under AIS security S625 countermeasures controls that are embedded in hardware software and telecommunications equipment are what type of controls L Physical PAR Technical Sip Managerial 4 Administrative Under AIS security countermeasures controls that concern people and procedures such as who is authorized to do what or who 3 63 receives or requests a sensitive report are what type of controls Physical Technical Managerial Administrative H CGC N ER Under AIS security countermeasures controls that concern planning and evaluation to review the effectiveness and efficiency of countermeasures that are in place are what type of CON LOS dl Physical 2 Technical da Managerial 4 Procedural In regard to AIS security the continuation of an actuvity s mission Gurung abnormal operating conditions is provided by which of the following means im Countermeasures Ls Contingency plans Ja Security risk plan 4 Emergency response team 28 such as audits 3 64
101. Information is at the top of the triangle It is the ultimate AIS asset Information is the reason the rest exists Threats Threats are things that can destroy your assets figure 4 2 Easy to recognize threats come in two basic forms people and environmental changes People are a threat because they sometimes do unexpected things make mistakes or misuse resources steal subvert and sabotage deliberate threats Some of us even smoke and spill soft drinks in computer rooms Environmental threats are things like heat humidity explosions dust dirt power peaks power failures and natural disasters like fire floods hurricanes thunderstorms and earthquakes Hardware RMJA0025 failures and compromising emanations are also threats Another term associated with threats is their probability of occurrence What is the likelihood that something will happen Probabilities are measured in time once a pico second once a memory cycle once a fiscal year once a century Vulnerability Threats cannot reach an AIS asset without the aid and assistance of a vulnerability Vulnerabilities are the holes threats sneak through or weaknesses they exploit Vulnerabilities are caused by lack of AIS security planning poor management disorganization disorder inadequate or improper procedures open data and open door policies undocumented software unaware or unconcerned personnel You can help limit the vulnerabilities by following es
102. Je Both 1 and 2 above 4 Minimizing the ELSKS f a natural disaster Wherever AIS equipment is 4 59 used for processing classified information which of the following instructions should be used fOr applying physical protection and security policy The OPNAVINST 5230 12 oe OPNAVINST 5239 1 3 SECNAVINST 5211 5 4 SECNAVINST 323 34 38 Which of the following contingency plans for dealing with classified material should NOT be considered in emergencies Destruction Protection Removal Reproduction H CG N E In an emergency the placement of a perimeter guard force around the affected area provides protection in which of the following ways Th Provides external contact when communications are lost oe Prevents the removal of classified material on Reduces the risk of additional destruction de Provides AIS access control Which of the following methods may be used to protect the property boundary of the AIS facility e Roving patrol on Ly Zs Fencing only ou Roving patrol and fencing 4 Security badges Fences installed for boundary protection should be a what minimum height with b what minimum number of strands of barbed wire 1 a 8 feet OY 2 2 a 8 feet b 3 3 a TO eat b 2 4 a 10 feet b 3 Penetration sensors mounted 4 64 on fences and gates should provide which of the following alarms when tripped La External only ds Internal only oy Exte
103. NAVEDTRA 12845 Training Manual TRAMAN Naval Education and April 1997 and Nonresident Training Training Command 0502 LP 003 5230 Course NRTC Radioman Training series Module 1 Administration and Security Only one answer sheet is included in the NRTC Reproduce the required number of sheets you need or get answer sheets from your ESO or designated officer DISTRIBUTION STATEMENT A Approved for public release distribution is unlimited The public may request copies of this document by following the purchasing instruction on the inside cover 035230 A A Although the words he him and his are used sparingly in this manual to enhance communication they are not intended to be gender driven nor to affront or discriminate against anyone reading this text DISTRIBUTION STATEMENT A Approved for public release distribution is unlimited The public may request copies of this document by writing to Superintendent of Documents Government Printing Office Washington DC 20402 0001 or to the Naval Inventory Control Point NAVICP Cog P Material Attention Cash Sales 700 Robbins Avenue Philadelphia PA 19111 5098 A RADIOMAN TRAINING SERIES MODULE 1 ADMINISTRATION AND SECURITY NAVEDTRA 12845 ZERMENT OF NO OF AEN OF A AD YEN ede JF ae 1997 Edition Prepared by RMCS SW AW Deborah Hearn and DPC SW Walter Shugar Jr SAAS ASAAR ARAN RRA RRR O SISTE SOS
104. NE As an I O control clerk will NOT be expected to perform which of the following tasks you ly Make SCL changes to production run streams 2s Monitor jobs to ensure all data are processed ce Reconcile processing discrepancies and inconsistencies 4 Assist the computer operator in setting up production jobs Ls chapter 1 pages 1 1 through As an I O control clerk you can be expected to operate a variety of equipment such as copying machines and terminals These are known as what type of equipment lz Online a Auxiliary Ji Secondary 4 Independent On the transmittal form the block marked OPERATIONS USE ONLY contains which of the following items of information ie Job task number Ls Computer to be used oi Type of operation performed 4 When the job was accepted As an I O control clerk one of your jobs will be to keep an up to date record of all Jobs received for processing What document should you use A run schedule A job schedule A pass down log A J00 Gone rol Ss wn LoS If the input that comes with a Job becomes misplaced or lost you still have means of tracking it down by looking in what control log entry de Program name Ze Type of input oe Input forwarded 4 Computer system LO TELU To properly prepare the lb user s input for processing you as I O control clerk must have a certain amount of information avallable such as computer run sheet
105. NISTRATIVE REPORTING VISUAL SIGNAL SUPERVISOR RMJA0011 Figure 2 4 Communications watch organization 2 11 Operation orders are prepared in accordance with a standing format as set forth in Naval Operational Planning NWP 11 NWP 5 01 An OPORD is an operations plan made up of the heading body and ending The basic plan contained in the body of the OPORD is concise and contains minimum detail More detailed information on various ship departments is contained in enclosures called annexes and appendixes The annex of most concern to radiomen is the communications annex The communications annex along with its appendixes and tabs discusses the many details to be considered in planning communications for a particular operation In this annex you can find such information as the applicable circuits equipment and frequencies that will be used in the upcoming opera tion STANDARD OPERATING PROCEDURES In addition to the OPORDs you should also become familiar with the standard operating proce dures SOPs used by your division and department SOPs should be sufficiently complete and detailed to advise personnel of routine practices The detail depends upon such variables as the state of training the complexity of the instructions and the size of the command Staff sections divisions and departments often find it convenient to establish their own SOPs for operating their respective areas and for guiding th
106. Never be embarrassed to ask questions You must remember that many of the users you come in contact with are non ADP oriented therefore it is up to you to help them understand the process and its requirements Once you have logged the job in you may work with data entry to prepare data or programs then with the media library to pull the needed tapes or disks and then with computer operations to have the job run Once the job has been run on the computer you may check the output products When you are sure the outputs are OK you distribute them according to instructions log the job out and file or return the job materials to the user Study figure 1 1 for a few moments It will help you see how the work flows and how you as an I O control clerk fit in the picture The fictional areas are listed across the top of the figure As you enter the level of middle management you will be required to take on added duties and additional responsibilities You will be a technical administrator and you will provide support to management You will use your expertise to evaluate current procedures and equipment and to make recommendations for improvements to operations This includes estimating future equipment needs FUNCTIONAL AREAS IICED II T A Pe Y ARMA AMAIE TIA RAESPNA APA AMI Per UYILA UNT U ISOU FU 1 NWUAGINE DIY MIC LIA VAVIEFU LON CUSTOMER CONTROL DATA ENTRY LIBRARY OPERATIONS USER S JOB pene THE RE
107. QUEST JOB AND ENTER IN LOG TRANSMITTAL AD E PULL OR SET UP MEDIA MEDIA REQUIRED YES PREPARE JOB ACCORDING TO RUN INST TASK FOLDER SUBMIT JOB ACCORDING TO SCHEDULE CHECK JOB PREPARE OUT PUT FOR DISTRIBUTION RETURN MEDIA JOB PACKAGE AND OUTPUTS RETURN JOB JOB PACKAGE DISK PACKAGE DISTRIBUTE TAPE OUTPUTS AND LOG OUT JOB OUTPUTS 38NVJ007 Figure 1 1 Typical I O control workflow 1 3 OPERATIONAL REQUIREMENTS Your operational requirements will include some or all of the following tasks e Receive user job requests e Maintain input and output control logs Verify inputs to be processed to ensure they are correct and in accordance with the run folder or run instructions Make system control language SCL run stream changes as required for correct data processing of the user s runs Input the user s run package jobs to the computer operations personnel according to a schedule Monitor the jobs in progress to ensure that all data are processed and that all processing steps have been properly performed Balance the number of records input relative to the number output Verify the format and the number of copies of each printed output in accordance with instructions in the run folder Reconcile processing discrepancies and inconsistencies Ensure that print
108. Rekey OTAR and Field Generation and Over the Air Distribution of Tactical Electronic Key NAG I6C TSEC Authentication Authentication is a security measure designed to protect a communications or command system against fraudulent transmissions or simulation Authenticating systems have instructions specifying the method of use and transmission procedures By using an authenticating system properly an operator can distinguish between genuine and fraudulent stations or transmissions A station may include authentication in a transmitted message This security measure is called transmission authentication The types of authentication are e Challenge and Reply This is a prearranged system whereby one station requests authentication of another station the challenge By a proper response the latter station establishes its authenticity the reply e Transmission Authentication A station establishes the authenticity of its own transmission by either a message or a self authentication method A message authentication is a procedure that a station uses to include an authenticator in the transmitted message Self authentication 1s a procedure that a station uses to establish its own authenticity and the called station is not required to challenge the calling station The following examples are instances when authentication is mandatory e A station suspects intrusion on a circuit e A station is challenged or requested to a
109. S 1 outlines the requirements for inventorying COMSEC material COMSEC Material Accounting Reports COMSEC material accounting reports provide an audit trail for all accountable COMSEC material Reports may be prepared manually or be computer generated There are specific requirements for submitting all reports including where they go and who they go to These requirements are found in CMS 1 The following reports are briefly described as to their general use This list is not all inclusive 3 3 1 Transfer Report Used to document and report the transfer of COMSEC material from one CMS account to another or one holder to another Destruction Report Used to document or report the physical destruction of COMSEC material The destruction must be witnessed by two appropriately cleared and authorized persons The report must be completed immediately after the material is destroyed Destruction reports are not normally submitted to DCMS unless directed to do so by DCMS a Local destruction Destruction will be documented and retained locally using a SF 153 or a locally prepared equivalent form CMS 25 Top Secret and Secret destruction reports must be kept for 2 years Local destruction records are mandatory for all AL 1 and 2 COMSEC regardless of classification and optional for AL 3 and 4 COMSEC material classified Confidential and below Receipt Report Used to document or report receipt of COMSEC mater
110. S facility s contingency plan covers what is required to get the facility back online as soon as possible Your contingency plan should include emergency response backup operations and recovery plans To have current backups we must ensure that normal saves are done as scheduled The saves can be categorized as either whole system or data file saves The AIS facility s resources schedule and instructions will be the governing factors as to which category of saves and the frequency with which the saves will be done For further guidance as to the minimum frequency and the category of saves refer to the local type commander s TYCOM instructions Another part of the recovery process is making sure that replacement parts are available There are constraints as to the number of parts maintained onboard your activity Before a major deployment or periodically for shore activities it is important to take 1 27 an inventory of the parts so if the parts are not on board they can be ordered EMERGENCY RESPONSES The last major area we are going to look at 1s emergency response When a problem occurs such as a job aborts or the system goes down the steps you and your AIS staff must follow are l Log the problem A good rule is to log everything this can save time and help to identify problems early Notify management users and the maintenance technician By notifying management you provide them the information they
111. SN precedence DTG original on a readdressal originator original on a readdressal subject classification time of receipt TOR for incoming messages or time of delivery TOD for outgoing messages for each message It is also useful to indicate on the log over which circuit the message was relayed This is helpful during tracer situations The Central Message Log is filed in the communications center master file on top of the messages processed for that radio day raday TOP SECRET CONTROL LOG Upon receipt of a Top Secret message including SPECAT SIOP ESI addressed to the parent command or subscriber of the message center the center assigns a sequential number and enters the originator DTG and copy count of the message into the Top Secret Control Log A separate entry is made for each addressee The messages must be annotated as Copy ___ of __ and Page __ of ___ The message must also be assigned a Top Secret control sequential number CIRCUIT LOGS Records of messages sent via ship shore circuits whether primary shipshore full period termination and soon must be maintained This ensures continuity of traffic accurate times of delivery receipt and precise files for possible tracer action These actions should be recorded on the Received Message Record OPNAV DATE CENTRAL MESSAGE LOG OUTGOING INCOMING o SSN PREC DTC ORIG SUBJ CLASS TOR TOD RMJA0012 Figure 2 5 Central Message Log fo
112. SOS TH TTT SS RAH QE sss ar SINK e lt Aya PREFACE This training manual TRAMAN together with its nonresident training course NRTC NAVEDTRA 12845 form a self study training package for personnel fulfilling the requirements of the Radioman rating The TRAMAN provides subject matter that relates to the occupational standards for the RM rating The NRTC consists of several assignments to help the student complete the TRAMAN This edition includes information on AIS administration communications administration communications security AIS security and general security This training manual was prepared by the Naval Education and Training Professional Development and Technology Center Pensacola Florida for the Chief of Naval Education and Training 1997 Edition Stock Ordering No 0502 LP 003 5230 Published by NAVAL EDUCATION AND TRAINING PROFESSIONAL DEVELOPMENT AND TECHNOLOGY CENTER UNITED STATES GOVERNMENT PRINTING OFFICE WASHINGTON D C 1997 THE UNITED STATES NAVY GUARDIAN OF OUR COUNTRY The United States Navy is responsible for maintaining control of the sea and is a ready force on watch at home and overseas capable of strong action to preserve the peace or of instant offensive action to win in war It is upon the maintenance of this control that our country s glorious future depends the United States Navy exists to make it so WE SERVE WITH HONOR Tradition valor and victory a
113. SUDDOLE To chart the interaction between the functional areas of an AIS facility what type of chart should you prepare IN Data flowchart Les Systems flowchart ce Workload diagram 4 Workflow diagram To determine what the demands will be on the AIS facility Lor the upcoming month which of the following personnel usually meet s with the users ule Division chief only os Division chief and LPO only Se Division chief LPO and scheduler 4 Computer operations supervisor and scheduler During the forecasting phase of scheduling you must remember to set aside time in the schedule for which of the following maintenance tasks File and computer Tape drive Disk drive Fach of the above Hm GW N E LEO E When you schedule recurring Si old jobs which of the following types of information is are best to use i New estimates from users 23 Job experience and ALSCOrY ce Latest job run time on your system 4 Average job run time on other systems Scheduling enables management to make which of eo the following judgments i A prediction of the effects of an increased workload a An evaluation of data entry operator skills oe An analysis of production program errors 4 A plan for user training As scheduler you will need a backup or contingency plan for which of the following reasons 1 To allow for hardware 2 00 breakdowns and malfunctions ay To schedule users requirements ioe
114. Special saves Textbook Assignment DLN ZA ASSIGNMENT 2 Chrough 2 29 DCS circuits are owned or 2 5 leased by what organization i AT amp T De The Joint Military Communications Management Office on The U S Government 4 NAVCOMTELCOM The DCS combines elements from the three military services into a single communications system ie True Ze False Who exercises operational control over the DCS l The civilian head of the DCA Za The head of the JCS 2 N a The military head of the NTS 4 The military head of DISA What is the mission of naval communications de To provide reliable secure and rapid communications Zs To provide reliable Simple and rapid communications 2x To provide controlled secure and functional communications 4 To provide easy secure and rapid communications 10 Communications Administration chapter 2 pages 2 1 Naval communications includes which of the following policies ie To promote the safety of life at sea and in the air by maintaining communications with appropriate communications facilities LG To encourage at all levels of command an effort to improve techniques procedures and efficiency 3 To establish and maintain effective communications within the Department of the Navy 4 Fach of the above Concerning area of coverage what is the primary distinction between the NTS andr the DES Ls The DCS units are fl
115. Standards of performance can be established and control elements determined An evaluation of the entire system must be completed by the highest level of command Each Operational unit must be scrutinized by the chief or first class in charge 2 6 Establishing Standards Standards of performance must be established to determine the effectiveness of operations and service provided against customer requirements and system capability Standards must be established for internal functions as well as for overall system performance After performance standards are established the control elements and manner of control can be determined It is most important that performance standards be established in the general areas of reliability speed security and economy These areas can be broken down into standards for internal operation equipment personnel maintenance supply and so forth Realistic standards of performance must be established This allows maximum use of resources without overcommitment The standards must be compatible with command requirements and within resource capability The standards must also be flexible enough to allow for changing operating conditions Skill levels and manning levels change constantly Equipment status and configurations are never stable Operating conditions and commitments change from day to day Therefore each communications facility manager must establish flexible standards to accommodate changin
116. TION REQUEST MESSAGE A message sent to request establishment of circuits with a NCTAMS or NAVCOMTELSTA on a limited or fill time basis TIME SHARING A processing mode in which users share computer system resources through online terminals TSCO TOP SECRET CONTROL OFFICER An officer senior noncommissioned officer E 7 E 8 or E 9 or a civilian employee GS 7 or above who is responsible for the receipt custody accounting and disposition of Top Secret material within the command TSO TELECOMMUNICATIONS SERVICE ORDER Used to authorize the start change or discontinue circuits trunks links or systems TSR TELECOMMUNICATIONS SERVICE REQUEST Initiates additions deletions or changes from the originating command to existing Defense Communications System DCS circuits TVA TEMPEST VULNERABILITY ASSESS MENT The vulnerability of a ship aircraft shore station transportable equipment or a contractor facility to susceptibility environment and threat TVAR TEMPEST VULNERABILITY ASSESS MENT REQUEST A request submitted prior to processing classified data to the Naval Criminal Investigation Service Y YANKEE PRECEDENCE This category is in addition to the four major precedences categories it is an EMERGENCY COMMAND PRECEDENCE ECP It is identified by the precedence prosign Y and limited to designated emergency action command and control messages Speed of service objective is n
117. The United States does not have a security classification equivalent to NATO RESTRICTED NATO messages classified as restricted must be safeguarded in a manner similar to FOUO messages Messages originated by NATO must be handled in accordance with NATO Security Procedures U OPNAVINST C5510 101 ALLIED RESTRICTED The United States does not have a security classification equivalent to ALLIED RESTRICTED However these messages must be handled in the same manner as Confidential messages U S originated messages containing ALLIED RESTRICTED information are marked as Confidential immediately following the security classification MINIMIZE CONSIDERED During an actual or simulated emergency it may become necessary to decrease the amount of record and or voice communications on military telecommunications circuits When this occurs it is called MINIMIZE In essence all messages that are not urgent will not be transmitted Those messages that concern a mission or safety of life are considered imperative and therefore require transmission during minimize The same criteria pertaining to minimize conditions noted earlier in this chapter still apply The releasing officer must review and decide on the message s merit which means the message will be sent either electrically or by another means When a message is released it must include the words MINIMIZE CONSIDERED and RELEASED BY Messages that will not be sent
118. To allow for late submission of input from the user te TO correct Job parameters that are entered into the system 1 41 incorrectly Resource requirements processing time Job dependencies priorities and deadlines are all what type of information Job t elatea Workload related Resource related AIS facility related H GW N ER As scheduler in addition to having information about computer resources you need information about what other area s of processing La Precomputer processing only as Postcomputer processing only Se Precomputer and postcomputer processing 4 Output processing by users What is the primary difticulty Of manually scheduling jobs in a multiprogramming environment l Specifying priorities De Specifying deadlines Be Obtaining a job mix that handles job dependencies without processing jobs out of order 4 Obtaining a Job mix that makes the best use of most resources without bogging down the entire computer system Resources workflow system capabilities and capacities and workload demands are all what type of information Job related Workload related Resource related AIS facility related Hm CG N EH To be sure sufficient time is scheduled for a job you will probably want to add extra time to the estimated time as a safety factor What is this type of time called Excess time Time plus Real time Buffer time Hm GQ DF Tato As scheduler priority
119. Z 5 Er S EE g lt lt lt lt lt lt lt lt lt lt lt lt a lt a lt lt lt lt lt lt 23 2 TS Shel ess Rs 06 Alai leia llos la la E O gog A Y a 5 Ss os 00 a Sa SSB A S a 4 SUNN al Al AINA lA R leon 7 3 7 c 5388 SAS Eg O 5 Ee A We e Seale allie ee cE hese E 00 A Figure 3 2B CMS 25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT back 3 7 7 CMS 25MC COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT The CMS 25MC is used to record destruction of multiple copy segments of COMSEC keying material packaged in canisters figure 3 3 CMS Destruction As a Radioman you may very well be involved with the routine destruction of COMSEC material The destruction methods that we discussed earlier are also used for COMSEC material CMS 1 gives complete details on priority of destruction of CMS materials ROUTINE DESTRUCTION Superseded COMSEC material must be destroyed as soon as possible after supersession Keying material marked CRYPTO must be destroyed no later than 12 hours after supersession Superseded authentication publications and document must be destroyed no later than 5 days after supersession EMERGENCY DESTRUCTION COMSEC material that must be destroyed in an emergency 1s divided into three categories e Keying material e COMSEC documents and e COMSEC equipment As we mentioned earlier an emergency plan consists of both precautionary destruction and
120. a processing technology it should not be difficult to appoint team members with some data processing knowledge Security A security officer is a welcome addition to an inspection team Computer operations Technical expertise in data processing 1s required Both programming knowledge and operations experience is helpful Perhaps the data processing internal security officer has these skills and if so should be a prime candidate for the team Using someone 4 31 from the AZS facility being evaluated need not significantly affect the objectivity of the inspection process Users Users have the most to gain from an effective inspection because of their dependence on the AIS facility yet too often they have little or no interest in AIS controls or security measures To encourage participation in the AIS security program one or more users who are concerned about sensitive data being compromised disclosed or destroyed should be motivated to join or should be appointed to the inspection team Building management Many of the physical security controls to be inspected fire prevention and detection air conditioning electric power access controls and disaster prevention relate to building management and engineering Outside specialists Independent experienced viewpoints provided by outside consultants can be very helpful The composition of the team can be flexible One of the prime requirements is that it consist of peop
121. a timely manner Users rely on computer Operations and support personnel to get their jobs done on time Whether your AIS facility has one or several computers it will be your job to see that the AIS production work of your command is processed in a timely reamer This means schedules You will need 1 1 to develop monthly production schedules in coordination with user assigned subsystem coordinators You will also need to develop daily workload schedules to meet user established deadlines If your computer system has online capabilities you will need to be sure users have access when they need it and that the system is responsive Technical administration and support are important aspects of automated information system AIS facility management As a technical administrator you will be making hardware and software projection reports software performance reports hardware utilization reports and trouble reports You will be responsible for implementing performance tuning initiatives to improve computer system performance You will also be expected to project future application growth capabilities All these are technical functions needed to ensure the smooth operation of an AIS facility In this chapter you will learn about the many varied tasks you may perform as an input output control clerk and then as a scheduler reports preparation trouble reports technical assists and operational guidelines Our objective is to give yo
122. ach command should apply differing protective measures commensurate with the degree of security importance Persons who have not been cleared for access to the information contained within the area with appropriate approval may be admitted into an area but they must be controlled by an escort at all times Follow guidelines set forth in the Security Manual and local standard operating procedures A few of the basic requirements are listed below e Remove turn over or place in drawers any classified material that may be out on desks e Replace any keying material in the safe and lock Cover any status boards showing conditions of equipment frequencies systems and so forth e Cover all frequencies dialed into equipment Cover monitors or turn off monitor screens if possible e Do not conduct any work related discussions At no time will the escort leave someone unattended The watch section or day working staff maybe required to support the escort in cases where work is being conducted by numerous uncleared personnel in more than one area 5 3 RESTRICTED AREAS Designating security spaces as restricted areas provides an effective and efficient means for a command to restrict access and control movement In restricted areas only those personnel whose duties actually require access and who have been granted appropriate security clearance are allowed freedom of movement within the area Persons who have not been clea
123. acility NAVDAF comes under the control of an NCTS or a NARDAC NAVDAFs provide AIS services in areas where no NARDACs are located The workload of a NAVDAF is normally less than that of a NARDAC NAVAL SECURITY GROUP DEPARTMENTS The Naval Security Group Departments NAVSECGRUDEPTs come under the authority of Commander Naval Security Group Command COMNAVSECGRU and are responsible for the cryptologic and related functions of the Navy NAVSECGRUDEPTs maybe part of a NCTAMS or a NAVCOMTELSTA As such COMNAVSECGRU exercises technical control over the cryptologic operations whereas COMNAVCOMTELCOM has overall responsibility for the management and Operating efficiency of the NAVSECGRUDEPTS MILITARY AFFILIATE RADIO SYSTEM MARS A function of the Military Affiliate Radio System MARS is to provide auxiliary communications to military civil and or disaster officials during periods of emergency The Navy encourages amateur radio operators to affiliate with MARS Many of the operators have earned their amateur radio licenses from the Federal Communications Commission The amateur radio operators using their amateur stations on Navy radio frequencies receive training in naval communications procedures and practices Besides assisting in emergency situations MARS operators also create interest and furnish a means of training members in naval communications You can find detailed information about the MARS program in U S Navy M
124. affected If you are using an automated USER TERMINAL ABORT CODE system it is usually a simple task to produce a new schedule You can usually direct the system with a command or two to produce a new schedule or a simulated schedule In a manual scheduling system it will require some cooperation between the subsystem coordinators and AIS operations to replan the schedule to get all the work done in a timely manner HELP DESK SUPPORT The help desk procedures we talk about here are those relating primarily to online users To help your Operators communicate effectively with online users you will want to have procedures established for them to follow To develop help desk procedures keep several steps in mind These steps include logging the problem researching the problem fixing the problem and analyzing the problem for possible changes to training and or documentation Once the problem has been fixed the operator will notify the user that processing may be continued You will want to monitor the help desk support for its effectiveness and to provide feedback to and receive feedback from the users subsystem coordinators and managers as well as your own staff Logging the Problem The operator logs a problem to document its occurrence and to provide the information needed to solve the problem The information includes the abort code what step in processing the user was doing what system the user was on and what
125. aged in the same activity or task Communications circuits follow the command lines of the task unit or contribute to its tactical effectiveness by providing for essential information exchange These considerations provide the essential elements for determining communications requirements PROTECTION OF COMMUNICATIONS Enemy interception and disruption of communications are of primary concern to any communications planner Every facet of communications facilities methods and procedures needs to be examined in terms of security vulnerability to deception and the electronic protection EP required for maximum protection Communications Security Security is the safeguarding of information As it pertains to communications security is usually referred to in terms of communications security COMSEC and signal security SIGSEC Security will be discussed in more depth in chapter 3 Various devices and procedures are used to increase security including e Authentication A security measure designed to protect communications systems against acceptance of false transmissions or simulations by establishing the validity of a transmission message or originator Codes Any system of communication in which arbitrary groups of symbols represent units of plain text Codes are often used for brevity and or security Ciphers Any cryptologic system in which arbitrary symbols or groups of symbols represent units of plain text
126. al burn bags may accumulate for burning it is important to keep an accurate record of the number of bags to be burned Burn bags must be serially numbered and a record kept of all subsequent handling until destroyed Burning As a Radioman you will probably assist in the burning of classified material Every member of a burn detail must know exactly what is to be burned and should double check burn material against an inventory list before the material is burned To provide for accountability of the burn bags the supervisor of a burn detail must be sure that the bags are numbered or counted before they are removed from the workspaces The supervisor of a burn detail must have either a log or checkoff list that lists the number of bags to be burned At the destruction site each bag is checked off the list as it is destroyed in the presence of the witnessing officials Witnessing officials are persons performing any destruction They must have a clearance equal to or higher than the material being destroyed To ensure the complete destruction of bound publications the pages must be torn apart and crumpled before they are placed in bags All material must be watched until it is completely consumed The ashes must be broken up and scattered so that no scraps escape destruction Shredding Crosscut shredding machines are relatively quiet and may be used aboard ships where incinerator facilities are not available Crosscut shredders a
127. ally and electrically controlled spaces 5 2 adherence to approved installation criteria and the use of TEMPEST approved equipment or systems e Threat The capability and motivation of an enemy to exploit the TEMPEST signal The interaction of all of these factors determines the vulnerability From this assessment and considering the category classification or sensitivity of the information involved a determination will be made An Instrumented TEMPEST Survey ITS will be scheduled or the requestor will be placed in the acceptable risk category Tempest Vulnerability Assessment Request TVAR A TVAR must be submitted prior to processing classified data This request should be sent to the Naval Criminal Investigative Service Washington D C with a copy to CO NAVELEXSECCEN and other commands as appropriate The list of required information is available in Navy Implementation of National Policy on Control of Compromising Emanations U OPNAVINST C5510 93 Some ships are identified by CNO as high TEMPEST risk platforms Those which are likely to be the target of hostile TEMPEST collection efforts will be scheduled for an Instrumented TEMPEST Survey ITS No TVAR is required from any ship EMISSION CONTROL EMCON EMCON is used to prevent an enemy from detecting identifying and locating friendly forces It is also used to minimize electromagnetic interference among friendly systems EMCON is normally imposed
128. anagement practices include all but which of the following activities Ip Data collection validation and transformation Zi Information processing or handling Ja Information control display and presentation 4 Managerial determination of the need and use of the information Which of the following 5 50 practices is are suggested for the handling of personal data l Label recording media that contain data of local personnel only Ze Carefully control products of intermediate 9 01 processing steps 3 Maintain an online up to date hardcopy authorization list of all individuals who have access to any data 4 Both 2 and 3 above Which of the following practices is are suggested for the maintenance of 5 52 personal records 1 Establish procedures for maintaining correct current accounting of all new personal data brought into the computer facility 2 Maintain logbooks for terminals that are used to access any data by System users oe Both 1 and 2 above 4 Log each transfer of storage media containing 4 53 Gata to lie Computer facility For a broader knowledge of personal identification and identification techniques you should refer to which of the FIPS publications 4 54 FLPS PUB ol FLPS PUB 48 ELES PUB 79 FIPS PUB 114 Hm GW N e 49 Which of the following pieces of equipment might be considered a TEMPEST hazard Personal computer Electric typewriter Both 1 and 2 above A copying
129. and reviews or initiates action in cases of loss or compromise of CMS material e Serves as Department of the Navy DON manager of leased portions of Navy dedicated and common user information transmission systems e Manages the Navy and Marine Corps Military Affiliate Radio System MARS and coordinates Navy participation in amateur radio matters e Establishes implements and maintains the Fleet Operational Telecommunications Program e Manages International Maritime Satellite INMARSAT communications ground interfaces to naval communications for the DON and handles any other commercial telecommunications authorized by law or treaty e Operates and maintains the NCTSs NARDACs and assigned elements of the Defense Communications System DCS e Serves as technical advisor to CNO for communications enlisted ratings RM ET and assists in career development and training for these ratings and e Serves as central design agency for communications in the DON performs life cycle management on Navy Standard Communications Software components NAVAL COMPUTER AND TELECOMMUNICATIONS AREA MASTER STATIONS NCTAMSs As we mentioned earlier there have been changes in the clatmancy of NAVCOMTELCOM As a result each of the former NAVCAMS has been redesignated as a NCTAMS and has merged with a NARDAC The four NCTAMSs are NCTAMS EASTPAC Honolulu Hawaii NCTAMS LANT Norfolk Virginia NCTAMS WESTPAC Guam and NCTAMS MED Napl
130. andling markings 2 30 5 5 allied restricted 2 3 1l 5 6 caveat 2 30 Encrypted for Transmission Only EFTO For Official Use Only FOUO 2 301 5 6 Formerly Restricted Data FRD 2 30 5 5 JCS Emergency Action Message EAM 2 31 Limited Distribution LIMDIS 2 30 5 5 MINIMIZE considered 2 31 NATO Restricted 2 31 5 6 PERSONAL FOR 2 31 5 6 Restricted Data RD 2 30 5 5 Special Category SPECAT _2 25 2 30 5 6 Special handling markings for Special Category SPECAT 2 25 2 30 5 6 SIOP ESL 2 31 PSEUDO 2 31 Standard Operating Procedures SOPS 2 12 Supporting utilities protection T Technical control supervisor 2 10 Teleprocessing TEMPEST 5 2 compromising emanations CE 5 2 TEMPEST vulnerability assessment TVA 5 2 TEMPEST vulnerability assessment report TVAR 5 2 TEMPEST vulnerability assessment TVA 5 2 environment susceptibility 5 2 threat 5 2 Threat analysis 4 15 Time sharing 1 9 TPL 3 9 Tracer message 2 24 TSCO 5 6 TSO 2 29 TSR 2 29 TVA 5 2 TVAR 5 2 U Uninterrupted power source UPS 4 9 Uninterrupted power supply UPS 4 22 User support 1 7 logistical support 1 8 trouble calls 1 8 user inquiries 1 7 U S Government Printing Office 1998 633 154 60099 INDEX 7 RADIOMAN TRAINING SERIES MODULE 1 ADMINISTRATION AND SECURITY NAVEDTRA 12845 Prepared by the Naval Education and Training Professional Develo
131. ants e AIS facility reception area e AIS input output counter area e AIS data conversion area e Media library e Systems analysis and programming areas e Computer room spaces e Communications equipment spaces and e Air conditioning UPS and other mechanical or electrical equipment spaces The survey should verify security measures already in place and recommend any improvements to upper management Obtain a current floor plan on which to depict all areas within the facility Include all access points and any adjacent areas belonging to the AIS facility such as parking lots and storage areas Begin the survey at the perimeter of the AIS facility considering the following e Property line Include fencing 1f any and type Note the condition the number of openings according to type and use and how they are secured Are there any manned posts at the property line Outside parking facilities Are these areas enclosed and are there any controls Are parking lots controlled by manned posts or are devices used Perimeter of facility Note all vehicular and pedestrian entrances and what controls are used if any Check all doors their number how they are secured and any controls or devices such as alarms or key card devices Check for all ground floor or basement windows and how they are secured screening or bars for example and their vulnerability Check for other entrances such as vents and manholes Are th
132. areas are evacuated but ensure that locks and bolts are not secured The loss control plan should define the steps to be taken assign responsibilities for general and specific steps and provide any needed materials and equipment in handy locations In some cases ample time will be available to take all measures but in extreme emergencies life safety will dictate immediate evacuation For this reason the loss control plan should 4 27 designate one or more individuals in each AIS area who in the event of an emergency will determine what can be done to protect equipment and records without endangering life and direct AIS staff members accordingly Earlier in this chapter we discussed measures to protect the facility against the effects of fire Semiannually review the protective plans with the operations division officer to assure that all normal requirements and any special requirements of the AIS facilities are satisfied At the same time brief upper management on the AIS facility plans and status to get their advice and to ensure good coordination When emergency response planning is completed and approved 1t should be documented succinctly for easy execution Seg figure 4 13 COOP BACKUP PLANNING The risk analysis should identify those situations in which backup operations will probably be needed to avoid costly delays in accomplishing the command mission The next step 1s to develop plans for backup operations wh
133. arginal images If the reproduction process does not clearly reproduce the security markings appearing on the original copy all copies must be marked in the same positions and size as on the original Paragraph markings are required for classified documents The appropriate security markings are placed at the beginning of the classified paragraph The symbols used to indicate paragraph classification are 5 5 TS for Top Secret S for Secret C for Confidential and U for Unclassified It is not uncommon to see foreign originated classified information in U S messages and documents Paragraphs that contain foreign originated classified information must be properly marked for example U K C or NATO S At the beginning of Restricted Data and Formerly Restricted Data paragraphs use the appropriate classification symbol with the abbreviation RD or FRD such as S RD C FRD Titles and subjects are classified according to their content regardless of the overall classification of the document Normally the symbols indicating the classification assigned to a title or subject are placed in parentheses immediately following the item as in the following example Subj BASIC OPERATIONAL COMMUNICATIONS DOCTRINE U SPECIAL HANDLING MARKINGS In addition to security classification categories other markings also appear on some documents and messages Among these markings are such design
134. arine Corps Military Affiliate Radio System MARS Communications Instructions NTP 8 NAVAL COMMUNICATIONS MANAGEMENT As radiomen advance they can expect to assume additional authority and responsibility A first class or chief will most likely be placed in charge as a watch supervisor leading petty officer or chief or even as a division officer These are only a few of the many leadership positions to which they might be assigned In summary eventually a career Radioman is going to be a manager The Navy has conducted extensive studies to pinpoint problems in the area of communications organization and management These were done to allow communications personnel to take corrective action on the problem areas Use of sound managerial principles helps us accomplish our mission All levels of management require an evaluation standard Managers are then able to properly evaluate specific communication systems or components Such an evaluation provides a basis for comparison of equipment personnel and even complete facilities This evaluation forms the basis for establishing additional standards and guidelines A continuing evaluation requires data collection via a system of feedback reports from all managerial levels EVALUATING PERFORMANCE Effectiveness of naval communications is the first consideration in the management of any communications facility The overall capability must be viewed in relation to each functional unit
135. ase the service message must be assigned the same classification as the classified message being serviced You can find detailed information on service messages in Automatic Digital Network AUTODIN Operating Procedures JANAP 128 Tracer Messages Tracer messages are special types of service message Tracers are sent to determine the reason for excessive delay or nondelivery of a message previously sent Normally tracer requests are initiated by a message originator or addressee However a situation may dictate that tracer action be initiated by the originating communications station the relay station or the communications station of the addressee Tracer action continues on a station to station basis until the cause of delay has been determined Upon receipt of a tracer a station should examine its records for the time of receipt and transmission of the message being traced This information is compiled and transmitted with the tracer action to the preceding station s and to the station that originated the tracer The station that caused the delay or nondelivery must cite the reason and provide a summary of corrective action in the report Tracer action requests must be initiated as soon as the discrepancy is discovered Action must be initiated no later than 4 days after the original time of transmission for a tactical addressee For nontactical addressees action must be initiated no later than 30 days from the original time of
136. ask the same questions of more than one person It is interesting how varied the responses can be The conduct of the interviewer is important Strive to be open in dealing with interviewees Avoid allusions to private information and obscure references to other people or events or in any other way cultivating an air of mystery or superiority It goes without saying the use of good human relations techniques 1s essential to a successful interview Nothing can be gained by being belligerent and antagonizing the interviewee Your conduct should be firm and inquisitive but also calm sincere and open Probe in some detail any answer that appears evasive or defensive Taking notes is a matter of individual preference Some people take very adequate notes at listening speed Others must devote all their attention to listening If note taking is a problem the interview could be conducted by two person teams Another alternative is to use a portable tape recorder making certain the interviewee knows in advance that the interview is being taped If a two person team or a tape recorder is not available attempt to listen and absorb as much as possible then record notes and impressions directly after the conclusion of the interview The evaluation tests can be scheduled or come as a surprise Most security inspections include testing the emergency fire evacuation and disaster recovery activities Access controls should also be tested on a no
137. assified messages which because of the subject matter require limited distribution within the addressed activity For Official Use Only FOUO FOUO is the designation used on official information not requiring a security classification but which must be withheld and protected from public release Unclassified messages containing FOUO information must have the abbreviation FOUO after the designation UNCLAS Encrypt for Transmission Only EFTO Certain categories of unclassified messages may be identified as having potential value if subject to analysis but do not meet the criteria for security classification The special designation EFTO was established to protect these unclassified messages during electrical transmission EFTO is not required on unclassified messages addressed exclusively among Navy Marine Corps and Coast Guard commands EFTO is authorized for use within the Department of Defense including the National Security Agency However EFTO is required on FOUO messages addressed to DOD activities outside the continental United States Bear in mind however that just because information is FOUO it is not automatically EFTO and vice versa As we mentioned earlier EFTO is a transmission marking for unclassified messages FOUO markings however define a certain category of information requiring special handling Neither FOUO nor EFTO markings are security classifications both are special handling de
138. ation is not marked CRYPTO and is not subject to the special safeguards normally associated with cryptoinformation CRYPTOSYSTEM The term cryptosys tern encompasses all the associated items of cryptomaterial that are used together to provide a single means of encryption and decryption All items of a related nature that combine to form a system must be given the strictest security Any failure equipment or operator that adversely affects the security of a cryptosystem is called cryptoinsecurity e GENERAL AND SPECIFIC CRYPTO SYSTEMS During your cryptographic duties you will sometimes hear the terms general and specific applied to some cryptosystems A general cryptosystem consists of a basic principle and method of operation regardless of the cryptomaterials used In other words regardless of the types of materials or elements used the method of operation will always be the same whether encrypting decrypting or authenticating A specific cryptosystem is one within a general system that is necessary and confined to actual encryption decryption or authentication These systems are identified by the short and long titles of their variables e CRYPTOVARIABLES A cryptovariable is an element of a cryptosystem that directly affects the encryption and decryption process These variables are divided into two types primary and secondary A primary cryptovariable is the most readily and frequent
139. ations Washington DC November 1987 Security Requirements for Automated Information Systems AISs DODD 5200 28 Deputy Security of Defense Washington DC March 1988 Telecommunications Users Manual NTP 3 1 Commander Naval Tele communications Command Washington DC January 1990 AUl 2 U S Call Sign amp Address Group System Instructions amp Assignments ACP 100 U S SUPP 1 N Joint Chiefs of Staff Washington DC June 1989 U S Navy Address Indicating Group AIG and Collective Address Designator CAD Handbook NTP 3 SUPP 1 K Commander Naval Telecom munications Command Washington DC August 1986 AII 3 AIG 2 18 AIS disaster protection 4 18 fire safety 4 18 supporting utilities protection 4 21 AIS facility physical protection 4 23 AIS media protection measures 4 11 disposition of media 4 12 security controls 4 11 security markings 4 12 AIS security 4 1 authoritative references contingency planning 4 26 data privacy 4 33 disaster protection 4 18 plan documentation 4 13 program implementation 4 13 program planning 4 13 security inspections 4 30 threats and risk analysis 4 14 AIS security concepts AIS assets 4 2 countermeasures 4 4 likelihood and risk 4 3 threats 4 2 vulnerability 4 2 successful attacks adverse events 4 2 AIS security goal 4 1 AIS security program 4 6 AIS security staff 4 6 information systems security ma
140. ations as Restricted Data RD Formerly Restricted Data FRD LIMDIS FOUO EFTO SPECAT PERSONAL FOR NATO RESTRICTED and ALLIED RESTRICTED Restricted Data and Formerly Restricted Data The marking Restricted Data RD is applied to all data concerned with the design manufacture or use of nuclear weapons Also included in this category is the special nuclear material used in energy production The marking Formerly Restricted Data FRD pertains to defense information that has been removed from the RD category but must still be safeguarded as classified defense information FRD material cannot be released to foreign nationals except under specific international agreement LIMDIS Limited Distribution The LIMDIS designator is applied only to classified messages which because of the subject matter require limited distribution within the addressed activity For Official Use Only FOUO FOUO is the designation used on official information not requiring a security classification but which must be withheld and protected from public release Unclassified messages containing FOUO information must have the abbreviation FOUO after the designation UNCLAS Encrypt for Transmission Only EFTO Certain categories of unclassified messages maybe identified as having potential value 1f subject to analysis but do not meet the criteria for security classification The special designation EFTO was establishe
141. ator with the file identification number needed to recover the MRF file As an I O control clerk to determine that a job ran successfully and that all processing steps were properly carried out you should review what document The pass down log The computer run sheet The confirmation report The computer console printout H w N Fe As an I O control clerk ANA what document provides you with a list of all the error conditions and messages for all jobs run on the computer during a work shift t The error discrepancy report 2 The computer console Pprrintout ls The error message log on The rerun report As an 170 control clerk you may be responsible for reconciling processing discrepancies To determine the problem which of the following documents will usually provide you with the information you need The pass down log The computer run sheet The confirmation report The computer console printout ds G DN E As an I O control clerk you are checking over the user s output products and need to verify that all items requested were produced To do this you should refer 50 which of the following Sources The run manual The task folder The user manual The instruction folder Hm CG N Fe As an 1 0 control clerk once you have packaged the user Ss output products and placed them in the pick up area you should log the job out in which of the following logs TEE Ob Contre
142. ble reports User Inquiries Normal inquiries from users include system status job status and reporting trouble It is the job of the technician to answer these questions promptly and accurately A user might ask e Why is the system slow e What is the status of a particular job e What step is it in e Has it printed out yet e Do I have a problem with my terminal Logistical Support The most common user support you will deal with is logistical support This will include the need for new or different equipment to meet the command s mission or current equipment that needs corrective maintenance or scheduling preventive maintenance Forward this type of user support to the division chief or the division officer since it requires the relocation or the acquisition of equipment Trouble Calls As the technician you will be receiving and responding to trouble calls When the user calls to submit a trouble call remember to get all the required information e User s name e Type of trouble encountered e Date and time and e Job being done when the trouble started The preceding is only an example of what might be included on the trouble report at your command Your command will have the reporting procedures for submitting trouble reports with an example of a trouble report Each command has a specific trouble call format and a tracking procedure CUSTOMER LIAISON When involved with or communicating with the u
143. cation Instructions Operating Signals ACP 131 D Joint Chiefs of Staff Washington DC May 1986 Communications Instuctions Tape Relay Procedures ACP 127 G Joint Chiefs of Staff Washington DC November 1988 Communications Instructions Teletypewriter Teleprinter Procedures ACP 126 C Joint Chiefs of Staff Washington DC May 1989 Communications Security Material System CMS Policy and Procedures Manual CMS 1 Department of the Navy Washington DC March 1993 Department of the Navy Automated Information Systems AIS Security Program SECNAVINST 5239 2 Secretary of the Navy Washington DC November 1989 Department of the Navy Information and Personnel Security Program Regulation OPNAVINST 5510 1H Chief of Naval Operations Washington DC May 1991 Department of the Navy Physical Security and Loss Prevention OPNAVINST 5530 14B Chief of Naval Operations Washington DC December 1988 Department of the Navy Privacy Act PA Program SECNAVINST 5211 5D Secretary of the Navy Washington DC July 1992 AUr 1 Department of the Navy Security Program for Automatic Data Processing Systems OPNAVINST 5239 14 Chief of Naval Operations Washington DC August 1982 Fleet Communications U NTP 4 C Commander Naval Telecom munications Command Washington DC June 1988 Fleet Telecommunications Procedures for Atlantic and Mediterranean Naval Communications Areas NCTAMS LANT MEDINST C2300 1 Naval Comp
144. ccess CMS 1 lists the storage requirements for COMSEC keying material Receipt When COMSEC material is issued to a watch station the area must be occupied and operated on a 24 hour 7 day a week basis an 8 hour 5 day a week basis or any similar basis for example combat information center CIC COMSEC material received at a watch station must be signed for on a local custody document When you are on duty the watch supervisor is responsible for all the COMSEC material listed on the watch to watch inventory Additionally any required page checks will be conducted prior to assuming responsibility for the listed COMSEC material Any inventory discrepancies found must be reported immediately to the CMS custodian or an alternate custodian in accordance with CMS and also logged in the RADAY log CMS Inventory Each time a watch section changes the oncoming watch supervisor and a witness must inventory all COMSEC material held at a watch station Two person integrity must be maintained at all times during the inventory When you inventory COMSEC material you must do the following e Account for all keying material and page check open keying packages e Visually inventory all COMSEC equipment and account for equipment by quantity and e Page check all COMSEC publications The inventory sheet must list COMSEC material by short title edition and accounting number if any Both persons must sign the inventory sheet CM
145. ccessful attack or adverse event to minimize the cost and disruption to the AIS environment SCOPE OF AIS SECURITY As the Navy has become increasingly dependent on the use of AIS for its payroll supply functions tactical information and communications the need to protect AIS assets has taken on greater importance Risk management is an ongoing effort Whether you are in a large AIS facility with a full time information system security manager ISSM or a facility where the functions of the ISSM are a collateral duty your installation will have established security measures to protect its AIS assets The five areas of consideration for the Navy s AIS security program are hardware I data II human resources III software IV and communications COMM V These are shown in figure 4 7 Because each AIS facility is different each facility has its own AIS security risk management program You ll be responsible for following the requirements of your facility s AIS security program In the next paragraphs you will learn about management responsibilities your responsibilities physical security measures and data security measures Again our goal in AIS security is to prevent or minimize the opportunity for modification destruction disclosure or denial of service MANAGEMENT RESPONSIBILITY AIS security is everyone s responsibility and only the commanding officer CO can ensure that AIS security receives the su
146. cer of the ship in which the flag is embarked When a flag officer is embarked the ship s communications officer communications watch officers and enlisted communications personnel may be ordered to additional duty in the flag communications division These personnel are directly responsible to the flag communications officer for the operation of the flag communications functions The ship s communications officer reports to the flag communications officer and is the contact officer for matters pertaining to the handling of ship and staff message traffic Figure 2 4 illustrates a standard watch organization aboard a ship with a flag embarked By now you should have a basic idea of how naval communications is organized at shore commands and aboard ship Remember that there are variations in all organizations The command size scope of operations and personnel assets are just a few of the factors that affect the structure of the communications organization OPERATION ORDERS Operation orders OPORDs are directives issued by naval commanders to subordinates for the purpose of effecting coordinated execution of an operation STAFF DUTY COMMAND DUTY OFFICER OFFICER COMMUNICATIONS WATCH OFFICER CWO SENIO R WATCH SUPERVIS SWS R eri A un a un O ee ee e e es de es ee e e e e e os al IS EOS EE EE MAIN COMMUNICATIONS TECHNICAL CONTROL SUPERVISOR SUPERVISOR DUTY SECTION REPORTING ADMI
147. certain rules to protect it In the central computer facility where the host computer is located the physical security requirements will be equal to the highest classification of data being handled If there are two or more computer systems located in the same controlled area the systems should be separated to limit direct personnel access to a specific system In remote terminal areas security requirements are based upon the highest classification of data to be accessed through the terminals Each remote terminal must be identifiable through hardware or software features when it is connected to a computer system or network processing classified data The system or network must know who is logging on If the computer system to which your remote terminal is connected is processing classified data and your terminal is not authorized controlled or protected for that classification of data it must be disconnected The disconnect procedures may be by a hardware measure such as turning off a switch at the host computer or a software measure such as deleting the ID of your terminal during certain processing periods Because each data classification has different security requirements we cover each separately Classified Data Handling requirements and procedures for classified AIS media Confidential Secret and Top Secret are the same as those for handling classified information Anyone who has possession of classified material is
148. changes special job requests power outages and corrective maintenance you must take which of the following actions a Reboot the computer system quickly without operator assistance 2 Readjust schedules guickly with a minimum OL OLSLupe ton cr Revise your normal scheduling procedures to avoid these problems 1 47 4 Request scheduling assistance from computer operations personnel When preparing a monthly schedule you should be sure to include time for which of the following requirements 1 Testing only Les Planned maintenance only 1 48 3 Backup procedures only 4 Testing planned maintenance and backup procedures Which of the following things do NOT normally affect the approved monthly schedule System backups System program errors Input files not available Hm GC N RP A work load schedule is which of the following types of schedules i External only oe Internal only Ja External and internal to provide for 1 46 Software testing L 40 During production processing monitoring the jobs to see that the work is being accomplished as planned is the responsibility of all except which of the following personnel 1 Operator Ds T70 control clerk on Technical administrator 4 Production control coordinator Who is the most qualified and highly trained individual to assist online users with their particular processing problems Operator Shift supervisor Production
149. coded according to their security classification The color codes are RED for Secret YELLOW for Confidential and BLUE for unclassified Allied NATO publications have white binders regardless of security classification CHANGE ENTRY CERTIFICATION OPNAV 5070 12 REV 6 75 SHORT TITLE COPY NO qnar wu wou Publications Library NOTE Missing pages or other defecis shouid be reported in the REMARKS Space above SIGNATURE ENTRY DAT Mo ras rr tt om y PART 2 S N 0107 LF 050 7061 CHANGE certify that the above change or correction has been entered and the list of effective pages was checked against the contents of the basic publication and the pages and residue of the change were returned fo the Naval Warfare RETURN TO NAVAL WARFARE PUBLICATIONS LIBRARY EFFECTIVE DATE SHORT TITLE NO a DATE REMARKS acknowledge receipt of the above change and certify that this change will be entered upon the effective date immediately and that the superseded pages will be retumed to the Naval Warfare Publications Library within five 5 working days PART 1 S N 0107 LF 050 7061 Figure 2 12 Change Entry Certification form ENTRY OF CHANGES The timely and accurate entry of changes to NWPL publications is necessary to ensure accurate up to date information as well as information continuity The NWPL clerk is responsible for making changes or corrections to NWPL publications or ensuring that
150. containing hidden subprograms that disable security protections can be submitted Other programs can copy personal files into existing or misidentified files to use when protection is relaxed e Spoofing Actions can be taken to mislead system personnel or the system software into performing an operation that appears normal but actually results in unauthorized access e Eavesdropping Communications lines can be monitored by unauthorized terminals to obtain or modify information or to gain unauthorized access to an AIS INFORMATION MANAGEMENT PRACTICES Information management practices refer to the techniques and procedures used to control the many operations performed on information to accomplish the command s objectives They do not extend to the essential managerial determination of the need for and uses of information in relation to any command s mission In this context information management includes data collection validation and transformation information processing or handling record keeping information control display and presentation and finally standardization of information management operations Before enacting new policies in personal data handling procedures AIS technical managers should analyze current practices To facilitate the explanation of their roles the information management guidelines presented in the following material are grouped into major categories handling of personal data maintenanc
151. control clerk Subsystem coordinator A GW N Fe Which of the following problems is one of the most frequent hardware problems associated with production processing Loss of power Printer out of paper Tape read write errors Wrong printer forms loaded Ps CG dP pa Which of the following problems is NOT a common external environmental problem i Head crash Le Loss of power oe Voltage spikes 4 LOSS Ob Arr Conditioning To correct software related 1 54 problems the operator must refer to which of the following sources for the corrective action to take P Program operator manual only 2 Job run folder only 33 Program operator manual and job run folder 4 System manual Unscheduled downtime Can result from all except which of the following causes Loa 5 Power failures 2 Rebooting the system oe Loss of air conditioning 4 System saves When a software problem is researched which of the following items is the most important Lao os lig Abort code Li Program step J Action taken 4 Date job submitted To improve performance and operation you should provide feedback to all but which of the following people Moa i Shift supervisor A 1 0 control clerk ce Technical administrator 4 Production gontrol coordinator EF To improve system performance you can look for trends in the production process Which of the following trends would NOT be looked at i Impact of modified applicati
152. corrective action was taken Figure 1 7 is an example of a log sheet that can be used for making entries This log provides a tracking system for user problems and can be used to show if a pattern is developing If a pattern develops this log will provide the necessary background information needed when the programmer is notified SYSTEM CORRECTIVE ACTION TAKEN Figure 1 7 Help desk log Researching the Problem In researching the problem you will need the abort code With the abort code you can determine the cause and what action will need to be taken to get the user processing again Solving the Problem To solve the problem the operator may have to reboot the computer reload a disk file contact the programmer or have the users restart processing All these solutions are dependent on what the abort code is Monitoring Help Desk Support You will need to review the help desk log to determine if the problems reported can be corrected by changing or adding a training program To solve the problem you may need to update the program documentation to show the problem and its cause and solution Be sure the users are receiving the types and levels of support they need Listen to them Ask if they are satisfied with the help desk support What else do they need Listen to your staff get their ideas and work with them to continually improve support PRODUCTION CONTROL When you hear the term production control yo
153. cret material does not require signed receipts distributed or routed within the command However it is extremely important that you ensure that the person who is receiving Secret messages or material is properly cleared and his or her name appears on an access list released by the commanding officer HANDLING CONFIDENTIAL MATERIAL Procedures for handling Confidential material are less stringent than those for Secret There is no requirement to maintain records of receipt distribution or disposition of Confidential material However Confidential material must still be protected from unauthorized disclosure by access control and compliance with regulations on marking storage transmission and destruction HANDLING CLASSIFIED AIS MATERIAL Classified AIS storage media and output must be controlled and safeguarded in accordance with its security classification Specific procedures on security requirements for handling and storing AIS material are found in the Department of the Navy Automatic Data Processing Security Program OPNAVINST 5239 1 CLEARING MEDIA AND HARDWARE Declassifying AIS media is a procedure to erase totally all classified information stored in the media The clearing of AIS media is used to erase classified information that lacks the totality and finality of declassifying There are distinct and specific techniques to clear media and hardware a sampling follows e Magnetic tapes Overwrite one item with any
154. ct of changes on the overall workload or throughput time e Look for trends in the production process Are there times when the system seems overloaded and slow Are jobs backlogged that must be run the next day Are there times when the system is almost idle Your review of daily operations and asking yourself these questions will provide valuable input to that process as well as having an impact on how jobs will be scheduled in the future OUTPUT REPORTS Output reports can be broken into two major categories management and customer user reports Management Reports Management reports are usually a consolidation of information prepared for presentations and briefings These reports sometimes require a cover letter or your comments as to the content You will need to review the data contained in the reports to make sure it is valid You will also be responsible for ensuring that the reports are complete and presentable When we say presentable we mean readable all the characters are there and can be read It would be unprofessional to submit these reports in less than perfect condition Customer User Reports Being involved in a customer oriented service you have overall responsibility for ensuring the quality of all the products prepared in the AIS facility The main complaints from users are poor print quality missing pages and poor alignment of the printing Remember this checking applies to all r
155. ction of the fire party and the effectiveness of evacuation plans In interviewing personnel the team should design questions to elicit comprehensive answers For example the question How would you process an unauthorized job is likely to elicit more information than Are job authorization controls effective The most likely answer to the second question is a simple and uninformative Yes What are the security priorities Because of particular policy a request for an investigation or an incident of loss interruption or compromise the testing of a particular security measure probably should receive more emphasis than another equally important but noncurrent 4 32 topics One must however avoid irrational concentration on anyone aspect of the program Management overemphasis as a result of a recent security breach should be tempered with a rational approach toward investigating all aspects of computer security Another step in the process of developing an inspection plan is the review of previous inspection reports Many times these identify weaknesses or concerns that should have been corrected and so should bean item of special attention in the current inspection CONDUCTING INSPECTIONS Advantages can be gained from using both scheduled and surprise inspections A scheduled inspection should meet the general policy requirements of the particular facility and should occur at least annually This could be a
156. d s communications plan SIGNAL OFFICER ia SIGNAL WATCH PERSONNEL AA il COMMUNICATIONS WATCH OFFICER CRYPTOBOARD REPORTS DIRECTLY TO ADMINISTRATIVE REPORTING RMJA0010 Figure 2 3 Communications organization 2 9 e Monitoring the proper allocation of equipment for operations e Preparing and maintaining the communications watch quarter and station bill e Conducting the communications training program and e Preparing standard operating procedures SOPs for the communications center On small ships the communications officer and the radio officer maybe the same person Communications Security Material System CMS Custodian The CMS custodian is responsible to the commanding officer for e Managing the CMS account in accordance with the instructions contained in the Communications Security Material System CMS Policy and Procedures Manual CMS 1 e Advising the commanding officer on matters concerning the physical security and handling of CMS publications and materials e Stowage of CMS publications and materials as well as the drawing correcting and authorized destruction and e Submitting all reports concerning the accountability and issuance of CMS publications and materials Watch Section Personnel The functions of the operational organization of a communications command consist of e Message processing circuit operation technical control data processing
157. d by the Security Manual The administrative file sometimes called the transaction file contains designation letters for custodian local allowance inventory sheets the directives file responsibility acknowledgment forms DATE OF ENTRY BY COPY NUMBER CHANGE OR CORRECTION ee CI A ISC AZ E OI 0 f f NOTES MSG CORR entered into a microfiche copy of a publication be placed into the envelope with the copy and annotated on the envelope ENTRY DATE will be written into each column for each copy of the publication receiving change or correction OPNAV FORM 5070 11 11 57 BACK DEPOSITION OF PUBLICATION c 1 NWPL Clerk s Sig NWPL a PO II LLT e NOTES 1 Date copy received into library 2 Date subcustodian received copy 3 Date subcustodian returned copy to library 4 Date publication received by library 5 Date copy destroyed 6 Authority cited for destruction of copy Figure 2 11 NWPL Catalog Card 2 33 publication notice route slips destruction records inspection documentation letters and copies of all correspondence pertaining to naval warfare publications Included in the administrative file 1s the Change Entry Certification form OPNA 3070 12 shown in figure 2 12 This form is filled out by the holder of the applicable publication Material in the administrative file must be retained for 2 years NWPL BINDERS Binders for U S naval warfare publications are color
158. d civil service personnel with needed supplies and materials e Maintenance personnel at the offsite location and e Overtime cost factor for civil service personnel As these factors come into focus identification of critical tasks specific backup modes and usable offsite AIS facilities the outlines of the optimum backup plan will begin to emerge In general it is wise to form several COOP backup plans for example e A minimum duration plan A plan for backup operation that is not expected to extend much beyond the cause of delay which forces a shift to backup operation namely a minimum duration plan that would probably include only the most time urgent AIS tasks A worst case plan A plan for backup operation for as long as it takes to reconstruct the AIS facility after total destruction e In between plans Plans for one or more operating periods between minimum duration and worst case e A plan for each major partial failure mode While the individual COOP plans are geared to different objectives they can usually be constructed from a common set of modules It is often most effective to make a detailed plan for total destruction since this is the most demanding situation Scaled down versions or individual elements from this plan can then be used for the less demanding situa tions Each COOP backup plan should cover the following five basic areas e Performance specifications This is a statement of the speci
159. d in such a way as to make it readily accessible for removal during destruction Contrary to widespread opinion there is no security policy requiring destruction of unclassified messages However some message centers with high volumes of classified and unclassified message traffic may find it more efficient to destroy all messages and intermingled files as though they were classified Under some circumstances units operating in foreign ports or waters and commands situated in foreign countries may take additional precautions in disposing of unclassified material SUMMARY This chapter has discussed general security considerations to provide you with a working knowledge of this important aspect of your job As a Radioman you have a two fold job concerning security The first of course is to properly perform your duties within general security guidelines Security guidelines pertain to everyone in every official capacity Second you must also perform your duties in such a manner as to protect the integrity and overall value of secure communications Security should be second nature insofar as the Security precautions mentioned in this chapter do practice of personal habits is concerned However not guarantee complete protection nor do they attempt second nature does not mean without thinking It to meet every conceivable situation Anyone who behooves all of us to take security seriously and practice adopts a commonsense outlook
160. d of time and come up with a workable schedule In reality however things do not necessarily go according to plan or rather according to schedule Equipment other people and outside influences are all problem areas A lack of productivity and missed deadlines can be caused by unexpected problems such as e Late submission of input from the user e Waiting for data entry to complete a job step e Having to locate a missing file in the library e Job stream parameters entered into the system incorrectly You may face any number of these and other situations each day You should have a backup or contingency plan in the event you lose a piece of hardware For example if the fastest printer is down will the user be satisfied with one printed copy now and the remaining copies printed tomorrow Or is there another AIS facility in your immediate area that will let you use its printer It will be your job to prepare the most realistic schedule you can and then be ready to adjust it What tools will you have to help you prepare the schedules What information will you need What methods can you use In the following section we talk about the types of information you will need to prepare a schedule Then we explore a few of the scheduling methods you might use INFORMATION NEEDS Regardless of the scheduling method used you will need to know specific types of information Some information is job related that is information about the
161. d on each security measure e Long range planners receive guidance in applying security considerations to such things as site selection building design hardware configurations and procurements software systems and internal controls e Criteria are generated for designing and evaluating contingency plans for backup Operations recovery from disaster and dealing with emergencies e An explicit security policy can be generated that identifies what is to be protected which threats are significant and who will be responsible for executing reviewing and reporting the security program Loss Potential Estimates The first step to consider when preparing the risk analysis is to estimate the potential losses to which the AIS facility is exposed The objective of the loss potential estimate is to identify critical aspects of the AIS facility operation and to place a monetary value on the loss estimate Losses may result from a number of possible situations such as e Physical destruction or theft of tangible assets The loss potential is the cost to replace lost assets and the cost of delayed processing e Loss of data or program files The loss potential is the cost to reconstruct the files either 4 14 from backup copies if available or from source documents and possibly the cost of delayed processing e Theft of information The loss potential because of theft 1s difficult to quantify Although the command itself would s
162. d support personnel You must consider many things when preparing a schedule As a start you have to ask yourself the following questions e What types of jobs are to be processed e In what processing environment will the jobs run real time online batch e What special handling requirements are there if any e What amount of work is to be processed workload As scheduler you will be responsible for e Preparing and maintaining established schedules for various time periods daily weekly and monthly e Reviewing and acting on all types of AIS service requests as they are submitted to you e Distributing production schedules to various work areas within your AIS facility e Organizing data processing priorities for both scheduled and nonscheduled work e Entering jobs into the production job stream to achieve maximum use of computer resources e Tracking work in progress to ensure everything is running according to schedule e Analyzing problems in connection with production jobs and adjusting computer processing schedules to use whatever time is available until problems can be corrected and a rerun can be initiated e Maintaining accurate logs and adhering to administrative reporting requirements and e Determining the accuracy of schedules based on reviewing production results How you go about scheduling work on the computer system will depend on two factors The first factor deals with how the syst
163. d to protect these unclassified messages during electrical transmission EFTO is not required on unclassified messages addressed exclusively among Navy Marine Corps and Coast Guard commands EFTO is authorized for use within the Department of Defense including the National Security Agency However EFTO is required on FOUO messages addressed to DOD activities outside the continental United States Bear in mind however that just because information is FOUO it is not automatically EFTO and vice versa As we mentioned earlier EFTO is a transmission marking for unclassified messages FOUO markings however define a certain category of information requiring special handling Neither FOUO nor EFTO markings are security classifications both are special handling designations You can find detailed information on EFTO and FOUO markings in Basic Operational Communications Doctrine U NWP 4 SPECAT The SPECAT marking means special category SPECAT messages are classified messages identified with a special project or subject SPECAT messages require special handling procedures in addition to the handling procedures for the security classification of the message There are four SPECAT categories SPECAT SPECAT EXCLUSIVE FOR SEF e SPECAT Single Integrated Operational Plan Extremely Sensitive Information SIOP ESI and PSEUDO SPECAT 5 6 SPECAT and SPECAT EXCLUSIVE FOR messages must be at least Confidential SPECAT SIOP
164. day and the last four digits represent the hour and minutes The first day of the calendar year is Julian 001 and each day is numbered consecutively thereafter For example in Julian 0311315 031 is the 31st day of the calendar year January 31 and 1315 is the filing time PRECEDENCE The message drafter indicates the desired writer to reader delivery time speed of service through the assignment of a message precedence Although the drafter determines the precedence the releaser should either confirm or change it We will talk more about the responsibilities of the drafter originator and releaser later in this chapter Precedence is assigned according to urgency based solely on speed of service not according to the importance of the subject matter or the text For example an unclassified message may be assigned an IMMEDIATE precedence whereas a Secret message may be assigned a ROUTINE precedence In this situation the unclassified message requires fast action or response whereas the Secret message may not require any action at all The following paragraphs list the various precedence categories their indicators and basic definitions ROUTINE R This category is assigned to all types of traffic that justify electrical transmission but which are not of sufficient urgency to require a higher precedence PRIORITY P This category is reserved for messages that furnish essential information for the conduct of op
165. des protection To develop the annual loss expectancy construct a matrix of threats and potential losses At each intersection ask if the given threat could cause the given loss For example fire flood and sabotage do not cause theft of information losses but in varying degrees all three result in physical destruction losses and losses because of delayed processing Likewise internal tampering could cause an indirect loss of assets In each case where there can be significant loss the loss potential is multiplied by the probability of occurrence of the threat to generate an annual estimate of loss Remedial Measures Selection When the estimate of annual loss is complete AIS upper management will have a clear picture of the significant threats and critical AIS tasks The response to significant threats can take one or more of the following forms e Alter the environment to reduce the probability of occurrence In an extreme case this could lead to relocation of the AIS facility to a less exposed location Alternatively a hazardous occupancy adjacent to or inside the AIS facility could be moved elsewhere e Erect barriers to ward off the threat These might take the form of changes to strengthen the building against the effects of natural disasters Table 4 2 Threat Help List LOCAL PHONE COMMON THREATS SOURCES OF LOCAL INFORMATION AND HELP NUMBER Earthquake Internal misuse saboteurs or vandals See
166. ds and commanders ashore such as the Secretary of Defense and the Secretary of the Navy e Navy bureaus systems commands and district commandants and e Elements of the shore establishment having a need for direct addressing and receipt of message traffic such as weather centrals Among other uses address groups facilitate delivery of message traffic when a communications center serves so many activities that its own call sign is insufficient to identify the addressee Address groups are contained in Allied Call Sign and Address Group System Instructions and Assignments ACP 100 and in U S Call Sign amp Address Group System Instructions amp Assignments U S Supplement No 1 ACP 100 U S SUPP 1 Like call signs address groups are divided into the following types e Individual activity e Collective e Conjunctive e Geographic e Address indicating and e Special operating Individual Activity Address Groups Individual activity address groups are representative of a single command or unit either afloat or ashore For example DTCI COMNAVSURFLANT and SSMA CHIEF OF NAVAL OPERATIONS CNO Collective Address Groups Collective address groups represent two or more commands or activities Included in this group are commanders and their subordinate commanders For example JTBC DESRON 6 and YQHV SUBRON 16 Conjunctive and Geographic Address Groups Conjunctive and geographic address groups ar
167. ducting the destruction must personally witness the complete destruction of the material Then they will sign and date the destruction documents after all material has actually been destroyed An inspection of the destroyed material must ensure that the destruction is complete and the destruction device is working properly When using shredders choppers pulverizers or pulpers you need only to examine a sample of the residue If you are using an incinerator verify that all residue is broken up by stirring or sifting through the remains The last detail is to inspect the surrounding area afterwards to ensure that no material escaped during the destruction process The destruction plan itself is contained in the overall emergency plan The emergency plan should always provide for securing removing or destroying the material depending on the situation The appropriate course of action and timing should be stated in the overall destruction plan For example if there is a local civil uprising that appears to be short lived destroying all material would probably not be necessary In this situation a partial destruction of the more sensitive superseded material might be made some of the remaining material removed and the rest secured The commanding officer will normally implement the emergency plan Should the situation prevent contact with the commanding officer other individuals such as the COMSEC officer or COMSEC custodian
168. e The format will be in accordance with JANAP 128 procedures for data messages During the message preparation processing transmission and filing the same controls and restraints used for narrative message processing will also apply to data pattern messages The message may also have delivery requirements for distribution to commands serviced by the communications center The system will automatically assign internal message distribution for all guard commands If the system cannot provide internal distribution the message will be displayed to the inrouter for assistance MESSAGE AND ROUTING ADDRESSEES Most messages have at least one addressee responsible for taking action on the contents and for originating any necessary reply Addressees who have an official concern in the subject of the message but who do not have primary responsibility for acting on it receive the message for information Although information addressees are usually concerned only indirectly with a message they occasionally must take action of some kind within their own commands Some messages contain only information addressees Messages may be divided into types according to the way they are addressed as follows Single Address A message that has only one addressee which may be either for action or information Multiple Address A message that has two or more addressees which may be either action or information and where each addressee is info
169. e discussed together because they are interrelated in their usage Conjunctive address groups have incomplete meanings and must have geographic address groups added to them to denote a specific command or location For this reason conjunctive address groups are used only with one or more geographic address groups For example the conjunctive address group XZKW means All ships present at ___ To complete the meaning 1t must be followed by a geographic address group Geographic address groups are the equivalent of geographical locations or areas They are always preceded by conjunctive address groups For example the address group DEXL could represent Newport R I Therefore all ships present at Newport would be addressed XZKW DEXL Address Indicating Groups Address indicating groups AIGs represent 16 or more specific and frequently recurring combinations of action and or information addressees The purpose of AIGs is to increase the speed of traffic handling They shorten the message address by providing a single address group to represent a large number of addressees This eliminates individual designators for each address used in the heading Messages that are repetitively addressed to a constant group of 16 or more addressees can effectively be processed by an AIG address designator For example let s assume that a hypothetical AIG AIG 31 is used to address SUBMISS SUBSUNK message traffic by COMSUBLANT to 30 acti
170. e an established input receipt time When scheduling include in your schedule sufficient buffer time between scheduled receipt time and actual due time And last but not least report scheduling deviations and their causes to your superiors In this way the process can be reviewed and improved Something else you have to consider in connection with scheduling effectiveness is your ability to reschedule quickly You must be prepared to make adjustments to schedules You will have to contend with power outages corrective maintenance deadlines or priority changes special job requests and so on You must also consider processing delays Rejected transactions may have to be reentered before a priority job can continue An unreadable tape or disk file may Friday weekly monthly quarterly semiannually or have to be recreated Errors in SCL statements in the annually Be sure time is included for testing planned job stream may have to be corrected The most serious maintenance file maintenance and backup procedures delays usually result from abnormally terminated jobs For systems with online users be sure to provide ample and hardware failures Regardless of what the situation capacity and time may be you must be prepared to readjust schedules as Schedule Review quickly as possible with a minimum of disruption Once you have developed the monthly schedule you must ensure that the schedule is adequate and meets PRODUCTION SCHEDULING
171. e fire detection system or silence the alarm bell creating the danger that there will be no response if a fire should occur In addition to alerting personnel to the presence of a fire the detection equipment can be used to control the air conditioning system There is some support for the view that upon detection air handling equipment be shutdown automatically to avoid fanning the flames and spreading smoke This is not the best plan as nuisance alarms will result in needless disruption The preferred technique is to cause the system to exhaust smoke by stopping recirculation and switching to 100 percent outside air intake and room air discharge As a rule this can be done by adjusting air conditioning damper controls and their interconnection with the fire detection system However it may be necessary to modify the air conditioning system The use of either technique is at the discretion of command policy Fire Extinguishment Fire extinguishment may be accomplished using one or more of the following four methods e Portable or hand extinguishers Operated by military or civil service personnel to help control the fire before it gets out of hand Hose lines Used by military civil service or professional fire fighters to attack the fire with water Automatic sprinkler systems Release water from sprinkler heads activated in the temperature range of 135 F to 280 F Volume extinguishment systems Fill the room with a
172. e more effective than J on the other threats Further checking shows their combined use results in the greatest overall net loss reduction By going through the process just described using preliminary estimates for cost and loss reduction you can test various combinations of remedial measures and thus identify the subset of remedial measures that appears to be the most effective At this point review the estimates and refine them as necessary to ensure compliance with higher authority security instructions If all the preceding procedures are followed the following factors will be established and documented e The significant threats and their probabilities of occurrence e The critical tasks and the loss of potential related to each threat on an annual basis e A list of remedial measures that will yield the greatest net reduction in losses together with their annual cost With this information at hand AIS upper management can move ahead with implementing the AIS security program Since the analysis of remedial measures will have identified those with the greatest impact relative priorities for implementation can also be established AIS DISASTER PROTECTION Fires floods windstorms and earthquakes all tend to have the same basic effects on AIS operations They cause the physical destruction of the facility and its contents and interrupt normal operations They also represent a threat to the life and safety of the AIS
173. e of delivery TOF Time of file TOR Time of receipt TPI Two person integrity TR Trouble report TSC Top Secret control officer TSEC Telecommunications security TSO Telecommunications service order TSR Telecommunications service request TVA TEMPEST Vulnerability Assessment TVAR TEMPEST Vulnerability Assessment Re quest U UPS Uninterrupted power supply US amp P United States and Possessions USMCEB United States Military Communica tions Electronics Board V VDT Video display terminal W WESTPAC Western Pacific Z ZDK Send again Z signal ZUI Your attention is invited to Z signal APPENDIX Ill REFERENCES USED TO DEVELOP THE TRAMAN Allied Call Sign and Address Group System Instructions and Assignments ACP 100 F Joint Chiefs of Staff Washington DC March 1984 Automatic Digital Network AUTODIN Operating Procedures JANAP 128 J Joint Chiefs of Staff Washington DC July 1993 Bask Operational Communications Doctrine U NWP 4 Rev B NWP 6 01 Chief of Naval Operations Washington DC September 1989 Communication Instructions General U ACP 121 F Joint Chiefs of Staff Washington DC April 1983 Communications Instructions General ACP 121 US SUPP 1 F Joint Chiefs of Staff Washington DC June 1981 Communications Instructions Security U ACP 122 Joint Chiefs of Staff Washington DC 1981 Communi
174. e of records to trace the disposition of personal data data processing practices programming practices assignment of responsibilities and procedural inspecting Every practice presented may not be required at every Navy AIS facility by upper management Select only the suggested practices relevant to the designated command s environment and mission or approved by upper management Handling of Personal Data Access to personal information will be limited to authorized individuals of agencies in the Department of Defense who have an official need for the record except when the information 1s otherwise releasable under the disclosure or access provisions of the Privacy Act The following practices are suggested for the handling of personal data e Prepare a procedures handbook Describe the precautions to be used and obligations of computer facility personnel during the physical handling of all personal data Include a reference regarding the applicability of the procedures to those government contractors who are subject to the Privacy Act Personal information that is processed accessed maintained or disposed of by contractors must be handled within the terms and conditions of Section 7 104 96 of the Defense Acquisition Regulation e Label all recording media that contain personal data Labeling the media reduces the probability of accidental abuse of personal data It also aids in fixing the blame in the event of negligent or
175. e related problems the operator must refer to the job run folder and the program operator manual for the corrective action to take Your operators will have predefined steps to follow when researching the cause of the error in the specific program operator s manual The operator manual explains the steps to follow in connecting the problem and any restart points The job run folder will contain the name and phone number of the person to contact if the problem cannot be easily corrected SYSTEM DOWNTIME The system downtime and nonavailability can be categorized under two different topics scheduled and unscheduled Scheduled Downtime Scheduled downtime and nonavailability include the time for system saves scheduled maintenance for the equipment and scheduled processing preparation You will include scheduled downtime on the monthly production schedule when the requirement is known in time You may also add it to a workload schedule when needed Unscheduled Downtime Unscheduled downtime and nonavailability include the system being down because of power failures the loss of air conditioning or rebooting the system They may also include system degradation because apiece of equipment is down even though the system can still be used for production Since unscheduled downtime is not something you can plan for you will have to react replan schedules and advise users of changes when their work and or deadlines will be adversely
176. e to emergency lights If they are not functioning properly report the problem to your supervisor as soon as possible Emergency lights are installed for your protection and safety not for the safety of the equipment They are there to ensure a quick exit if you must evacuate in a hurry Physical Structure Security In the Navy we often decide we need computer equipment and then wonder where we are going to install 1t The existing building or shipboard compartment may not lend itself to the physical security requirements needed to protect the system Things like false overheads ceilings can conceal water and steam pipes The pipes should be checked on a regular basis and any irregularities reported immediately Personnel should be familiar with the locations and operation of the cut off valves for the pipes Air conditioning ducts in the overhead if not properly insulated can result in condensation causing water to drip down on the computer When repair work is scheduled within the computer spaces working under the raised floor or in the overhead be sure to take all necessary precautions to protect the equipment Use plastic sheeting to cover the system particularly the CPU Watch out for overhead water or steam pipe bursts and for activated sprinkler systems Ensure maximum personnel safety while keeping disruption to a minimum Dust coming from the work area can damage the equipment clogged filters result in overheated c
177. e traced to a specific piece of equipment notify the maintenance technicians to handle the problem TECHNICAL ASSISTS After submitting a trouble report you will need to coordinate with the central design activity to see if the problem can be taken care of over the phone or if it will require a technical assist If it requires a technical assist there may be a requirement to arrange for transportation entry to the facility and or escorts You will need to schedule time for the technician to use the system and notify the users that the system is unavailable OPERATIONAL GUIDELINES When preparing the operational guidelines for your facility you should consider four major areas as follows e Future growth capabilities e Backup operations e Contingency plans and disaster recoveries and e Emergency responses To develop these and other operational guidelines you will need to review the current SOPS command s mission run folders and monthly production schedules While reviewing these you are looking to make sure that the current and or proposed operational guidelines will allow the AIS facility to meet the command s mission FUTURE GROWTH CAPABILITIES Projecting future growth capabilities 1s often the most overlooked operational guideline Projecting future growth should have been done when the system was designed but it can be done at anytime it is needed Users are one of your last sources of information when i
178. eceived by your command Messages or fillers must be filed in DTG order to facilitate speed in locating messages Those messages not having DTGs should be filed behind messages of the same date Separate incoming and outgoing communications center master files maybe maintained CRYPTOCENTER FILE The cryptocenter file contains a copy of each Top Secret SPECAT less SIOP ESI and messages designated for special privacy regardless of classification Tight Control TICON and NATO messages must have their own files Fillers for messages in this file must be placed in the master station file SPECAT SIOP ESI FILE The SPECAT SIOP ESI file contains the master copy of all SIOP ESI messages received by the communications center Fillers for these messages must be placed in the master station and cryptocenter files BROADCAST FILE The broadcast file contains a copy or filler of each message transmitted or received by the broadcast method This file must be stored in accordance with the highest classification of the information contained Top Secret and SPECAT messages addressed to the 2 25 command must be filed in their appropriate files and a filler for these messages placed in the broadcast file STATION FILE The station file is divided into two parts communications center master file and visual station file With the exception of broadcast messages the master file contains the circuit or as 1s copy including any messa
179. ection 552a 1 Subsection b limits disclosure of personal information to authorized persons and commands 2 Subsection e 5 requires accuracy relevance timeliness and completeness of records 3 Subsection e 10 requires the use of safeguards to ensure the confidentiality and security of records The following terminology is used in discussing the treatment of personal data e Confidentiality A concept that applies to data It is the status accorded to data that requires protection from unauthorized disclosure e Data integrity The state existing when data agrees with the source from which it is derived and when it has not been either accidentally or maliciously altered disclosed or destroyed e Data Security The protection of data from accidental or intentional but unauthorized modification destruction or disclosure Safeguards that provide data protection are grouped into three categories physical security measures information management practices and computer system network security controls Specifically these are e Physical security measures Measures for protecting the physical assets of a system and related facilities against environmental hazards or deliberate actions as discussed earlier in this chapter e Information management practices Procedures for collecting validating processing controlling and distributing data e Computer system network security controls Technique
180. ectors Experience in fire fighting shows that the major factor in limiting fire damage is le prompt detection of fires Ua experienced fire fighters oe multiple fire extinguishers 4 quick response time to alarms AS 35 During the third stage of a fire fire fighting becomes increasingly difficult and often people cannot remain at the fire site for which of the following reasons ip Toxic gases only a High temperatures only gt F Large volume of smoke only 4 Toxic gases high temperatures and large volume of smoke Prompt fire detection is best accomplished through the use of which of the following detectors 1 Gas 2 Heat 3 Smoke 4 Flame When detectors are installed which ot the following factors need NOT be considered Ls The location of equipment Zo The direction and velocity of air flow 3 The presence of areas with stagnant air 4 The location of fire extinguishers In the design of the detection control panel which of the following indications should be included I The power supply status of each detector Za Which detector has alarmed cr The cause of the alarm 4 What type of detector has alarmed A To assure that someone will 4 40 be alerted to a fire which of the following alarm locations is recommended as the primary location 1s Computer room Zo Personnel office Ja Commanding officer s office 4 Building maintenance 4 41 Reducing the sens
181. ed red patch panel and adds a key randomly chosen bits generated internally This composite signal is relayed as an encrypted signal Following this encryption the signal is fed to the unclassified black patch panel where it is patched directly to a converter This converted audio signal is then routed to the transmitter for transmission Over the Air Rekey Transfer OTAR OTAT Many of the new cryptosystems that use the 128 bit electronic key ANDVT KY 58 KG 84A C and KY 75 are now capable of obtaining new or updated key via the circuit they protect or other secure communications circuits This process is known as over the air rekey OTAR or over the air transfer OTAT The use of OTAR or OTAT drastically reduces the distribution of physical keying material and the physical process of loading cryptoequipments with key tapes A station may have nothing to do with actual physical CRYPTO changeovers on a day to day basis All an operator would have to do is observe the alarm indications and ensure the alarm indicator returns to operate The electronic key would normally come from the Net Control Station NCS The added feature of OTAT is that the key can be extracted from an OTAT capable cryptosystem using a KYK 13 or KYX 15 KYX 15A The key is then loaded into another cyptosystem as needed More detailed information on OTAR OTAT is available in the Procedures Manual for Over the Air Transfer OTAT and Over the Air
182. ed concurrently in a computer system and permitting selective access to such material concurrently by uncleared users and users having differing security clearances and need to know Separation of personnel and material on the basis of security clearance and need to know is accordingly accomplished by the operating system and associated system software In a remotely accessed resource sharing system the material can be selectively accessed and manipulated from variously controlled terminals by personnel having different security clearances and need to know This mode of operation can accommodate the concurrent processing and storage of 1 two or more categories of classified data or 2 one or more categories of classified data with unclassified data depending upon the constraints 4 10 placed on the system by the designated approving authority CONTROLLED SECURITY MODE A computer system is operating in the controlled security mode when at least some personnel users with access to the system have neither a security clearance nor a need to know for all classified material then contained in the computer system However the separation and control of users and classified material on the basis respectively of security clearance and security classification are not essentially under operating system control as in the multilevel security mode Sensitive Unclassified Data Sensitive unclassified data is unclassified data that require
183. ed outputs are complete properly collated and assembled Arrange for distribution of outputs to authorized users Operate a variety of auxiliary equipment copying machines decollators tape cleaners CRT terminals and so on Become familiar with the basic operations of the AIS computer facility Now that you are familiar with the process and with operational responsibilities let s look at the parts transmittal forms input control logs job preparation scheduling monitoring and output products Processing AIS Service Requests Your first task may be to receive jobs from users Each job will have an AIS service request of some type A typical AIS service request is illustrated in figure 1 2 1 4 In looking over this form you will notice that it provides you with such information as the following e The program name job number or task number that is used to reference a particular job application e The user s name department and or organization and phone number Where and or to whom the output is to be sent e The desired completion date of the job e The computer machine type to be used for the job The type of operation to be performed production test assemble compile and so on The quantity and type of input media and or material to be used magnetic tape blank checks and so on and Any special instructions or remarks the user wishes to include You will also notice that t
184. edures that you must follow such as looking up names on the access list to determine who is authorized in a given space or area There are also escort procedures you must follow to be sure that your party gets to the right place and or person Physical access controls Physical access controls are implemented to prevent unauthorized entry to your computer facility or remote terminal areas Physical access controls can be accomplished in several ways conventional key and lock set electronic key system mechanical combination lock or electronic combination lock Regardless of the type of system installed at your command it is important to remember that keys belong on your key ring or chain electronic keys or cards should be in your possession at all times except when sleeping and combinations should be memorized not written down somewhere for everyone to see Data file protection Physical access to data files and media libraries magnetic disks tape files microforms and so on is authorized only to those personnel requiring access to perform their job 4 8 e Natural disaster protection The effects of natural disasters must be prevented controlled and minimized to the extent economically feasible by the use of detection equipment heat sensors smoke detectors extinguishing systems and well conceived and tested contingency plans Environmental Security Temperature and humidity can affect the operation of your co
185. eed of service objective is 3 hours or start of business the following day S SANITIZING Makes an area or equipment ac ceptable for access by personnel who are not cleared SCHEDULER The person responsible for prepar ing distributing and maintaining production schedules SCHEDULING The interface between the user I O control and computer operations SHREDDING A type of destruction that involves using a cross cut shredding machine Residue must be reduced to shreds no greater than 3 64 inch wide by 1 2 inch long SINGLE ADDRESS MESSAGE A message with only one addressee SPECIAL HANDLING MARKINGS Additional markings or designations on some messages that alert the user or communications center that the message requires special attention in handling Some of these include Caveat Restricted Data RD Formerly Restricted Data FRD FOUO EFTO SPECAT and PERSONAL FOR SWS SENIOR WATCH SUPERVISOR When assigned the senior enlisted person on watch responsible for handling all communications matters responsible to the CWO T TECH CONTROL SUPERVISOR Responsible for establishing and maintaining required circuits including initiating actions to restore or bypass failed equipment quality monitoring supervising assigned personnel and controlling procedures for all systems responsible to the CWO TELEPROCESSING A method of data processing in which communications devices are used TERMINA
186. eet associated and the NTS facilities are primarily ashore Aa The NTS facilities are fleet associated and the DCS units are primarily ashore 3 Navy teleprinter communications are within the realm of the NTS Navy communications by any other means are under the cognizance of the DCS 4 Navy teleprinter communications are within the realm of the DCS Navy communications by any other means are under the cognizance of the NTS Who is responsible for operational and management A NCTAMS control of the elements of 7 NAUCO MELO the NTS Ce NAVCOMTELDET 1 Commander Naval Support D NAVSECGRUDEPT Force ee A EEE ALEE E La Commander Naval Computer and Figure 2A Telecommunications IN ANSWERING QUESTIONS 2 11 THROUGH Command Ce Commander in Chief 2 14 SELECT FROM FIGURE 2A THE Atlantic Fleet NAVAL TELECOMMUNICATIONS COMMAND 4 Chief of Naval ELEMENT DESCRIBED Operations a ag Assigned a limited or How do fleet commanders specialized mission assign communications responsibilities to their To A respective fleets Zy B Ba C La Communications dew UD Information Bulletins CIBs DL Responsible for cryptologic Zs Wide Area Network WAN operations Se Operation Orders OPORDs 1 A 4 Naval messages Ae E Se E Ae if The world is divided into what total number of Nava Communications Areas 2 13 Entry point for Navy NAVCOMMAREAS Tactical Satellite Systems LE Five 1 A D2 Six Zi DB 3
187. eir personnel in routine matters Some examples of communications SOPs are e Procedures for persons going aloft Handling of visitors in radio spaces and MINIMIZE procedures Communications SOPs are written to meet an objective SOPs may vary from command to command and may differ according to their objectives Your job will be to recommend changes or maybe even write the objectives In any event a complete set of SOPs will enable you and your shipmates to perform your duties in a responsible professional and safe manner MESSAGE LOGS Accounting for messages addressed to your guard list list of commands for which you receive message traffic is the most important part of processing messages Accounting for all messages processed in your message center is accomplished with logs Although ashore and afloat automated systems automatically log store and retrieve messages there still is a need to manually log and file both incoming and outgoing messages CENTRAL MESSAGE LOG Depending upon the traffic volume processed a message center may use either a separate outgoing incoming log or a combined Central Message Log to record processed message traffic All messages are logged in the Central Message Log after they have been logged in the appropriate circuit log The normal practice is to use separate logs for outgoing and figure 2 5 incoming messages The entries in the Central Message Log are station serial number S
188. em is configured You must consider the number of processors and peripheral devices available and how they interconnect The second factor deals with the operating mode of the computer The operating mode may be batch online real time time sharing multiprogramming multiprocessing teleprocessing networking or any combination of these Having knowledge of the different operating modes will help you understand the Operating environment in which you will be working This knowledge will help you understand how to go about scheduling work for the system THE JOB OF SCHEDULER The job of scheduler or production control coordinator as it is sometimes called requires you to have specific knowledge and skills if you are to effectively schedule the computer and the other related activities that revolve around it You must have a good working knowledge of AIS concepts and be thoroughly familiar with the operation of your facility s computer system s the actual hardware components themselves You also need to know how the operating system in use works what applications and production jobs you are to schedule the time it takes to run them how to make up job streams using system control language SCL statements and so on One of your primary jobs will be to keep production schedules up to date and as accurate and complete as possible In addition to making up production schedules for computer processing you must be equally concerned
189. ements of any command s physical security program All personnel military and civilian receive periodic training in emergency procedures in case of fire The training usually includes at a minimum proper equipment shutdown and startup procedures information about your fire detection and alarm systems use of emergency power especially aboard ship use of fire fighting equipment and evacuation procedures Master control switches are used to shut off all power to your AIS spaces in the event of fire If your air conditioning system is not setup for smoke removal it is probably connected to the master control switches The master control switches are normally located at the exit doors so in an actual emergency you do not have to pass through a dangerous area to activate the switches These switches should be easily recognizable They are clearly labeled and protected to prevent accidental shutdown Commands that process critical applications will have master control switches that allow for a sequential shutdown procedure of your equipment Learn the location of the switches and procedures used in your computer spaces There will be enough portable fire extinguishers for you to fight a relatively small or self contained fire Extinguishers are placed within 50 feet of the computer equipment Prominently displayed markings and or signs are above each extinguisher and each is easily accessible for use WARNING Be sure to use o
190. en deal with sensitive subject matter that requires special security handling It is for this reason that we have communications security COMSEC Within the framework of COMSEC we have directives and requirements that deal specifically with communications material COMSEC involves all the protective measures taken to deny unauthorized persons information derived from the possession and study of telecom munications relating to national security COMSEC also consists of the measures taken to ensure the authenticity of our communications COMSEC includes the following e Cryptosecurity which results from measures taken to provide technically sound cryptosys tems and their proper use e Physical security which results from physical measures taken to safeguard COMSEC material and information e Transmission security which results from measures designed to protect transmissions from interception and exploitation by means other than cryptoanalysis and e Emission security which results from measures taken to deny unauthorized persons information derived from the interception and analysis of emanations from crypto and telecommunica tions equipments 3 1 In this chapter we will see how these elements of COMSEC are unique to the duties of a Radioman CRYPTOSECURITY The Navy has instituted a unique distribution system to achieve technically sound cryptosystems The Navy has also developed strict accountability and control
191. en each vibration is called wavelength EMERGENCY PLAN Provides for the protection removal or destruction of classified material EP ELECTRONIC PROTECTION Involves actions taken to ensure friendly effective use of the electromagnetic spectrum despite an enemy s use of electronic warfare EP replaces elec tronic counter countermeasures ECCM EXTRACTS Portions of naval warfare publica tions that are extracted reproduced for use in training or operations All extracts must be properly marked with security classification and safeguarded F FLASH PRECEDENCE Identified by the precedence prosign Z Category reserved for initial enemy contact reports or operational combat messages of extreme urgency Brevity is mandatory Speed of service objective is not fixed Handled as fast as humanly possible with an objective of less than 10 minutes FRD FORMERLY RESTRICTED DATA Pertains to defense information that has been removed from the Restricted Data category but is still safeguarded as classified defense information G GENERAL MESSAGE A message with wide predetermined and standard distribution I IFF IDENTIFICATION FRIEND OR FOE A system using electromagnetic transmissions to which equipment carried by friendly forces automatically responds to distinguish themselves from enemy forces IMMEDIATE PRECEDENCE Identified by the precedence prosign O Delivery time reserved for very urgen
192. ency of internal inspections the AIS technical manager should consider which of the following factors l Operation workload Zs The rate of change of the AIS oy The SOPS of the AIS start 4 The results of the last inspection only 920 What 1s the role of the 5 24 inspection team ls To develop security controls Zo To evaluate established CONTEO US de To enforce control procedures 4 To develop security procedures Which of the following O characteristics of the inspection board members will NOT affect the success of the inspection I Ability Zs Objectivity J Probing nature 4 Punctuality Which of the following is NOT an important character istic for the inspection TASA board members T Ability to enforce Controls des Attention to detail om Inquisitiveness 4 Probing nature Which of the following types of expertise is helpful for a member of the inspection team i Operations experience on Ly Ze Security experience only om Security experience and programming knowledge 4 Operations experience and programming knowledge 45 The group of people who have the most to gain from an effective inspection are the ha members of the inspection team des members of the security force Si programmers in the facility 4 users of the facility Which of the following is a characteristic of a comprehensive inspection plan le It is action oriented a It lists actions to be bypa
193. ense activities The circuits that make up the DCS are government owned or leased and are point to point circuits that are long haul and worldwide The DCS combines many of the communication elements of the three military forces into a single communications system Although the Naval Telecommunications System NTS and the DCS are two different communications systems fleet and ashore respectively they are constantly intermixed For example as often happens a naval message originated aboard ship and destined for a shore activity leaves the ship over the NTS but final routing is accomplished over the DCS circuits The interface between the NTS and DCS is always provided by the shore communications facility DEFENSE INFORMATION SYSTEMS AGENCY The Defense Information Systems Agency DISA gives operational direction to the DCS With reference to the DCS the DISA must ensure that the system is operated and improved so as to meet the continual long haul point to point requirements that arise The DISA functions under the management of a director who is appointed by the Secretary of Defense The director is a flag rank officer and is responsible for coordinating the combined communications elements of the three military departments MISSION OF NAVAL COMMUNICATIONS The mission of naval communications is to provide and maintain reliable secure and rapid communications based on war requirements to meet the needs of naval operati
194. ent means of destroying classified material Burning Shredding Jettisoning Pulping H CG N ER Persons witnessing destruction of classified material must have a security clearance of at 5 66 least what level Confidential POCTE L Top Secret The level of the material being destroyed H G Ne When is a record of destruction reguired for secret messages lla If only one person performs destruction 5 67 de If the messages have special markings 3 If the messages have to be jettisoned 4 During routine destruction Dil Records of destruction of classified material must be maintained for what minimum length of time Ls l yr ad Z YE cm 6 mo 4 18 mo How are burn bags accounted Lor Prior To burning Ls Bags are placed in a secure place and inventoried daily Le Each bag must be serially numbered and a record kept of all subsequent handling until destroyed oe Each office is responsible for its burn bag until the day of destruction 4 On the day of destruction each bag is serially numbered What is the maximum allowable size of material shredded by a crosscut shredding machine ly 1732 nea mide Py 1 MEA long 7 1 32 inch wide by 1 2 inch Long 3 3 64 inch wide by 1 2 inch Long 4 3 64 inch wide by 1 inch long If classified material must be jettisoned during emergency destruction what should be the minimum depth of the water i 500 fathoms 2 700 fathoms Ia 1 000 fathoms
195. eports that leave the AIS facility Be sure your operators production coordinators and I O control clerks know the standards of quality expected Ensure they are checking the products during processing and before sending them to the customer users AUTOMATED INFORMATION SYSTEM AIS REPORTS You will be expected to prepare a variety of reports It will be your responsibility as a technical AIS manager to report to upper management on the status performance equipment inventory and requirements of the AIS facility At a minimum you should include information concerning your areas of responsibility including user related information The form of these reports is the responsibility of each parent command s upper management We can only provide examples and general suggestions not authoritative guidance Reports should be regular concise and graphical 1f possible The amount of information you report should not exceed upper management s requirements Too much too often is a problem common to many performance reporting schemes Information should be easy to understand but sufficient to support the decision making process The reports should compare the facility s current level of performance against a set of predefined performance goals Examples of reports needed for management of an AIS facility include the following e Hardware and software projection reports e Application software performance reports e System utili
196. equirements are to be included in the contract Interior Physical Protection Intrusion detection systems IDSs OPNAVINST 5510 1 provide a means of detecting and announcing proximity or intrusion that endangers or may endanger the security of a command The use of an IDS in the protective program of a command may be required because of the critical importance of a facility or because of the location or the layout of the command Remember IDSs are designed to detect not prevent an attempted intrusion Thus a comprehensive security plan must contain appropriate security measures along with procedures for an effective reaction force Remote Terminal Areas Protection The physical and personnel security requirements for the central computer facility area are based upon the overall requirements of the total AIS system The remote terminal area requirements are based upon the highest classified and most restrictive category and type of material that will be accessed through the terminal under system constraints Each remote terminal should be individually identified to ensure required security control and 4 24 protection Identify each terminal as a feature of hardware in combination with the operating system Before personnel of a component that is not responsible for the overall AIS operation can use a remote device approved for handling classified material security measures must be established These security measures are es
197. er time built into their scheduled processing time the job overrun should not be that critical for meeting the overall schedule of a shift Another piece of job related information to consider applies to multiprogramming environments The challenge here is to combine as many jobs as possible so that each resource is used to its maximum In a nonmultiprogramming environment you have no problem in scheduling jobs because you can process only one job at a time However resources are underutilized and that s a fact you must live with This is a direct result of having all resources dedicated to one computer even when they are not needed On the other hand multiprogramming allows you to execute several jobs at the same time using as many resources as possible The difficulty of manually preparing such a schedule for a system that runs in a multiprogramming environment is in trying to obtain a job mix that makes the best use of most resources without bogging down the entire computer system gives you some idea of how main storage and peripherals can be fully utilized as a result of the proper job mix It shows where the jobs are in memory and what tapes and disk drives are used by each job It also shows information about printing and printers It 1 14 TIME OF DAY MES otto 2100 400K JOB DISK DRIVES 226 230 RESERVED FOR REAL TIME USERS APPLICATIONS DISK DRIVES 382 JOB B JOB H 383 JOB JOB D
198. er with the senior petty officers in the division the division officer or division chief usually determines the physical location of furniture and equipment When the office layout is being planned primary consideration must be given to proper flow of paper and work the physical location of workspaces and the internal communications of the division Secondary factors to be considered are the number of personnel to be accommodated safety standards security of classified material structural location of electrical outlets and physical locations of bulkheads and passageways Paper and Work Flow Good paper flow is the smooth movement of paperwork from one desk or individual to another As much as possible the paperwork should flow in one direction through various sections with no reversals or criss crossing Figure 2 2 shows the ideal communications space layout with sequential workflow Placing related tasks in adjacent spaces reduces distance and increases efficiency of operations This ultimately increases the work accomplished Workflow affects the placement of sections within the division and the location of desks files and other equipment Changes should only be made to improve workflow Deviations from approved methods can result in loss of time and motion and cause delays in completion of work assignments Physical Factors The physical layout of workspaces should be reviewed when e There is evidence of imprope
199. erations in progress This is the highest precedence normally authorized for administrative messages IMMEDIATE O This category is reserved for messages relating to situations that gravely affect the national forces or populace and which require immediate delivery to addressees FLASH Z This category is reserved for initial enemy contact reports or operational combat messages of extreme urgency message brevity is mandatory YANKEE Y In addition to the four major precedence categories an EMERGENCY COMMAND PRECEDENCE ECP is used within the 2 20 Z 5 M N M PM 3 06 Zh LINIZEN NF Ne Ne DN DU E Apt DA PM sneti NO ZONE SYSTEM ADOPTED PM NIN SAINI TEN FINDS IN MERCATOR PROJRCTION A Pd F wr pl o S NF od H S NVON awid 0 Ww za O N 4 D o IT u al lt L TIME ZONE CHART OF THE WORLD AM Y 7 2 gt ye E M OC Zbb 3 A E aw o T Y D g t 10 el ge e a D a gt on Time zone chart of the world Figure 2 19 AUTODIN system This ECP is identified by the precedence prosign Y and is limited to designated emergency action command and control messages MESSAGE USER RESPONSIBILTTIES A message user is any individual authorized to draft release and or process electronically transmitted messages There are certain responsibilities associated with the origination of a message These responsibili
200. ered incorrectly and give you an answer sheet marked NRT C SRESUBME I a You must redo the assignment and complete the RESUBMIT answer sheet The maximum score you can receive for a resubmitted assignment is 3 2 COURSE COMEBETUON After you have submitted all the answer sheets and have earned at least 3 2 on each assignment your command should give you credit for this course by making the appropriate entry in your service record NAVAL RESERVE RETIREMENT CREDIT If you are a member of the Naval Reserve you will receive retirement points if you are authorized to receive thereunder current directives governing retirement of Naval Reserve personnel For Naval Reserve retirement this course is evaluated at 9 OLATS Refer to BUPERSINST 1001 39 for more information about retirement points STUDENT QUEST IONS If you have questions concerning the administration of this course Consult your ESO If you have questions on course content you may Contact NETFDIC A63 DSN D22 LoO0L Commercial 904 452 1501 PAX O22 1619 INTERNET n311l products smtp cnet navy mil COURSE OBJECTIVES In completing this nonresident training course you will demonstrate a knowledge of the Subject matter by correctly answering questions on the following subjects AIS Administration Communications Administration Communications Security AIS Security and General Security NRIC TT Naval courses may include several types
201. erform preliminary planning Establish an AIS security team to prepare an AIS security program and make responsibility assignments e Perform a preliminary risk analysis This will identify major problem areas e Select and implement urgent quick fix security measures This should be done on an as needed basis e Perform and document a detailed risk analysis This will allow for review and approval e Justify cost and document action plans Based on the approved risk analysis selected develop budgets and schedules for security measures contingency plans training and indoctrination plans and test plans e Carry out the approved action plans e Repeat the detailed risk analysis and subsequent steps regularly at least annually Conduct more frequently 1f required based on the results of tests inspections and changes in mission or environment AIS SECURITY PLAN DOCUMENTATION Include adequate documentation in the action plans For example the documentation might include the following e A security policy statement that provides general guidance and assigns responsibilities e A security handbook with instructions that describes in detail the security program and procedures and the obligations of AIS personnel users and supporting personnel e Command standards for system design programming testing and maintenance to reflect security objectives and requirements e Contingency plans for backup operation
202. erk to check with the media librarian to make sure enough scratch tapes and blank diskettes are available for the job Effects on Workload Schedules On any given day or shift almost anything can go wrong A job may abort A tape may not read User requirements may change A high priority job maybe submitted Personnel may be called off the job to do something else This means there will be times when you must change the way work is to be completed during the day For example to stay on schedule during monthly quarterly or yearly processing production work will have to be run during the day shift You may also have to have additional saves run in association with monthly quarterly or yearly processing Another example is as you are preparing to load a software update you might have special saves run during another shift This will ensure that the data is backed up and a good copy of the software is available if the update does not work properly You may also have to reschedule some of the production work Anytime the normal work schedule is changed it may affect the online users by slowing the system response time or causing the system to be unavailable to the users Care must be taken when the schedule is to be changed Try to cause the minimum interruption to online users and do keep them notified of the changes PRODUCTION PROCESSING During production processing the I O control clerk production control coordinator and o
203. erly da Semiannually 4 Annually 46 A surprise inspection should be approved by which of the following personnel Ie The facility security Obricer Tks The AIS technical manager be The commanding officer of the command in charge of the ADS taczulity 4 The commanding officer of the user command In conducting a scheduled inspection which of the following is normally the first step lla Interviewing the AIS personnel Ze Scrutinizing the AIS facility records Dn Inventorying the AIS hardware capabilities of the facility 4 Testing the AIS facility access control procedures Most security inspections include testing which of the following activities at AIS facilities Fire fighting procedures Facility evacuation System backup Personnel placement procedures H CG N pa What is the preferred frequency at which the inspection team should convene to review progress and compare notes i At the end of each day s activity Lo At the end of each week s activities ce Every 2 weeks 4 Every 3 weeks IST y After the completion of the Imk inspection when should the written report be prepared lis When requested by the supervisor of the AIS facility being inspected Les When requested by the commanding officer of the AIS facility being inspected oe Immediately after the inspection while the A impressions are still fresh 4 After an extended period of time to allow the inspectio
204. ern to the library custodian NWPL ADMINISTRATION The NWPL custodian issues publications to holders and short term users A holder is a person who has permanent subcustody of a publication under the central control of the NWPL The holder is responsible for maintaining the publication entering all changes and amendments and providing adequate security A user is a person who checks out a publication for temporary or short term custody Signature custody and disclosure records for classified material are maintained as required by the Security Manual Signature custody of unclassified publications is not required However the records of the NWPL should provide an up to date location of publications that have been issued to holders or checked out to users Where signature custody is not required a locator card maybe used in place of a catalog card to check out publications to users NWPL MAINTENANCE Several basic files are used in maintaining the NWPL One is the custody file which contains a NWPL Catalog Card OPNAV Form 5070 11 2 11 for each naval warfare publication on allowance or on board The purpose of this file is to maintain an up to date record of the holder and location of each publication This record also helps keep track of entries and changes to the publication The catalog card can also be used as a custody card and as a destruction record When used as a record for security purposes it must be retained as require
205. es Italy 2 4 The world is divided into four Naval Communications Areas NAVCOMMAREAs Western Pacific WESTPAC Eastern Pacific EASTPAC Atlantic LANT and Mediterranean MED figure 2 1 All communications activities within any of these geographical areas are organized to operate under the operational control of a NCTAMS These master stations are the major sites in a COMMAREA and are the primary keying stations for that area They are the entry points for Navy Tactical Satellite Systems and also operate and maintain one or more Defense Satellite Communications System DSCS terminals The NCTAMSs have as part of their organization a fleet telecommunications operations center FTOC This is the focal Point for fleet communications support To support the operating forces of each fleet commander in chief FLTCINC the authority to exercise operational direction over all NAVTELCOMs is delegated on an area basis to the commanding offiers of the master stations Operational direction is decentralized down to the commanding officers of the NCTAMSs These commanding officers report to and are immediately responsible to the FLTCINC COMNAVCOMTELCOM however exercises overall operational direction to assure integration of the worldwide system taking into consideration the requirements and priorities of other FLTCINCs and or higher authority You should refer to the appropriate Fleet Operational Telecommunications Program FOTP
206. essed You will be expected to have the insight to predict the future since the users will not always know what they will need later APPLICATION SOFTWARE PERFORMANCE REPORTS Management will require reports that show whether the application software in use is performing as designed Here are two items of information to include in these reports e Average length of time any particular job remains in the system and 1 22 e How long a priority job priority 1 2 and 3 waits to be run This information can be used to change your existing standard operating procedures SOPs and aid in preparing schedules For example you might want to change the maximum time a priority job waits to be run HARDWARE UTILIZATION REPORTS In addition to the application software performance reports you will prepare the reports that cover hardware utilization Your hardware utilization reports should include the following types of information e The amount of system idle time The amount of system setup time e The amount of system production time e The amount of downtime not only for the whole system but also for each particular piece of equipment This could help you explain why the idle time seems unusually high if it does This information can help you schedule the work for your system Keep in mind that under utilization of hardware can result in a loss of equipment and or personnel Equipment may be removed if it is not
207. ey secured and how Check for fire escapes their number and locations and accessibility to the interior of the facility from the fire escape windows doors roof How are accessways secured Internal security Begin at the top floor or in the basement Check for fire alarm systems and devices Note the type location and number Where does the alarm annunciate Check telephone and electrical closets to see if they are locked Are mechanical and electrical rooms locked or secured Note any existing alarms as to type and number Determine the number and locations of manned posts hours and shifts Monitoring facility Know the location who monitors who responds its type and the number of alarms being monitored Table 4 6 is a checklist of other questions that should be asked in the survey 4 25 Table 4 6 Secunty Measures Checklist 1 Is the facility building protected by an alarm system s 2 How many zones of protection are within tha nratertad hnildina VV AILAMALA ULA prevwvew UWILQGDILI Is the alarm system adequate and does it provide the level of protection required Are there any vulnerable areas perimeter or openings not covered by an alarm system 5 Is there a particular system that has a high nuisance alarm rate Is the alarm system inspected and tested occasionally to ensure operation Is the system backed up by properly trained alert protection personnel
208. fic ways in which performance of each task departs from normal for example tasks postponed changes in cycle times and schedules e User instructions Backup operation may require users to submit input in different forms or to different locations or may otherwise call for altered procedures These should be clearly spelled out to avoid confusion and wasted motion e Technical requirements for each AIS task Backup operation of an AIS task will require the availability at the offsite AIS facility of the following items current program and data files input data data control and operating instruction which may differ from normal instruction preprinted forms carriage control tapes and the like These requirements must be documented for each task Procedures also need to be established to ensure the materials needed for backup operation are maintained offsite on a current basis e Computer system specifications One or more offsite computer systems are selected for backup operation The following information should be recorded for each system administrative information about the terms of backup use the location of the system the configuration and software operating system a schedule of avallability for backup operation and the tentative schedule of AIS tasks to be performed on the system e Administrative information It is probable that COOP backup operation will require special personnel assignments and procedures tempo
209. for support of the operation or function under consideration A representative from the facility responsible for managing AIS operations A system programmer if the command has system programmers in a separate fictional area A computer specialist assigned the responsibility for Overseeing or inspecting system security and The individual responsible for security PERSONAL DATA SECURITY RISKS Each command should identify its specific risks and evaluate the impact of those risks in terms of its information files Experience indicates the most commonly encountered security risks are usually accidents errors and omissions The damage from these accidental events far exceeds the damage from all other personal data security risks Good information management practices are necessary to reduce the damage that can result from these occurrences Personal data security risks include e Input error Data may not be checked for consistency and reasonableness at the time they are entered into the system or data may be disclosed modified lost or misidentified during input processing Program errors Programs can contain many undetected errors especially if they were written using poor programming practices or were not extensively tested A program error may result in undesirable modification disclosure or destruction of sensitive information Mistaken processing of data Processing requests may update the wrong data for example
210. for the AIS facility to meet user requirements They provide processing schedules to coordinate inputs and outputs between I O control data AOQOPVOMMNT ZO ANCVDOAN SUADPS ADMIN une E IMMS 3 M DENTAL REALTIME ONLINE ONLINE ise i MEDICAL BATCH BATCH BATCH BATCH BATCH BATCH DIVISION CHIEF LPO PRODUCTION a Se CONTROL TECHNICAL SUPPORT SCHEDULES SCHEDULING FOR APPROVAL PROBLEMS SCHEDULING SCHEDULES FOR PRODUCTION PROBLEMS DISTRIBUTION TO USERS if affecting scheduling VO CONTROL MAGNETIC DATA COMPUTER MEDIA ENTRY OPERATIONS SAR CONTROL SE SCHEDULING FLOW AIS FACILITY WORKFLOW PONV Figure 1 4 AIS facility workflow structure 1 11 entry computer operations and the magnetic media library I O CONTROL personnel handle all incoming work for AIS services along with all types of input media from the user Some of these inputs are source documents magnetic tape and diskettes I O control personnel perform the following tasks e Count verify edit and total all source documents received Check that the amount of input data is approximately the same amount as was indicated in the production schedule Verify all incoming work for accuracy and legibility Log all inputs received in various input output control logs Coordinate the receipt of late submissions with users and scheduling Forward source documents to data en
211. g processed at the time of failure for inaccuracies resulting from the failure If the data volumes permit economic processing some sensitive applications may use a dedicated processing period Examine files created from files known to contain personal data to ensure they cannot be used to regenerate any personal data A formal process must be established to determine and certify that such files are releasable in any given instance In aggregating personal data consider whether the consequentfile has been increased in value to a theft attracting level When manipulating aggregations and combinations of personal data make it impossible to trace any information concerning an individual Take steps so that no inference deduction or derivation processes can be used to recover personal data Programming Practices The following practices are suggested for programming procedures e Subject all programming development and modification to independent checking by a second programmer bound by procedural requirements developed by a responsible Supervisor Inventory current programs that process or access personal data verify their authorized usage Enforce programming practices that clearly and fully identify personal data in any computer program Strictly control and require written authorization for all operating system changes that involve software security Assignment of Responsibilities The following practices are
212. g requirements and situations Management Responsibilities Mid management radiomen must realize the need for progressively improving standards The following points may assist mid management radiomen in improving standards within their division e Overcoming Resistance The practice of relying on past performance as a basis for establishing standards is often sound With an organized effort however conditions can be changed to improve performance If the personnel responsible for better performances participate in the organized effort the problem of resistance to higher standards is often eliminated e Improving Conditions Owing to the rapid growth and change in the character of communications systems considerable managerial effort must be devoted to improving the effectiveness of operations and service The essential approach to this type of problem can be summarized in a sequence of three stages Discovery of the problems that is what part of an existing condition needs improving Diagnosis to determine what changes are needed to bring about the needed improvement and Remedial action that is implementing the necessary changes e Responsibility Responsibilities must be established in accordance with the organizational structure and be clearly defined e Organizational Considerations Leading radiomen must realize that the existing organizational structure may be a contributing factor to poor
213. gas that interferes with the combustion process To ensure the effectiveness of portable extinguishers several measures should be observed Place extinguishers in readily accesssible locations not in comers or behind equipment Mark each location for rapid identification for example paint a large red spot or band on the wall or around the column above the point where each extinguisher is mounted It is important for each AIS technical manager to ensure proper inspection in accordance with command policy Each extinguisher should have an inspection tag affixed to it with the signature of the inspecting petty officer or fire marshal and the inspection date In all probability the AIS facility technical manager will want to establish a first line of defense against fire involvement between the time of notification of and response by professional or highly trained firefighters and will incorporate this as part of the command s Disaster Control Plan Every command regardless of 4 21 size needs military personnel who are knowledgeable and trained in fire safety Any practical and effective organization for fire protection must be designed to assure prompt action immediately at the point where a fire breaks out This usually necessitates every organizational unit or area of a command having a nucleus of key personnel who are prepared through instruction and training to extinguish fires promptly in their beginning stage Such individ
214. ge endorsements of all messages transmitted received or relayed by the communications center Narrative visual messages or fillers must be filed in the communications center master file GENERAL MESSAGE FILE The general message file contains copies of all effective general messages that require retention based on the communications center s current guard list This file 1s subdivided by general message title such as ALNAV ALCOM NAVOP and messages are filed in serial number order instead of DTG order An example of a general message serial number is ALNAV 10 96 This indicates that it is the 10th ALNAV sent in 1996 The individual file is marked with the classification of the highest classified message contained therein The classified files may be segregated by security classification if desired If a general message is canceled during the current year the message may be destroyed but a filler must be placed in the file to identify and indicate the disposition of all current year general messages FACSIMILE FILE The facsimile file contains a copy of all transmissions processed by facsimile equipment A filler for all facsimile messages must be placed in the communications center master file COMMERCIAL TRAFFIC FILE The commercial traffic file contains messages sent by commercial systems in accordance with Fleet Communications U NTP 4 This file is maintained by the commercial traffic clerk EMBARKED COMMAND FILE
215. gs as when the job was submitted the disposition of the input media the location or the computer system to which the job was assigned the progress number of steps the job has already gone through the type and amount of input submitted the person who accepted the job and soon If you are still unable to locate the missing item you are able to notify the user That person s name organization and phone number were initial entries in the log Job Preparation To properly prepare the user s job specifically the input for processing you must have a certain amount of information This information is located in what is called a task folder job folder run folder or run procedure Do not confuse these with run book run manual or run instructions which provide computer program operating instructions for the operators The task folder provides you with such things as a run sheet control parameters and output requirements RUN SHEET The run sheet contains the pro gram name or names and the job or task number under which the job or system is to be executed or run In addition it indicates all of the inputs magnetic tapes disks and diskettes required depending upon the type of run or possible options the user selected There could be one or several magnetic tapes and or disk files needed for the job You might be required to retrieve them from the media library or you might just lookup the tape disk numbers and annota
216. he lower portion of the AIS service request see figure 1 2 is reserved for operations use only This is where you enter the time and date that the job was accepted for processing lower left hand corner The remaining blocks are used by the people in operations to indicate when the job started when it was completed along with any significant comments about the job during the time it was run If while reviewing the user s request you happen to come across a discrepancy or find something that is incomplete or unclear be sure to bring it to the user s attention Just remember that throughout the course of your conversation you are to be tactful and diplomatic You must always keep in mind that you are representing your command and the image you project both personally and professionally is as important to your job as the work that is being submitted The key word is communication NOT confrontation Once you have accepted the user s request you make the necessary entries in the job control log Job Control Log A job control log is important especially when you deal with multiple users It will be up to you to keep an up to date record of all jobs received for processing A job control log will serve as a continuous point of PROGRAM NAME From _ BARBARA P Org Ph SUPPLY 453 2168 Return to BUILDING 3425 SAUFLEY FIELD Desired Comp Date a SUCIOIFT AIS SERVICE REQUEST MACHINE TYPE Check one
217. he reports we have covered are good sources for determining what performance tuning techniques to implement Now let s look at some performance tuning choices available both hardware and software Be sure they are authorized by your command before implementing them HARDWARE Three possible hardware choices are as follows e Increase computer memory e Reduce file fragmentation and e Add or change a disk drive Increase Computer Memory To increase a computer system s memory we can add memory chips or memory boards This will allow us to run larger more complex programs on the system We can also create cache memory which is used with the central processor to improve execution speed and enhance central processor performance This is accomplished by reducing the access time required to repeatedly fetch frequently used information stored in main memory For average program mixes cache memory yields a 50 percent increase in processing speeds The cache memory is a random access memory RAM buffer that provides high speed storage capabilities from main memory and makes this data available to the central processor with a private central processor cache interface Reduce File Fragmentation File fragmentation occurs when you delete a file leaving basically a hole in the information on the hard disk or when you add information to an existing file when there is no contiguous space left next to the file To correct fragmentation yo
218. hecking the user s output you should once again refer to the run sheet and or task folder to verify that all items requested were in fact produced If the output is in the form of magnetic tape disk or diskette be sure it is labeled properly given the proper classification and it is on the appropriate media magnetic media that has been designated for mail out or distribution only When checking reports make sure they were run on the proper forms size and type that no pages are missing and the correct number of copies were printed and that all print is legible and lined up properly Once the output is checked you then package each completed copy of the report along with any other out put products and the original input place it in the proper pickup area and log the job out in the job control log You may need to notify the user when the job is ready If during the course of checking over the user s output you happen to come across something unusual or you find an error by all means pull reject the job immediately bring it to the attention of your superior and notify the user of the delay Even at this late stage it is better to reject a job to connect any problems or discrepancies rather than to release it only to have it returned for rerun later USER SUPPORT The term user support covers a broad range of duties They include answering inquiries from users providing logistical support and processing trou
219. holders receive and make the changes in a timely manner Changes are often so numerous that all communications personnel may become involved in making them The NWPL clerk is responsible for ensuring that all personnel making changes or corrections to NWPL publications know the proper procedures for making these changes These procedures are a follows e Check the Foreword or Letter of Promulgation of the change for the effective date of the change correction to ensure that the publication to be corrected is effective Read all the specific instructions contained in the change or correction before making the entry Use any dark ink EXCEPT RED for pen and ink entries Red is not visible under red night lights used aboard ship Type lengthy pen and ink corrections on a paste in cutout All superseded matter must be deleted in ink prior to inserting the cutout Use flaps when no room exists for a cutout When used flaps should be attached to the binder side of the page Use rubber cement or mucilage for pasting instead of glue or gummed tape Make a notation in the margin adjacent to the entry after making pen and ink corrections citing the source of the correction for example ALCOM 007 96 After page changes are entered a page check must be conducted and the page change and page check recorded on the Record of Changes and Corrections sheet Corrections to NWPL publications are issued by message when the material req
220. hould be granted access Admission to communications spaces is granted only to personnel whose names rates ranks and clearance level appear on the official access list Access lists which must be signed and approved by the commanding officer should be posted at each entrance to a communications space Admission of persons other than those on the access list 1s subject to the specific approval of the commanding officer or his or her designated representative Personnel not on the access list nor specifically granted permission by the commanding officer for entry must be escorted or supervised at all times while in communications spaces Communications Center Visitors Log A communications center visitors log or register is used to record the arrival and departure of authorized personnel whose names do not appear on the access list Fleet Communications U NTP 4 recommends the following column headings for visitors logs e Date e Visitor s printed name Organization the visitor is representing Purpose of visit Visitor s signature Officer authorizing access to restricted area s Escort s name Time in and Time out Access to Classified NATO Messages Only those personnel who hold a security clearance equal to or greater than the clearance required for U S material may have access to NATO messages NATO messages and documents belong to NATO and must not be passed outside the NATO organization NATO Securi
221. ial usually used with a transfer report Inventory Report Used to document and report the physical inventory of COMSEC material There are three types of CMS inventories Fixed cycle FC Special and Combined a Fixed cycle inventory is to ensure that all accounts satisfy the national requirements for a semiannual inventory of keymat and an annual inventory of equipment and publications b Special SF 153 inventory is to satisfy the Navy requirement to conduct and document the mandatory Change of Command and Custodian inventories c Combined SF 153 inventory may sometimes be used for both the requirements for a Fixed cycle inventory and a Special inventory CMS 25 ONE TIME KEYING MATERIAL DESTRUCTION REPORT This report is a two sided document used to record destruction of individual one time keying material segments of COMSEC material Side one is numbered 1 31 for daily use the reverse side 6 CMS 25B COMSEC KEYING MATERIAL explains the digraphs that are printed to the left LOCAL DESTRUCTION REPORT The of the short title on each segment of extractable tape figure 3 1 CMS 25B is a two sided report used to record ee er Se Se a SS A re a ths TASS Pf A STO SS SS PS a SS A eS PY le SS MS SS SSE EAT SSS FOSS SSN SSS FSG SS TES EAS SS E SS UN ST E fm Rov fo N fas s f Z 4 4 puma fd Y 2 as 7 o ES 3 a gt S 3 A fa lt f 2
222. ications center administration quality control and circuit setup restorations Guidelines for setting EMCON and HERO conditions and cryptosecurity requirements are also discussed iV CHAPTER 1 AIS ADMINISTRATION LEARNING OBJECTIVES Upon completing this chapter you should be able to do the following e Describe the preparation and monitoring of the run schedule e Examine console printouts logs and describe the analysis of console printouts and logs Schedule computer downtime with users to include hardware maintenance and software upgrades e Prepare emergency urgent change requests to include application and system programs e Prepare review and coordinate trouble reports e Describe how to conduct and update an AIS equipment inventory e Describe the preparation and analysis of system performance reports e Explain the establishment and maintenance of system resource limits e Describe how to project future application growth capabilities e Explain how to prepare guidelines for contingency disaster recoveries to include adequate replacement parts and backup media and current backups Are scheduling systems really necessary to get the work done No but unless you are working at an AIS facility with unlimited resources 1t would not be long before confusion and disorder set in 1f you did not have one That would be followed by unhappy and dissatisfied users demanding their output products in
223. ich are economically technically and operationally sound Details will depend on circumstances at the AIS facility but some general guidance and suggestions can be helpful in considering the alternatives Backup operations may take place onsite when there is only a partial loss of capability However they may require one or more offsite locations when there 1s major damage or destruction The backup procedures may replicate normal operation or be quite different When considering backup AIS management will often find that an exact replica of the onsite AIS system is not available for backup or the time available per day is less than the amount needed to complete all assigned tasks From this you might conclude that backup is impossible On the contrary a number of things can be done to make backup resources available The following are examples e Postpone the less urgent tasks Tabulate the AIS tasks in descending order of urgency as identified by the risk analysis Having estimated the time to return to normal following a disruptive event AIS management can quickly see which tasks can be set aside These include such things as program development long cycle monthly quarterly or annual processing and long range planning As long as adequate catch up time is available after the return to normal there should be a number of tasks that can be safely postponed FIRE EMERGENCY RESPONSE l Report fire list phone number
224. idating customer authorization Identify the procedures for performing directing and validating security inspections and for reporting and investigating security violations e e e contingency plans e plans procedures e AIS security is a cycle of events that never ends You start with the development of a security plan for the facility This plan includes conducting an in depth risk assessment covering different types of disasters that threaten the security of the AIS facility Once the security plan is in place the inspections begin You will be responsible for preparing the inspection plan and conducting the inspection using the guidelines provided in the security instructions In this chapter you will learn about AIS security from the implementation of the security plan through conducting security inspections This includes AIS threat and risk analysis disaster protection contingency planning inspection preparation and data privacy WHAT IS AIS SECURITY AIS security is more than protecting classified information and keeping unauthorized personnel out of 4 1 Identify the procedures for developing and updating security plans Recognize how to implement and evaluate countermeasures and Identify the procedures for preparing and updating emergency action Ekplain how to implement and evaluate security test and evaluation Explain how to safeguard AIS classified material your AIS facility It is pr
225. ilding F Overtime cost factor for civil service personnel 4 Transportation of personnel with needed supplies and materials When developing the optimum backup plan it is wise to form several backup plans one of which has which of the following charac teristics iv Extends beyond the cause of delay Le Includes each minor partial failure Ja Lasts at least half the time required to reconstruct the facility 4 Includes one or more operating periods between minimum duration and worst case Fach COOP backup plan should cover a total of how many basic areas Es Five Zi Six oe Three 4 Four 43 A Administrative information Be Computer system specifications C Performance specifications D User instructions Figure 5A IN ANSWERING QUESTIONS 5 10 THROUGH 5 12 SELECT FROM FIGURE 5A THE AREA OF THE COOP BACKUP PLAN DESCRIBED mals The specific ways in which performance of each task departs from normal is stated ds w NO PH VOW lla Input in different forms may be required Ss YN Ra U QA W D Oris The location of the system is given 1 A La B Oe E 4 D Lo The process of recovery will be carried out more effectively and economically 1f handled by which of the following personnel The users only The AIS staff only The users and AIS staff Personnel other than the AIS staff A GW N e Before recovery from total destruction is achieved all but which of the foll
226. ilities available THE COMMUNICATIONS PLAN The communications plan satisfies the communications requirements of an operation It specifies circuits channels and facilities to be used and stipulates the policies and procedures that are applicable The plan is in effect an assignment of communications tasks to be performed by subordinate commanders or by supporting commands The planner first establishes requirements for communications and then determines the best means for satisfying them This process may reveal shortages or inadequacies in what is available If inadequacies are identified it may become necessary to share circuits or facilities as well as merging or consolidating requirements All possibilities should be considered to support valid operational requirements In planning communications the planner must evaluate such factors as the performance capabilities and capacities of systems facilities and personnel These factors are merely guides and averages They represent the sum result of experience in previous similar situations and are considered only after any local factors are determined These factors change from time to time and must all be available for final determination of communications requirements TELECOMMUNICATIONS SERVICE REQUEST TSR When a command requires additions deletions or changes in existing Defense Communications System DCS circuits it must initiate a TSR The submission of a TSR
227. ing 1 27 Production processing 1 19 application program processing errors 1 19 help desk support 1 20 system downtime 1 20 Production scheduling 1 17 monthly 1 17 workload schedule development Q Quality control R Radio officer 2 9 RD Recovery 4 29 emergency response planning 4 26 planning 4 29 Remedial measures selection 4 16 Remote terminal areas protection 4 24 Risk analysis 4 14 Risk management 4 4 S Scheduler 1 2 Scheduling 1 2 1 19 Scheduling methods 1 14 1 16 Scheduling process 1 13 Scope of AIS security 4 6 management responsibility 4 6 personal responsibility 4 7 Security See AIS security Security 5 3 areas 5 3 classification 5 6 handling _ 5 6 physical 5 4 Security areas 5 3 access 5 3 access list 5 3 restricted sanitizing 5 3 visitor s log 5 4 Security handling 5 6 after working hours 5 7 personnel working hours 5 7 Security inspections 4 30 conducting inspections _4 32 inspection follow up 4 33 inspection plan 4 31 inspection preparation 4 31 INDEX 6 Security markings 4 12 CRT displays 4 12 hard copy reports microfilm and microfiche 4 12 magnetic media 4 12 Security modes 4 10 controlled dedicated multilevel 4 10 system high 4 10 Security survey 4 24 Senior Watch Supervisor SWS 2 10 Service Message 2 23 SOGs SPECAT 2 25 2 30 5 6 Special h
228. ing millions of dollars some of them yours Think about the kind of AIS security you would want to have installed if that AIS facility were yours and what you would do to protect all its assets From this point on the rest is up to you Stay alert keep your eyes and ears open to what is going on around you and never hesitate to challenge or question someone or something that you feel is wrong or out of character PHYSICAL SECURITY MEASURES Physical security is the one area with which you are most likely to be familiar It deals with such things as personnel the environment the facility and its power supply ies fire protection physical access and even the protection of software hardware and data files Your command must provide physical security for your AIS facility The degree of physical security at your installation or command depends on its physical characteristics its vulnerability within the AIS environment and the type of data processed Minimum physical security requirements include four basic areas that your command must address physical security protection physical access controls data file protection and natural disaster protection e Physical security protection Physical security protection takes on two forms The first is physical barriers such as solid walls caged in areas bulletproof glass locked doors and even continual surveillance of the controlled area The second involves people and the proc
229. ing initiatives application software libraries trouble reports and technical assists Operational guidelines and emergency change requests This is by no means a complete list As you continue in your career you will be adding new skills and more responsibilities to these This chapter gives you the foundation needed to build on with the skills you have and those you will learn CHAPTER 2 COMMUNICATIONS ADMINISTRATION LEARNING OBJECTIVES Upon completing this chapter you should be able to do the following e Identify the background and mission of the departments within the National Communications System e Identify the mission and policy of naval communications e Identify the functions of the Naval Telecommunications System and the roles of communications management personnel e Identify the elements and responsibilities related to standard message processing Identify the procedures for minimize consideration and processing of messages o Identify the procedures used for general administration and handling of communication files e Identify the procedures used in communications planning e Identify the procedures for conducting watch to watch inventories and updating the NWPs Identify the role of the naval warfare publications library NWPL including NWPL administration and maintenance Naval communications is the term assigned to the entire communications effort of the Department of the Navy b
230. ions Fire Rain Earthquake Windstorm H G NE In minimizing an AIS building s exposure to fire damage which of the following factors should be considered Contractors Design only Location only Design and location Hm CG N e An AIS physical security program should include which of the following fire safety elements Es Measures to ensure prompt detection of and response to a fire emergency oe Provision for quick human intervention and adequate means to extinguish fires J Provision of adequate means and personnel to limit damage and effect prompt recovery 4 All of the above In evaluating the fire safety of an AIS facility a total of how many factors are to be considered Five 51x Three Four ds WN FE Which of the following factors affects the degree of hazard associated with a given occupancy 1 Weight of the material La Amount of combustible material ds Exposed surface of the material 4 Package in which the material is stored When the safety features of an AILIS facility b irilding are designed which of the following factors should be considered Heat resistant lights Building operation Fire walls Storm doors Hm CG N e The inherent fire safety of a building can be rendered ineffective because of which of the following conditions E Fire doors propped open 2 Standard electrical wiring on Use of low flame spread materials 4 Products oi combustion det
231. ions contained in the library FLEET TELECOMMUNICATIONS PUBLICATIONS Fleet telecommunications publications FTPs are the guiding doctrine of a NCTAMS for the communications area under its jurisdiction To provide optimum communications responsiveness to fleet requirements FTPs incorporate the unique communications procedures for the COMMAREA into a standardized fleet oriented procedural document FTPs are based on the NTP series COMMUNICATIONS INFORMATION BULLETINS Communications information bulletins CIBs are developed by each NCTAMS to provide reference information on specific tactical communications subjects CIBs also provide communications operating personnel with communications procedural information applicable to a specific COMMAREA NTP 4 lists the CIBs and their contents SUMMARY As you have learned from this chapter the naval communications establishment is quite complex We communicate not only with other U S naval commands both at sea and ashore but also with other U S military services and allied nations Before the messages that you send reach their destinations they may travel through other networks in the Defense Communications System We have introduced you to the basic principles of communications management evaluation of both personnel and the work area and duties of individual positions within the command We have also covered various categories of messages that have both internal and external u
232. ions for corrective actions as appropriate The degree of cooperation received should be noted and favorable conclusions should be given the same prominence as deficiencies Tables charts and matrices of results statistical tests and conclusions may be very helpful Distribute the final report to the AIS facility and the command upper management as prescribed in the planning phase INSPECTION FOLLOW UP An inspection 1s of little use unless it is the basis for improvement correction and management follow up The responsibility for implementation of such activity normally resides with the commanding officer CO of the command The CO must in turn assign responsibilities for corrective action The best approach is to summarize each major deficiency on a control sheet outlining requirements problem definition responsibility action taken or required and follow up action In addition an indication should be made of the date that action should be completed or if it is to continue Some of the corrective action may require additional funds this should be noted Corrective action follow up and disposition of the deficiencies should follow a recurring reporting cycle to upper management Quarterly reports are recommended for any inspection control items still open The final step is a frank and honest evaluation of the inspection itself by AIS facility management and the inspection team A group discussion should be held with
233. is not a simple process and requires research and planning The Defense Information Systems Agency DISA publishes a publication called Submission of Telecommunications Service Request DISA CIRCULAR 310 130 1 that provides instructions for preparing and submitting TSRs New increased or updated services are expensive and require substantial justification The increasingly high cost of telecommunications support especially leased services has resulted in the high visibility of communications programs at all levels of government This fact underscores the need for managerial awareness and improved life cycle documentation of telecommunications resources Planning and developing a responsive naval telecommunications system requires early identification and consideration of user requirements Programming is required to obtain necessary resources Normally these requirements should be defined and submitted at least 2 years in advance to permit timely system planning and programming TELECOMMUNICATIONS SERVICE ORDER TSO The TSO is the authorization to start change or discontinue circuits trunks links or systems It is used to amend previously issued TSOs and to effect administrative changes The basic circuit design information for all new or changed circuits will be provided by the TSO The TSO may also be used as the authority to procure specific devices and ancillary equipment necessary to install the circuit or services de
234. ist in making loss estimates Users Vendors Programmers Supervisors A Go DN Fe After a preliminary A 18 screening to identify the critical tasks the AIS technical manager should perform which of the following tasks next Ik Determine the scope of the critical tasks Dig Develop an estimate of annual loss expectancy By Quantify loss potential with the help of user representatives 4 Determine the back up A 19 system requirements for the critical tasks The second step to be considered when you prepare the risk analysis is to is develop an estimate of annual loss expectancy 2 estimate the potential a gt 20 losses to which the AIS facility is exposed 3 evaluate the threats to the AIS facility 4 review the security program objectives To develop estimates of the occurrence probability for each type of threat the AIS technical manager should use all except which of the following resources i Standardized Navy wide formula Ze Higher authority instructions manuals om Common sense 4 Data 33 The third step to be considered when you prepare the risk analysis is to Ls develop an estimate of annual loss expectancy Zs estimate the potential losses to which the AIS facility is exposed EN evaluate the threats to the AIS facility 4 review the security program objectives Fire flood and sabotage in varying degrees result in which of the following losses Indirect
235. itional data for tracing compromises of confidentiality IDENTIFICATION TECHNIQUES Once security measures and information management practices are established the AIS technical manager should consider methods of personal identification of individuals for authorized access to the AIS facility The identification of each individual allowed to use a system is a necessary step in safeguarding the data contained in that system For a broader knowledge of personal identification and identification techniques refer to Guidelines on Evaluation of Techniques for Automated Personal Identification FIPS PUB 48 SUMMARY AIS security is everyone s job The key word is PROTECT take all reasonable measures to protect our AIS assets Be sure you know what to do if a fire breaks out the air conditioning goes off the power goes down with or without an UPS or an unauthorized person is in your computer facility 4 40 Learn the AIS terminology and requirements Keep alert early detection of problems is the key to minimizing damage and destruction Security of all types should be a continuous matter with every AIS technical manager In this chapter we have scratched only the surface of the material available on classified security physical security and security and privacy of data It is a subject with which everyone should be completely up todate Study the material presented and referenced in this chapter to become knowledgeable in
236. itivity of the smoke detectors to eliminate nuisance alarms may have which of the following results save energy Extend equipment life Delay fire detection Cause poor personnel performance mH GC DO E In an actual fire situation the air handling equipment could be shut down 4 42 automatically to avoid which of the following problems ii Straining the air handling equipment Des Excessive energy consumption ey Excessive filter wear 4 Spreading smoke and fanning the flames When fire detection systems are interconnected with air handling equipment a preferred technique is to cause the system to take which of the following measures Exhaust the smoke Lower the thermostat Recirculate the smoke Use inside air for intake Hm Go N e 36 What is the minimum temperature required to activate an automatic sprinkler system ie i saat Li 1252F J LOZE 4 TARTE To ensure the effectiveness of portable extinguishers which of the following measures should be observed i Extinguishers should be marked for rapid identification 2 Extinguishers should have inspection tags cP Extinguishers should be placed in corners 4 Extinguishers should be placed on the floor not mounted Military personnel who are knowledgeable and trained in fire safety are needed by which of the following types of commands Small commands only Medium commands only Large commands only Every command ds CG N
237. jo gt 2 E z a pes A c n 2 pr om x 3 Ea A E 2 ae ES a O y E E E E z 0 2 E z ra E Ke NO D o O Q In a E E e E E o N O mj N ON ENIN m N 4 g e i uy LO E CO OVE Ol NI NI AAA A Aj e m dated a Formal destruction of the entire publication in accordance with CMS lonTN _ Grade Signature CLASSIFIED BY CMS 1 Figure 3 1A CMS 25 ONE TIME KEYING MATERIAL DESTRUCTION REPORT front CONFIDENTIAL When Filled In Grade Signature 3 4 nn A i Sc SPSS ee Ss een ie eS Se SS SE tS nae eytape Crypto Periods P a a s E D fa 3 pi o 7 gt 5 a pu n vI a A 3 S a 2 AN S o en Za ES Ss op MO ES E pe gt ES h No ES A a T A ae y E 4 Pre ol 2 E EE k 3 4 O oj g E EJ EL mi 2 2 Wy Saas m EL O Td re WY m m a a UY T Ww NO rod wv NO WwW NO Ww O N e N O N WwW NINNIN g 3 Qs z 0 5g cc LS 3 gt O N 25 5 2 3 ed o 3 g S Oo 25 TE TE ms QO 8 al b 9 a 8 Y E a ES O 3 le Us pp ox T fa LL o gt lt 8 a 3 faz 8 ES des A o E lt 8 lt Q 5 E 5 2 2 S Vs E 5 y Lu s T3 gk z 2 S o 7 E a Q uN O u 33 ES D e a g s S Se S a 0 lt g z s d 0000000000000 pe Ga WAN gy El E NAS 5 Ja L O
238. job title or status within or outside of your command For the most part you know who is authorized to be in your work area As a computer operator you are responsible for protecting hardware from fire flood sabotage and internal tampering You are also concerned with protecting applications software systems software program and data files and all forms of input and output media with which you will be working If you are working in the magnetic media library you are responsible for protecting all library related equipment tape disk cleaners tape degaussers tape disk certifiers and so on If you are handling and working with classified media and materials you must handle store and dispose of them in accordance with established procedures The same rules apply regardless of what area you maybe working in whether you are a data entry operator a control clerk in production control 1 0 a computer programmer or an analyst All positions require you to pay attention to AIS security The key word is protect Believe it or not AIS security is not really that difficult to understand nor is it difficult to carry out Sixty five percent of it is nothing more than using good old common sense the remaining thirty five percent comes from awareness that you get through proper training Try thinking of AIS security and protecting its related assets the same way you would protect your home and personal effects In AIS we are talk
239. kee Composing a message and selecting the proper classification and precedence is the responsibility of what 2 6 li individual The drafter The releaser The originator The commanding officer Hm CG N Fe Before accepting a message originated in or destined for an area under minimize for transmission the outrouter must ensure that which of the following information is on the message Ih The notation MINIMIZE CONSIDERED in the appropriate area of the message form Le The releaser s name and rank grade in the last line of the message text or Both 1 and 2 above 4 The notation MINIMIZE CONSIDERED stamped on the message form or diskette Iy Which of the following messages are used to determine delay or nondelivery of a message on a station to station basis Pro forma Service only Tracer only Both service and tracer Aow A Fe Which of the following messages are described as short and concise messages between operators dealing with message corrections broadcast reruns and missent or misrouted messages Pro forma MINIMIZE Service only Service and tracer A w N e Where does an activity send the results of a tracer investigation i To the originator of the tracer message only Li To the preceding station s only Oe To the originator of the tracer message and the preceding station s only 4 To the originator of the tracer message the preceding station s
240. l information 4 Combinations are assigned a security classification equal to Soe the highest category of classified material stored An individual who is responsible for safeguarding and accounting for classified material is known by what term Custodian User Keeper Guardian Hs CG NO Fe 90 Which of the following conditions Lor Protecting classified material after working hours is NOT in accordance with security INSETUCETIONS a Classified documents are in locked authorized containers Ze Classi t ted notes paper typewriter ribbons and rough drafts have been destroyed or are in locked authorized carbon containers a The contents of wastebaskets containing classified material were not burned but are in locked authorized containers 4 Burn bags ready for burning the next day are securely stapled numbered and neatly lined up along the bulkhead What is the minimum number of times the dial of a security container must be rotated in the same direction to ensure it is locked Five Two Three Four mM w DP OL During routine destruction 5 64 of classified material what is the ultimate goal of the destruction 1 To clear files of old material so there is more room for new material Dis To make reconstruction of the material 5 65 impossible de To prevent unauthorized reproduction 4 To destroy the material as quickly as possible What is the most effici
241. l removing the classified 4 23 material from the area complete destruction of the classified material on a phased priority basis or appropriate combinations of these actions The emergency plans should also provide for the protection of classified information in a manner that minimizes the risk of loss of life or injury to AIS personnel The immediate placement of a trained and preinstructed perimeter guard force around the affected area to prevent the removal of classified material is an acceptable means of protecting the classified material This action reduces the risk of casualties Security requirements for the central computer AIS facility area should be commensurate with the highest classified and most restrictive category of information being handled in the AIS If two or more computer systems are located in the same controlled area the equipment comprising each system may be located so that direct personnel access if appropriate is limited to a specific system Boundary Protection The threat analysis may indicate the need to protect the property boundary of the AIS facility This maybe accomplished by installing fences or other physical barriers outside lighting or perimeter intrusion detectors or by using a patrol force Often a combination of two or more of these will be sufficient Fences should be 8 feet high with three strands of barbed wire Fences provide crowd control deter casual trespassers and help in co
242. l policy or when politically sensitive information is to be passed only to a particular individual The classification line would then contain the name of that individual For example a Secret message destined exclusively for Admiral W T Door would read SECRET SPECAT EXCLUSIVE FOR ADM W T DOOR N00000 SEF messages are reserved for use by flag officers and officers in a command status These messages are not intended for use in operational matters and they may not be readdressed nor referenced in other narrative messages SPECAT messages are handled only by those personnel who are authorized to view them as approved in writing by the commanding officer NAVAL WARFARE PUBLICATIONS LIBRARY The naval warfare publications library NWPL is the designation assigned to that group of communications and operational publications designated as part of the publication allowance for the command These publications contain required procedures signals and other information of an operational or mission essential nature They may also include information involving safety The NWPL provides for the central administration and maintenance of communications and operational publications These publications include but are not limited to e Naval telecommunications publications NTPs e Naval warfare publications NWPs e Fleet exercise publications FXPs Allied tactical publications ATPs Allied exercise publications AXPs
243. le who are objective If only one AIS facility is to be inspected the members of the team can be assigned for the term of the inspection and then returned to their normal jobs If there are many AIS facilities under the jurisdiction of the command it might be advisable to establish a permanent inspection team to review all facilities on a recurring basis In any event the composition of the team should be changed periodically to bring in fresh viewpoints and new and different inspection techniques THE INSPECTION PLAN A comprehensive inspection plan must be developed to properly conduct an internal inspection of security It should be action oriented listing actions to be performed The plan must be tailored to the particular facility It should include the report and report formatting requirement and the distribution of the final report This means quite a bit of work is required in its development The first step is to examine the security policy for the AIS facility This policy may apply to an entire naval district a command a ship a department or a single AIS facility In any case the security policy should be reviewed and pertinent security objectives extracted for subsequent investigation The next step is to review the risk analysis plan identifying those vulnerabilities that are significant for the particular facility Third the AIS Facility Security Manual the Operations Manual and other appropriate documents should
244. lems inform the software manufacturer of the problem giving as much information as possible Normanlly the manufacturer will tell you how to correct the problem over the phone or if the problem will be corrected with the release of the next version of the program For hardware it is usually covered by either a maintenance contract or manufacturer s warranty With a maintenance contract you will follow the instructions for repair as outlined in the contract The owner s manual of equipment covered by a manufacturer s warranty will have a phone number to contact a repair technician SOFTWARE TROUBLE REPORTS Normally the trouble reports for the software are submitted by that subsystem s coordinator after notifying the AIS facility Some of the most common trouble reports for software include the following e Monthly files are not being cleared at the beginning of the new month e Report titles are wrong e Bad data was entered into a file and cannot be removed through normal procedures HARDWARE TROUBLE REPORTS It is the AIS facility s responsibility to submit the trouble reports on system hardware problems The common reasons for hardware trouble reports include the following 1 26 e A file has become corrupted and no good save tapes are available to rebuild the file e The system keeps hitting 100 percent of capacity and locks up e The system keeps dropping I O channels If the hardware problem can b
245. loss of assets Physical destruction Data compromise Theft of information Hs CG N e Reducing the probability of some occurrence by altering the environment could be accomplished in which of the following ways ii Implementing more rigorous standards for programming and software testing Zi Preparing a backup system for offsite operations I Providing MbLlitary guards and special door LOCKS 4 Relocating the AIS Paci Ley Which of the following is an EDU example of erecting barriers to ward off a threat L Implementing more rigorous sslandards Tor programming and software testing Doe Preparing a backup system for offsite operations 3s Providing military JSF guards and special door LOCKS 4 Relocating the AIS facility When selecting a specific remedial measure a total of how many criteria should be used l One A Ls Two 3 Three 4 Four Which of the following is one possible way to select a remedial measure to minimize a threat l Begin with the threat having the largest annual loss potential Dis Begin with only those measures for which the cost can be estimated precisely De Begin with only those remedial measures that would not cause a loss apy reduction in the same area 4 Begin with the remedial measures for which the annual cost is more than the expected reduction in annual loss 34 All but which of the following events tends to have the same basic effect as the others on AIS operat
246. lters and voltage regulates the resulting direct current and applies it to the AIS circuitry The filtering and regulation cannot be expected to eliminate voltage variations beyond a reasonable range If line voltage is 90 percent or less of nominal for more than 4 milliseconds or 120 percent or more of nominal for more than 16 milliseconds excessive fluctuations can be expected in the dc voltage applied to the hardware circuitry This power fluctuation causes unpredictable results on hardware logic and data transfer These power line fluctuations referred to as transients are usually caused by inclement weather Internally generated transients depend on the configuration of power distribution inside the AIS facility The effects of internal transients can be minimize by isolating the AIS hardware from other facility loads Ideally the computer area power distribution panels should be connected directly to the primary feeders and should not share step down transformers with other high load equipment The risk analysis should include a complete power transient and failure study It should also carefully consider the projected growth in particularly sensitive applications such as real time or teleprocessing in projecting future loss potential In some cases it may be economically feasible to connect the AIS facility to more than one utility feeder via a transfer switch If one feeder fails the facility s load may be transferred
247. ly changed element of a cryptosystem A secondary cryptovariable is one that permits change of circuit operation without altering the basic equipment A secondary cryptovariable must also be used in conjunction with appropriate primary variables The commanding officer 1s responsible for ensuring that personnel are thoroughly trained and certified for cryptographic duties This training may be formal or on the job training The CMS custodian is responsible for ensuring that cryptographic operators receive the training necessary to perform these duties and that they meet the following minimum qualifications e Be properly cleared for access to the material with which they will be working e Be authorized by the commanding officer to perform crypto duties and e Be familiar with local crypto procedures TRANSMISSION SECURITY Transmission security results from measures designed to protect transmission from interception and exploitation by means other than cryptographic analysis In the next paragraphs we will discuss specific methods of transmission security COMMUNICATIONS SECURITY COMSEC EQUIPMENT There are numerous types of cryptographic equipment used throughout the Navy However they all perform the same basic function to encipher or decipher a communications signal During secure transmission the cryptoequipment accepts a plain text teleprinter or data signal containing classified information from the classifi
248. major inspection conducted by an outside command an internal inspection or a spot check inspection to review specialized items of interest perhaps as a result of previous inspection reports of findings The distinguishing characteristic 1s that it 1s scheduled in advance with a resultant flurry of preparation by the AIS facilities It motivates cleaning up loose ends but limits what can really be learned from the inspection A surprise inspection is designed to test on a no notice basis certain elements of security and control It should be approved by the commanding officer of the command in charge of the AIS facility It can be accomplished by the command or an external inspection team It can be used to test those elements best reviewed on a surprise basis such as fire response access control and personnel complacency When a scheduled inspection is conducted the first step normally is to interview AIS personnel Generally the first walk through includes interviews with the AIS technical manager Searching questions rather than leading questions should be the rule and the best approach is to allow the interviewee to talk as freely as possible If you are the interviewer ask questions to put the interviewees in the position of probing for their answers For example What is your biggest access control problem not Do your people wear badges Ask how illegal entry or sabotage would be accomplished Do not hesitate to
249. manager can develop measures to use in case of an emergency The guidelines should be similar to the following 1 Notify online users of the service interruption 2 Terminate jobs in progress 3 Rewind and demount magnetic tapes remove disk packs 4 Power down AIS hardware and cover with plastic sheeting or other waterproof material 5 Put tapes disks run books and source documents in a safe place 6 Power down air conditioning equipment If evacuation of work areas is ordered or likely instruct all personnel to RMJA0036 r lae a AA A l lx 1 Estadlisn DOara members et Pob Pl 2 Estimate recovery time a a te Pp i 3 FallUfe mode diidlysi Pp fT AIS hardware e Pop Utility failure Fire flood wind k 4 Loss potential x 5 Emergency response plans 6 Selection of backup modes Pot of 7 Recovery plane me e ed COOP BOARD MEMBERS AIS Technical Manager 00 enter m b Operations Officer AIS User Representatives Upper Management Security Officer Supply Division Public Works Figure 4 12 Organization and tasks for COOP 1 Put working papers and other unclassified material in desks or file cabinets and close them 2 Turn off equipment but leave room lights on 3 Close doors as
250. manner prescribed for classified material outside an AIS environment For additional information consult the Department of the Navy Information and Personnel Security Program Regulation OPNAVINST 5510 1 hereinafter called the Security Manual Security Markings Your activity will have procedures for marking AIS media These are important to protect the media from unauthorized accidental or intentional disclosure modification destruction or loss You can imagine how easy it is to pickup an unmarked tape load it on the tape drive and have whatever is on it recorded over by a program You have probably done this to tapes with your tape cassette recorder player This is why we have mechanical means like tape rings and diskette notches to protect magnetic media These methods combined with clearly marked labels go a long way toward protecting data and programs on magnetic media Let s look at the types of markings the Navy uses for the various types of media for marking classified data MAGNETIC MEDIA Each magnetic tape diskette and disk pack must be externally marked with a stick on label with the overall security classification and a permanently assigned identification number When the tapes diskettes and disk packs are to be declassified by degaussing all external labels indicating the classification must be removed unless the media will be immediately used to store information of the same classification Many installa
251. me PRECEDENCE A delivery time assigned to a mes sage according to the urgency of that message based solely on writer to reader time PRECOMPUTER PROCESSING Ensuring all in puts are received on time PRIORITY PRECEDENCE Identified by the precedence prosign P Delivery time reserved to message for essential information for the conduct of operations in progress Examples of Al 3 use situation reports on position of front where attack is imminent orders to aircraft formation or units to coincide with ground or naval operations Speed of service objective is 1 to 6 hours R RD RESTRICTED DATA Pertains to all data concerned with the design manufacture or use of nuclear weapons or special nuclear material used in energy production REAL TIME PROCESSING A computer proces sing method in which data about a particular event is entered directly into the computer as the event occurs and is immediately processed so it can influence future processing RELEASER A properly designated individual authorized to release messages for transmission in the name of the command or activity RESTRICTED AREA Designated spaces that restrict access and control movement within ROUTINE PRECEDENCE Identified by the precedence prosign R Delivery time assigned to be used for all types of message which does not justify a higher precedence Examples of use administrative logistics or personnel matters Sp
252. mode Dedicated System low Multilevel System high Hm Go N e For processing level I data an AIS system provides the capability of permitting various categories of classified materials to be stored processed and selectively accessed on a concurrent basis by users having differing clearances and need to know The system is said to be in what security mode Control led Undedicated System low Multilevel H4 GW N e What category of AIS media STA is considered temporary in nature and is retained for 180 days or less ie Smooth Lis Working on Finished 4 Intermediate 30 Which of the following categories of AIS media is permanent in nature and is retained for a period of more than 180 days 1 ra 3 4 Smooth Working Finished Intermediate Textbook Assignment A 3 ASSIGNMENT 4 ATS Security through 4 26 In which of the following 4 4 steps in planning an AIS security program will major problem areas be identified i Perform action plans Lee Perform preliminary planning Se Perform a preliminary risk analysis 4 Perform and document a oe detailed risk analysis Which of the following steps in planning an AIS security program allows for review and approval lis Perform action plans Be Perform preliminary planning Si Perform a preliminary 4 6 risk analysis 4 Perform and document a detailed risk analysis A security policy statement should provide which of
253. mputer facility Whenever possible computer equipment is operated within the manufacturer s optimum temperature and humidity range specification Fluctuations in temperature and or humidity over an extended period of time can cause serious damage to the equipment So with that in mind you are probably asking yourself What are the acceptable levels for computer operation Normally you can find this information in the command s standard operating procedures SOPs or you can check with your supervisor If neither are available a safe rule of thumb is a temperature of 72 Fahrenheit 2 and a humidity of 55 5 To maintain a constant temperature and humidity to the computer facility or remote terminal areas keep all doors and windows closed Because temperature and humidity are vitally important to computer performance it is essential that only designated personnel be allowed to regulate these types of environmental controls If your workspace has a recording instrument to monitor the temperature and humidity by all means check it periodically to be sure it is within the prescribed limits If you notice a significant fluctuation up or down notify your supervisor Some devices have built in warning signals a light audible sound or both to warn you of near limit conditions for temperature and or humidity Lighting You are responsible for ensuring that adequate lighting is maintained Be particularly attentiv
254. munications To meet this need the allied communications publications ACPs were developed The ACP series provides communications instructions and procedures essential to conducting combined military operations and communications in which two or more allied nations are involved A Radioman s work often requires familiarity with ACPs JOINT ARMY NAVY AIR FORCE PUBLICATIONS Joint Army Navy Air Force publications JANAPs were developed to coordinate and standardize communications among the U S military services The publication Status of Noncryptographic JANAPs and ACPs JANAP 201 lists the short and long titles content of each publication and the current edition of JANAPs and ACPs NAVAL TELECOMMUNICATIONS PUBLICATIONS Naval telecommunications publications NTPs are the main communications publications in use by the U S Navy Coast Guard and Marine Corps The NTPs include information and guidance from basic communication information NTP 4 to frequency spectrum management NTP 6 and commercial traffic NTP 9 just to name a few areas of communications 2 36 NAVAL WARFARE PUBLICATIONS Naval warfare publications NWPs incorporate the results of fleet tactical development and evaluation programs and fleet and allied NATO experience NWPs also provide information about the tactical capabilities and limitations of equipment and systems NWP 0 NWP 1 01 provides guidance for managing the NWPL and lists the publicat
255. n B may be used once more than once or not at all Specific instructions are given with each set of questions Select the numbers identifying the answers and blacken the appropriate boxes on your answer sheet SAMPLE In answering questions s 3 through s 6 SELECT from column B the department where the shipboard officer in column A functions Responses may be used once more than once or not at all A OFFICER B DEPARTMENT Indicate in this way on your answer sheet s 3 Damage Control Assistant 1 Operations Department s 4 CIC Officer 2 Engineering Department s 5 Disbursing Officer 3 Supply Department s 6 Communications Officer 4 Navigation Department 2 E E E L Ll A Omg OO a i NRTC 111 Textbook Assignment aaa E ASSIGNMENT 1 SATS Administration 123 You are working as an I O control clerk Before accepting a job for processing on the computer you should look over the transmittal form to ensure which of the following criteria is met a All copies have been filed Z All entries are readable and understandable oe All required outputs have been specified 4 All SCL statements are in the proper sequence Computer operations has just informed you that the payroll update a series of 18 jobs is finished and ready for pickup Upon receiving the output you should take what action immediately Use the burster Log the jobs out File the jobs Check the output Products H w
256. n and alarm systems is necessary if they are to be of any value This means the fire detection system should be designed to assure that someone will always be alerted to the fire Typically the computer room staff is expected to respond to an alarm from the AIS facility alarm system A remote alarm should also be located at another point in the building that is occupied at all times such as the lobby guard post security center or building engineer s station This provides a backup response when the computer area is not occupied If there is any possibility the remote alarm point will not be occupied at all times a third alarm point should be located offsite usually at the nearest fire station or the command s fire department for the facility Maintenance Proper maintenance is essential to the fire detection system The nature of smoke detectors is such that nuisance alarms may be caused by dust in the air or other factors Because of this there is a tendency to reduce sensitivity of the detectors to eliminate nuisance alarms with the result that detection of an actual fire may be delayed To ensure proper operation see that qualified personnel a vendor representative building engineer or Public Works Center personnel verify correct operation at the time of installation and at least once each year thereafter Furthermore each fault condition should be corrected immediately Unfortunately a common tendency is to turn off th
257. n easily locating messages in the files When a message is removed from a file it is important that it be refiled as soon as possible The importance of maintaining well kept files and of moderating among the various watch sections cannot be overemphasized Maintaining accurate files and records and observing proper procedures contribute to an efficient shipboard or shore communications organization You should be aware that different ships and stations may do basic procedures in slightly different ways All commands however must conform to the requirements contained in communications operating instructions and publications RETENTION OF FILES Communication logs and files are retained by a communications center for a specified time period as shown inj table 2 1 After the time period indicated the logs and files should be destroyed either by burning or shredding Because of the volume of message traffic processed logs and files can take up significant space in the message center therefore they should be destroyed in a timely manner Table 2 1 Retention Period of Logs and Files FILE LOG RETENTION PERIOD Broadcast Card Central message log Circuit teleprinter Commercial traffic Communications center master Either paper or LDMX NAVCOMPARS journal tapes Cryptocenter file Cryptocenter destruction log Facsimile General Message Intelligence summaries Messages incident to distress or disaster Messages incident
258. n power source may not be noticed in the AIS facility However when the UPS system changes over to the generator it may require a manual power panel setting in the AIS facility by the AIS technical manager AIS FACILITY PHYSICAL PROTECTION The physical protection of the AIS facility can be thought of as the process of permitting access to the facility by authorized persons while denying access to others The physical protection of an AIS facility is not as stringent for an AIS facility that processes unclassified data as it is for an AIS facility that processes classified data In the following example discussion assume the facility processes classified material and provides physical protection in accordance with OPNAVINST 5510 1 and OPNAVINST 5530 14 Pay particular attention to applying physical protection and security policy wherever AIS equipment is used for processing classified information in accordance with OPNAVINST 5239 1 Ensure plans are developed for the protection removal or destruction of classified material in the case of a natural disaster civil disturbance or enemy action The plans should establish detailed procedures and responsibilities for the protection of classified material so that it does not fall into unauthorized hands in the event of an emergency Also indicate what material is to be guarded removed or destroyed An adequate emergency plan for classified material should provide for guarding the materia
259. n team members to reflect on the inspection process Who is responsible for implementing the recommendations received from the inspection 5 40 1 The AIS technical manager De The security officer oF The commanding officer 4 The TYGOM The best approach in assigning responsibilities for corrective action is to summarize each major deficiency on a control sheet outlining which of the following areas Es An executive summary De The action taken or required oe The date the deficiency was discovered 4 The reporting official 47 For any control item that is stall open LE Is recommended that reports be turned in to upper management with what frequency ie Weekly ig Monthly 3 Quarterly 4 Semiannually Which of the following instructions provides guidelines for implementing security safeguards required to implement the Privacy Act of 1974 SECNAVINST S2LI5 SECNAVINST 5239 2 OPNAVINST 5510 1 OPNAVINST 5239 1 H CG N ER Which of the following subsections of the Privacy Act title 5 section 552a requires the use of safeguards to ensure the confidentiality and security of records ie Subsection b Zo Subsection c Js Subsection e 5 4 Subsection e 10 SA A personal data security 5 44 risk assessment benefits a command in all but which of the following ways Le It saves money that might have been wasted on safeguards that do not significantly lower the overall
260. n up to date hard copy data dictionary This dictionary should be the complete inventory of personal data files within the computer facility to account for all obligations and risks Maintenance of Records to Trace the Disposition of Personal Data The following practices are suggested for the maintenance of records Establish procedures for maintaining correct current accounting of all new personal data brought into the computer facility Log each transfer of storage media containing personal data to or from the computer facility Maintain logbooks for terminals used to access personal data by system users Data Processing Practices The following practices are suggested for data processing procedures Use control numbers to account for personal data upon receipt and during input storage and processing Verify the accuracy of the personal data acquisition and entry methods employed Take both regular and unscheduled inventories of all tape and disk storage media to ensure accurate accounting for all personal data Use carefully devised backup procedures for personal data A copy of the data should be kept at a second location if its maintenance 1s required by law Create a records retention timetable covering all personal data and stating minimally the data type the retention period and the authority responsible for making the retention decision After a computer failure check all personal data that was bein
261. nager ISSM 4 6 information systems security officer ISSO 4 7 command security manager 4 7 network security officer NSO 4 7 terminal area security officer TASO 4 7 AIS service request 1 5 AIS threats and risk analysis 4 14 INDEX Annual loss expectancy 4 16 Attacks 4 2 Automated scheduling systems 1 40 B Backup plans 4 3 4 28 Backup operations 4 28 Batch 1 9 1 12 Boundary protection 4 23 BSR 2 24 C CAD 2 18 CIBs 2 36 Classified data 4 10 controlled security mode 4 11 dedicated security mode 4 10 multilevel security mode 4 10 system high security mode 4 10 Classified material 5 6 clearing media and hardware 5 10 handling 5 6 Classified material destruction 5 10 routine 5 10 procedures 5 10 reports 5 10 types 5 10 Classified material destruction types 5 10 burning shredding 5 11 pulverizing disintegrating jettisoning sinking Classified material handling 5 6 SPECAT Top Secret and above 5 8 AIS classified 5 10 Confidential Secret 5 10 INDEX 1 Classified material handling Continued Top Secret 5 8 Top Secret control officer TSCO 5 6 Classified material handling of SPECAT Top Secret and above 5 8 destruction 5 8 verification 5 8 CMS 2 10 CMS alternate 3 2 CMS custodian 2 10 3 2 CMS local holder 3 2 CMS user 3 2 CMS witness 3 2 Command communications organization 2 9 CMS custodian
262. nated by a letter Letters A through M J is omitted designate the eastern or minus zones Letters N through Y designate the western or plus zones The designating letter for GMT is Z ZULU The zone number prefixed by a plus or minus sign constitutes the zone description Zones crossing land areas often follow boundaries natural features or regional demarcations to keep similar or closely related areas within the same zone CONVERTING GMT AND LOCAL TIMES Most countries have adopted the GMT system As a Radioman you will need to be able to convert local time to GMT To do this you must understand the GMT system Figure 2 9 is a chart showing the time zones of the world Refer to the chart as you study the material in the next paragraphs To illustrate converting local time to GMT assume that we are in zone R and the local time is 1000R 10 a m Referring to the time chart in figure 2 9 you can see that zone R lies west in longitude from zone zero and is designated plus 5 Therefore we add 5 hours to the local time 1000 to find that GMT is 1500Z To convert GMT to local time we reverse the process and subtract 5 hours from the GMT 1500Z to obtain LOOOR The U S military services use the 24 hour system to express time in four digit groups The first two digits of a group denote the hour and the second two digits the minutes Thus 6 30 a m becomes 0630 noon is 1200 and 6 30 p m is 1830 Midnight is expressed a
263. nd doing the nightly saves You will have to develop the workload schedule by reviewing the monthly schedule and combining it with any newer information The input output requirements will have to be reviewed and you will need to be ready to make changes to the schedule based on unforeseen events System Input Output Requirements Before a job is started certain input and output requirements must be met The I O control clerk must review the production workload schedule to see which job is to be run Then the clerk must look at the job run folder to make sure that all the input files are available and all the necessary output media is readily available e Input requirements If the job requires tapes or disk files as input the I O control clerk will check with the media librarian to see if these files are ready and available And if they are not ready when they will be available for the job In some cases it maybe necessary to reschedule a job while waiting for the input Output requirements The job may require special forms or multipart paper to be printed The I O control clerk will check the job run folder to see if the job will require any special forms and then check to see that they are available The production control coordinator will have looked at the requirements when the monthly schedule was developed to allow enough time to order the forms The job may produce output tapes or diskettes requiring the I O control cl
264. nd plan Once you have ironed out all the wrinkles and prepared a smooth schedule you will submit it up the chain of command for approval Once approved you will distribute the schedules to the various functional work areas THE BENEFITS OF SCHEDULING What are some of the benefits of having a schedule scheduling system in place One answer is PREDICT ABILITY A scheduling system makes everyone s job easier by adding predictability to the AIS environment To your superiors it provides a means of holding down costs through better use of personnel and equipment Other possible benefits of scheduling areas follows e Effective use of all AIS resources e Increased throughput e Decreased turnaround time User deadlines met Users made responsible for providing input on schedule Improved communications with users Avoidance of overloading and underuse of resources Job delays more readily apparent Documentation of scheduling deviations and their causes Reduced confusion within the AIS facility Better use of multiprogramming capabilities AIS facility able to review its own effectiveness Predictability of the effects of an increased workload and Predictability of future equipment and personnel needs 1 13 All of these benefits can be achieved through an effective scheduling system THE SCHEDULING PROCESS The scheduling process has three moving parts you the information and the method Let s look a
265. ned by the CWO COMMUNICATIONS CENTER SUPER VISOR The communications center supervisor 1s responsible to the CWO and SWS for e Supervising message processing and circuit Operations e Directly supervising all radiomen on watch in the message processing center and e Notifying the CWO and SWS on all matters of an unusual or urgent nature TECHNICAL CONTROL SUPERVISOR The technical control tech control supervisor is responsible to the CWO for e Establishing and maintaining required circuits and initiating action to restore or bypass failed equipment e Ensuring that quality monitoring and control procedures are used on all systems e Maintaining the status board showing pertinent information on all equipment nets and circuits in use and e Directly supervising all personnel assigned to technical control and transmitter room spaces Command Ship Communications The term flagship is sometimes used instead of command ship but means the same thing Either term means that a group squadron or division commander is embarked on board thereby making that vessel the flagship or command ship We mentioned earlier that in flagships the embarked commander assumes responsibility for communications functions The flag communications officer is responsible for ship and flag communications requirements However the internal routing of message traffic remains the responsibility of the commanding offi
266. need to answer questions and make decisions concerning the system If the users are kept informed they won t be as apt to keep calling the operators when the operators are busy trying to get the system back up and running In notifying the maintenance technicians whether hardware or software you need to tell them what you were doing exactly what happened and what you have tried to do to fix the problem Adjust staffing when possible Adjusting staffing works in two ways If the system 1s going to be down for an extended period of time it is a waste to keep all the operators there with nothing to do Likewise there are times when additional expertise will have to be brought in to help get the system up and running Either way this will be your decision as the AIS facility manager You will have to analyze the situation and decide what skills are needed to solve a problem who has the skills who is available how many personnel are needed and so on EMERGENCY URGENT CHANGE REQUESTS Occasionally the best laid plans will have to be changed One of these times is when an emergency urgent change request priority job comes in Normally there is a good reason for each emergency urgent change request These change requests cover both application and system programs For application programs some reasons for urgent change requests are a special report needed for a meeting last minute corrections before starting a monthly or yea
267. nel They also condition clean retire store and transfer magnetic media to off site storage and other outside activities TECHNICAL SUPPORT personnel provide scheduling and production control with technical support as needed to resolve production problems They examine problems that occur during production to determine if errors were caused by hardware or system applications software Then they initiate corrective action with computer operations and or scheduling By charting all AIS facility functions and defining their interrelationships you as scheduler are able to create a workflow diagram for your particular scheduling environment It will help you to decide which functions and fictional areas require scheduling and which do not Now that you have some idea of how the work flows in and about and out of the AIS facility let s see how you as a scheduler fit into the picture Normally the users get together with the division chief LPO and yourself as scheduler to make their requests for AIS services known for the upcoming month s This initial scheduling phase is known as the planning phase or forecasting phase By knowing these workload demands early more time is available to determine where excessive demands and inadequate demands are being made on resources To put it another way the forecasting phase allows everyone to see where there may be an overloading or underloading of AIS resources As the users go ab
268. ng 40 Which of the following facts are used by the AIS technical manager to evaluate existing access controls and protection measures i The schedule of alarm tests Za The design of the alarm system Fa The number and location of manned posts 4 The distance between the manned posts and the building Which of the following items are prepared and executed for the accomplishment of the command s specific mission i Operation plans only Operation plans and the command s organizational manual Su Emergency response plans only 4 Emergency response plans and the command s organizational manual A total of how many different types of contingency plans make up a COOP security plan One Two Three Four A GW N e The risk analysis should be reviewed by which of the following people Production Control Cierk Response team Technical manager Upper management A CO N pa 41 Textbook Assignment ASSIGNMENT gt ATS Security through 4 40 EMEOUOA a The AIS technical manager 5 4 can develop measures to use in case of emergency by reviewing operations and records with which of the following personnel l Production control clerk Zi Response team members EN Shift leaders 4 Users Pe All personnel should be instructed to take which of the following security measures if an evacuation of work areas is ordered i Secure classified material in desks or file cabinets 2 Turn
269. ng and rescheduling dependent jobs may seem like an easy task to perform However in reality it can become a complex and difficult operation And finally we have priorities and deadlines to consider Some scheduling methods place primary importance on priority Each job is assigned a priority and the jobs are processed according to the highest priority job that can be scheduled based on available resources Priority scheduling is often used in automated scheduling systems Some scheduling methods place primary importance on deadlines processing jobs according to the earliest deadline or sometimes latest deadline When you prepare a schedule remember to take into account job requirements that include the following e Data entry e Job setup and output control functions Computer processing time Resource requirements Operating environment Job dependencies Job priorities and Deadlines 1 16 Now that we have covered job related information we will discuss AIS facility related areas and how these can affect your production schedule You may recall that to prepare an effective sched ule you must know your AIS facility s resources how work comes into flows through and leaves your facil ity the capabilities and capacities of your system and workload demands on the system As a scheduler your goal is to match resource capacities people places and things to workload demands while satisfying user deadlines and
270. ng forces Naval communications must also satisfy the requirements of the Defense Communications System DCS and the National Communications System NCS 2 2 Naval communications must always be ready to shift to the requirements of wartime Our peacetime organization and training must be capable of making this shift rapidly and with a minimum of changes Without this capability our forces would be severely handicapped and vital defense information would never reach its destination For this reason we have a well defined communications structure with responsibilities assigned to each element from the Chief of Naval Operations CNO down to individual fleet units POLICY OF NAVAL COMMUNICATIONS The policy of naval communications is to e Establish and maintain effective communica tions within the Department of the Navy Encourage at all levels of command an effort to improve techniques procedures and efficiency Cooperate with the military services Defense Information Systems Agency DISA and other departments and agencies of the U S Government and allied nations Encourage development of the amateur and commercial communications activities of the United States to enhance their military value and to safeguard the interests of the nation and Promote the safety of life at sea and in the air by maintaining communications facilities with the U S Merchant Marine aircraft over sea and appropriate U S and foreign
271. nications Security Material System CMS destruction 3 8 complete 3 9 Communications Security Material System CMS destruction Continued emergency 3 8 precautionary 3 8 5 12 routine 3 8 verify 3 9 Communications Security Material System CMS precautionary destruction 3 8 keying 3 9 nonessential 3 9 Communications watch officer CWO 2 10 Compromising emanations 3 1 5 1 Computer operations 1 4 1 10 Contingency planl 1 14 1 26l 4 4 4 26 Contingency planning 4 26 COOP backup planning 4 28 COOP testing 4 30 emergency response planning 4 26 recovery planning 4 29 COOPL_ 4 26 backup planning 4 28 testing 4 30 Countermeasures 4 4 administrative controls 4 4 managerial controls 4 4 physical controls 4 4 technical controls 4 4 Cryptographic operations 3 10 crypto 3 10 cryptoinformation 3 10 cryptomaterial 3 10 crypto related information 3 10 cryptosystem 3 11 cryptovariables 3 11 responsibilities 3 11 terms 3 10 Cryptosecurity 3 1 operations and requirements 3 1 Customer user reports 1 21 CWOo 2 10 D Data 4 6 INDEX 3 Data entry 1 2 1 6 1 12 Data privacy 4 33 identification techniques information management practices 4 37 personal data risk assessment 4 36 personal data security risks 4 36 Data protection measures 4 10 classified data 4 10 sensitive unclassified data 4 11 unclassified
272. nly carbon dioxide or inert gas fire extinguishers on electrical fires One final note Experience has shown repeatedly that prompt detection is a major factor in limiting the amount of fire damage Computer areas require a fire detection system capable of early warning and with an automatic fire extinguishing system Hardware Protection Hardware security is defined in the Department of the Navy Automatic Data Processing Security Program OPNAVINST 5239 1 as Computer equipment features or devices used in an AIS system to preclude unauthorized accidental or intentional modification disclosure or destruction of AIS resources DATA PROTECTION MEASURES FIPS Federal Information Processing Standards PUB 39 Glossary for Computer Systems Security defines data security as The protection of data from unauthorized accidental or intentional modification destruction or disclosure We are always concerned with the integrity of data 1s the data the same as that in the source documents We want to ensure that the data has not been exposed to accidental or intentional modification disclosure or destruction Depending on the type of data being processed the other users with access to the system and the technical features of the system to provide the needed safeguards the system may have to operate in a specific security mode If your command processes classified and or sensitive unclassified data it must abide by
273. nspec tions visibility and reporting systems and is neither a part of nor a substitute for any level of management What can an inspection be expected to accomplish First it evaluates security controls for the AIS facility Second it provides each level of management an Opportunity to improve and update its security program Third it provides the impetus to keep workers and management from becoming complacent Fourth if done effectively it tends to uncover areas of vulnerability Remember risks change and new threats arise as systems mature Major factors to consider in determining the frequency of internal inspections include the frequency of external inspections the rate of change of the AIS the amount and adequacy of controls the threats that face the facility the results of previous inspections and the directions of higher authority Inspection activity direction and implementation are usually at the discretion of the commanding officer of the command with jurisdiction over the AIS facility INSPECTION PREPARATION The inspection should be conducted by some department or facility outside the span of control of the AIS technical manager One of the main principles in selecting an inspection team 1s that members should not be responsible for AIS operations Team members should have some knowledge of data processing and 1f possible basic inspection principles A programming or AIS operations background is desirable bu
274. ntrolling access to the entrances however they do not stop the determined intruder In situations where manpower shortages exist the fence can be equipped with penetration sensors that should sound an internal alarm only This type of physical protection system uses small sensors mounted at intervals on the fence and at each gate Emanations Protection In evaluating the need for perimeter protection take into account the possibility that electromagnetic or acoustic emanations from AIS hardware may be intercepted Tests show that interception and interpretation of such emanations may be possible under the right conditions by technically qualified persons using generally available hardware As a rule of thumb interception of electromagnetic emanations beyond 325 yards is very difficult However if there is reason to believe that a potential exposure to interception exists seek technical guidance from upper management and the Chief of Naval Operations Measures to control compromising emanations are subject to approval under the provisions of Control of Compromising Emanations DOD Directive C5200 19 by the cognizant authority of the component approving security features of the AIS system Application of these measures within industrial AIS systems is only at the direction of the contracting activity concerned under provisions of the Security Requirements for Automated Information Systems AIS s DOD Directive 5200 28 and the r
275. o N o a g 3 E Es gt g a 0 8 8 g Y i 4284 5 Pp ME Ca Pe A ia 0 2 S m D g Gal 2 VD g Oo E 7 o E 177 band 3 pu 3 fan RP a record of destruct T ri a rmation Security Program a Ww Secret Control Officer amt ad ified material described below has been and Op stroyed in accordance with regulations established by the M Nam The class ORIGINATOR ignature Rank Rate Grade Report 10n Destruct la ed Mater fi Classi 1 5 igure F 5 9 A continuous chain of receipts for Top Secret material must be maintained Moreover a Record of Disclosure OPNAV form 5511 13 for Top Secret material is attached to each document that circulates within a command or activity Each person having knowledge of the contents of a Top Secret document must sign the attached Record of Disclosure Top Secret messages documents and publications must be stored in a security container separate from those classified Secret and below HANDLING SECRET MATERIAL Every command is required to establish administrative procedures for recording all Secret material originated and received These administrative procedures as a minimum must include a system of accountability for Secret matter distributed or routed within the command such as a communications log Accounting of Secret material may or may not be centralized Unlike Top Secret material Se
276. o save on operating cost CONTINGENCY PLANNING Operation plans and the command s organizational manual are prepared and executed for the accomplishment of the command s specific mission These operation plans assume normal working conditions the availability of command resources and personnel and a normal working atmosphere Despite careful use of preventive measures there is always some likelihood that events will occur that could prevent normal operations and interfere with the command accomplishing its mission For this reason contingency plans are included in the AIS security program For the purpose of this chapter we refer to these contingency plans as the Continuity of Operations Plan COOP Three different types of contingency plans makeup a COOP security program for an AIS facility e Emergency response There should be procedures for response to emergencies such as fire flood civil commotion natural disasters bomb threats and enemy attack to protect lives limit the damage to naval property and minimize the impact on AIS operations e Backup operations Backup operation plans are prepared to ensure essential tasks as identified by the risk analysis can be completed subsequent to disruption of the AIS and that Operations continue until the facility is sufficiently restored or completely relocated e Recovery Recovery plans should be made to permit smooth rapid restoration of the AIS facility following
277. of communications security described various cryptosystems and familiarized you with the procedures and methods of transmission security As a Radioman you have a two fold job concerning security The first of course is to properly perform your duties within general security guidelines Security guidelines pertain to everyone in every official capacity Second you must also perform your duties in such a manner as to protect the integrity and overall value of secure communications Security violations result from bad personal habits security indifference occupational fatigue or ignorance of established regulations When security violations occur in installations located in foreign countries the violations become more serious because of an activity s greater vulnerability to hostile exploitation With respect to COMSEC security violations could prove costly Security precautions mentioned in this chapter do not guarantee complete protection nor do they attempt to meet every conceivable situation Anyone who adopts a commonsense outlook can however solve most security problems and gain a knowledge of basic security regulations For information on local security rules study your command s security regulations CHAPTER 4 AIS SECURITY LEARNING OBJECTIVES Upon completing this chapter you should be able to do the following Identify the procedures for issuing and updating user identification and passwords and for val
278. of loss or abuse from an adverse event overtime We first ask What is the value of the AIS asset that will be abused or that we will lose if a given successful attack or adverse event occurs Then we ask How often can we expect that particular attack or event to occur Remember the successful attack or adverse event results from a particular threat exploiting a particular vulnerability It is very specific reasoning The greater the value of the AIS asset and the more likely the successfid attack or adverse event the greater the risk Figure 4 3 shows this risk analysis concept Risks are usually expressed in terms of dollars per year the annual loss expectancy Countermeasures Once the threats and vulnerabilities are known and the likelihood and risk of a successful attack or an adverse event are determined a plan is developed to set up countermeasures controls to lessen or eliminate the vulnerabilities If you have a countermeasure you have a protected vulnerability If you have an unprotected vulnerability you do not have a countermeasure Some countermeasures help us prevent adverse events whereas others detect adverse events We have measures to minimize the effects of successful attacks or adverse events We also have measures called contingency plans to recover from a successful attack or an adverse event Figure 4 4 gives an example of each type of security measure strategy as 1t relates to fire loss Figu
279. of the United States in general and of naval operation in particular depends upon the safeguarding of classified information As a Radioman you will learn information of vital importance to both the military and the nation At times vast amounts of classified message information will pass through your hands 5 1 You must be security conscious to the point that you automatically exercise proper discretion in the discharge of your duties In this way security of classified information becomes a natural element of every task and not an additionally imposed burden RECIPIENT S IDENTIFICATION AND CLEARANCE Identification may be provided with the member military identification card command identification cards or badges Normally local standard operating procedures cover the individual command s requirements Guidelines for identification and access are contained in the Department of the Navy Information and Personnel Security Program Regulation OPNAVINST 5510 1 hereinafter called the Security Manual e Military identification cards are required to be carried by all active duty military They aid only in recognizing the individual not access or clearance A command identification card badge assists 1n identifying the level of security clearance of the holder or where the holder is authorized to enter These cards badges are only an aid and may not be used as the basis for granting access to information or areas A pers
280. ographic address groups Liz individual acelvity address groups Zo Collective address groups om Conjunctive address groups 4 Address indicating groups What is the purpose of address indicating groups AIGs dy To reduce the number of address groups required in the heading of a message vies To convey special instructions in the heading of a message or To provide an alternate address group in the event that the primary address group is compromised 4 To locate the originator of a message geographically A single address group that represents a set of four or more activities including the cognizant authority is known by what term l Conjunctive address group ve Collective address group Sa Collective address desiqnator 4 Call sign The Navy uses GMT as a LO common 24 hour worldwide time standard in messages for the date time group and time of file What does GMT stand for General Master Time Greenwich Master Time Global Mean Time A G N Fe The world is divided into what total number of GMT time zones 6 EZ 24 48 DWN pp The time zone which passes through Greenwich England is most commonly known by ene Ae what term ls GREEN time zone Zai ROMEO time zone oF YANKEE time zone 4 ZULU time zone If you were stationed in 2 53 time zone ROMEO how would you convert a local time to GMT and b GMT to local time Da ar Subtract 5 hours from local time b
281. ommunications equipment that uses a portion of the frequency spectrum until what is obtained 1 Frequency usage estimate 2 A frequency allocation os A spectrum study 4 An FCC recommendation 20 359 In the Navy what organization authorizes frequency assignment applications l The United States Military Communications Electronics Board USMCEB ae The National Telecommunications and Information Administration NTIA a The Joint Chiefs of Start 4 The Naval Electromagnetic Spectrum Center NAVEMSCEN Who is authorized to send PERSONAL FOR messages l EST military Or GS civilian or above de Officers of flag rank or in a command status only ER All officers 4 Anyone who needs to send a personal message What is contained in the publications in the NWPL l Manning plans battle organizations and future deployment schedules La Awards information maintenance schedules and supply information F Required procedures signals and other operational and mission essential information 4 Operational requirements battle organizations anad deployment schedules PA What is the objective of the central administration of the NWPL Px To ensure that the publications in the NWPL are correct and readily avail able for use LA To ensure that personnel have a place to study for advancement 9 To ensure that personnel have access to publications and periodicals on the latest technology 4
282. omponents a head crash on a disk drive dirty read write heads on tape drives and so on Remember the key word is to protect all AIS assets WARNING Should your equipment be exposed to water do not turn it on until it has been thoroughly checked out by qualified maintenance personnel Power Supply Protection Your computer facility and remote terminal areas require adequate power Variations in electrical power can affect the operation of computer equipment Most computer equipment is designed in such away that it is able to rectify the incoming ac current filter it and regulate the resulting dc current before it is applied to the computer circuitry However this filtering and regulation cannot be expected to eliminate voltage variations beyond a reasonable range Power fluctuations can cause unpredictable results on hardware logic and data transfer Should your system encounter such fluctuations it is highly recommended that the equipment be shut down at once until the problem is corrected 4 9 Some computer systems are equipped with an uninterrupted power source UPS A UPS provides the auxiliary power for your equipment that may be required if your command s mission dictates continuous AIS support to fulfill its obligations or if your computer system is in an area where there are frequent brownouts Auxiliary power should be checked on a periodic basis Fire Protection Fire protection is one of the major el
283. on addressees and 35 information addressees Since a single AIG AIG 31 is used 65 call signs and address groups are eliminated from the heading of the message AIGs are normally created when particular types of message traffic become repetitive enough at least 12 times a year and are addressed to enough of the same addressees to warrant it Among such message traffic are Alerts air defense warnings operational or emergency actions and so forth Destructive weather warnings such as hurricanes and typhoons Logistical transactions and reports Intelligence summaries Movement reports such as aircraft ships and personnel and Notices to airmen NOTAMS A point for you to remember is that an AIG will not be established for groups of addressees numbering fewer than 16 A complete listing of AIGs by number cognizant authority and purpose is contained in U S Navy Address Indicating Group AIG and Collective Address Designator CAD Handbook NTP 3 SUPP 1 A partial listing of AIGs along with specific action and information addressees can be found in ACP 100 U S SUPP 1 Special Operating Groups Special operating groups SOGs are four letter groups that are identical in appearance to address groups SOGs are provided for use in the headings of messages to give special instructions However SOGs are not used unless specifically authorized by CNO They must always be encrypted SOGs may be used singly or with enc
284. on approval authority considers the type of service the item will provide and the classification of the emission This authority also enforces rules and regulations and compliance with technical standards The approval authority also ensures the compatibility of emerging equipment with other equipment operating in the same electromagnetic environment Interservice frequency coordination is another important consideration It reduces the potential for harmful inteference if more than one service develops similar items that will operate in the same band The coordination is the responsibility of the Chief of Naval Operations CNO working through the United States Military Communications Electronics Board USMCEB Frequency Assignment Frequency assignment is the process of authorizing a system or equipment to operate on a discrete frequency or frequencies and within a specified set of constraints Examples of constraints are power emission bandwidth location of antennas and Operating time Authority for using radio frequencies by Navy and Marine Corps activities within the United States and Possessions US amp P is obtained from the Administrator National Telecommunications and Information Administration NTIA Washington D C The CNO establishes overall policy for spectrum management within the Department of the Navy Authority for using radio frequencies by Navy and Marine Corps activities within the area of responsibility
285. onnel security clearance will be issued to an individual by the Department of the Navy Central Adjudication Facility DONCAR or other designated clearance authority with favorable completion of required paperwork in accordance with the Security Manual A copy of OPNAV 5510 413 Clearance Report will be filed in the member s permanent service record and in the security officer s files CONTROL OF COMPROMISING EMANATIONS TEMPEST Compromising emanations CE referred to as TEMPEST are unintentional data related or intelligence bearing signals If these signals are intercepted and analyzed they could disclose the information transmitted received handled or otherwise processed by electrical information processing equipment or systems Any electrical information processing device whether an ordinary electric typewriter or a large complex data processor may emit compromising emanations TEMPEST VULNERABILITY ASSESSMENT TVA The vulnerability of a ship aircraft shore station transportable equipment or a contractor facility is determined by a TEMPEST Vulnerability Assessment This assessment includes each of the following factors which together create vulnerability Susceptibility The probability that TEM PEST signals exist and are open to exploita tion Environment The primary environmental considerations are the geographical location of a ship aircraft shore station or contractor facility physic
286. ons vee Times when system was idle ce Backlog of jobs to be A 4 Times when system seems slow The amount of information you include in an AIS report should NOT exceed whose requirements User s Supervisor s Facility manager s Upper management s m GW N e Which of the following items is NOT required in an ASDP ile Outline of the need 2 Prediction of the future need Je Summary of the selected FIP resource solution 4 Summary of the projected costs Downtime reported on the hardware utilization report includes which of the following types of downtime ies Whole system only Ue Each piece of equipment only du Whole system and each piece of equipment as appropriate 4 Equipment awaiting installation Hardware under utilization can be measured by excessive idle time i True 2 False LEO Which of the following bod Situations is NOT usually a cause of application software aborts L File corrupted A File not available de Job run in sequence 4 Out of free disk space Which of the following T01 reports are good sources for determining what performance tuning techniques to implement 1 Hardware and software projection Zi Application software performance oe Hardware utilization 1 6 6 4 Operating system software With average program mixes cache memory can yield what percent increase in processing speed ie 30 2 40 3 505 4 60 I You can make all b
287. ons Security chapter 3 pages 3 L through 3 12 AIS Security chapter 4 pages 4 1 through 4 12 Y ls If you desire to delete an AR Which of the following existing DCS circuit you constraints should be should submit what type of considered when a frequency request assignment is authorized dig An AUTODIN deletion E Power emission request bandwidth location of 2 A telecommunications antennas and operating service request time 3 A DCA circular request 2 Power receiver 4 A technical control LOCations and service request atmospheric conditions ce Bandwidth sidebands a Requirements for new harmonics and power telecommunications services requirements should be defined and 4 Power harmonics and REF submitted what minimum time hazards to personnel in advance 326 What authority grants Navy 1 L yr and Marine Corps activities vig 2 Ve within the U S permission Js LNE to use radio frequencies 4 6 mo i Naval Electromagnetic E What does a TSO authorize Spectrum Center NAVEMSCEN lg Funding to begin basic l National circuit design Telecommunications and Ds Starting changing Or Information diScoOntinainag CITCULTS Administration NTIA T Procurement of specific 3s United States Military devices or ancillary Communications equipment Electronics Board 4 Both 2 and 3 above USMCEB 4 Chief of Naval S da Navy funds cannot be Operations CNO obligated for developing or procuring c
288. ons and crypto personnel will reduce the number of service messages required Service messages are normally prepared in abbreviated plaindress format and may be assigned sequential reference numbers We discuss plaindress messages later in this chapter The service message number immediately follows the abbreviation SVC in the message text If used sequential service reference numbers may continue throughout the calendar year When you reply to a service message received with a reference number the text of the reply should refer to the number For example UNCLAS SVC N00000 ZUI SVC 0245 RUEDCSA1234 1921600 This example is a service message inviting attention ZUD to a previous service message with a reference number of 0245 Occasionally you will see the acronym COSIR in a service message text which means Cite Our Service in Reply Authorized operating signals are used to the greatest extent possible in service messages but clarity must not be sacrificed for brevity The security classification 1s the first word of all service message text This is followed by the abbreviation SVC If the service message requires special handling the special handling designator follows the security classification For example UNCLAS SVC or SECRET SPECAT SIOP ESI SVC A service message may quote the textual content of a classified message or refer to the classified message in a manner that reveals textual content In this c
289. operations and supervision of personnel responsible to the SWS when assigned AT 1 COMMSHIFT A message sent to a NCTAMS to move its guard from one broadcast or servicing communications center to another COMMSPOT A report to advise of any situation that might cause significant disruption to tactical communications COMNAVCOMTELCOM COMMANDER NAVAL COMPUTER AND TELECOM MUNICATIONSCOMMAND Headquarters for all naval shore based communications CONTINGENCY PLANS Backup plans for the continuation of an activity s mission during abnormal operating conditions CWO COMMUNICATIONS WATCH OF FICER Responsible for the efficient running of the watch including equipment and person nel responsible to the communications officer D DRAFTER The person who actually composes a message for transmission DTG DATE TIME GROUP A method of assigning a date and time to message traffic consisting of six digits two each to represent date hour and minutes begins at the start of each new day at 0001Z E EA ELECTRONIC ATTACK Involves actions taken to prevent or reduce an enemy s effective use of the electromagnetic spectrum EA replaces electronic countermeasures ECM ELECTROMAGNETIC SPECTRUM The natural vibrations that occur when a force is applied to a substance These vibrations occur with various speeds and intensities The speed at which they occur is called frequency and the distance betwe
290. or under direct supervision CARE DURING WORKING HOURS Every Radioman must take the necessary precautions to prevent access to classified information by unauthorized persons These precautions include e When removed from storage for working purposes classified documents must be kept under constant surveillance or face down or covered when not in use Preliminary drafts carbon sheets plates stencils notes work sheets and all similar items containing classified information require special precautions They must be either destroyed immediately after they have served their purpose or given the same classification and safeguarded in the same manner as the classified material produced from them Typewriter ribbons used in typing classified material must be protected in the same manner as the highest level of classification for which they have been used Fabric typewriter ribbons may be considered as unclassified when both the upper and lower sections have been recycled through the machine five times in the course of regular typing Those ribbons that are classified must be destroyed as classified waste CARE AFTER WORKING HOURS At the close of each watch or working day all classified material that is passed from watch to watch must be properly inventoried Custody is then transferred to the relieving watch supervisor All other classified material must be locked in an approved security container A system of security checks
291. ormation on paragraph subparagraph and document markings HANDLING AND STORAGE OF CLASSIFIED MATERIAL Classified messages must be provided accounting and control procedures that correspond to their assigned classification Accounting and control of classified messages serve the following functions e Limit dissemination e Prevent unnecessary reproduction and e Determine the office or person normally responsible for the security of the material With Top Secret messages it is also important to keep a current record of who has the information and who has seen it Since distinctions are made among the three levels of classification distinctions are also made in the degree of accountability and control Within each command specific control and accountability procedures are established to ensure that classified material is properly controlled and that access is limited only to cleared personnel SECURITY PERSONNEL To control classified information with maximum efficiency the commanding officer designates a security manager usually an officer The security manager is responsible for the command s overall security program which includes the security of classified information personnel security and the command s security education program In addition the commanding officer usually appoints a Top Secret Control Officer TSCO The TSCO is responsible for the receipt custody accounting and disposition of Top Secret
292. oss control team Roving guard patrol Intrusion detectors Personnel screening On site power generator Backup plan Hurricane Sabotage X be noted At this point there exists a matrix of individual threats and remedial measures with estimates of loss reductions and costs and thus an estimate of the net saving This is shown graphically i For each threat A B C and D the estimated loss reduction column 1 the cost of the remedial measure column 2 and the net loss reduction column 3 are given in thousands of dollars By applying remedial measure J to threat A at a cost of 9 000 a loss reduction of 20 000 can be expected a net saving of 1 1 000 Furthermore remedial measure J will reduce the threat B loss by 10 000 at no additional cost and the threat C loss by 4 000 at an added cost of only 1 000 Finally though it appears that it would cost more than it would save to apply J to threat D Therefore J would not be implemented for D The net loss reduction from J could be expressed as J A B amp C 11 10 8 24 000 net loss reduction The table indicates that J and K have the same reduction effect on threat A Since K costs more than J it might at first glance be reyected However K A B C amp D 5 12 6 2 25 000 net loss reduction and J A B amp C K A B C amp D 4 224 9 2 29 000 net loss reduction Therefore while J and K are equally effective on threat A K appears to b
293. ot fixed Handled as fast as humanly possible with an objective of less than 10 minutes AI 4 APPENDIX Il GLOSSARY OF ACRONYMS AND ABBREVIATIONS A ACP Allied communications publication AIG Address indicating group AIS Automated information system ALCOM All commands ALNAV All Navy AMCROSS American Red Cross ATP Allied tactical publication AUTODIN Automatic Digital Network AXP Allied exercise publication B BKS Broadcast keying station BSR Broadcast screening request C CE Compromising emanations CIB Communications Information Bulletin CIC 1 Content Indicator Code 2 Combat Infor mation Center CINCLANTFLT Commander in Chief Atlantic Fleet CINCPACFLT Commander in Chief Pacific Fleet CMS Communications Security Material System CNO Chief of Naval Operations COMMAREA Communications area COMMO Communications Officer COMMSHIFT Communications shift COMMSPOT Communications spot report COMNA VCOMTELCOM Commander Naval Computer and Telecommunications Command COMNAVSECGRU Commander Naval Security Group COMNA VSURFLANT Commander Naval Surface Forces Atlantic COMSEC Communications security COSIR Cite our service in return CP Change proposal CRT Cathode ray tube CWO Communications Watch Officer All 1 D DCS 1 Defense Courier Service 2 Defense Communications Service DCMS
294. otecting equipment media data and people AIS security is limiting access avoiding misuse and preventing destruction It is preventing changes to data that would make the data unreliable It covers the denial of service and the destruction of computer rooms the loss of confidentiality fraud the theft of computer time as well as the computer itself AIS security is a critical part of your job As you probably noticed from reading the learning objectives AIS security has its own terminology and jargon To carry out your AIS responsibilities you need to be familiar with these terms and their meanings AIS SECURITY CONCEPTS Our AIS security goal is to take all reasonable measures to protect our AIS assets Keep in mind that AIS assets hardware software data supplies documentation people and procedures have value Their value can usually be stated in dollar terms It costs money to repair or replace hardware It costs money to reprogram and redocument It costs money to retrain personnel Unauthorized access costs money Service delays cost money AIS Assets Our AIS assets figure 4 1 include the facilities hardware software data supplies documentation people and procedures These assets combine to provide service Service is computer time telecommunications data storage user support application system development and operation Service must be available to those authorized to receive it when they request it
295. oth afloat and ashore The naval communications complex is the total of all Navy operated communications installations and services The communications complex provides operates and maintains tactical communications including fleet broadcast ship to shore and air to ground The operating forces and all commands and activities ashore depend on this complex for reliable transmission and receipt of information In this chapter we will give you a broad overview of how naval communications is organized at shore 2 1 commands and aboard ship We will also discuss the various publications used in naval communications These publications provide standard guidance for all phases of naval communications such as basic communications doctrines message preparation and proper circuit discipline NATIONAL COMMUNICATIONS SYSTEM The National Communications System NCS was established to achieve a cohesive effort in the event of war The NCS provides a unified governmental system that links together the communications facilities and components of the various Federal agencies Essentially all branches of the Federal Government both civilian and military are part of the NCS Each department and branch however has its individual organization methods and procedures DEFENSE COMMUNICATIONS SYSTEM The Defense Communications System DCS exists to support the three military departments Navy Army Air Force and other Department of Def
296. ount of attention to pay to fire safety Seek the assistance of a qualified fire protection engineer or local base fire personnel in evaluating the inherent fire safety of the AIS facility and identifying hazards The fourth factor in fire safety is the way in which the building is operated Keep in mind that the inherent fire safety of a building can be rendered ineffective by careless operation for example e Fire doors propped open e Undue accumulation of debris or trash Careless use of flammable fluids welding equipment and cutting torches Substandard electric wiring Inadequate maintenance of safety controls on ovens and boilers or Excessive concentration of flammable materials AIS facilities for example have a particular hazard from the accumulation of lint from paper Operations The AIS security program should strive in coordination with the building maintenance staff to identify and eliminate dangerous conditions NOTE This must be a continuing effort and a consideration in the assignment of security management responsibilities The security inspection plan should include verification of compliance with established standards Fire Detection Despite careful attention to the location design construction and operation of the AIS facility there is still the possibility of a fire Experience shows repeatedly that prompt detection is a major factor in limiting fire damage Typically a fire goes through
297. out presenting their daily weekly and monthly requirements you will be busy incorporating their requirements into the production schedule During the forecasting phase you must remember to set aside whatever time is needed for file and computer maintenance You should pay particular attention to those out of the ordinary and one time requests that tend to pop up These too must be accommodated in the schedule When given a new job where there are no previous production statistics ask the user for a rough time estimate of how long the job may run Ask if there will be input data and if so will it require data entry services Know how many and what resources the job will use Know the environment in which the job will run online batch or real time You will want to keep a close eye on new jobs Using previous schedules and scheduling procedures as a guideline you can begin to prepare plan a rough schedule When scheduling old jobs you will have expience and history to follow Knowing what resources hardware software and personnel your AIS facility has available will help you see where the peaks overloading and valleys underloading are in the schedule It will be your job to take the resources the time available the estimated run times the time jobs must be started and completed and whatever other information is needed to establish a meaningful and workable schedule with the best job mix possible You will prioritize a
298. ow in what direction s ite One direction Tes A clockwise direction Js Back sana torEn 4 Two directions at once LA What publication lists the types of ships that are required to have a communications department 1s NWP 1 NWP 2 01 Le ACP 100 on NWP 4 NWP 6 01 4 NTP 4 13 Who is responsible to the communications officer for compliance with communications directives a a Lor the accurate and rapid handling of messages ie Communications watch officer Ds Senior watch supervisor Bh Communications center supervisor 4 Technical control supervisor Who directly supervises all radiomen on watch in the message processing area and is responsible for notifying the CWO and SWS on any unusual or urgent matters ly Assistant watch supervisor Za Radio officer F Communications center supervisor 4 Technical control supervisor Who is responsible for examining operational logs monitoring equipment alignment and operation and preventing message backlogs iN Communications center supervisor 2 Senior watch supervisor or Radio officer 4 Technical control supervisor Who has full responsibility for the internal handling of message traffic within the ship Commanding officer Executive officer Communications officer Radio officer Hm CG N Fe Who is responsible for the 2 34 organization supervision and coordination of the command s external communications la Radio office
299. ow wasteful their former methods were 2 Give personnel a complete description of the changes being made 3 Permit personnel who will be affected by the changes to participate in the organizing effort 4 Advise the personnel concerned that they must overcome their natural resistance to change You may improve overall personnel performance by evaluating which of the following factors ie Personnel requirements ae Existing organizational SETUCLULES Sa Both 1 and 2 above 4 The need for qualified replacements A lack of efficiency in a communications division is a direct reflection of the management skills of which of the following individuals Commanding officer Senior supervisor Training Ot TLCSE Watchstanders m GO DDR To reorganize divisional LLO workflow and workspace layout what information do you need to plan properly 1i What work is to be done Le When the work is to be performed on How the work is to be accomplished 4 Each of the above What is a major responsibility of a supervisor DADs ig Promote timeliness Ds Monitor production ce Maintain proper work hours 4 Ensure personnel are fit When office layout is being planned what is the primary consideration Ji Security of classified material Ze Safety factors oe Number of personnel to be accommodated LoL Oe 4 Proper flow of paper and work The physical layout of your office should be arranged so that paperwork will fl
300. owing tasks must be completed Iy Locating floor space for the AIS facility without regard for live load capacity ds Verifying all needed hardware equipment and materials de Per torming Lacilicy modifications 4 Procuring hardware For COOP testing a team should be assembled to perform all except which of the following tasks L Prepare a scenario for the test de Control and observe the test Js Evaluate the test results 4 Provide training Which of the following is a standard for an AIS facility inspection ls It should be dependent and subjective 2 It should examine the information system and its use Sa It should ignore adequacy controls 4 It should be the first element in a physical security program ol 44 The characteristic of an inspection being independent and objective implies that the inspection has which of the following relationships to management di Replaces normal management inspections oe Ls a part of normal management visibility oe Complements normal management inspections 4 Is a substitute for the management reporting system An inspection can be expected to accomplish which of the following tasks i Evaluate security controls for the ALS facility Zs Provide users an opportunity to maintain the AIS security program J Provide the impetus to keep workers and management complacent 4 Uncover adequate operational areas In determining the frequ
301. perators will monitor the schedule and the jobs to see that the work is being accomplished as planned When problems arise as they will you may need to become involved You may be involved in determining the cause of the problem and in working with the user to solve the problem The common causes of problems are application program processing errors and system downtime Users must be informed concerning any production problems pertaining to their jobs When you talk to the users you must know which job had the problem what the problem was and what if anything AIS can door did do to correct the problem Besides notifying the user of production problems you will be required to notify them of system downtime or nonavailability Setting up procedures for the operator and the production controller to follow will help in solving problems and in communications with users For online users the subsystem coordinators are the most qualified and highly trained individuals on their particular subsystem and should be assisting users with processing problems This does not eliminate the need for the operators to become knowledgeable in the workings of each subsystem since they normally are called first when a problem occurs You will need to examine any production problems that occur and work with the shift supervisor and or production control coordinator to be sure proper corrective action was taken APPLICATION PROGRAM PROCESSING ERRORS
302. personnel performance In such instances recommendations to realign the organizational structure must be seriously considered e Conservation of Personnel Resources The communications facilities manager must be constantly aware of the need to conserve personnel resources at all levels Conservation of personnel resources is accomplished by evaluating personnel requirements properly and by using available personnel effectively through proper training and assignment GENERAL ADMINISTRATION A communications facility should function effectively and efficiently This is normally the result of the senior supervisor s ability to set up and manage the organization Good supervisors retain open minds They recognize the need for change and implement those changes as required They acquire a thorough knowledge of the functions performed by their area of responsibility and understand how it relates to the overall mission Only then can they plan a rational approach to correct a problem or make positive changes Although the current structure and methods may meet the objectives of the division a periodic review should still be conducted The goal is to develop more efficient office methods techniques and routines Procurement of state of the art equipment may require a complete evaluation and reorganization of divisional workflow and workspace layout To plan properly the supervisor must know the following information e WHAT work is
303. pher locks and safe combinations are handled in accordance with guidelines found in the Security Manual With the addition of electrically actuated locks that is cipher and magnetic strip card locks this type of lock still does not afford the degree of protection required for classified information They may NOT be used as the primary means to safeguard classified material Cipher or magnetic strip card locks are normally used for access to an area only GENERAL MARKING REQUIREMENTS Classified documents and material must be clearly and conspicuously marked Special markings such as LIMDIS and Restricted Data are normally placed near the classification markings These markings inform and warn recipients of the classification assigned and indicate the level of protection required These markings also identify the information that must be withheld from unauthorized persons Top Secret Secret and Confidential classification markings must be stamped printed or written in capital letters larger than those used in the text of the document These security markings should be red in color when practicable and be placed at the top and bottom center of each page All reproductions or copies of classified materials regardless of form must bear clearly legible security classification markings and notations in the same manner as on the copied or reproduced material Copying equipment does not always clearly reproduce all colors of ink or m
304. physical destruction or major damage Each AIS facility should establish and appoint members to a formal board to construct review and recommend command procedures for approval in creating a COOP program Figure 4 12 shows suggested tasks and how they may be set up and assigned Each AIS facility will need to adapt to its own special circumstances and make full use of the resources available to it EMERGENCY RESPONSE PLANNING The term emergency response planning is used here to refer to steps taken immediately after an emergency occurs to protect life and property and to minimize the impact of the emergency The risk analysis should be reviewed by the AIS technical manager to identify emergency conditions that have particular implications for AIS operations such as protection of equipment during a period of civil commotion and subsequent to a natural disaster fire or flood for example Where civil commotion and natural disaster are found local instructions should be developed and implemented to meet the special needs of the AIS facility These instructions and procedures may be designated the Loss Control Plan and implemented as part of COOP Loss control can be particularly important to the AIS facility In a number of recent fires and floods the value of being prepared to limit damage is amply demonstrated By reviewing operations and the locations of critical equipment and records with shift leaders the AIS technical
305. pment and Technology Center NETPDTC Pensacola Florida Congratulations By enrolling in this course you have demonstrated a desire to improve yourself and the Navy Remember however this self study course is only one program Practical experience part of the schools total Navy training selected reading and your desire to succeed are also necessary to successfully round out a fully meaningful training program You have taken an important step in self improvement Keep up the good work HOW TIO COMPLETE HIS COURSE SUCCESSFULLY ERRATA If an errata comes with this course make all indicated changes or corrections before you start any assignment Do not change or correct the associated text or assignments in any other way TEXTBOOK ASSIGNMENTS The text pages that you are to study are listed at the beginning of each assignment Study these pages carefully before attempting to answer the questions in the course Pay close attention to tables and illustrations because they contain information that will help you understand the text Read the learning objectives provided at the beginning of each chapter or topic in the text and or preceding each set of guestions In the course Learning objectives state what you should be able to do after studying the material Answering the questions correctly helps you accomplish the objectives SELECTING YOUR ANSWERS After associated text you should be
306. pport required at every level The success of your command s AIS security program depends upon the support of the CO The CO and the AIS security staff are responsible for taking the necessary steps to provide an adequate level of security for all AIS related activities automated information systems and networks including those developed operated maintained or provided by contractors Each AIS facility has an information system security manager ISSM His or her primary duty is to serve as the single point of contact for all matters relating to AIS security at your command The ISSM usually reports directly to the CO Now let s talk a little about the security staff RMJA0031 AR ee COMPUTER EQUIPMENT ences S Y a HARDWARE o Aciass OPERATING i Fah oa SYSTEMS l APPLICATION S Figure 4 7 Department of the Navy AIS security areas 4 6 Many factors determine the numbers and types of people assigned to the AIS security staff These factors include the type of activity 1ts size 1ts hardware configuration s types of work to be processed and so on Your command s AIS security staff may include any one several or all of the following people e Command security manager Information system security manager ISSM e Information system security officer ISSO e Network security officer NSO e Terminal area security officer TASO These people are specialists Some day you may be one of
307. procedures to ensure proper use of cryptosystems COMMUNICATIONS SECURITY MATERIAL SYSTEM CMS The CMS is designed to ensure the proper distribution handling and control of COMSEC material and to maintain the cryptographic security of communications Procedures governing the CMS can be found in Communications Security Material System CMS Policy and Procedures Manual CMS 1 CMS Account Every command with a CMS account is assigned an account number by the Director Communications Security Material System DCMS A command or activity with a CMS account number receives its COMSEC material directly from national and Navy sources A CMS account command may also be responsible for COMSEC material transferred to other commands The command assigns a CMS custodian and alternates the responsibility for all overall management of the CMS account CMS Custodian and Alternate Custodians The CMS custodian is the person designated in writing by the commanding officer to maintain the CMS account for the command The alternate custodians are also designated in writing by the commanding officer and assist the CMS custodian In the custodian s absence the alternates assume the duties of the custodian Their duties include receiving inventorying destroying and issuing COMSEC material and equipment to authorized users and local holders They are also responsible for training all personnel involved in CMS and submitting required COMSEC
308. puter processing The work that has been completed may take the form of a printed document magnetic tape or magnetic disk or diskette In all cases both you and the computer operator are responsible for ensuring that all completed jobs run successfully In addition you are responsible for identifying and coordinating the various outputs for each job and for initiating their correct distribution To determine whether a job or system ran successfully to a normal EOJ and that all processing steps were properly performed you may have to review the computer console printout This printout indicates such things as the number of input records read the various input files updated all error conditions error messages that the operator encountered during the run 1 7 and the resulting actions taken the various output files created and so on In the majority of cases the computer console print out will provide you with the answers you are looking for when it comes to reconciling processing discrepancies For example it will inform you of the reasons certain output products tapes diskettes or report listings were not produced Possibly the operator selected an incorrect program option or the input parameters were incorrect or incomplete before starting the job In short you are responsible and also accountable for every job you work on from the time it is submitted by the user until its delivery back to the user When c
309. r Zi Communications officer or Communications watch officer 4 Communications watch supervisor Who is responsible for LI preparing and maintaining the communications watch quarter and station bill Ls Communications officer a Communications watch officer ce Radio officer 4 Senior watch supervisor Who is responsible for maintaining the status board 22a 0 which displays equipment nets and circuit information Le Communications officer Zas Communications center supervisor 3 Senior watch supervisor 4 Technical Control supervisor Ala Who is responsible for managing the command s CMS account and for advising the commanding officer on all matters concerning CMS Communications officer Radio officer Crypto officer CMS officer A G DR 14 Directives issued by naval commanders to effect the coordinated execution of an operation are known by what term 1 Communications plan COMMPLAN e Execution order EXORD oF operation order OPORD 4 Standard operating procedure SOP An OPORD is made up of what three parts La Heading plan and closure de Beginning annex oe Heading closure 4 Heading ending body and body and body and Detailed information for various ship departments is contained in what two enclosures 1 Annexes and appendices Zo Annexes and tabs J Appendices and indexes 4 Annexes and indexes A document issued by an organization to advise i
310. r outgoing and incoming messages RECEIVED MESSAGE RECORD ins eee x OPNAV FORM 2110 15 Rev 11 58 Cog I Stock CIRCUIT DATE CARD NO 51 76 RECEIVED MESSAGE RECORD Reorder trom FPSO OPNAV FORM 2110 15 Rev 11 58 Cog I Stock 56 o E eo E II IO E De RMJA0013 Figure 2 6 Received Message Record OPNAV Form 2110 15 2 14 Form 2110 15 figure 2 6 Although this form is primarily designed as a record of received messages only a pen and ink change is necessary for its use as a send log JOURNAL LOGS In most automated systems all significant system events are entered in a journal log This log is a chronological record of data processing operations which may be used to reconstruct a previous or updated version of a file All system level commands entered by an operator are logged Log entries are usually queued for delivery to a printer as they are generated but this is optional However they are always journaled to a file from which they can be recalled and printed at a later time as desired This log gives a system operator or supervisor the ability to review current and previous system events In addition the journal log supports message accountability The system records the receipt of every formal message and the termination of every formal message delivery that 1t schedules DRAGER Al COMM input i 7 CENTER I iL y ACCEPTANCE ES VISUAL OR
311. r workflow e The number of personnel or office procedures change e The volume of work increases or decreases ETEETO il y Lj td LAA i U U U g dd UU UU En lu UU UU nm m lo UU U 5 nh FILES AREA RMJAO009 Figure 2 2 Ideal communications space layout 2 8 e New equipment is ordered or is to be installed or e There is a change in allotted space Before actually moving personnel or equipment it is a good idea to draw a scale model of the anticipated layout You can then evaluate the idea and judge its effectiveness In evaluating an office layout you should consider the following factors e Office congestion e Personnel supervision e Use of space e Volume of work versus people and e Office appearance Internal Communications A large portion of communications office work consists of receiving distributing and filing communications reports instructions and records Another major portion of the work is the disposition of correspondence When handling correspondence the supervisor must establish standard procedures Once decided these procedures should be conveyed both vertically and horizontally Vertical communications are routed up and down the chain of command Horizontal communications are routed to other divisions and departments Vertical communications can be either formal or informal Formal information usually consists of office procedures watches
312. rary employment or reassignment of personnel use of special messengers and other departures from normal Details are to be documented along with guidance on obtaining required approvals When each of the COOP backup plans is completed it should include full documentation and have upper management approval Each of the plans may have considerable duplication However it is suggested that each plan be completely documented to be sure nothing has been overlooked RECOVERY PLANNING The use of a backup facility usually means both extra expense and degraded performance Therefore give some thought to recovery by developing and maintaining supporting documents that minimize the time required for recovery Furthermore the AIS staff will be hard pressed by backup operations If others can handle recovery the workload on the AIS staff will be reduced during the emergency and the process will undoubtedly be carried out more effectively and economically Recovery from total destruction requires the following tasks be completed e Locate and obtain possession of enough floor space to house the AIS facility with a live load capacity as required by the AIS hardware and suitably located with respect to users and AIS staff spaces e Perform required modifications for needed partitions raised floor electric power distribution air conditioning communications security fire safety and any other special requirements e Procure and install
313. rator training required a Reduces distribution of physical keying material and b eliminates process of loading equipment with key tapes a Reduces distribution of physical keying material and b no operator training required a Eliminates process of loading equipment with key tapes and b no operator training required What is the purpose of transmission dg The authentication To guard against fraudulent or simulated transmissions TO INFO m the operator that receiving the transmission To acknowledge the transmission of the other operator To allow the other operator to acknowledge your transmission other you are self authentication method is used in which of the alge Le ce following transmissions Transmission and reply Challenge and reply Transmission authentication Challenge authentication 26 When you receive a message that has an authenticator in 1G what action if any are you required to take ls Ze 3 46 4 Sul As an operator Prepare a message to challenge the originator Send a message that you are in receipt of the message Pass the message on to higher authority for them to challenge the SfIglnatoL None you are required to authenticate in which of the following Situations 2 dea fi You suspect intrusion on the circuit You are requested to authenticate You are requested to break radio silence Each of the abo
314. rces automatically respond gt wN e j m Q w A procedure designed to protect communications systems against acceptance of false transmissions or Simulations by establishing the validity of a transmission message or OFIGLINatoOrL Ss NP VOW 2 OS A system of communication in AS which arbitrary groups of symbols represent units of plain text used for brevity and or security DWN HOW A cond tom an Which all or certain radio equipment is kept inoperative 1 A 2 B 3 E 4 D The act of listening L ae carrying out surveillance on and or recording the emissions of own or allied forces 1 A 2 B 3 E 4 F 19 The communications plan satisfies communications requirements by providing what information ibs Specifies circuit operators equipment and traffic capabilities Za Establishes watchbills software requirements and deployment times ON Designates enemy communications frequencies supporting COMMSTAs and supply requirements 4 Specifies circuits channels and facilities to be used What document initiates the addition deletion or change to an existing DCS CIFOUAES Es Telecommunications Service Order TSO Te Telecommunications Service Request TSR 50 Circuit Service Transfer CST 4 Request for Modification of Circuit RMC ASSIGNMENT 3 Textbook Assignment Communications Administration continued chapter 2 pages 2 29 through 2 37 Communicati
315. re It includes tapes and disk packs hard copy output or any other AIS media containing data or information to be retained for more than 180 days Finished media can be released to another activity For example a magnetic tape can be sent to another activity as a finished media However the receiving activity may treat it as working copy media if it is kept 180 days or less Of course AIS media whether working copy or finished copy requires the use of security controls Security Controls The security controls we discuss are general in nature and are considered the minimum essential controls for protecting AIS media Your activity s standard operating procedures SOPS are designed to ensure that an adequate level of protection is provided Classified working copy media must be dated when created marked and protected in accordance with the highest classification of any data ever recorded on the media If classified working copy media is given to a user the user is then responsible for its protection Classified finished media must be marked and accounted for You may be responsible for inventorying magnetic tapes disk packs and other forms of AIS media Your activity must maintain a master list of AIS media that is classified as Secret or Top Secret This master list includes the overall security classification of the media and the identification number permanently assigned to it The media must also be controlled in the same
316. re replacing incinerators in many areas where burning is not allowed because of the Clean Air Act Crosscut shredding machines must reduce classified material to shreds no greater than 3 64 inch wide by 1 2 inch long Crosscut shredding suffices as complete destruction of classified material and the residue may be handled as unclassified material with the exception of some COMSEC material Not all crosscut shredders are suitable for destroying microfiche so make sure the one you are using has that capability before attempting to shred microfiche Pulverizing and Disintegrating Pulverizers and disintegrators designed for destroying classified material are usually too noisy and dusty for office use unless installed in a noise and dust proof enclosure Some pulverizers and disintegrators are designed to destroy paper products only Others are designed to destroy film typewriter ribbons photographs and other material Jettisoning or Sinking Material to be jettisoned during emergency destruction must be placed in weighted bags The sea depth should be 1 000 fathoms or more However if water depth is less than 1 000 fathoms the material should still be jettisoned to prevent easy recovery EMERGENCY PLANS Emergency plans provide for the protection removal or destruction of classified material Commands holding classified material must develop an emergency plan to fit their needs The primary requirement of an emergency plan is tha
317. re 4 5 shows threats vulnerabilities and countermeasures to our assets Another way to categorize countermeasures is by type physical technical administrative and managerial l PHYSICAL CONTROLS We usually think of physical control first They include the locked computer room door physical layout fire extinguishers access barriers air conditioners moisture detectors and alarms WORRY A LOT HIGH RISK WORRY LOW RISK L K E L l H O O D LOW ADVERSE EVENT HIGH RMJA0027 Figure 4 3 MS security risk analysis 4 4 TECHNICAL CONTROLS Technical con trols are embedded in hardware software and telecommunications equipment They are diagnostic circuitry component redundancies and memory protect features They are controls built into the operating system They include log on IDs and passwords to enable only authorized users access to the computer system They are accounting routines encryption coding and audit trails ADMINISTRATIVE CONTROLS Ad ministrative controls concern people and procedures They include who is authorized to do what methods to keep track of who enters a sensitive area who receives a delivery and who requests a sensitive report The Operating procedures you follow will sometimes include security requirements You are responsible for adhering to the procedures to ensure AIS requirements are met MANAGERIAL CONTROLS Managerial controls tie ever
318. re 4 9 UPS with transfer switch If the facility s current needs exceed its UPS capacity it may be economically feasible to use multiple independent UPS units as shown i 4 10 Since each unit has its own disconnect switch it can be switched offline if it fails Finally if the risk analysis shows a major loss from power outages lasting 30 to 45 minutes or beyond an onsite generator can be installed as shown in figure 4 11 The prime mover may be a diesel motor or a turbine When the external power fails UPS takes over and the control unit starts the prime mover automatically The prime mover brings the generator up to speed At this point the UPS switches over to the generator Barring hardware failures the system supports the connected load as long as there is fuel for the prime mover Note that the generator must be large enough to support other essential loads such as air conditioning or minimum lighting as well as the UPS load Figure 4 10 Multiple independent UPS units 4 22 RMJAOD35 OPTIONAL ON SITE FUEL SUPPLY N 3 PRIME MOVER TO CRITICAL TTP oo UPS COMPUTER LOADS TO OTHER CRITICAL LOADS Figure 4 11 UPS with onsite generation When this configuration is used maintain a close communication liaison with the power plant source to ensure the generator is coming up to normal speed for the switchover from UPS The UPS system takes over automatically and the change i
319. re the Navy s heritage from the past To these may be added dedication discipline and vigilance as the watchwords of the present and the future At home or on distant stations we serve with pride confident in the respect of our country our shipmates and our families Our responsibilities sober us our adversities strengthen us Service to God and Country is our special privilege We serve with honor THE FUTURE OF THE NAVY The Navy will always employ new weapons new techniques and greater power to protect and defend the United States on the sea under the sea and in the air Now and in the future control of the sea gives the United States her greatest advantage for the maintenance of peace and for victory in war Mobility surprise dispersal and offensive power are the keynotes of the new Navy The roots of the Navy lie in a strong belief in the future in continued dedication to our tasks and in reflection on our heritage from the past Never have our opportunities and our responsibilities been greater ARRE RA 11 CONTENTS CHAPTER AIS Administration 2 0 0 0 0000 eee ee ee ee ne 1 1 Communications Administration o o 2 1 Communications Security o ooo oo o 3 1 EPA A 4 1 5 General Security ooo 5 1 APPENDIX GIOSSU Ys cee 6 tee eee EEE TEER LE ERETT EEE AI l II Glossary of Acronyms and Abbreviations All 1 TIT References Used to Develop the
320. read write mechanisms of the device prior to rerun But there are times when the operator will notify you the I O control clerk to assist in correcting the problem Such would be the case when the input parameters are in error the user s input is bad or the job aborted because of an unrecoverable program error If this happens you maybe responsible for collecting all the data both input and output along with any memory dumps and forwarding them all to the programmer During the recovery phase of an operation the oper ator may need you to provide certain input parameters or tape disk files before the job can be executed Because of time constraints a job that abnormally terminates may have to be rescheduled If so you may be responsible for seeing to it that the job gets rescheduled and that the user is notified of any job delay We could go on and on but by now you are beginning to get the picture These examples are just a few of the many things that can get in the way of achieving a normal EOJ We bring them to your attention to make you aware of the types of problems that can and do arise and the manner in which you are to respond Hopefully you now know and are aware that monitoring a job means more than just calling up the operator to see how the job is progressing It means you must oversee the job to its completion doing whatever is necessary to help keep the job or system on track Output Products Output from com
321. ready to answer the questions in the assignment Read each question carefully then select the BEST answer Be sure to select your answer from the subject matter im ther texts You may refer freely to the text and seek advice and information from others on problems studying the arise in the course However the answers must be the result of Vour Own work and decisions You are prohibited from referring to or copying the answers of others and from giving answers to anyone else taking the same course Failure to follow these rules can result in suspension from the course and disciplinary action that may ANSWER SHEETS You must use answer sheets designed for this course NETPMSA Form 1430 5 Stock Ordering Number O0502 LP 216 0100 Use the answer sheets provided by Educational Services Officer ESO or you may reproduce the one in the back of this course booklet SUBMITTING COMPLETED ANSWER SHEETS As a minimum you should complete at least one assignment per month Failure to meet this requirement could result in disenrollment from they Course As you complete each assignment submit the completed answer sheet to your ESO for grading You may submit more than one answer sheet at a time GRADING Your ESO will grade each answer sheet and notify you of any incorrect answers The passing score LOM each ASSiGnmene IS 23 2 LE you receive less than 3 2 on any assignment your ESO will list the questions you answ
322. red for access to the information contained within the area may with appropriate approval be admitted into the area While in these spaces however uncleared persons must be escorted or other security procedures implemented to prevent any unauthorized disclosure of classified information All designated restricted areas must have warning signs posted at all entrances and exits These areas must have clearly defined perimeters and 1f appropriate Restricted Area warning signs posted on fences and barriers Access to Spaces The commanding officer or the officer in charge over security spaces is responsible for controlling access to these areas Procedures should limit access to security spaces only to those persons who have a need to know No one has a right to have access to classified information or spaces based solely on clearance rank or position Each command establishes a pass or badge identification system to restrict access and to help control movement Control of movement within the area 1s normally accomplished by requiring the display or presentation of the pass or badge for that particular area Access List Admission of visitors to communications spaces 1s a topic of major concern to radiomen since access to communications spaces under operating conditions usually permits viewing of classified traffic and equipment security badge does not automatically mean that visitors have a need to know or that they s
323. rial number of copies destroyed date of destruction and personnel completing destruction The two witnessing officials responsible for the destruction must sign the record of destruction The records of the destruction are retained for 2 years 3 Verify destruction The destruction of Top Secret SPECAT TS and above material must be verified by both witnesses signing the destruction sheet and either turning it over to the TSCO or placing it in the cryptocenter master file until it is superseded usually within 2 years HANDLING TOP SECRET MATERIAL Although administrative records are maintained for each classification category the strictest control system is required for Top Secret material Except for publications containing a distribution list by copy number all Top Secret documents and each item of Top Secret equipment must be serially numbered at the time of origination Also each document must be marked to indicate its copy number for example Copy No __ of ___ Copies Each page of a Top Secret document not containing a list of effective pages LOEP must be individually numbered for example Page ___ of ___ pages Top Secret documents are required to have a list of effective pages and a page check page Top Secret documents may be reproduced only with the permission of the originator or higher authority Indicate when title or ION sa The purpo 1 Hl AD y W 3 en 5 ES 8 E zgi EX Q par e
324. rity risks using the criteria discussed earlier in this chapter A personal data security risk assessment benefits a command in three ways e It provides a basis for deciding whether additional security safeguards are needed for personal data It ensures that additional security safeguards help to counter all the serious personal data security risks It saves money that might have been wasted on safeguards that do not significantly lower the overall data risks and exposures The goal of a risk assessment is to identify and prioritize those events that would compromise the integrity and confidentiality of personal data The seriousness of a risk depends both on the potential impact of the event and its probability of occurrence In general the risk assessment should consider all risks not just risks to personal data While this section of the chapter emphasizes the security of personal data it is best to develop an integrated set of security safeguards and requirements that protect all classified and other valuable data in the system wherever possible The risk assessment should be conducted by a team which is fully familiar with the problems that occur in the daily handling and processing of the personal information The participants on the risk assessment team should include e A representative of the operating facility supported by or having jurisdiction over the data under consideration 4 36 The programmer responsible
325. rly job and a deadline that is moved to an earlier time Invariably a priority job comes in that must be run just when the shift is almost over Being a customer oriented service it is our job to get the product out With system programs three common reasons for urgent change requests are special saves changes to the Operating system and system testing by NAVMASSO SUMMARY Scheduling is the interface between the user I O control and computer operations The scheduler s job is to follow the AIS facility s scheduling procedures to develop daily weekly and or monthly production schedules You will be depended on to effectively and efficiently schedule the computer and other related resources of your AIS facility to meet user processing requirements Input output control is an important AIS function It is the point of contact for AIS users customers Like 1 28 in any other business customers must be treated with courtesy tact and diplomacy It is the I O clerk s job to receive jobs from users maintain logs prepare jobs to be run on the computer make sure everything is ready on time communicate with users on job requirements and problems and check prepare and distribute output products Each of the I O control clerk s tasks may involve customer liaison Maintaining good customer relations is as important as processing the customer s jobs We talked about different types of reports performance tun
326. rmation All material and equipment marked CRYPTO require special consideration with respect to access storage and handling CRYPTOMATERIAL The term crypto material refers to all material such as documents devices or apparatus that contain cryptoinformation Furthermore the material must be essential to the encryption decryption or authentication of telecommunications Cryptomaterial is always classified and is normally marked CRYPTO Cryptomaterial that supplies equipment settings and arrangements or that is used directly in the encryption and decryption process is called keying material Keying material is afforded the highest protection and handling precautions of all information and material within a cryptosystem Keying material is always given priority when an emergency plan is implemented CRYPTOINFORMA TION The category of cryptoinformation is always classified This type of information normally concerns the encryption or decryption process of a cryptosystem It is normally identified by the marking CRYPTO and is subject to all the special safeguards required by that marking e CRYPTO RELATED INFORMATION Crypto related information may be classified or unclassified It is normally associated with cryptomaterial but is not significantly descriptive of it In other words it does not describe a technique or process a system or equipment functions and capabilities Crypto related inform
327. rmation Management Practices Programming Practices Systems Security User Authorization Access Auditing Data Encryption for classified data Network Interface Physical Security Entry Controls Information Management Practices Manual Access Unauthorized User Unauthorized Terminal Systems Security Identification Access Controls Data Encryption for classified data Terminals Physical Security Entry Controls Unauthorized Terminals Programmed Attack en eee Information Management Practices Input Processing Programming Practices Systems Security Identification Access Controls Other Systems Networks Figure 4 15 Personal data security risks and technological safeguards 4 35 system network This perspective shows the elements of a computer system network beginning with the offline storage of personal data in machine readable media for example tapes and disks and progressing through the many possible processing modes It includes the use of interactive computer terminals at local and remote locations and the linking of local systems via communications networks It stresses the value of physical security measures and information management practices in relation to computer system network controls PERSONAL DATA RISK ASSESSMENT The first step toward improving a system s security is to determine its secu
328. rmation Systems Security Officer ITS Instrumented TEMPEST Survey J JANAP Joint Army Navy Air Force Publication JCS Joint Chiefs of Staff K kHz Kilohertz L LANT Atlantic LDMX Local Digital Message Exchange LIMDIS Limited distribution LMF Language and media format LOEP List of effective pages M MARS Military Affiliate Radio System MED Mediterranean MIJI Meaconing Interference Jamming and In trusion MTF Message text format N NARDAC Naval Regional Data Automation Cen ter NATO North Atlantic Treaty Organization MMAREA Naval communications area NAVCOMPARS Naval Communications Proces sing and Routing System NAVCOMTELDET Naval Computer and Tele communications Detachment NAVCOMTELCOM Naval Computer and Tele communications Command NAVCONTELSTA Naval Computer and Tele communications Station NAVDAC Naval Data Automation Center NAVDAF Naval Data Automation Facility NAVELEXSECCEN Naval Electronics Security Center NAVEMSCEN Naval Electromagnetic Spectrum Center NAVOP Naval Operations NAVSECGRUDEPT Naval Security Group De partment NAVTELCOM Naval Telecommunications Com mand NCS 1 Naval Communications Station 2 Na tional Communications System 3 Net Control Station NCTAMS Naval Computer and Telecommunica tions Area Master Station NCTS Naval Computer and Telecommunications
329. rmed of all other recipients Book A message destined for two or more addressees but where the drafter considers it unnecessary that each addressee be informed of other addressee s Book messages are routed according to each addressee s relay station All unnessary addressees are deleted from the face of the message before being sent to the addressee s served by that particular relay station 2 17 General Message A message that has a wide predetermined standard distribution General messages are normally titled with a sequential number for the current year for example ALCOM 28 96 NAVOP 30 96 The title indicates distribution and serves as the address designator ADDRESS GROUPS Address groups are four letter groups assigned to represent a command activity or unit In military communications address groups can be used in the same manner as call signs to establish and maintain communications Generally speaking the Navy uses address groups the same way as call signs Address groups never start with the letter N hence they are easily distinguishable from naval radio call signs Address groups however follow no distinctive pattern and the arrangement of the four letters that constitute them conveys no significance whatsoever Afloat commands except individual ships and shore based commands or activities not served by their own communications facilities are assigned address groups For example e Senior comman
330. rnal and internal Tests show that electromagnetic or acoustic 4 65 emanations from AIS hardware may be intercepted up to a maximum of how many yards away F LOU Zo 2390 oe S20 4 400 If the AIS technical manager plans to take measures to control compromising emanations those measures are subject to approval under the provisions of which of the following DOD directives 32006519 ESZODIS LIV 2 6 CoOZ00y 20 Hm GW N ER The application of the measures to control compromising emanations within the industrial AIS systems is at the direction Of the contracting activity concerned under the 4 67 provisions of which of the following DOD directives Ls 5200 13 Da Co 2001 9 oe IZ0 025 4 C3200 28 30 The use of an intrusion detection system IDS in a protective program is covered in which of the following instructions OPNAVINST 5239 1 OPNAVINST 5510 1 SECNAVINST 5211 5 SECNAVINST 523341 4 CGO N e The physical security requirements for a remote terminal area are based upon which of the following classifications I The classification of the central computer facility 2 The classification of the remote terminal area Sd The classification of the data that will be accessed through the terminal 4 The classification assigned by higher authority When the AIS system contains classified information what action if any must be taken for each remote terminal that is not cont
331. rolled ds Disconnect 2 Place offline 3 Turn off 4 None In the annual security survey of an AIS facility what is the second step L3 Define and tabulate areas within the facility fOr control purposes Zs Evaluate all potential threats to the AIS facility Ja Identify areas where remedial measures are needed 4 Recommend improvements to upper management IN ANSWERING QUESTION 4 71 When the annual security survey is conducted it should begin at which of the following areas I Roof La Basement Se Perimeter 4 Top loor When surveying the perimeter of the facility the AIS technical manager need NOT check which of the following accesswaySs ile Fire escapes a Doors and windows oe Other entrances such as vents 4 Manned posts at the property line When surveying the internal Security of a facility the AIS technical manager should follow which of the following guidelines Lig Begin the survey on the root Dn Determine where alarms annunciate cP Finish the survey in the mailroom area 4 Note the volume of the alarms REFER TO TABLE 4 6 IN THE TEXT ae ae Which of the following questions need NOT be included in the physical security survey da Is the present equipment up to date Z Is the alarm system inspected and tested occasionally to ensure operation 3 What kind of sound does the alarm make 4 How many zones of protection are within the protected buildi
332. romise and analysis Superseded keying material must be destroyed within 12 hours after supersession Effective keying material is destroyed after superseded keying material Reserve keying material is keying material that will become effective within the next 30 days Reserve keying material is destroyed after effective keying material Keying material must be stored in priority order for destruction Top Secret material must be destroyed ahead of Secret material and Secret material destroyed ahead of Confidential material This applies to all categories of keying material e COMSEC Documents COMSEC documents are destroyed next COMSEC documents include cryptoequipment maintenance manuals operating instructions general publications status publications CMS holder lists and directories COMSEC documents contain information on the types of cryptoequipments we use the level of technology we have attained and the way our COMSEC operations are organized and conducted e COMSEC Equipment COMSEC equipment is destroyed last In emergencies the immediate goal regarding cryptoequipment is to render the equipment unusable and unrepairable The Operating and technical manuals for cryptoequipments provide details on the techniques for rapid and effective destruction 3 9 VERIFY DESTRUCTION There are two parts to verifying the destruction of COMSEC material witnessing and inspection of destroyed material Two individuals con
333. roying combustible material is by burning DESTRUCTION PROCEDURES AND REPORTS Top Secret material will be destroyed by two witnessing officials Persons performing any destruction must have a clearance level equal to or 5 10 higher than the material being destroyed Destruction will be recorded on a record that provides for complete identification of the material being destroyed Destruction records must include number of copies destroyed date of destruction and personnel completing destruction These records are maintained for 2 years Secret messages must be destroyed following the two person rule without a record of destruction Alternatively one person may destroy Secret messages if a record of destruction is made The commanding officer may impose additional controls for Secret messages if warranted and if they reasonably balance security against operational efficiency Confidential material and classified waste are destroyed by authorized means Personnel performing destruction must hold an appropriate clearance and are not required to record destruction If the material has been placed in burn bags for central disposal the destruction record is signed by the witnessing officials at the time the material 1s placed in the burn bags Records of destruction must be retained for 2 years All burn bags must be given the same protection as the highest classification of material in them until they are destroyed Since sever
334. rt of message and end of message After validation the system outputs either an accept or a reject notice to the operator via the outgoing log Together with the action notice the system then outputs a unique header line to identify the message Accepted messages are assigned a Process Sequence Number PSN which is included in the accept notice They are then stored on diskette for recovery purposes and queued for processing on a first in first out basis by precedence order Emergency command or FLASH precedence messages cause any lower precedence messages to be interrupted and a cancel transmission bust sequence to be transmitted The emergency command or FLASH message is transmitted and normal message processing by precedence is resumed Messages are selected for processing based on their precedence and on the order they arrived into the se lt lt FORMAT VALID gt gt REJECT MSG IS SERVICE CLERK RECOVERY PURPOSE P E j WRITE Msa TO DISK FOR FA FOR PROCESSING system first ones in are the first ones processed out The LDMX NAVCOMPARS validates the message header and assigns routing indicators RIs for delivery as required If the system cannot assign an RI automatically it will display the addressee line to the router VDT The router may assign the correct RI place the message on a queue reject the message from further processing or correct the short title of the addressee if in error
335. rypted or unencrypted call signs or address groups DISTRIBUTION CLERK The distribution clerk reproduces copies of the messages according to the routing instruction of the inrouter and outrouter The distribution clerk is responsible for making the required number of copies each subscriber requires and slotting the messages into the appropriate subscriber box It is important that the clerk remain alert to prevent slotting messages into the wrong box This could cause an undelivery situation The distribution clerk who handles a great number of messages throughout the watch must be aware of high precedence messages and ensure that they are reproduced and distributed in a timely manner for immediate pickup by the subscriber The clerk must also be up on the message center s current SOP for handling special and classified messages To prevent viewing by unauthorized personnel certain messages such as PERSONAL FOR AMCROSS and classified messages must be placed in envelopes for pickup by subscribers Classified messages are placed in two envelopes the inner envelope is stamped with the classification and any special handling markings and then sealed in accordance with local instructions The outer envelope is marked with the addressee originator and DTG of the message and then sealed After reproducing and distributing a message the distribution clerk places the original copy into a box for filing by the file clerk
336. s disaster recovery and emergency response and e Booklets or command instructions for AIS staff indoctrination in security program requirements Depending on the normal practices of the AIS facility these documents may be completely separate items or they may be included in other documents For example emergency response plans for the AIS facility might be included in the command s Disaster Control Plan Similarly security standards could be added to existing documents The final point to be made is the importance of continuing the inspection and review of the security program A major effort is required for the initial risk analysis but once it is completed regular review and updating can be done much more quickly By evaluating changes in command mission the local environment the hardware configuration and tasks performed the AIS technical manager can determine what changes if any should be made in the security program to keep it effective AUTHORITATIVE REFERENCES Numerous higher authority instructions relate to physical security data protection and security in general You should have a thorough knowledge of them before implementing any security plan Refer to the following instructions and manuals to learn about AIS security and when making security decisions e Department of the Navy Automatic Data Processing Security Program OPNAVINST 5239 1 with enclosures e Guideline for Automatic Data Processing Risk
337. s 0000 never as 2400 and 1 minute past midnight becomes 0001 Remember to eliminate any possible confusion never use 0000Z or 2400Z as the date time group of a message The correct time would be either 2359Z or O00IZ We mentioned earlier that the 12th zone is divided by the 180th meridian This meridian is the international date line IDL figure 2 9 This is where each worldwide day begins and ends A westbound ship crossing the line loses a day whereas an eastbound ship gains a day This time zone is divided into literal zones MIKE and YANKEE The eastern half of zone 12 is designated MIKE 12 and the western half is designated YANKEE 12 Now we come to a very important point in our discussion Since MIKE and YANKEE are two parts of a single zone the time in MIKE and YANKEE is always the same When the IDL is crossed from either direction the day must change Since we have already established that there is a 1 hour difference between each of the 24 time zones it is clear that there is always a situation where it is a day earlier or later in one part of the world than it is in another The primary point to remember about this zone is that it is always the same time in zone MIKE as it is in zone YANKEE but it is never the same day You can find more information on time zones in Communication Instructions General U ACP 121 Julian Date The Julian date consists of seven digits The first three digits represent the
338. s The exception is where theater or area commanders prescribe the use of local time for local tactical situations Radiomen never use 2400Z and 0000Z as the DTG of a message The correct time would be either 2359Z or 0001Z as appropriate GREENWICH MEAN TIME In naval communications the date time group is computed from a common worldwide standard To meet the need for worldwide time standardization the international Greenwich mean time GMT system was developed The GMT system uses a 24 hour clock instead of the two 12 hour cycles used in the normal civilian world In the GMT system the Earth is divided into 24 zones Zone zero lies between 7 1 2 east and 7 1 2 west of the 0 meridian The 0 meridian passes through Greenwich England The time in this zone zone zero is called Greenwich mean time GMT The military more commonly refers to this as ZULU time Both names refer to the same standard Each time zone extends through 15 of longitude Zones located east of zone zero are numbered through 12 and are designated minus To obtain Greenwich mean time you must subtract the zone number in which you are located from local time Zones located west of zone zero are also numbered 1 through 12 but are designated plus These zones must be added to the local zone time to obtain GMT As we will discuss shortly the 12th zone is divided by the 180th meridian which is the international date line Each zone is further desig
339. s are necessary when a command needs to effect a shift at a time other than that indicated by its movement report Detailed information concerning communications guard shift messages and formats is contained in NTP 4 Broadcast Screen Requests Broadcast screen requests BSRs are service messages to request the rerun ZDK of missed or garbled messages BSRs are sent to the Broadcast Keying Station BKS or to the designated broadcast screen ship that is responsible for the broadcast channel NTP 4 provides detailed information and prescribes proper format for drafting a BSR COMMSPOT Reports COMMSPOT reports are used to advise of any situation that might cause significant disruption of tactical communications These reports are submitted by all ships and nonterminated units when unusual communications difficulties are encountered COMMSPOT reports must be submitted as soon as unusual communications difficulties are experienced to minimize further deterioration of the communications situation COMMUNICATIONS CENTER FILES Every message handled by a ship or communications station 1s placed in one or more files Some files are maintained by all ships and stations Other files are optional and are maintained only to fill the needs of a particular ship or station COMMUNICATIONS CENTER MASTER FILE The communications center master file is the heart of the filing system This file contains a copy or filler of every message sent or r
340. s available in the hardware and software of a computer system or network for controlling the processing of and access to data and other assets Technological safeguards for security risks are presented in figure 4 15 They may be viewed in relation to the control points within a computer RISKS SYSTEM ELEMENTS SAFEGUARDS Physical Security Entry Controls Storage Protection Erasure Theft Information Management Practices Physical Handling Manual Access Input Processing Procedural Auditing Misplacement Systems Security Data Encryption for classified data Physical Security Entry Controls Accidental Damage Misrouting Disclosure Information Management Practices Poor Control amp Partitioning Processors i pp aca including Programming Practices Main Memory Aux Memory Systems Security Access Controls Unauthorized Access Systems Security Program Changes Identification Eavesdropping Access Controls Unauthorized Disclosures Interactive Access Auditing Dumps Data Encryption for Local Job Input Out Common Carrier Switching System Modifications classified data ut Systems Security Data Encryption for classified data Misrouting Eavesdropping Physical Security Entry Controls Disclosure Misrouting info
341. s special protection Examples are data For Official Use Only and data covered by the Privacy Act of 1974 The Privacy Act of 1974 imposes numerous requirements upon federal agencies to prevent the misuse of data about individuals respect its confidentiality and preserve its integrity We can meet these requirements by applying selected managerial administrative and technical procedures which in combination achieve the objectives of the Act The major provisions of the Privacy Act that most directly involve computer security are as follows e Limiting disclosure of personal information to authorized persons and agencies e Requiring accuracy relevance timeliness and completeness of records and e Requiring the use of safeguards to ensure the confidentiality and security of records To assure protection for AIS processing of sensitive unclassified data the Navy has established the limited AIS access security mode A computer system or network is operating in the limited access security mode when the type of data being processed is categorized as unclassified and requires the implementation of special access controls to restrict the access to the data only to individuals who by their job function have a need to access the data Unclassified Data Although unclassified data does not require the safeguards of classified and sensitive unclassified data it does have value Therefore it requires proper handling to assure
342. se in the message center This chapter has introduced you to the standard procedures associated with handling incoming and outgoing messages Because of the volume of messages a telecommunications center processes it 1s essential that communications personnel observe all the handling procedures to prevent losing or delaying delivery of messages to subscribers Understanding the communication plan will give you a view of the ever changing overall plans for your ship or shore station and its requirements for mission completion 2 37 The various publications that you as a communicator rely on are continually being updated Communications is an area that is constantly changing in areas of equipment and procedures Therefore it is important you become thoroughly familiar with all the publications and current changes that pertain to your communications area The tasks of a message center are extremely important Your understanding of the handling procedures is key to providing fast and accurate communication to the fleet CHAPTER 3 COMMUNICATIONS SECURITY LEARNING OBJECTIVES Upon completing this chapter you should be able to do the following eo Identify the procedures used in handling inventorying destroying and setting up COMSEC equipment e Identify reports and forms associated with CMS reporting requirements e Identify the procedures and measures to be used with transmission security As a Radioman you will oft
343. se to an enemy You should also destroy pertinent technical descriptive and operating instructions FIRE PLANS In addition to an emergency plan a plan of action in the event of fire is also required As with an emergency plan it is important that all comunications personnel familiarize themselves with their command fire plan Normally the fire plan provides for the following e Local fire fighting apparatus and personnel to operate the equipment 5 12 e Evacuation of the area including a decision whether to store classified material or remove it from the area and e Admitting outside fire fighters into the area PRECAUTIONARY ACTIONS Precautionary destruction reduces the amount of classified material on hand in case emergency destruction later becomes necessary Destruction priorities remain the same during precautionary destruction However when precautionary destruction is held material essential to communications must not be destroyed For example communications operating procedures and publications that are to become effective in the near future would not be destroyed Communications operating procedures that are already effective necessary and being used would also not be destroyed The following actions should be taken daily e All superseded material should be destroyed in accordance with its prescribed time frame Unneeded material should be returned to the issuing agencies Material should be store
344. ser customer you must use tact and diplomacy You must be able to understand and resolve the requests of the customer You will also have to deal with discrepancies and explain problems to customers You must be able to independently recognize and resolve discrepancies and be knowledgeable enough to know when you can resolve a discrepancy and when to refer complex problems to your supervisor or leading chief MANAGING PRODUCTION Once you become a shift supervisor you will be res ponsible for managing the scheduling and operation of all production activities associated with computer process ing within your shift You will monitor the workflow and make adjustments to meet changing requirements During your work shift one of your many jobs will be to monitor job production status on a regular basis to determine if there is any actual or potential slippage in the schedule It will be your job to balance operations resources and optimize workflow There will be times when you must make adjustments in the sequence of work within the constraints of the overall schedule to optimize productivity In computer operations you must be able to examine problems that have occurred during production and initiate corrective action within operations or with the users THE SCHEDULING ENVIRONMENT AND REQUIREMENTS Schedulers and production control coordinators are responsible for coordinating the work efforts of many people They prepare distrib
345. ser or a witness you are responsible for the proper security control accountability and destruction of CMS material in your workspace Everyone involved with CMS material must comply with the procedures in CMS 1 related administrative and procedural publications You must also comply with the CMS instructions of the command and higher authority CMS Training Requirements The CMS custodian and alternates are responsible for training all personnel involved with COMSEC material in the proper handling security accounting and destruction of COMSEC material The CMS custodian may use the Personnel Qualifications Standards PQS for CMS as a training tool All personnel who become involved with CMS should complete the PQS training course CMS Storage Requirements COMSEC material must be stored separately from non COMSEC material This helps ensure separate control for COMSEC material and makes emergency destruction of COMSEC material easier COMSEC material of different security classifications may be stored in the same security container drawer COMSEC material however must be segregated according to classification so that it can be destroyed in a timely manner in an emergency Storage requirements for COMSEC keying material are more stringent than for nonkeying material All COMSEC keying material requiring two person integrity TPI must be stored in such a manner that a single person including the CMS custodian cannot obtain a
346. sessing a record on an individual must verify 1t has the record upon the request of the individual e The identity of any individual requesting personal record information maintained on them must be confirmed before the information 1s released e An individual must be granted access to his her personal files on request e Any request from an individual concerning the amendment of any record or information pertaining to the individual for the purpose of making a determination on the request or appealing an initial adverse determination must be reviewed e Personal information is collected safeguarded and maintained and decisions are made concerning its use and dissemination e The disclosure of personal information and decisions concerning which systems records are to be exempted from the Privacy Act e Rules of conduct are established for the guidance of Department of the Navy personnel who are subject to criminal penalties for noncompliance with the Privacy Act The Chief of Naval Operations is responsible for administering and supervising the execution of the Privacy Act and SECNAVINST 5211 5 within the Department of the Navy Additionally the Chief of Naval Operations is designated as the principal Privacy Act coordinator for the Department of the Navy 4 34 The major provisions of the Privacy Act that most directly involve computer security are found in the following parts of title 5 United States Code U S C s
347. signated FREQUENCY MANAGEMENT Over the last quarter century electronics has pervaded virtually every facet of our life High tech electronic devices especially those that radiate make constant use of the electromagnetic spectrum The term electromagnetic spectrum refers to the natural vibrations that occur when a force 1s applied to a substance These vibrations occur with various speeds and intensities The speed at which they occur 2 29 is called frequency and the distance between each vibration is called wavelength Frequency and wavelengths are discussed in a later module Spectrum Management A great invention in the 19th century ultimately led to the need for spectrum or frequency management This invention was the wireless or as we know it today the radio At first there were only two radio frequencies 50 kilohertz kHz and 1000 kHz Today the spectrum is recognized by international treaty to extend up to 3000 gigahertz GHz The development of radar satellites and other technologically advanced systems and their subsequent demands on the frequency spectrum have contributed to the need for frequency management Frequency Allocation The Department of the Navy will obligate no funds for equipment until a frequency allocation has been obtained This means that all actions necessary to establish a frequency band for a specific item must be completed and approved prior to budgeting funds The allocati
348. signations You can find detailed information on EFTO and FOUO markings in Basic Operational Communications Doctrine U NWP 4 NWP 6 01 SPECAT The SPECAT marking means special category SPECAT messages are classified messages identified with a special project or subject SPECAT messages require special handling procedures in addition to the handling procedures for the security classification of the message There are four SPECAT categories SPECAT SPECAT EXCLUSIVE FOR SEF SPECAT Single Integrated Operational Plan Extremely Sensitive Information SIOP ESI and PSEUDO SPECAT SPECAT and SPECAT EXCLUSIVE FOR messages must be at least Confidential SPECAT SIOP ESI messages are always Top Secret PSEUDO SPECAT messages are normally unclassified messages that require limited distribution Examples of PSEUDO SPECAT messages include AMCROSS messages urinalysis test results and HIV test results SPECAT messages are handled only by those personnel who are authorized by the commanding officer in writing to view them The types of information assigned SPECAT and handling procedures can be found in NWP 4 NWP 6 01 and in Fleet Communications U NTP 4 respectively PERSONAL FOR PERSONAL FOR is the marking applied when message distribution must be limited to the named recipient Only flag officers officers in a command status or their designated representatives may originate PERSONAL FOR messages NATO RESTRICTED
349. ssed Ss It is tailored for universal installation 4 It allows freedom in the report design In developing a comprehensive inspection plan what is the third step L Review the risk analysis plan sp Examine the security policy and extract pertinent objectives os Examine the AIS facility organization chart and job descriptions 4 Review documents to determine the specified security operating procedures When formulating the 5 31 inspection program which of the following areas is the most important to consider Ty The most recent security breach without regard for security priorities Ze The activities that produce minimum results with the most effort Js The critical issues with regard to security 4 The measures that are tested most frequently 5 32 in day to day operations It is considered advantageous to test fire detection sensors under surprise conditions for which of the following reasons if To test the response to alarms 23 To test the reaction of the fire party ae To test the effectiveness of evacuation plans 5 33 4 Each of the above Why should the review of previous inspection reports be part of the process of developing an inspection plan ie To show trends A To identify weaknesses that should have been 5 34 corrected oF To identify strengths that were identified 4 To identify previous team members With what frequency should a scheduled inspection take place La Monthly 2 Quart
350. suggested for the assignment of responsibilities 4 39 e Designate an individual responsible for examining facility practices in the storage use and processing of personal data including the use of security measures information management practices and computer system access controls Both internal uses and the authorized external transfer of data should be considered by this individual and any risks reported to the relevant upper management authority and the AIS technical manager Designate an individual responsible during each processing period shift for ensuring the facility is adequately staffed with competent personnel and enforcing the policies for the protection of personal data Ensure that all military civil service and other employees engaged in the handling or processing of personal data adhere to established codes of conduct Procedural Inspecting Whenever appropriate conduct an independent examination of established procedures Inspections of both specific information flow and general practices are possible The following points should be considered when developing an inspection e Inspecting groups can be established within organizations to provide assurance of compliance independent of those directly responsible Independent outside inspectors can be contacted to provide similar assurance at irregular intervals Inspection reports should be maintained for routine inspection and used to provide add
351. t be a cost justification for the security program that it returns more in savings to the AIS facility than it costs This may seem obvious but it is not uncommon for an AIS manager to call for a security measure to comply with higher authority security instructions and directives without first analyzing the risks The second criterion reflects the fact that a given remedial measure may often be effective against more than one threat Seeltable 4 3 Since a given remedial measure may affect more than one threat the lowest cost mix of measures probably will not be immediately obvious One possible way to make the selection is to begin with the threat having the largest annual loss potential Consider possible remedial measures and list those for which the annual cost is less than the expected reduction in annual loss Precision in estimating cost and loss reduction is not necessary at this point If two or more remedial measures would cause a loss reduction in the same area list them all but note the redundancy Repeat the process for the next most serious threat and continue until reaching the point where no cost justifiable measure for a threat can be found If the cost of a remedial measure is increased when it is extended to cover an additional threat the incremental cost should Table 4 3 Example of Remedial Measures by Threat Type THREATS Fire Internal Theft External Theft REMEDIAL MEASURES Fire detection system X L
352. t comes time to start projecting They know how their workload has increased in the past and can forecast what it will be in the future With this information and by knowing the limitations of the existing system you can project what additional equipment will be needed to handle the future workload of the command This may include additional network drops and terminals located throughout the command spare parts backup media and personnel The most important thing to remember when projecting the future growth capabilities is to take your time when doing the research You don t want to come up short when requesting the additional materials that you expect to need later on BACKUP OPERATIONS Backup operations fall into two categories normal and special saves Normal saves Normal saves are the ones worked into the monthly production schedules These saves are normally done every day or night and are the most important recovery tool available to you Special saves Special saves are the ones that need to be done before and after the implementation of a software upgrade and during monthly and yearly production runs The saves that are done in association with a software upgrade are not covered on your production schedule since upgrades are not released on any published schedule CONTINGENCY PLANS AND DISASTER RECOVERIES The most important part of disaster recovery is having a contingency plan and current backup files The AI
353. t document contains fleet tactical development and evaluation programs and NATO experience and provide information about the guidance for taking extracts from a NATO publication La OPNAVINST 5510 1 tactical capabilities and Za AER Al limitations of equipment and Shs NWP O NWP 1 01 systems A NATO letter of promulgation Lo A Zs 4B Ja E 4 D ACPs NTPs JANAPS NWPs account custodian local holder Figure 3A user IN ANSWERING QUESTIONS 3 23 THROUGH 3 26 SELECT THE PUBLICATIONS FROM FIGURE 3A THAT ARE DESCRIBED Figure 3B IN ANSWERING QUESTIONS 3 27 THROUGH 3 29 SELECT THE TERM FROM FIGURE 3B THAT IS DESCRIBED ALS Provide communications instructions and procedures essential to conducting combined military operations in which two or more allied nations are involved Hm GW N E J a w D 23 ISa Ta OFA A command with an account number that draws its COMSEC material directly from national or Navy distribution sources ds 0 N E J ana WD COMSEC material needs are met by drawing such material from the squadron commander Ss wN Ra U a WUD An individual who requires the use of COMSEC material for a short time to accomplish a specific task Ss wN U Q W Which of the following statements concerning storage requirements for COMSEC material is are COX rEect dis COMSEC material may be stored with other communications material according to security classification Zs COMS
354. t each THE SCHEDULER As scheduler you must be well organized Scheduling jobs through the various work areas within your AIS facility is much like scheduling the events of your own personal day to day life except it s a lot more technical and involved You set aside predetermined amounts of time to do certain things Call it a things to do list if you will It would be nice if your things to do list consisted of nothing more than having to accept incoming requests from the users finding holes to plug their jobs into the schedule and waiting for the jobs to show up on the completed list If that were the case your things to do list would be relatively small and seemingly uncomplicated If your AIS facility has such an abundance of resources that any demands made by the users can be easily met then your facility is probably wasting resources and incurring more expenses than it should This is probably not the case To the contrary your command will probably have just enough resources or too few As scheduler you must decide which jobs to process first second third and so on Which jobs can be run together You need to determine the job mix How big are the jobs in terms of memory use What resources do they use disk drives tape drives printer and so on How long will each job run In what environment must each job be run Under ideal conditions you can work through your things to do list in a relatively short perio
355. t encompasses all of the AIS fictional work areas and the users illustrates a typical AIS facility s workflow structure This particular site operates in a multiprogramming environment and handles batch online batch and real time processing Study this figure for a moment You will see how the work flows in and about and out of the AIS facility You will see how you as a scheduler fit into the picture In looking at figure 1 4 you will notice this AIS facility is composed of five fictional work areas e Production Control Scheduling I O Control Quality Control e Data Entry e Computer Operations e Media Library and e Technical Support Each functional work area is responsible for specific segments of the workflow How they work together and with you as the scheduler will determine if your job is easier or more difficult Learn what they do The next paragraphs will give you a basic understanding of their responsibilities and their interactions with other work areas PRODUCTION CONTROL personnel act as liaison between the AIS facility and the user community The division chief and LPO normally deal with users during the initial scheduling phase They will assist scheduling by ironing out any problems early in the scheduling phase When necessary they will also work with the users to adjust data flow and output schedules based on user and production requirements SCHEDULING personnel make production commitments
356. t is to say all Pacific Fleet naval broadcasts are under the operational direction and control of the Commander in Chief Pacific Fleet CINCPACFLT The same applies to Atlantic Fleet navak broadcasts These broadcasts are under the operational direction and control of the Commander in Chief Atlantic Fleet CINCLANTELT Fleet commanders in chief are responsible for the adequacy of communications to satisfy the needs of their respective fleets They in turn assign broad communications responsibilities in the form of fleet operation orders OPORDs OPORDs are to be complied with at every level down through individual commanding officers of operating ships The commanding officers use only those portions of the fleet commander s communications OPORD that affect them In this simple yet direct manner the NTS is administered at every operational level in the fleet according to that ship s mission and communication needs We will talk more about OPORDs later in this chapter The Naval Telecommunications Command is composed of the following elements 2 3 Commander Naval Computer and Telecom munications Command COMNAVCOMTEL COM Naval Computer and Telecommunications Area Master Stations NCTAMSs Naval Computer and Telecommunications Stations NAVCOMTELSTAs sometimes referred to as NCTSs Naval Communications Detachments NAVCOMTEL DETs also abbreviated NCTDs Naval Data Automation Commands NAV DACs
357. t it adequately provide for the rapid and complete destruction of the classified material Emergency plans must cover three areas of emergencies e Natural disasters such as hurricanes eCivil disturbances such as rioting and e Enemy action Emergency plans should provide for the protection of classified material in such a manner as to minimize the risk of loss of life or injury to personnel For destruction the command s emergency plan must do the following e Emphasize procedures and methods of destruction including place and destruction equipment required e Clearly identify the exact location of all classified material e Prioritize material for destruction and e Assign personnel by billet areas of responsibility for destruction Priorities When the emergency plan is implemented priority of destruction is based on the potential effect on national security should the material fall into hostile hands COMSEC material is destroyed first The priorities for emergency destruction are as follows e FIRST PRIORITY Top Secret COMSEC material and classified components of equipment and all other Top Secret material e SECOND PRIORITY Secret COMSEC material and all other Secret material e THIRD PRIORITY Confidential COMSEC material and all other Confidential material After you have destroyed the classified for which you are responsible you should destroy any unclassified equipment that could be of u
358. t messages relating to situations that gravely affect the security of national allied forces Examples of use amplifying report of initial enemy contact or unusual major movements of military forces Speed of service objective is 30 minutes to 1 hour AI 2 INMARSAT INTERNATIONAL MARITIME SATELLITE COMMUNICATIONS A satellite system that interfaces naval com munications for the DON and commercial telecommunications authorized by law I O CONTROL CLERK The person responsible for the quality and control of data processing input and output media and products J JETTISONING A type of destruction that is completed by throwing material overboard at sea at a depth of at least 1 000 fathoms or more also known as Sinking JOB DEPENDENCY When a job requires the output from another job it is said to be dependent on another job JOB RELATED INFORMATION Information about the resources media and time needed for a particular job JULIAN DATE Consists of seven digits the first three digits represent the date and the last four digits represent the hour and minutes begins on the first day of the calendar year M MARS MILITARY AFFILIATE RADIO SYS TEM Provides auxiliary communications to military civil and or disaster officials during periods of emergency Users are licensed by the Federal Communications Commission FCC MULTIPLE ADDRESS MESSAGE A message with two or more addressees MULTIPROC
359. t not essential An experienced military or civil service user of AIS services might have the necessary qualifications The role of the team is not to develop security controls but to evaluate established controls and procedures Also the team should not be responsible for enforcing control procedures which is clearly an AIS management responsibility The character of each of the inspection team members is extremely important Judgment objectiv ity maturity ability and a probing nature will all affect the success of the inspection The leader of the inspec tion team must be able to organize the efforts prepare a good written report and communicate findings effectively The leader should be an officer warrant officer chief petty officer or U S civilian employee who is GS 7 or above If not technically oriented the team leader should be assisted by someone whose technical judgment and knowledge of AIS is reliable The size of the team depends upon the size of the facility and the scope of the inspection A large facility should consider including personnel from the following areas on the inspection team e Internal inspection The knowledge and discipline to conduct an inspection can be provided through internal inspection specialists Inquisitiveness a probing nature and attention to detail are typical characteristics desired for inspection board members Even though an inspection team member generally is not trained in dat
360. tablished AIS security policies and procedures Successful Attacks and Adverse Events Successful attacks and adverse events result from a combination of threats vulnerabilities and AIS assets When a threat takes advantage of a vulnerability and does harm to your AIS assets a successful attack or adverse event has occurred Successful attacks and adverse events may be roughly grouped as losses or abuses You can lose hardware software and data You can lose documentation and supplies You can lose key staff personnel Losses often result in denial of service preventing access to information when it is Figure 4 1 AIS assets 4 2 INFORMATION NATURAL DIASTERS Figure 4 2 Threats to AIS assets needed Abuse relates to unauthorized access to service unwanted destruction or alteration of data and software and unauthorized disclosure of classified information We have an adverse event with every fire and with every flood caused by a broken pipe in a computer room We have a successful attack with every bowling score recipe or school paper stored online and with every computer hacker that plays crash the computer or scramble the data 4 3 Likelihood and Risk Likelihood and risk relate to successful attacks and adverse events Likelihood relates to chance what is the likelihood probability that a successful attack or an adverse event will occur Risk has to do with money it tells us about the cost
361. tablished by the authority responsible for the security of the overall AIS They are agreed to and implemented before the remote device is connected to the AIS DOD component systems may become part of a larger AIS network The approval and authority to authorize temporary exceptions to security measures for the component s system in the network requires two components These include the DOD component operating the AIS system and the DOD component having overall responsibility for the security of the network Each remote terminal that is not controlled and protected as required for material accessible through it should be disconnected from the AIS system when the system contains classified information Disconnect procedures are used to disconnect remote input output terminals and peripheral devices from the system by a hardware or software method authorized by the designated approving authority of the central computer facility Security Survey An annual security survey of the AIS facility area should be conducted by the AIS technical manager The first step of the survey is to evaluate all potential threats to the AIS facility as discussed earlier in this chapter The second step is to define and tabulate areas within the facility for control purposes Details depend on the specifics of each facility but the following are common areas to consider e Public entrance or lobby e Loading dock e Spaces occupied by other building ten
362. te them on the run sheet CONTROL PARAMETERS The task folder will also indicate any parameters that are required These parameters provide application programs with variable information data elements that change from one run to the next For example the type of run requested D aily W eekly M onthly Y early E dit input only and so on or the entering of a date You maybe required to key in one or several of these parameters depending upon the complexity of the system OUTPUT REQUIREMENTS The task folder and or the computer run sheet show you all of the output products magnetic tapes disks and special forms that are produced during the running of the job or system As an I O control clerk you maybe tasked to provide the computer operators with the correct number of blank handwritten or preprinted output tape disk labels and ensure a sufficient supply of tapes disks paper and special forms are on hand before the job or system is scheduled to be run Job Monitoring Although we would like to believe all jobs run without error there are occasions when a program prematurely or abnormally terminates It does not process to normal end of job EOJ When this occurs the operator 1s expected to take whatever corrective actions are necessary to get the job going again More often than not the operator is able to recover a job by recreating a tape disk file moving the file to another device or possibly cleaning the
363. tegral function in the overall ADP operation The importance and impact you have whether it be aboard ship or ashore is far reaching and invaluable Most opinions formulated by the AIS users customers are based on the quality of their output products and their personal contact with you as an I O control clerk Your attitude toward your job and its importance is seen not only by 1 2 the customer but also by your fellow workers supervisor and in some cases management The quality of your work will be your signature when dealing with other AIS personnel and customers I O control is a process Your job will be to follow your installation s procedures Although the procedures may differ from one installation to another they all require the same knowledge and skills As an I O control clerk you act as the middle person between the user customer and the computer Normally the users come to you with a transmittal or request form and sometimes with their input source documents magnetic tapes diskettes and so on Before accepting and logging in their jobs take a few moments to look over the transmittal form Be sure that all the necessary entries are properly filled in that they are readable and that any special instructions are understandable It is better to clear up any misunderstandings right then and there rather than having to contact the user again later and possibly cause a delay in the job getting on the computer
364. that it is not intentionally or unintentionally lost or destroyed AIS MEDIA PROTECTION MEASURES AIS media protection is important because that is where we store data information and programs All data and information whether classified or not require some degree of protection Software also requires protection You would not want to lose the only copy of a program you had worked 4 months to write test and debug The amount of protection depends on the classification of data the type of AIS storage media used the value of the material on it and the ease with which the material can be replaced or regenerated AIS media includes magnetic tapes disks diskettes disk packs drums cathode ray tube CRT displays hard copy paper core storage mass memory storage printer ribbons carbon paper and computer output microfilm and microfiche You are responsible for controlling and safeguarding protecting the AIS media at all times For purposes of control AIS media can be divided into two types or categories working copy media and finished media You will be working with both Working copy media is temporary in nature It is retained for 180 days or less and stays within the confines and control of your activity Examples of working copy media are tapes and disk packs that are used and updated at frequent intervals and coding forms that are returned immediately to the user after processing Finished media is permanent in natu
365. the probability of occurrence is given Use these data and higher authority instructions manuals and apply common sense to develop estimates of the probability of occurrence for each type of threat Table 4 1 Example of Preliminary Estimates of Loss Potential CLASSIFIED SENSITIVE DATA TASK RUN FILE NAME TIME RECONSTRUCTION Mn COMPROMISE THEFT OF INFORMATION PRIOR l MANPOWER COST PROJECT ESTIMATE DELAYED PROCESSING IMPACT W 4 5 W Easy No No 4 15 While the overall risk analysis should be conducted by the AIS technical manager other personnel at the AIS facility can contribute to the threat analysis and their help should be requested Table 4 2 includes a list of common threats at a shore AIS facility with space for listing the agency or individual to contact should the need arise Your AIS facility should have a similar list with local contacts of help and information Annual Loss Expectancy The third step in the risk analysis is to combine the estimates of the value of potential loss and probability of loss to develop an estimate of annual loss expectancy The purpose is to pinpoint the significant threats as a guide to the selection of security measures and to develop a yardstick for determining the amount of money that is reasonable to spend on each of them In other words the cost of a given security measure should relate to the loss es against which it provi
366. the Security Manual and OPNAVINST 5530 14 for evaluation guidelines Special equipment can be installed to improve the quality and reliability of electric power Special door locks military guards and intrusion detectors can be used to control access to critical areas e Improve procedures to close gaps in controls These might include better controls over operations or more rigorous standards for programming and software testing e Early detection of harmful situations permits more rapid response to minimize damage Fire and intrusion detectors are both typical examples e Contingency plans permit satisfactory accomplishment of command missions following a damaging event Contingency plans include immediate response to emergencies to protect life and property and to limit damage maintenance of plans and materials needed for backup operation offsite and maintenance of plans for prompt recovery following major damage to or destruction of the AIS facility The command s Disaster Control Plan should coincide with the AIS facility s contingency plans Table 4 3 shows examples of remedial measures for a few threats When selecting specific remedial measures use the following two criteria 1 The annual cost is to be less than the reduction in expected annual loss that could be caused by threats 2 The mix of remedial measures selected is to be the one having the lowest total cost The first criterion simply says there mus
367. the watch All signatures in the watch to watch inventory must be in ink The inventory may be destroyed after 30 days if it is no longer needed for local reference If watch to watch inventories are not required aboard ship a daily inventory is required EXTRACTS Naval warfare publications may be extracted reproduced for use in training or operations of U S forces All extracts must be properly marked with the security classification and safeguarded in accordance with the Security Manual The classification assigned to an extract is the highest classification assigned to any article paragraph page or pages from which the information is taken Guidance for allied NATO publications is found in their NATO letters of promulgation RECEIVING NEW OR REVISED PUBLICATIONS When new or revised publications are received you should check the Foreword and the U S Letter of Promulgation for the effective status of the publication The Foreword shows the effective status of the publication for allied usage the U S Letter of Promulgation for U S use A revision to a publication can be issued that is effective for U S use but not for allied use Particular care should be taken not to destroy the previous edition until the new revision is effective for allied use as well ALLIED COMMUNICATIONS PUBLICATIONS With worldwide cooperation among friendly nations and the United States the need arose for coordinated and standardized com
368. ties are separate and distinct and concern the following parties Originator e Drafter and e Releaser Occasionally the responsibilities may overlap especially if one person is serving a dual capacity For example communications officers may occasionally draft and release messages thus making them both drafters and releasers ORIGINATOR The originator is the authority command or activity in whose name the message is sent The originator is presumed to be the commanding officer of the command or activity Most often the originator and the releaser are one and the same In some cases the drafter releaser and originator are all the same person For example if the commanding officer drafts a message for transmission he or she is the drafter as well as the releasing authority for the activity in whose name the message 1s sent DRAFTER The drafter is the person who actually composes the message In accordance with NTP 3 the drafter is responsible for e Proper addressing and using plain language address PLA designators correctly Clear concise composition Selecting the precedence Ensuring the proper format Assigning the proper classification and Ensuring the application of proper downgrading and declassification instructions to classified 2 22 messages except those containing Restricted Data or Formerly Restricted Data RELEASER The releaser is a properly designated individual authorized
369. time group Use the Process Sequence Number PSN 1f contained in the original message If the original message was sent within the last 60 days use the short form to readdress 1t Messages are held in the message center file for up to 60 days On the short form enter the from to and information addressees in the fields provided Send the short form to the message center where 1t will be combined with the text of the original and then sent The short form readdressal is always unclassified However it must state the classification of the readdressed message Messages over 60 days old are routinely deleted from the message center files If the original message to be readdressed is more than 60 days old use the long form Enter the from to and information addressees 1n the fields provided Unlike the short form you retype the entire message Classify the long form the same as the original message When a sectionalized message 1s readdressed each section of the message must be readdressed separately The headerlines and addressees must be the same on each readdressal The PSN must match that of the section being readdressed but the respective section number is omitted Each section of the readdressed message should have the same date time group The precedence of the readdressal message maybe lower the same as or of a higher precedence than the original message when deemed operationally imperative by the readdressal authori
370. tions set aside groups of tapes and disks for recording classified data at each security level HARD COPY REPORTS MICROFILM AND MICROFICHE Hard copy reports or printouts from a printer terminal plotter or other computer equipment and microfilm and microfiche must be properly marked Those prepared during classified processing must be marked at the top and bottom of 4 12 each page with the appropriate classification or the word unclassified and each page should be consecutively numbered CRT DISPLAYS The appropriate security classification marking is displayed at the top of the screen when displaying classified data or information Disposition of Media There comes a time when the media or the information on the media is no longer needed With microfilm microfiche and printouts we destroy the media with the data The same is not true of magnetic media We can erase and reuse the media when the data is no longer needed However the media cannot function forever Tapes and disks become damaged or eventually wear out When a disk or tape becomes unusable it must be disposed of But first each disk and tape must be accounted for It may have been used for classified data The magnetic media librarian will see that it 1s disposed of properly If the media contained classified data it will be degaussed before being destroyed There are two other problem areas we tend to forget printer ribbons and carbon paper
371. to release messages for transmission in the name of the command or activity The releasing individual ensures that the drafter has complied with the requirements contained in NTP 3 In addition to validating the contents of the message the signature of the releaser affirms compliance with message drafting instructions The signature of the releaser authorizes the message for transmission After a message has been properly released it is delivered to the telecommunications center TCC for transmission The DTG is normally assigned here Proper transmission receipting and filing procedures are done by the communications personnel An important point that you should remember about the DTG is that it is assigned for identification and file purposes only It is not used to compute message processing time MESSAGE READDRESSALS If you receive or send a message and later determine that another activity may need to act on or know about the information in the message you can readdress the original message to that activity If you receive a copy of a message as an information addressee you can only readdress the original for information purposes Use a short form or long form depending on how long ago the original message was sent For both the short form and long form you must e Fully identify the message you are readdressing e Enter the new addressee s e Enter the original message originator Include the original date
372. to the alternate feeder This technique is of greater value if the two feeders connect to different power substations If the AIS facility is in a remote area an uninterrupted power supply UPS is usually required as a backup power source The UPS system can be manually or automatically controlled from prime power sources or from the AIS computer site The typical UPS consists of a solid state rectifier that keeps batteries charged and drives a solid state inverter The inverter synthesizes alternating current for the computer A simplified block diagram is shown i Depending on the ampere hour capacity of the battery or batteries the UPS can support its load for a maximum of 45 minutes without the prime power source At the same time it will filter out transients To provide extra capacity to protect against a failure of the UPS a static transfer switch can be inserted between the UPS and the computer as shown in figure 4 9 The control circuitry for the static switch can sense an overcurrent condition and switch the load to the prime power source without causing noticeable transients E BATTERY FOR ENERGY STORAGE Figure 4 8 Simplified block diagram of an uninterrupted power supply UPS RMJA0032 SYNC SIGNAL SOLID STATE SOLID STATE 4 RECTIFIER INVERTER Ft l a 6 f IA EA eae 1 ij i BATTERY Z I SOLID STATE i CONTROL S TRANSFER i SWITCH Nes RMJA0033 Figu
373. try and computer inputs to either computer operations or the media library depending on when the job is scheduled Receive output products from quality control process log and package output products and ensure proper and timely delivery to users QUALITY CONTROL personnel review all completed output products from data entry and computer operations to determine their accuracy and completeness before releasing them to I O control personnel for further processing and distribution They forward incomplete or incorrect jobs to scheduling or technical support for further investigation DATA ENTRY personnel convert source documents into machine readable form using some type of key driven terminal device if this is not done by the user They accept source documents key enter and verify all inputs and return completed data to quality control so it can be checked for completeness and accuracy before turning it back over to I O control to be submitted with the job COMPUTER OPERATIONS personnel operate the computer and associated peripheral devices in accordance with authorized schedules They receive inputs and associated run instructions from I O control update schedules as the work is completed forward output products to quality control and transfer magnetic media to the library for further handling and processing 1 12 MEDIA LIBRARY personnel check in out tapes disks diskettes and documentation to computer operations person
374. ts personnel of internal routine practices is most commonly issued in what format i Division LaStruct Lon Les Division officer instruction Ja Standard operating procedure 4 Operational instruction LEO How detailed a standard 4 42 operating procedure SOP is depends on which of the following factors 1 The state of training Ze The complexity of the iNnStructions 38 The size of the command 4 Fach of the above What type of message is destined for two or more addressees informed of any other addressee L Book de General Su Multiple address 4 Single address What type of message has a wide predetermined standard distribution 4 44 a Book a General du Multiple address 4 Single address How can four letter address groups be distinguished from Navy four letter international radio call signs i Address groups are transmitted with a hyphen between the first and second letters Ze Address groups are transmitted with a hyphen between the third and fourth letters of Address groups are 4 45 always transmitted twice 4 Address groups do not begin with the letter N 13 none of whom 1s 4 43 What type of address group must always have more information added to it to serve as a complete station and address designator l Individual activity address group de Collective address group 3 Conjunctive address group 4 Address indicating group What always precedes ge
375. ty General formatting instructions and preparation guidance are available in NTP 3 Message readdressal procedures may vary slightly at different TCCs The required procedure may be verified through the local TCC MINIMIZE MESSAGES Military telecommunications systems tend to become overloaded during an emergency Naturally it becomes necessary to reduce unnecessary traffic volume to clear user circuits for essential traffic This reduction in traffic is accomplished by use usually by message of the word MINIMIZE Minimize means It is now mandatory that normal message and telephone traffic be reduced drastically so that vital messages connected with the situation indicated will not be delayed A message ordering minimize consists of the word MINIMIZE followed by the area affected scope reason and duration of the minimize condition when known Minimize messages must be brought to the immediate attention of the leading communications petty officer LPO and the communications officer The Chief of Naval Operations CNO fleet commanders in chief and area coordinators are authorized to impose minimize conditions on users of naval communications systems Subordinate commanders may impose minimize over elements of 2 23 their commands only with prior permission from one of the three authorities just mentioned During minimize conditions FLASH and IMMEDIATE traffic should be restricted to a maximum of 100
376. ty Procedures U OPNAVINST C5510 101 is the authority for the proper handling storage accounting classification and clearances of NATO material The final responsibility for determining whether a person is granted access to a security area rests upon the individual who has the authorized possession knowledge or control of the information involved and not upon the prospective recipient No number of written rules or governing statutes can replace individual initiative and common sense As we 5 4 mentioned earlier no one has a right to access based solely upon security clearance rank or position STORAGE OF CLASSIFIED MATERIAL All classified matter not in actual use must be stored in a manner that will guarantee its protection The degree of protection necessary depends on the classification category quantity and scope of the material involved Normally the type and extent of physical protection required are determined before an activity begins its day to day or watch to watch routine It is very likely that an appropriate physical security program is already in effect when you report aboard Details concerning physical security standards and requirements for classified information are contained in the Security Manual Unattended Containers If you find an open and unattended container or cabinet containing classified matter you should report it to the senior duty officer Do not touch the container or contents but
377. u usually think of the quality of the facility s output products This is not the only area of concern You should be looking at all areas of production particularly daily operations DAILY OPERATIONS You will want to look at the previous day s log Evaluate what happened e Were all scheduled jobs run e When something went wrong was the user notified What action was taken to correct the problem Was the job rerun Was it necessary to rerun a series of jobs If so was it done Are there corrections adjustments you need to make to the workload schedule for today 1 21 Remember you are responsible for overseeing the work accomplished Provide feedback to the production control coordinator I O control clerk and shift super visor as needed to improve performance and operation e Talk to the subsystem coordinators are they satisfied with the service and the products e Look carefully at new applications How does the new application affect the other applications running concurrently Can the system efficiently handle the new work or do adjustments need to be made to the job mix and schedules What is the impact of the new application on online user response time e Look carefully at modified applications What is their impact on the system Does it take more or less time to process the modified applications Were any problems encountered Do you need to talk to users about the impa
378. u a better understanding of the importance scope and responsibilities that go with processing production jobs receiving jobs scheduling AIS production within the AIS facility and ensuring the accuracy and timeliness of products I O CONTROL I O control is the interface between the user and the computer system Figure 1 shows an example of the role played by I O control in the processing of computer jobs VO CONTROL PROCEDURES I O as you know stands for input output The people who perform I O functions are called control clerks I O control clerks job staging clerks distribution clerks or computer aids In short these are the people who are responsible for the quality and control of data processing input and output media and products They ensure that the data to be processed meets all the requirements as outlined in the input criteria instructions and procedures that all data are processed that all processing steps are performed that the output products are distributed to the appropriate users once they are complete To be an efficient and effective I O control clerk you should be able to work on your own with a minimum of supervision work well with other people display tact and diplomacy be a good communicator use sound judgment be logical methodical and persuasive and most of all be able to respond to users requests Although you may manage to stay out of the limelight in this job you do perform an in
379. u can make a backup reformat the hard disk and restore your files You can also run a software program referred to as a defragmenter to reorganize the files so the data in each file is contiguous 1 24 Add or Change a Disk Drive By adding a new disk drive or replacing a disk drive with a larger drive you will reduce the problems you may have with disk space Remember if you add or change a disk drive you must modify the system setup so the system will recognize the new drive SOFTWARE Let s look at some operating system changes available Remember anytime you are preparing to make changes to your operating system you must consult the system operator manual first It will show you what can and cannot be changed on your particular system The operating system changes you can make are as follows e Reconfigure the system e Change buffer sizes e Change memory addresses Reconfigure the System When we reconfigure the system we can move the device drivers into extended memory We can move disk files from a smaller capacity disk drive to a larger capacity drive this will also help with fragmentation Change Buffer Sizes By changing buffer sizes we increase the input output activity of the system resulting in the job finishing faster This will also help reduce the chances that the system will lock up Change Memory Addresses By changing memory addresses you can tailor extended and expanded memory to the system
380. uals become knowledgeable in specialized fire protection and the systems applicable to the facility in question how to turn in an alarm which type of extinguisher to use for which type of fire and how to use it Further such individuals can serve as on the job fire inspectors constantly seeking out reporting and correcting conditions that may cause fires They can help ensure that fire fighting equipment is properly located and maintained that storage does not cause congestion that could hamper fire fighting and that general housekeeping is maintained at a reasonably high level to minimize fire risk SUPPORTING UTILITIES PROTECTION Every Navy AIS facility 1s dependent upon supporting utilities such as electric power and air conditioning and may have to depend on communication circuits water supplies and elevators for its operation Not all commands are self sufficient they contract some or all of these utilities from civil sources In using these utilities AIS technical managers should consider the probability of occurrence and the effects of breakdowns sabotage vandalism fire and flooding These effects can then be related to the needs of the AIS facility as established by the risk analysis We have selected electrical power to illustrate support utility protection Variations of a normal waveform in the electric power supply can affect the operation of AIS hardware The AIS hardware rectifies the alternating current fi
381. uires rapid dissemination These numerical message corrections NMCs are normally sent as general messages NMCs are assigned a two number designation separated by a slant sign The first number indicates the sequential 2 35 number of the message correction to the original or revised publication The last number is the printed change that incorporates the material For example NMC 7 3 is the 7th message correction and is incorporated into the publication by change 3 PUBLICATION NOTICE A publication notice gives a brief summary of a new publication or change The notice is included with each hardback copy and is furnished solely for routing by the NWPC These notices keep all cognizant personnel informed of the changes to naval warfare publications The notices are destroyed when no longer useful WATCH TO WATCH INVENTORY To ensure positive control of NWPL publications a watch to watch inventory should be conducted At the change of each watch the watches jointly conduct a visual inventory of every publication held by the watch section Those loose leaf publications requiring a page check at the end of the watch must be indicated on the inventory sheet The signing of the watch to watch inventory by the relieving watch certifies that the publications were sighted the required page checks were conducted and that the relieving watch stander is responsible for them Any discrepancies should be resolved prior to the relieving of
382. ustain no direct loss it clearly would have failed in its mission In some cases information itself may have market value For example a proprietary software package or a name list can be sold e Indirect theft of assets If the AIS is used to control other assets such as cash items in inventory or authorization for performance of services then it may also be used to steal such assets The loss potential would be the value of such assets that might be stolen before the magnitude of the loss is large enough to assure detection e Delayed processing Every application has some time constraint and failure to complete it on time causes a loss In some cases the loss potential may not be as obvious as for example a delay in issuing military paychecks To calculate the loss potential for physical destruction or theft of tangible assets AIS technical managers and upper management should construct a table of replacement costs for the physical assets of the AIS facility The physical assets usually include the building itself and all its contents This tabulation broken down by specific areas helps to identify areas needing special attention While the contents of the typical office area may be valued at 100 to 500 per square foot it is not unusual to find the contents of a computer room are worth 5 000 to 10 000 per square foot The estimate is also helpful in planning for recovery in the event of a disaster The remaining four
383. ut which of the following changes to the operating system Ls Change memory addresses Lo Reconfigure disk drives F Reconfigure the system 4 Change buffer sizes When submitting a trouble report you must follow the instruction trom WALCEHA jor the following commands ine The type commander Ge Lea The command receiving the trouble report Va The command sending the trouble report When you cannot work around a problem to continue operating what priority should you assign to the trouble report 1 Critical Zo Routine Si Urgent When you can work around the problem but a resolution is required immediately what priority should you assign to the trouble report Ls Critical 2D Routine Os Urgent All of the following are common reasons for the submission of a hardware trouble report except which one LES System keeps locking up 2 System keeps dropping I O channels Ss Corrupted file and no save tapes are available 4 Bad data entered in file When preparing the operational guidelines for your facility which of the following areas should you consider Le Backup operations only p Contingency plans and disaster recoveries only EN Emergency responses only 4 Backup operations contingency plans and disaster recoveries and emergency responses Which of the following is NOT a common reason for urgent change requests E Changes to the operating system Zi Equipment degradation da System testing 4
384. ute and maintain produc tion schedules for their AIS facility or data center They analyze job requirements old and new to determine the impact each job has on production resources They also inform the LPO or division chief when scheduling requirements will exceed computer system resources In short schedulers act as coordinators from the time a request is received until a job is successfully completed The scheduler is responsible for keeping the AIS facility s assembly line running as smoothly and efflciently as possible Schedulers ensure that jobs are scheduled and entered into the production job stream at the proper time They also ensure that all necessary resources are available to maintain a constant workflow throughout the AIS facility PEOPLE PLACES and THINGS are the important factors of a scheduler s job The first factor is PEOPLE You must learn to deal with various personalities The second factor is PLACES You have to learn what goes on in other fictional work areas The third factor is THINGS You have to cope with run times deadlines computer hardware and software malfunctions problems with production programs and TIME itself that 24 hour period in which you are to schedule as much production work as possible THE SCHEDULING ENVIRONMENT How difficult 1s 1t to prepare a schedule you might ask That depends on the size and complexity of your data processing installation in terms of hardware software an
385. uter and Telecommunications Area Master Station LANT Naval Computer and Telecommunications Area Master Station MED September 1993 Fleet Telecommunications Procedures for the Pacific and Indian Ocean Naval Communication Areas NCTAMSEASTPAC NCTAMS WESTPACINST C2000 3D Naval Computer and Telecommunications Area Master Station EASTPAC Naval Computer and Telecommunications Area WESTPAC 10 August 1992 Guideline for Automatic Data Processing Risk Analysis Federal Information Processing Standards FIPS Publication 65 Department of Commerce National Bureau of Standards Springfield VA August 1979 Guideline for Evaluation of Techniques for Automated Personal Identification Federal Information Processing Standards FIPS Publication 48 Department of Commerce National Bureau of Standards Springfield VA April 1977 Hussain Donna and K M Hussain Managing Computer Resources Second Edition Richard D Irwin Inc Homewood IL 1988 Local SOP and PQS Bureau of Naval Personnel PERS 1043B Washington DC Local SOP and PQS Enlisted Program Management Center EPMAC New Orleans LA Local SOP and PQS USS EISENHOWER CVN 69 Local SOP and PQS USS NASSAU LHA 4 Message Address Directory Joint Chiefs of Staff Washington DC June 1990 Naval Warfare Documentation Guide NWP 0 Rev P NWP 1 01 Chief of Naval Operations Washington DC January 1990 Operational Reports NWP 10 1 10 NWP 1 03 1 Chief of Naval Oper
386. uthenticate e A station directs radio silence or requires another station to break an imposed radio silence and e A station transmits operating instructions that affect communications such as closing down a station shifting frequency or establishing a special circuit You can find further information on authentication in Communications Instructions Security U ACP 122 MEACONING INTRUSION JAMMING AND INTERFERENCE MIJI MIJI is a term used to describe four types of interference that you are likely to experience in a given situation Meaconing is the interception and rebroadcast of navigation signals These signals are rebroadcast on the received frequency to confuse enemy navigation Consequently aircraft or ground stations are given inaccurate bearings Meaconing is more of a concern to personnel in navigation ratings than to you as a Radioman However communications transmitters are often used to transmit navigation signals Since communications personnel operate the transmitters they must know how to deal with any communications problems resulting from meaconing Intrusion is defined as any attempt by an enemy to enter U S or allied communications systems and simulate our traffic to confuse and deceive An example of intrusion is an unauthorized radio transmission by an unfriendly source pretending to be part of an air traffic control service and giving false instructions to a pilot Jamming is the deliberate
387. ve Meaconing Interference Jamming Intrusion Figure 3D IN ANSWERING QUESTIONS 3 48 THROUGH 0 SELECT THE TERM FROM FIGURE 3D THAT IS DEFINED EMO The interception and rebroadcast of navigational signals on the same frequency 1 A Za B Sa di AD An attempt by the enemy to 3 53 enter U S or allied communications systems and simulate traffic with the intent to confuse and deceive les A A B a C Side 4 D The deliberate use of electromagnetic signals with the objective of impairing communications circuits 1 A Zs B Sa 7C SADO 4 D Usually a nondeliberate electrical disturbance that unintentionally prevents the effective use of a frequency 1 A A B oe E Jok 4 D Which of the following statements best describes the overall goal of AIS security l To take all reasonable measures to protect AIS 3757 assets Ls To prevent data and programs from being destroyed or sabotaged or To keep unauthorized personnel out of your ALS tfacrlrry A To take whatever measures are necessary to protect equipment and people Which of the following assets is NOT considered an AIS asset People Hardware Software Environment Hm GO Ro e In AIS security terminology what term is used for the things that can destroy AIS assets ie Threats Z Probability 3 Vulnerability 4 Countermeasures To express the cost of a loss or abuse from an adverse event over time what A
388. ways insert a filler or tickler in its place Fillers are locally prepared forms that identify the message by the original DTG the message originator information as to where the message is located and the personal sign of the person removing the message from the file and completing the filler For readdressal messages a filler is made for each readdressal date time group The message itself is filed under the original date time oroupl Figure 2 10 shows an example of a message filler or tickler FILE MAINTENANCE Messages and fillers are filed in ascending date time group order The earliest message of the radio day raday will be at the bottom of the file Automated systems print the DTG of each message on the lower right hand corner of each message For messages processed on nonautomated systems the DTG should 2 26 GENERAL MESSAGE READDRESSAL MESSAGE ORIGINAL DATE TIME GrouP_M474452 AUG 46 _ DATE TIME GROUP From _USS BLUE FROM ORIGINAL DATE TIME GROUP 3914302 JUL 96 rrom COMSEVENTH FIT CT css YOST NOTE MAKE FILLER FOR EACH READDRESSAL DATE TIME GROUP gt S9 m m m 0 A e FROM cuss UCST DIRECTIONS FILL IN APPROPRIATE BLANKS FOR THE TYPE OF MESSAGE FILED TO LOCATE ORIGINAL COPY SEE COMMCEN FILE TE TIME GROUP Putu4s2 AUG 46 RMJA0017 Figure 2 10 Example of a message filler also be printed on the lower right hand corner This aids personnel i
389. willfully malicious abuse If the information resides on removable storage media 1t should be externally labeled External warnings must clearly indicate that the media contain personal information subject to the Privacy Act for example PERSONAL DATA PRIVACY ACT of 1974 Note that abbreviations must not be used e Store personal data in a manner that conditions users to respect its confidentiality For example store personal data under lock and key when not being used e If a program generates reports containing personal data have the program print clear warnings of the presence of such data on the reports e Color code all computer tape reels disk pack covers and so on which contain personal data so they can be afforded the special protection required by law e Keep a record of all categories of personal data contained in computer generated reports This facilitates compliance with the requirements that each command identify all personal data files and their routine uses by the command 4 38 Carefully control products of intermediate processing steps For example control scratch tapes and disk packs to ensure they do not contribute to unauthorized disclosure of personal data Maintain an up to date hard copy authorization list The list should include all individuals computer personnel as well as system users allowed to access personal data It is used in access control and authorization validation Maintain a
390. with two other factors precomputer processing and postcomputer processing Precomputer processing includes ensuring all inputs are received on time according to prearranged schedules Postcomputer processing includes ensuring output products are complete accurate and delivered to the user when promised Too often these areas are either overlooked or forgotten because our interest is generally focused on the computer We can easily overload or underload precomputer and postcomputer resources This will have the same effect as overloading or underloading the computer either user service deteriorates or AIS services are underused For TOTAL AIS scheduling to be achieved YOU must consider all of the fictional work areas in the assembly line especially the end users All are affected by the scheduling process and because of this you must give each work area proper consideration Having working knowledge and experience in the fictional areas for which you will prepare schedules will also help you As scheduler you will be putting together information from several sources I O control data entry and the magnetic media library Depending upon how your AIS facility is structured your operational requirements will include tasks duties and functions as follows e Receive user job requests e Analyze production requirements e Assign job run control numbers Maintain accurate logs Carry out administrative reporting requirements
391. ything together They concern planning and evaluation They include audits to review the effectiveness and efficiency of the countermeasures They check to make sure that the measures are actually in place being followed and working Problems found require replanning and reevaluation to see that corrections are made RISK MANAGEMENT Risk management involves assessing the risks determining loss potential estimates and selecting countermeasures appropriate to prevent detect minimize and recover from successful attacks and adverse events Management selects the countermeasures making sure that the cost of the measure is less than the cost of the risk The trick is to select the countermeasure that will result in the lowest total cost while taking all reasonable measures to protect our AIS assets Keep in mind that the presence of a vulnerability does not in itself cause harm A vulnerability is merely a condition or set of conditions that may allow the computer system or AIS activity to be harmed by an attack or event Also keep in mind that an attack made does not necessarily mean it will succeed The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures Countermeasures may be any action device procedure technique or other measure that reduces the vulnerability of an AIS activity or computer system to the realization of a threat COUNTERMEASURE STRATE
392. zation reports and e Operating system software reports HARDWARE AND SOFTWARE PROJECTION REPORTS Along with life cycle management you will be required to prepare reports to project what hardware and software will be needed to meet the command s future missions It is important to keep this in mind as you submit the Abbreviated System Decision Paper ASDP as required by Life Cycle Management Policy and Approval Requirements for Information System Projects SECNAVINST 5231 1 The following is a brief overview of a portion of what is required in the ASDP 1 Outline the need for automation as it relates to specific elements of the command s mission Summarize the fictional requirements and information dependent tasks 2 Summarize the selected Federal Information Processing FIP resource solution functional requirements of the hardware and software intended to satisfy the information processing need Explain the acquisition strategy indicating whether acquisitions will be competitive or noncompetitive and from what source the hardware and software may be acquired 3 Summarize the projected costs personnel hardware software security mechanisms and facilities associated with developing an Operational system 4 Include any additional information that will facilitate understanding and evaluating the information system proposal Training security privacy maintenance mobility and site preparation should be addr
Download Pdf Manuals
Related Search