Friday, December 4, 2020

Why Facility Security Officers and Security Specialists Protect Classified Material.

Facility Security Officers (FSOs) the security managers for cleared defense contractors, implement and direct security programs to protect classified information. As an FSO or a supporting security professional in this role, have you ever wondered how the classified information you protect gets its designation? We can find the answer in Presidential Executive Order 13292.

You may have heard and read reports of how over-classification results in unnecessary costs. You might also understand from similar reports of how under-classification can lead to compromise of sensitive information. To better prevent unauthorized disclosure and ensure that classification is assigned to only that information needing protection, the President has issued special guidelines. In cases where items may be assigned an original classification, four conditions must be met:

     An original classification authority (OCA) is classifying the information; Specifically, only the President and in certain circumstances the Vice President, agency heads designated by the President in the Federal Register, and appointed U.S. Government Officials can serve as OCA's. Agency heads are responsible for ensuring that only the minimum amount of subordinate officials are delegated original classification authority. It is these Government checks and balances that ensure responsibility and accountability.

 The President, Vice President, agency heads, and officials designated by the President can delegate TOP SECRET original classification authority. SECRET and CONFIDENTIAL original classification authority also may be given to senior agency officials who are designated by agency heads in writing. The authority may not be automatically re-delegated.

 The original classification authorities attend training as identified in the executive order and other directives. The education is similar to annual security awareness training the FSOs are required to offer employees with security clearances. For example, they learn how to protect classified information, how to mark it, and how to handle dissemination in addition to learning how to determine the classification level.

    An original classification authority may determine a classification on anything that is owned, produced or controlled by the U.S. Government. For example, the Government contracts a company to make a product important to national security. As part of the contract, the government will require that the company construct and assemble items that must be safeguarded at the SECRET level of classification. They will work with the contractor and provide direction and means for production, protection measures in addition to the stipulations of the contract. The company is then contracted to make defense articles or provide services that the Government owns.

    The information to be classified should fall into one of the following categories: Military plans, weapons systems or operations; Foreign government information; Intelligence activities, sources or methods or cryptology; Foreign relations or activities of the United States including confidential sources; Scientific, technological, or economic matters relating to national security, including defense against transnational terrorism; U.S. programs for safeguarding nuclear materials or facilities; Vulnerabilities of systems, installations, infrastructures, projects, plans or protection services related to national security including terrorism; Weapons of mass destruction.

    The OCA also should determine that the unauthorized disclosure of the information reasonably could be expected to result in damage national security, which includes defense against transnational terrorism, and they are able to identify or describe the damage. This is the fourth and final requirement that must be met before an original classification authority can assign a classification level. Classification levels are designed to implement the proper level of protection. It is part of the risk management component of security. The consequence of loss of the information is part of the categorization process.

    The impact of disclosure is categorized from reasonably causing "damage" for CONFIDENTIAL information through "serious damage" for SECRET information to "seriously grave damage" for TOP SECRET information. The EO 13292 states that the impact of loss or compromise of the information must be at one of the three defined levels in order to be assigned a classification. The other part is that the classifier should be able to describe or identify the damage. This measure again informs the user that the information is to be safeguarded at a necessary level and also to prevent the original classification authority from assigning a classification level needlessly.

    Cleared Defense Contractors protect information classified by the OCA's. Understanding the reasoning behind the classification is not critical, but it may give a better comprehension of the National Industrial Security Program. Such information could lead to better security measures or heightened awareness of the sensitive nature of classified information.  

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

A Career in Industrial Security-Charting the Course.

I receive a lot of emails from people who wonder how to get into the security field.  Many are looking for a career change and are curious about what kind of education and experience is needed to work as a security specialist in the defense and contractor industry.   Others are just starting out in life and looking for a job with challenges and opportunities the security field offers.   There are plenty of great opportunities in with large and small contractor companies providing the venue.  Here is what I have discovered about our industry and some of you may have other experiences and advice you can pass to those who ask about a career in security. 

     Industrial security is an outstanding field for someone with all ranges of experience to enter into.  Some have been hired at an entry level job and have received promotions and additional responsibilities.  Others have transferred full time to security after enjoying serving in an additional duty capacity.  Career growth occurs as the contract and company expands or the employee takes on more responsibilities after hiring on with another company.  Security managers can also move to higher level security positions as chief security officer or corporate security officer as experience meets opportunity.

     Employees just entering the work force can benefit from entry level jobs.  These opportunities are great for building skills and filling a critical need while filing receipts, wrapping packages, checking access rosters, applying information system security, or bringing classified information into an accountability system.  Those skills combined with learning to implement programs designed to safeguard classified information provides a great foundations to build careers on.  Additionally, many employees attend university and other adult education opportunities while serving full time in the security field.  The experience, education, certification and security clearance gained while on the job prove very valuable.

    Taking a look at want ads and job announcement, one can see that education and certification is beginning to be more of a requirement.  Past listings for entry level and some FSO jobs required only the ability to get a security clearance and having a high school diploma or a GED.  However, more and more job announcements require formal education to include college and a preference for security certification.  The defense security industry still provides a good career field to gain entry level experience and move up quickly.  Being well entrenched in a good career provides the perfect environment and opportunity for simultaneous education and certification.  This will make the prepared ready for future positions and raises.

     For those starting their careers in smaller enterprises have a keen opportunity to perform in various security disciplines.  Some actually assume appointed FSO responsibilities as an extra duty and learn as they go.  Many of the defense contractor organizations are small and may only have one person in the security role.   The sole security manager may only work in one discipline such as personnel security.  Others have a larger scope, working with a guard force, information security, and compliance issues such as exports.              

     Large Defense Contractors and Government agencies also provide entry level security jobs.  The job title is often security specialist and job descriptions allow for many experiences.  Some descriptions use words to the affect as the following:  “The candidate must be eligible for a security clearance.  Job responsibilities include receiving, cataloging, storing, and mailing classified information.  Maintain access control to closed areas.  Provide security support for classified information processing and destruction.  Initiate security clearance requests and process requests for government and contract employees conducting classified visits.  Implement security measures as outlined in NISPOM.”  Administrative, military, guard, and other past job experience may provide transferrable skills to allow a person to apply for the job.  Once hired, the new employee learns the technical skills, they can quickly advance applying their other experiences and education. 

     Our industry is still a great place to learn and grow.  Career advancement and promotions are continually available for the prepared.  Opportunities continue to exist in companies large enough to provide increasing challenges and rewards.  Some may have to apply for jobs with other enterprises to reach their potential.  Others may be satisfied performing their valuable functions in an organization where their skills are valued and rewarded.  Be sure to recommend our ISP Certification-The Industrial Security Professional Exam Manual to anyone you know who may be getting ready for a job interview.  Our intensive NISPOM study will prepare anyone for the upcoming interview.  Regardless of your professional goals, what are you doing to remaining competitive?     

 Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".