SECURITY BRIEFING

for uncleared personnel

IIF DATA SOLUTIONS, INC.

January 2014

PURPOSE

• Provide all IIF employees with a brief overview of IIF’s facility security clearance and the rules and responsibilities that come with being part of the National Industrial Security Program (NISP)

• IIF Facility Clearance• Overview of the classification system• Employee Reporting Responsibilities• Threat Awareness/Trends • In The News…Snowden article• Where to go for help

IT IS EXTREMELY IMPORTANT TO KNOW YOUR RESPONSIBILITIES FOR REPORTING!

IIF’s Facility Clearance

• IIF Data Solutions is a non-possessing facility that is cleared at the Top Secret level. We are a part of the National Industrial Security Program (NISP) and have an agreement on file with the government to follow the rules of the NISP.

• We can perform on contracts that have requirements for employees to be cleared at the Secret or Top Secret level but we do not hold or posses any classified information at our facility.

• “Need to know” means that access to information must be necessary for the conduct of one’s official duties. (In the case of classified information a person must also meet the security clearance requirements as well as have a “need to know” before being given access.)

THE BASICSOverview of Security Classification System

The cover sheets to the right are used to identify classified information.

Top Secret: Could be expected to cause exceptionally grave damage to national security

Secret: Could be expected to cause serious damage

Confidential: Could be expected to cause damage

CFR, Title 32 and DCID 6/1 require the use of cover sheets

Used to protect against unauthorized visual access

Warn the reader Remind the holder

MORE BASICSMARKING CLASSIFIED INFORMATION An example of the markings you might see on a classified document

Paragraph / Portion Markings SECRET Overall Classification Marking

(U) This memo is for training purposes only

(U) This paragraph contains unclassified information

(S) This paragraph contains secret information relating to U.S. National Security

(U) This paragraph contains unclassified information

Classify By line or Derive From line

Classified By: Amanda Ray, Under Secretary for Economic Affairs

Reason: 1.4 (e) through (h) Reason Line

Declassify on: 20151206 Declassification Date/Event

SECRET Overall Classification

Marking

MORE BASICSMedia Markings

CLASSIFIED MEDIA REQUIRES CLASSIFICATION MARKINGS and

MUST BE PROTECTED

REPORTING REQUIREMENTS

Any person who becomes aware of a security violation or a possible compromise of classified information shall immediately report it to their FSO or security office at your work location.

Anyone finding classified material out of proper control:• Take custody of the material• Immediately notify an appropriate security

authority • Protect the classified information until the

responsible customer or other such official regains proper custody

MORE REPORTING REQUIREMENTSYOU ARE REQUIRED TO REPORT: Unauthorized disclosures Loss of classified information Taking classified information home (or any unauthorized location) Deliberate failure to comply with security regulations Sharing and unauthorized use of someone else’s password Inadvertent or deliberate removal of classified material from a classified area Behaviors in yourself and others that may signal a need for assistance Downloading, storing or transmitting classified on or to unauthorized software,

hardware or systems Discussing classified information in a non secure area or over non secure lines Requests for classified material through improper channels Any security violation or possible compromise of classified information

If you have any questions or concerns, please check with security

regarding reporting requirements.

THE THREATSAmerica’s role as the dominant political, economic, and military

force in the world make it the Number 1 target for foreign espionage. It is not just intelligence sources that are targeting us. Other sources of the threat to classified and other protected information include:

• Foreign or multinational corporations• Foreign government-sponsored educational and scientific

institutions• Freelance agents (some of whom are unemployed former

intelligence officers)• Computer hackers• Terrorist organizations• Revolutionary groups• Extremist ethnic/religious organizations• Drug syndicates• Organized crime

IIF works with the Defense Security Service and their Counter Intelligence agents to research questionable emails, telephone calls or suspicious contacts so be sure to REPORT THEM TO SECURITY!

THREATS – TargetingBased on Industry Reporting to the Defense Security Service (DSS) from fiscal year 2012, collection efforts linked to East Asia and the Pacific represented the most significant and prolific threat against information and technology resident in cleared industry. Suspicious incidents reported by cleared industry and connected to East Asia and the Pacific increased by 88 percent over fiscal year 2011. Requests originating in or assessed as affiliated with East Asia and the Pacific accounted for half of all industry reporting DSS received in fiscal year 2012, an increase from 43 percent the year before.

The Near East entities continue to be among the most active at attempting to obtain illegal or unauthorized access to sensitive or classified information and technology resident in the U.S. cleared industrial base – second only to East Asia and the Pacific. Reported attempts increased by over 40 percent from fiscal year 2011.

Industry needs to remain vigilant in reporting attempts to gain information. The Defense Security Service relies on the support of U.S. cleared contract employee reporting and the U.S. intelligence and law enforcement communities. Report any suspicious contacts immediately to your FSO or the security office at your work location.

THE THREATSSOCIAL ENGINEERING

• PHISHING: A technique of fraudulently obtaining private information. Typically the phisher sends an e-mail that appears to come from a legitimate business – a bank, or credit card company – requesting “verification” of information. The email usually contains a link to a fraudulent web page and has a form requesting everything from a home address to an ATM card’s PIN.

• BAITING: An attacker leaves a malware infected floppy disk, DC ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply wait for the victim to use the device.

• IVR or PHONE PHISHING: Technique that uses a rogue Interactive Voice Response system to recreate a legitimate-sounding copy of a bank or other institutions.

• PRETEXTING: Act of creating and using and invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.

• QUID PRO QUO: Something for something - may offer gift for password or other information

• SPOOFING: Cracking ID’s of people having popular email ID’s such as Yahoo!, Gmail, Hotmail…or cracking websites of companies or organizations to destroy reputation.

IN THE NEWS…Snowden damage the worst, says ex-CIA No. 2

The former No. 2 man at the CIA says Edward Snowden's leak of classified intelligence documents caused more damage to U.S. security than any other in history. Former CIA Deputy Director Michael Morell, who also says the acrimony in Congress could be bad for national security, speaks to John Miller for a 60 Minutes report to be broadcast Sunday, Oct. 27 at 7 p.m. ET/PT.

Snowden is no whistle-blower as some have portrayed him, says Morell, but a traitor of the worst kind. "I think this is the most serious leak-- the most serious compromise of classified information in the history of the U.S. intelligence community," he tells Miller.

Of the hundreds of documents Snowden leaked, none was more damaging than the classified document the CIA calls the "Black Budget." It's like a playbook, says Morell, revealing where the U.S. spends its money on its intelligence efforts. It would give adversaries an advantage. "They could focus their counterintelligence efforts on those places where we're being successful. And not have to worry as much about those places where we're not being successful," says Morell.

Morell says the information Snowden has leaked will hamper U.S. efforts to track and learn about terrorists, taking away an advantage and blunting the war on terror. "What Edward Snowden did has put Americans at greater risk because terrorists learn from leaks and they will be more careful, and we will not get the intelligence we would have gotten otherwise."

The CIA gathers intelligence about countries and one of the aspects of a nation it studies is its economy. Morell tells Miller he believes the partisan rancor in Congress is bad for national security. "What really keeps me up at night is the inability of our government to make decisions that will push this country forward," says Morell. "...Any country's national security is more dependent on the strength of its economy and on the strength of its society than anything else.

"There's been a change from a willingness of the two parties to work together to get things done to today, the two parties at each other's throat and simply trying to score political points," Morell says.

© 2013 CBS Interactive Inc. All Rights Reserved.

THREAT AWARENESS AND DEFENSIVE SECURITY

“Limiting details is an easily applied countermeasure that can decrease vulnerabilities while still conveying the essential information.” ~Secretary Rumsfeld

YOU NEED TO:• Be alert• Be aware of your surroundings • Report suspicious activity• Protect your badge/CAC• Avoid predictable routines• Report suspicious contacts whether in person, by phone, or via email or

text• Be familiar with the security rules and requirements - and who to contact

when you have a question• Shred sensitive/personal information• Practice good operational security (OPSEC)

Be aware, be alert and be informed. Suspect contact whether in person, via

telephone, e-mail or social networking sites should be reported to your FSO.

WHERE TO GO FOR HELP

Your Corporate Facility Security Officer:

Tania Leppert, tania.leppert@iifdata.com

703-637-5192

Your Corporate Security Administrator:

Lynn Argueta, lynn.argueta@iifdata.com

571-281-1865

The security office at your work location

The Defense Security Service Hotline

1-800-424-9098, www.dodig.mil/hotline