Embed Size (px)
Citation preview
Air Force Communications SecurityPresented by ACC CYSS
28 August 2018
Overview• COMSEC Program• National and Air Force Policy• COMSEC Audits Program• Audit Trends Under New Policy• Potential Risk Impact• Mini-Crypto (MC)• Questions
COMSEC Program• Joint program lead by NSA with DoD CIO oversight
• Regulated through Executive Orders and NSA directives on protection and encryption of classified information
• A cradle-to-grave program managed by CYSS that includes: • Policy lead• Compliance/reporting for Air Force accounts & Field Support• Development, fielding, management, accountability, sustainment of crypto
devices, and crypto key management
COMSEC Policy• National Security Systems Instruction (CNSSI) No. 4005,
Safeguarding COMSEC Facilities and Methods
• Air Force Manual 17-1302-O, 3 February 2017, Communications Security (COMSEC) Operations
• Methods and Procedures Technical Order (MPTO) 00-33B-5001, Air Force Accounting Procedures
Audit Trends Under New Policy• Mar 17 COMSEC policy changes increased the program standard, rise
in “Unsat” scores• 70% required to pass (Critical and Non-Critical)
• Previously Critical 50%, Non-Critical 70%• Find & fix option removed• Loss of Classified keying material = automatic failure
• Common findings:• Accountability errors• Unaccomplished inventories• Mishandling COMSEC incidents• Missing required training
• Way Ahead: Early Involvement• SAV• SAV• Contact COMSEC Audits Office• Contact Field Support Office
COMSEC Audit Program• CYSS executes AF enterprise’s COMSEC audit mission• Each account audited every 3 years • Jan 17 – Jul 18 Audits
• Total accounts audited: 138• Sat Ratings: 127 (92%)• Unsat Ratings: 11 (8%)
• Contributing causes for Unsat ratings:• Lack of Leadership involvement• Personnel management• Account manager’s execution of the program
• Poor sub-account training programs• Failure to conduct semi-annual inspection/inventory
• Lost COMSEC keys & equipment*with repeat failure
Risk Algorithm Use Impact
Mini Crypto (MC)• An AF ACAT III secret and below capability meant platforms with Size,
Weight and Power constrained, unmanned Small Form Factor (SFF) devices operating in the tactical environment
• Remote rekeys
• Impacts coalition and joint forces
• Low cost / Losable
• Non-repairable
DSN: 779-CYSS (2977)
Comm: 618-229-CYSS (2977)Option 6
Booth: ACC CYSS #266
Email: [email protected]
Questions
SEE CYSS AT THE AF PORTAL: SEARCH FOR “CYSS”SEE CYSS’ SHAREPOINT PORTAL: HTTPS://CS2.EIS.AF.MIL/SITES/11439/SITEPAGES/HOME.ASPX
UNOFFICIAL FACEBOOK PAGE: HTTPS://WWW.FACEBOOK.COM/CYBERSPACESUPPORTSQ/COMSEC FIELD SUPPORT EMAIL: [email protected]
COMSEC AUDITS EMAIL: [email protected]
