air force communications security · 2018-09-06 · comsec program •joint program lead by nsa...
TRANSCRIPT
![Page 1: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/1.jpg)
Air Force Communications SecurityPresented by ACC CYSS
28 August 2018
![Page 2: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/2.jpg)
Overview• COMSEC Program• National and Air Force Policy• COMSEC Audits Program• Audit Trends Under New Policy• Potential Risk Impact• Mini-Crypto (MC)• Questions
![Page 3: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/3.jpg)
COMSEC Program• Joint program lead by NSA with DoD CIO oversight
• Regulated through Executive Orders and NSA directives on protection and encryption of classified information
• A cradle-to-grave program managed by CYSS that includes: • Policy lead• Compliance/reporting for Air Force accounts & Field Support• Development, fielding, management, accountability, sustainment of crypto
devices, and crypto key management
![Page 4: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/4.jpg)
COMSEC Policy• National Security Systems Instruction (CNSSI) No. 4005,
Safeguarding COMSEC Facilities and Methods
• Air Force Manual 17-1302-O, 3 February 2017, Communications Security (COMSEC) Operations
• Methods and Procedures Technical Order (MPTO) 00-33B-5001, Air Force Accounting Procedures
![Page 5: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/5.jpg)
Audit Trends Under New Policy• Mar 17 COMSEC policy changes increased the program standard, rise
in “Unsat” scores• 70% required to pass (Critical and Non-Critical)
• Previously Critical 50%, Non-Critical 70%• Find & fix option removed• Loss of Classified keying material = automatic failure
• Common findings:• Accountability errors• Unaccomplished inventories• Mishandling COMSEC incidents• Missing required training
• Way Ahead: Early Involvement• SAV• SAV• Contact COMSEC Audits Office• Contact Field Support Office
![Page 6: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/6.jpg)
COMSEC Audit Program• CYSS executes AF enterprise’s COMSEC audit mission• Each account audited every 3 years • Jan 17 – Jul 18 Audits
• Total accounts audited: 138• Sat Ratings: 127 (92%)• Unsat Ratings: 11 (8%)
• Contributing causes for Unsat ratings:• Lack of Leadership involvement• Personnel management• Account manager’s execution of the program
• Poor sub-account training programs• Failure to conduct semi-annual inspection/inventory
• Lost COMSEC keys & equipment*with repeat failure
![Page 7: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/7.jpg)
Risk Algorithm Use Impact
![Page 8: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/8.jpg)
Mini Crypto (MC)• An AF ACAT III secret and below capability meant platforms with Size,
Weight and Power constrained, unmanned Small Form Factor (SFF) devices operating in the tactical environment
• Remote rekeys
• Impacts coalition and joint forces
• Low cost / Losable
• Non-repairable
![Page 9: Air Force Communications Security · 2018-09-06 · COMSEC Program •Joint program lead by NSA with DoD CIO oversight •Regulated through Executive Orders and NSA directives on](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea113d3f9621658c45c2887/html5/thumbnails/9.jpg)
DSN: 779-CYSS (2977)
Comm: 618-229-CYSS (2977)Option 6
Booth: ACC CYSS #266
Email: [email protected]
Questions
SEE CYSS AT THE AF PORTAL: SEARCH FOR “CYSS”SEE CYSS’ SHAREPOINT PORTAL: HTTPS://CS2.EIS.AF.MIL/SITES/11439/SITEPAGES/HOME.ASPX
UNOFFICIAL FACEBOOK PAGE: HTTPS://WWW.FACEBOOK.COM/CYBERSPACESUPPORTSQ/COMSEC FIELD SUPPORT EMAIL: [email protected]
COMSEC AUDITS EMAIL: [email protected]