Sunday, February 7, 2021

Protect Classified Conversations and Instructions Keeping These in Mind

In the course of performing on classified defense contracts, exchange of classified information is inevitable. While, the movement of classified information outside of a secure environment is to be kept to a minimum, there are times it must be moved in fulfillment of requirements. 

When movement is necessary, the party responsible for movement should determine whether or not the classified information is necessary at the gaining organization, the organization is cleared to the appropriate level, and that there is a contractual need to know. Then they should provide the classified information in the appropriate format, using the approved methods. For example, a SECRET document can be hand carried, provided on a disc, emailed, or faxed.
Once the classified information is on-site, the receiving CDC takes over. There are many reasons for transporting classified material. These include conferences, classes, engineering, services or any other environment where it is needed. 

As the senior industrial security manager in CDCs, the FSO leads the security program designed to protect classified information and prevent unauthorized disclosure. While working in the secure environment, contractors protect classified information under their control and cleared employees protect classified information entrusted to them. 

Without this protection, national security could face varying degrees of damage depending on what information is disclosed and how it was used. This protection applies to documents as well as classified discussions. 

Classified verbal communications should only occur in controlled environments. For example, classified conversations are authorized in locations where access and need to know have been verified. They should never take place in hallways, around the water cooler, in public places or car pools where eavesdropping cannot be prevented or access and need to know cannot be verified. Just as the holder of classified documents verifies a receiver’s need to know and security clearances before handing them over, the same is true for releasing classified information in verbal form.

Prior to the start of a classified meeting either the government sponsor or the contractor representative should provide a security briefing notifying attendees of the classification of information to be discussed, whether or not taking notes is permitted and if so, how they will be controlled. For example, when classified notes are permitted, they will have to be properly marked, introduced into accountability and prepared for dissemination (hand carry with the attendee or mailed at a later date). The presentation is controlled to prevent the inadvertent and unauthorized release. Each attendee should also be reminded to remove any cell phones or other electronic devices.

Impromptu Discussions:
When working on classified material in approved locations, keep in mind that uncleared persons in the area may be within voice range. Some companies and security managers may allow cleared employees to take classified work back to their cubicles and desks. They are able to protect the information from prying eyes, but eavesdropping cannot be prevented outside of a closed area. 

Limit opportunities for unauthorized access to classified information by limiting opportunities for these discussions. Impromptu discussions could provide unauthorized access to repair persons, uncleared employees, and others. For example, while everyone in the immediate area may be cleared and with need to know, they could be on the phone with uncleared people.  

Another factor to consider is need to know. While everyone within earshot may have the appropriate security clearance, they may not have the need to know. 

Here are three ideas you can apply immediately:
1. Post signs where classified contracts are authorized and likewise where unauthorized.
2. Provide reminders of the dangers of impromptu conversations.
3. Provide
guidance and training
on how to introduce classified information into your organization.

Join our reader list for more articles.

 Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "How to Get U.S. Government Contracts and Classified Work", "ISP(R) and ISOC Master Exam Prep", and NISPOM/FSO Training".

No comments: