Block 1 Day 5
Remanence Security
When assessing the risk of releasing information systems media from DoD control, the Information System Security Officer should develop procedures that follow the guidance in National Institute of Standards and Technology Special Publication 800-30, Revision 1, Guide for Risk Assessments.
The ISSO, assisted by the WCO, assesses the risks in consultation with the Wing Information Protection office before deciding whether to sanitize for reuse or disposal.
As the monetary cost of media decreases, the cost of sanitizing media may become impractical and destruction may become more cost effective.
Sanitization
Unclassified devices
Clear – A method of sanitization that applies logical techniques to sanitize data in all user- addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
Purge – A method of sanitization that applies physical or logical techniques that render target data recovery infeasible using state of the art laboratory techniques, ex degaussing.
Destroy – Renders target data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.
Classified Devices
Sanitization of classified devices follows the NSA/Central Security Service Policy Manual 9- 12, NSA/CSS Storage Device Sanitization Manual, and involves the destruction of the media and/or data.
Only products listed on the NSA Evaluated Products List (EPL) or received approval from NSA may be used to destroy classified information (to include media and devices.).
Degauss (HDD/Diskettes) – Process for reducing the magnetization of a storage device to zero by applying a reverse (coercive) magnetizing force, rendering any previously stored data unreadable and unintelligible, and ensuring that it cannot be recovered by any technology known to exist. Classified IT storage media cannot be declassified by overwriting.
Embossing/Knurling (CDs/DVDs) – One or two rotating knurled shafts press down on the surface, elongating the focal point and making all information unreadable and inaccessible.
Grinding (CDs) – Sanitize by destroying the surface of the optical storage media; DVDs and Blu- Ray disks have information layers in the middle of the disk, making grinding ineffective for sanitization.
Disintegration (HDD/Diskettes/CDs/DVDs/SSDs) – Reduces the storage media into small fragments of a specific size, depending upon the type, using a knife mill.
Incinerate (HDD/Diskettes/CD/DVD/Blu-ray Disks/SSD) – Destruction using high heat/temperatures to reduce the media into ash.
Shredding (Diskettes/CD/DVD) – Physical shredding of media into small strips using two interlocking patterned drums that rotate in opposing directions.
Power Removal (DRAM/SRAM/volatile FPGA) – Clearing of volatile memory by removing power source for a specific duration.
Strip shredding or Cutting (smart cards only) – Destruction of smart cards by cutting or shredding in small pieces.
Media Reuse
Sanitize media to ensure that no data or information remains on operable media that are to be reused within the DoD.
Clear unclassified media before reuse; purge media containing sensitive data (e.g., PII) prior to reuse.
Clear classified media before reuse and reuse only in a classified environment.
Disposal - is the process of reutilizing, transferring, donating, selling, destroying, or other final removal of media from service.
When no longer needed, unclassified computer systems and hard drives may be disposed of outside the DoD. In some circumstances, the equipment may be provided to non-government entities for reutilization.
The Defense Logistics Agency Disposition Services (DLADS) disposes of excess property received from the military services.Turned in property is first offered for reutilization within the DoD, then transfer to other federal agencies, or donation to state/local governments and other qualified organizations.
The demanufacture (DEMAN) program is the resource recovery and recycling program designed to reclaim precious metals and recycle scrap for equipment.
Track and dispose of unclassified IS storage media previously contaminated with classified data as classified media.
Destroy all classified IS storage media unless being used in an IS environment at the same or higher classification level.
Reuse of classified IS storage media in unclassified environments is prohibited.
Mixed Media Devices
Hardware such as routers, switches, MFDs, etc., may contain multiple types of media and the sanitization methods are based on the type of media and the classification of the operational environment.
TEMPEST Overview
Emission Security (EMSEC)/TEMPEST
TEMPEST- deny access to classified and, in some instances, unclassified information and contain compromising emanations within an inspectable space.
TEMPEST - is defined as the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment.
Compromising emanations- Unintentional electronic signals that, if intercepted and analyzed by an adversary, would disclose classified info.
Line Conduction- Unintentional signals or noise induced or conducted on signal, power, control or other lines…like Bound in Block.
Radiated Signal- Electromagnetic or acoustic signals propagated through space…like unbound in Block 1.
Inspectable Space- Three dimensional space surrounding equip that processes classified/sensitive info. Exploitation not considered practical, or where we could remove the threat. Basically what we’re talking about is how far we are from the base perimeter. The farther from the perimeter the better because an enemy would have a harder time collecting compromising emanations (CE from now on). Zone A=1 to 20 meters from the perimeter…worst. Zone B=20-100 meters from the perimeter…better. Zone C=over 100 meters from the perimeter…best because the farther away, the harder it is for an enemy to collect CE. Equipment Radiation Tempest Zone (ERTZ) Assignment
A - Emanations from Equipment = less than 1 meter (best)
B - Emanations from Equipment = 1 up to 20 meters
C - Emanations from Equipment = 20 up to 100 meters
D - Emanations from Equipment = More than 100 meters (worst)
Matching zone ratings ensures classified information is afforded the proper protection and identifies accurate Countermeasures is applied.
Red- Telecomm and info systems where classified plain-text (unencrypted) signals are being processed.
Black- Telecomm and info systems where unclassified or encrypted classified are processed.
Red/Black Concept- We must separate classified processors from those that processing unclassified.
EMSEC/TEMPEST Assessment -This whole process is driven by the user’s need to process classified info! Completes part 1 of the AF Form 4170
Desktop analysis to determine if countermeasure review is required or not. Separate assessments are conducted for Info systems, Comm systems and Crypto equip.
EMSEC/TEMPEST Countermeasure Review part 2 of the AF Form 4170
Id’s TEMPEST threats/vulnerabilities and determines required countermeasures (CM)…most cost effective way to apply CMs. CM=safeguard.
EMSEC Assessment types: Info Systems, Comm Systems, Cryptographic equip.
Roles and responsibilities
Certified TEMPEST Technical Authority- AF level TEMPEST wizards…if you have a TEMPEST question at the Wing level…this is who you’d call. Experienced, technically qualified government employee who meets established certification requirements to fulfill CTTA responsibilities. Validates countermeasures reviews.
Generate TIMS TEMPEST Info Messages…like TCNOs but for TEMPEST related issues.
Wing EMSEC Mangers- If you work at the WCO…this could be you! POC for all EMSEC matters at the Base level… Will conduct EMSEC Assessments/Countermeasure Reviews. Provide training and assistance to unit TEMPEST Monitors as need.
Unit EMSEC Rep- POC for all EMSEC Matters at the unit level…not normally 3D0X3s so they rely on you to educate and point them in the right direction on TEMPEST maters…Wing EMSEC Manger will train these folks.
Sensitivity of info, Perishability…long or short term value, Physical control, TEMPEST Profile of equip.
Comm Systems- Takes into account Equip separation requirements, Power requirements, Signal and Control lines separation requirements, Shielding alternatives, and Special items.
Crypto Equipment- Looks at Separation, Equip zoning and Classification.
TEMPEST Information Messages
TEMPEST Information Messages (TIM) are issued by the AF-CTTA to make time-critical changes to the Air Force TEMPEST process and publications, update requirements, and clarify guidance. Compliance with TIMs are mandatory
Remanence Security
When assessing the risk of releasing information systems media from DoD control, the Information System Security Officer should develop procedures that follow the guidance in National Institute of Standards and Technology Special Publication 800-30, Revision 1, Guide for Risk Assessments.
The ISSO, assisted by the WCO, assesses the risks in consultation with the Wing Information Protection office before deciding whether to sanitize for reuse or disposal.
As the monetary cost of media decreases, the cost of sanitizing media may become impractical and destruction may become more cost effective.
Sanitization
Unclassified devices
Clear – A method of sanitization that applies logical techniques to sanitize data in all user- addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
Purge – A method of sanitization that applies physical or logical techniques that render target data recovery infeasible using state of the art laboratory techniques, ex degaussing.
Destroy – Renders target data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.
Classified Devices
Sanitization of classified devices follows the NSA/Central Security Service Policy Manual 9- 12, NSA/CSS Storage Device Sanitization Manual, and involves the destruction of the media and/or data.
Only products listed on the NSA Evaluated Products List (EPL) or received approval from NSA may be used to destroy classified information (to include media and devices.).
Degauss (HDD/Diskettes) – Process for reducing the magnetization of a storage device to zero by applying a reverse (coercive) magnetizing force, rendering any previously stored data unreadable and unintelligible, and ensuring that it cannot be recovered by any technology known to exist. Classified IT storage media cannot be declassified by overwriting.
Embossing/Knurling (CDs/DVDs) – One or two rotating knurled shafts press down on the surface, elongating the focal point and making all information unreadable and inaccessible.
Grinding (CDs) – Sanitize by destroying the surface of the optical storage media; DVDs and Blu- Ray disks have information layers in the middle of the disk, making grinding ineffective for sanitization.
Disintegration (HDD/Diskettes/CDs/DVDs/SSDs) – Reduces the storage media into small fragments of a specific size, depending upon the type, using a knife mill.
Incinerate (HDD/Diskettes/CD/DVD/Blu-ray Disks/SSD) – Destruction using high heat/temperatures to reduce the media into ash.
Shredding (Diskettes/CD/DVD) – Physical shredding of media into small strips using two interlocking patterned drums that rotate in opposing directions.
Power Removal (DRAM/SRAM/volatile FPGA) – Clearing of volatile memory by removing power source for a specific duration.
Strip shredding or Cutting (smart cards only) – Destruction of smart cards by cutting or shredding in small pieces.
Media Reuse
Sanitize media to ensure that no data or information remains on operable media that are to be reused within the DoD.
Clear unclassified media before reuse; purge media containing sensitive data (e.g., PII) prior to reuse.
Clear classified media before reuse and reuse only in a classified environment.
Disposal - is the process of reutilizing, transferring, donating, selling, destroying, or other final removal of media from service.
When no longer needed, unclassified computer systems and hard drives may be disposed of outside the DoD. In some circumstances, the equipment may be provided to non-government entities for reutilization.
The Defense Logistics Agency Disposition Services (DLADS) disposes of excess property received from the military services.Turned in property is first offered for reutilization within the DoD, then transfer to other federal agencies, or donation to state/local governments and other qualified organizations.
The demanufacture (DEMAN) program is the resource recovery and recycling program designed to reclaim precious metals and recycle scrap for equipment.
Track and dispose of unclassified IS storage media previously contaminated with classified data as classified media.
Destroy all classified IS storage media unless being used in an IS environment at the same or higher classification level.
Reuse of classified IS storage media in unclassified environments is prohibited.
Mixed Media Devices
Hardware such as routers, switches, MFDs, etc., may contain multiple types of media and the sanitization methods are based on the type of media and the classification of the operational environment.
TEMPEST Overview
Emission Security (EMSEC)/TEMPEST
TEMPEST- deny access to classified and, in some instances, unclassified information and contain compromising emanations within an inspectable space.
TEMPEST - is defined as the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment.
Compromising emanations- Unintentional electronic signals that, if intercepted and analyzed by an adversary, would disclose classified info.
Line Conduction- Unintentional signals or noise induced or conducted on signal, power, control or other lines…like Bound in Block.
Radiated Signal- Electromagnetic or acoustic signals propagated through space…like unbound in Block 1.
Inspectable Space- Three dimensional space surrounding equip that processes classified/sensitive info. Exploitation not considered practical, or where we could remove the threat. Basically what we’re talking about is how far we are from the base perimeter. The farther from the perimeter the better because an enemy would have a harder time collecting compromising emanations (CE from now on). Zone A=1 to 20 meters from the perimeter…worst. Zone B=20-100 meters from the perimeter…better. Zone C=over 100 meters from the perimeter…best because the farther away, the harder it is for an enemy to collect CE. Equipment Radiation Tempest Zone (ERTZ) Assignment
A - Emanations from Equipment = less than 1 meter (best)
B - Emanations from Equipment = 1 up to 20 meters
C - Emanations from Equipment = 20 up to 100 meters
D - Emanations from Equipment = More than 100 meters (worst)
Matching zone ratings ensures classified information is afforded the proper protection and identifies accurate Countermeasures is applied.
Red- Telecomm and info systems where classified plain-text (unencrypted) signals are being processed.
Black- Telecomm and info systems where unclassified or encrypted classified are processed.
Red/Black Concept- We must separate classified processors from those that processing unclassified.
EMSEC/TEMPEST Assessment -This whole process is driven by the user’s need to process classified info! Completes part 1 of the AF Form 4170
Desktop analysis to determine if countermeasure review is required or not. Separate assessments are conducted for Info systems, Comm systems and Crypto equip.
EMSEC/TEMPEST Countermeasure Review part 2 of the AF Form 4170
Id’s TEMPEST threats/vulnerabilities and determines required countermeasures (CM)…most cost effective way to apply CMs. CM=safeguard.
EMSEC Assessment types: Info Systems, Comm Systems, Cryptographic equip.
Roles and responsibilities
Certified TEMPEST Technical Authority- AF level TEMPEST wizards…if you have a TEMPEST question at the Wing level…this is who you’d call. Experienced, technically qualified government employee who meets established certification requirements to fulfill CTTA responsibilities. Validates countermeasures reviews.
Generate TIMS TEMPEST Info Messages…like TCNOs but for TEMPEST related issues.
Wing EMSEC Mangers- If you work at the WCO…this could be you! POC for all EMSEC matters at the Base level… Will conduct EMSEC Assessments/Countermeasure Reviews. Provide training and assistance to unit TEMPEST Monitors as need.
Unit EMSEC Rep- POC for all EMSEC Matters at the unit level…not normally 3D0X3s so they rely on you to educate and point them in the right direction on TEMPEST maters…Wing EMSEC Manger will train these folks.
Sensitivity of info, Perishability…long or short term value, Physical control, TEMPEST Profile of equip.
Comm Systems- Takes into account Equip separation requirements, Power requirements, Signal and Control lines separation requirements, Shielding alternatives, and Special items.
Crypto Equipment- Looks at Separation, Equip zoning and Classification.
TEMPEST Information Messages
TEMPEST Information Messages (TIM) are issued by the AF-CTTA to make time-critical changes to the Air Force TEMPEST process and publications, update requirements, and clarify guidance. Compliance with TIMs are mandatory
