Information security part of everything we do

  • Published
  • By Scott Piper
  • 99th Air Base Wing Information Protection chief
It's been one of those days. You are super busy and your unit just received another tasking. You are trying to do five jobs at once and don't even have time to think. 

You decide to help your unit deployment manager get the word out and forward an email you received about a deployment to co-workers who are on shift work. You noticed there was some information missing from the note you had received, including when the team was leaving and what the travel plans were, so you added that information so everyone would know. 

You may or may not vaguely remember a security briefing you had received that some deployment information is classified, but you hit the send button and move on to another 'hot' job.

Shortly afterwards you are advised to report to the commander's office. On your way, you wonder what the commander could want.

You are responsible for a declarable security incident and violated security regulations. By sending classified information through unclassified means, you are responsible for a classified spillage. You are going to get a lot of attention in the coming days and those other five jobs you were working will be quickly forgotten. 

The email you sent was actually classified information, as a result of a process called Classified by Compilation. By itself, some information is unclassified, but when put together with other information, it becomes classified. In the deployment world, combining information like when, where and how many into a single document is classified. The document clearly provides information our adversaries could put to good use.

Any information of possible adversarial value must be protected, by following good operations security practices, and should not be emailed without following appropriate procedures.   

Spillage occurs when classified information is sent through unclassified means, including on Non-Classified Internet Protocol Router [NIPR] network, telephones, faxes, etc. Spillage creates a significant risk to national security as there is no way to know who else may have received that information. In many instances, this is the "once it's out there, you can't get it back" scenario.

You are going to get to discuss your decision making, or lack thereof, with your leadership, including the first O-6 in your chain of command. Your NIPR account will be disabled immediately and you will have no computer access until the issue is resolved, requiring others to do your work. There will be an official investigation with your name on it sent to the major command headquarters. You may also face disciplinary actions.     

The compromise of our nation's classified or controlled unclassified information, whether from an insider threat or unauthorized public release, can have a devastating impact on our mission. The investigative process is not fun for the responsible individuals.   

When it comes to security, we need to 'slow our roll' and follow the proper procedures to the letter. It is very hard to follow this practice if it isn't part of our daily routine. Complacency is the number one enemy of security. We must develop a culture in every workplace where good security practices are part of the routine, all the time, for everyone and everywhere.