In the shadow of all the disaster stuff going on, I wanted to quickly revisit this. There's been some more discussions on frequencies and what to do with them on the new Micom HF units - among other things with all the latest activity. The community continues to encounter strange "gray areas" and sometimes we have to work with stuff as best as we can.
I came across a document that does a good job of explaining the premise behind FOUO, and even goes into some other kinds of markings we will (or are) working with.
http://afsf.lackland.af.mil/Organization/AFXOF/Interim%20Guidance-Safeguard-Atch%202.pdf
I think that document goes into some good detail on the 'why' part we should have been briefing from the start - and has some info on other markings we'll be seeing more of. Yes, the jury will be out for a while on exactly where we are with respect to DoD or not, but take comfort that it's a big jury, and the process is fluid.
My recommendation to everyone is to take a sanity check. There is plenty of gray area to go around. Just stay sane and do what's right.
If you're still panicking, or know someone who is, a little humor helps when trying to say "Relax, we're not the only ones"....
Just try this exercise for a laugh...
(Warning to OPSEC Managers or people who freak out about security - do not do this if you are not physically or mentally prepared)
1. Open Google.
Type the following in the search window: +"for official use only" +site:af.mil
Enjoy the show.
Advanced users with more time available can +site:.mil
Here's a link:
http://www.google.com/search?hl=en&q=%2B%22for+official+use+only%22+%2Bsite:af.mil&start=0&sa=N
Have a good laugh. I did.
I love it... did you know nukes are FOUO?
Nuclear Weapons SALE RESTRICTED (For Official Use Only) Limited to Department of Defense Personnel
Brian
PAWG
Quote from: Rangercap on September 16, 2008, 06:44:37 PM
I love it... did you know nukes are FOUO?
Nuclear Weapons SALE RESTRICTED (For Official Use Only) Limited to Department of Defense Personnel
Brian
PAWG
Gee, since I work for the Army, and am therefore "DoD Personnel" does that mean I can finally get my own personal nuke. ;D
...only if it is for official use.
Brian
PAWG
Yeah, so you see the humor, huh? Good. I thought it was pretty funny.
LOTS of stuff in the free internet realm marked FOUO. The difficulty here is the very wide spectrum regarding handling of unclassified material. FOUO has really deviated from its original intent - an exemption from FOIA release to protect what used to be known as EEFI's, and to protect privacy act information such as names, SSN's and birthdates. We went through some brutal FOIA training a couple of years ago that went through each exemption with a microscope. I presume it was someone's attempt to reign in the out of control FOUO misunderstandings, and it did a great job of making everyone understand what the eal story is. Obviously, not many at NHQ took that training before firing out the policies. But I'm not up there, and am not in thier shoes, so I can't make the judgement call.
The AF still does pretty good overall, and the average member understands the categories after the training. If not, they get a good lesson during the UCI portion of an ORI.
However, we haven't come up to that level here in CAP - yet. You don't have to label, for example, everything with FOUO as UNCLASSIFIED//FOUO. If it's classified, it can't be FOUO, so there's no need to restate UNCLASSIFIED.
DoD 5200-22 does cover SBU categories, but those control spans are rightly relegated to the owner/producers. In our case, law enforcement will have you sign some advanced paperwork making the CAP FOUO game OBE. THAT signed paper could send you to jail. Your OPSEC training button will at most earn you a 2B.
The trend in CAP is looking pretty good. I think use of designators instead of frequencies in the 100-X comm regs were a good choice. The channel designators (zones/channel labels in the new code plugs) also take care of the concerns. I expect we'll continue to bring in sanity as boot time on the ground grows, but there's still some pain to endure...
Seeing the Google search results, it's quite obvious DoD will be struggling with it for a while, so there's no reason to think we'll fix it immediately earlier.
Change your search to +"for official use only" +site:cap.gov or anything else for that matter.
Brian
PAWG
Quote from: Rangercap on September 16, 2008, 10:05:06 PM
Change your search to +"for official use only" +site:cap.gov or anything else for that matter.
Brian
PAWG
That's just painful to read.... Lots of comm stuff out there. We've got some work to do....
It's funny you mention the work we have to do... the one thing to not do is search with google... the more you search and the more you link to a site, the higher google bumps it up on the search "ladder" and the easier it is to find... gotta love the internet...
The moral of the story, if you want to keep it secure, don't put it on the internet.
I have found stuff that I can get from a google search, that is "supposedly" behind a password... and 'right click' and 'save as...'
Brian
PAWG
Quote from: Rangercap on September 17, 2008, 12:38:23 AM
It's funny you mention the work we have to do... the one thing to not do is search with google... the more you search and the more you link to a site, the higher google bumps it up on the search "ladder" and the easier it is to find... gotta love the internet...
The moral of the story, if you want to keep it secure, don't put it on the internet.
I have found stuff that I can get from a google search, that is "supposedly" behind a password... and 'right click' and 'save as...'
Most of the hits are for training materials that talk about FOUO, and the like. But, there are a couple I cringed a little, like a state comm plan (THAT LINK IS STILL ACTIVE BTW).
The point isn't to make trouble, just to try and put everything into perspective. Save the effort for things within our immediate control, like plans under authorship, training, and the like. Hopefully it will all calm down in a couple of years. The trends are good so far...
I agree completely... many these things can be cleared up with one simple email. Where do you want to begin? ;D
I think we are completely cavalier about FOUO. No one can debate we do provide some really sensitive mission capability; CD, WADS, if I tell you I will Have to Kill you Stuff. To act like we don't is unprofessional and contrary to USAF policy and Regulations, Indeed we are both the Auxiliary of the USAF, and a "Contractor" for the USAF. So we are also a Government/DOD contract Corporation, just because 99% of us are volunteers, CAPHQ is awarded money for what we do on an anual federal contract from the USAF.
So with that said we need to get it together on the subject' Officially", Op-sect is kind of a joke, we need more guidelines for securing documents, etc. that meets USAF and Government guidelines.
What do you think will happen (in the News), if a Laptop gets stolen thats has all the home addresses of CAP members who do CD mission, or fly WADS over the US capital, or has the CD and WADS mission sensitive information.
Huge black eye for CAP, and as a contractor we could be banned from involvement in classified operations, it has been done to contractors in the past.
Quote from: wingnut55 on September 17, 2008, 08:28:07 PM
I think we are completely cavalier about FOUO. No one can debate we do provide some really sensitive mission capability; CD, WADS, if I tell you I will Have to Kill you Stuff. To act like we don't is unprofessional and contrary to USAF policy and Regulations, Indeed we are both the Auxiliary of the USAF, and a "Contractor" for the USAF. So we are also a Government/DOD contract Corporation, just because 99% of us are volunteers, CAPHQ is awarded money for what we do on an anual federal contract from the USAF.
So with that said we need to get it together on the subject' Officially", Op-sect is kind of a joke, we need more guidelines for securing documents, etc. that meets USAF and Government guidelines.
What do you think will happen (in the News), if a Laptop gets stolen thats has all the home addresses of CAP members who do CD mission, or fly WADS over the US capital, or has the CD and WADS mission sensitive information.
Huge black eye for CAP, and as a contractor we could be banned from involvement in classified operations, it has been done to contractors in the past.
In the military side, I respond with formal policies based on unit OPSEC assessments per AFI10-701. CI's are identified, evaluated, and a decision is made whether standing policies are changed as a result.
Frequencies are pretty much the only formally sanctioned CI item we've released a policy on. The rest has been left up to the mobs to define. As expected, different mobs will have different amplification levels, but ultimately the crowd mentality wins.
In the case of missions with actual classified information, an extremely small number of members will be involved, and those members will be given the full formal indoctrination process - leagues above what the average member gets. In addition, they will probably incur additional debriefings when the task is complete becaue they are not DoD employees or under a formally recognized contract (i.e. contracting officer & signed DCMA managed contract).
For FOUO, if you expect members to abide by an established rule, you have to be very specific, and they have to be formally trained. I mean formally trained with references to active, signed, policies. The Lee Ermy video and 10 minute powerpoint doesn't count.
Formal policies include directed dispositions of specific CI's and thier procedures.
When someone loses a laptop that contains FOUO information, the first question out of the chute will be "What training does this member have?" Were they formally instructed (with records) to the disposition requirements of XXXX and YYYY? Do you have a formally signed policy letter on XXXX and YYYY?
In the words of a very wise IG inspector I knew, if you can't answer that in 30 seconds or less, you better fix it.
If there are members with unencrypted Privacy Act information on thier laptops we're asking for it. If they have LES CD information in violation of a LE generated and managed NDA, we're really asking for it.
If they have frequency information on a laptop and takes reasonable measures to protect it - it's OK. I can download it now off of NTC's portal, and it's already splattered across most radio monitoring sites. As Comm, we need that information to do our jobs - but it's also been formally sanctioned as policy, so members know to mark frequency info accordingly.
Unfortunately, we haven't done a very good job of breaking down what is and isn't FOUO with respect to mission information. That's mainly due to the inherent complexity. Frequencies are simple - they are what they are. Detailed mission information is diverse, and it will cause problems if you start line itemizing things FOUO or not FOUO. That's where I ask everyone to chill for a moment. Take a deep breath... Do what is right, but don't add to the needless amplification. Make a distinction between Aeronautical AM frequencies and spooky VHF ones. Safety and mission accomplishment takes priority. Be smart. Be professional. Everything will be OK.