UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public

Transcription

1 Defence Security Manual DSM Part 2:65 Audiovisual Security of Classified Activities Version 4 ation date July 2015 Amendment list 17 Optimised for Screen; Print; Screen Reader Releasable to Compliance Requirements Defence personnel are, and external service providers subject to the terms and conditions of their contract may be, bound by security policy contained in the DSM and Information Security Manual (ISM). Failure to comply with the mandatory requirements of the DSM and ISM may result in action under the relevant contract provision or legislation including, but not limited to; the Defence Force Discipline Act 1982, the Service Act 1999, and the Crimes Act Mandatory requirements in the DSM and ISM are identified through the use of the terms must / must not and should / should not. Compliance with these requirements is mandatory unless the appropriate authority, if applicable, has considered the justification for non-compliance and accepted the associated risk through the granting of a dispensation. The terms recommend and may are used to denote a sensible security practice and noncompliance need not be approved or documented. Note: Non-compliance with a sensible security practice ought to be informed by sound risk management principles. The DSM compliance regime, including the authority to approve non-compliance with mandatory requirements, the use of dispensation indicators, and how to apply for a dispensation is detailed in DSM Part 2:1 Dispensations. Copyright Commonwealth of Australia 2010 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Department of Defence. Requests and inquiries concerning reproduction and rights should be addressed to Defence Publishing Services, Department of Defence.

2 Introduction 1. Classified information is discussed throughout Defence in a range of locations both in Australia and overseas. This information can be of great value to unauthorised persons who may make concerted efforts to acquire it. It is therefore important to be aware of potential threats and to take appropriate measures to ensure that the content of classified conversations, both in person and using audiovisual conferencing facilities, is protected. 2. The purpose of Defence Security Manual (DSM) Part 2:65 is to detail security policy relating to the protection of classified activities from deliberate or accidental audiovisual interception. Policy 3. Classified conversations, whether in person, using audiovisual conferencing facilities, or on the telephone, are to be secure from deliberate technical and accidental compromise. Conversation Security Process 4. Offsite. Classified conversations are to be protected from being overheard when conducted offsite, see DSM Part 2:31 Offsite Work for further information. 5. Open plan facilities. Open plan facilities present an increased security risk due to the ability to overhear conversations. Personnel in open plan facilities: a. are to ensure that all personnel within hearing range hold an appropriate security clearance before discussing classified material and adhere to the need-to-know principles; and b. must not [Auth: None] discuss TOP SECRET material unless the entire open plan facility is a designated Zone Five (see DSM Part 2:60 Physical Security for descriptions of Physical Security Zones). Amplified Speech 6. Where amplified classified speech is generated, the audio should remain within the physical boundaries of that certified audio-secure room. 7. The Defence Security and Vetting Service (DS&VS) must be consulted prior to: a. installing non-accredited equipment generating amplified speech in certified audio-secure rooms; and b. installing any equipment generating amplified classified speech in a room that is not normally maintained for audio security. If the advice proves that such equipment can be installed, local standard operating procedures (SOP) are to be implemented that will reduce the risk of compromising the amplified speech. 8. Amplified speech from secure hands free phones. Where speaker phone technology is enabled it must only be used in a certified audio-secure room. Note: Hands-free devices can allow both ends of a conversation to be heard, and potentially allow the near end to inadvertently discuss classified material which can be overheard by uncleared staff at the far end. DSM Part 2:65 Page 2 of 10

3 9. These systems must not be installed in any Zone Five unless they have been accredited by the area s Physical and ICT Accreditation Authority. Note: This is an ISM requirement and Zone Five areas may require a dispensation in order to permit the use of lower-classified systems within the zones. Secure Phones and Desktop Video Conferencing in a Non-Certified Audio-Secure Room 10. If any of these devices are to be used in a non-certified audio-secure room then any hands-free functionality must be disabled and a hard-wired handset or headset must be used. Unsecure, Non-Accredited Phones in Audio Secure Level (ASL) 4 and 5 Facilities 11. Hands-free phones. Hands-free phones are designed to pick up and transmit conversations in the vicinity of the device. They must not [Auth:None] be used in a Zone Five area as the audio security risk is too high. 12. Off-hook audio protection. Off-hook audio protection features must be used on all phones that are not accredited. 13. To ensure that the protection feature is used appropriately, personnel need to be made aware of the feature and trained in its proper use. Push-to-talk handsets should be used to meet the requirement for offhook audio protection. Note: Providing off-hook security minimises the chance of a classified conversation being accidentally coupled into handsets and speakerphones. Limiting the time an active microphone is open reduces this threat. Other VoIP and Desktop Video Conferencing Requirements 14. VoIP and desktop videoconferencing systems must [Auth:None] be accredited by the appropriate ICT accreditation authority (for further information regarding accreditation, see DSM Part 2:4 Facilities and ICT Systems Security Accreditation). VoIP phones accessible from public networks such as the internet require the use of an Australian Signals Directorate (ASD) approved gateway, further information on which may be found in the ISM. 15. To prevent the unauthorised use of secure VoIP phones and desktop videoconferencing they must be protected from unauthorised use by a user authentication mechanism. For standalone VoIP phones this may be met by the use of a PIN which is issued only to appropriately security cleared staff. For desktop VoIP and videoconferencing, user logon authentication by the operating system is sufficient. 16. VoIP and other desktop camera phones must be positioned in such a way as to avoid potential oversight of classified material in the background, for example on classified information on whiteboards. 17. VoIP and other desktop cameras must not be installed in any Zone Five unless they have been accredited by the area s Physical and ICT Accreditation Authority. Note: This is an ISM requirement and Zone Five areas may require a dispensation in order to permit the use of lower-classified systems within the Zone Five. Answering Machines 18. Answering machines often include a function permitting remote activation of an integrated microphone to audio monitor the answering machine location. Answering machines must not be connected to Defence networks, except by the user demonstrating to the Regional Voice Manager that: a. no other form of Defence-approved PABX voic exists; DSM Part 2:65 Page 3 of 10

4 b. an exceptional need exists; and c. the security risk has been mitigated. Telephones and Pagers 19. Telephones and pagers are to be used in accordance with the requirements of the ISM. Secure Desktop Phones 20. Secure desktop phones use attached High Grade Encryption devices approved by ASD and users must [Auth:None] comply with instructions provided for their usage, including connection and usage of approved peripheral devices such as secure faxes. Audio-Secure Facilities 21. Table 2:65-1 describes the appropriate audio-secure facilities for classified conversations. The requirements therein may be subject to the variation process on a case-by-case basis. Table 2:65-1 Appropriate Audio-Secure Rooms for Classified Conversations If a room will be used for Requirement: Irregular SECRET conversations (less than once a month) ASL2 (a) Irregular TOP SECRET conversations (less than once a ASL3 month), or SECRET conversations conducted regularly SECRET conversations ASL 3 TOP SECRET conversations TOP SECRET amplified Sensitive Compartmented ASL 5 Information (SCI) (b) ASL 4 or above a. It may be impractical to achieve ASL2 in an open plan facility. b. SCI areas are to comply with directions from the Defence Intelligence Security (DIS) 22. An individual room located within a Zone Five may not need the same level of audio-security ratings to conduct classified conversations. Rooms that are used for compartment information within Zone Five areas may still need the full audio-security protection. Managers should consider the risks involved and obtain advice from the DS&VS Technical Surveillance Countermeasures (TSCM) unit or the compartment controller. 23. If classified meetings or activities are required in a Defence facility that is not normally maintained for audio security, advice on security requirements must be obtained from the DS&VS TSCM. Meetings or activities classified SECRET and above must not be held in other non-accredited facilities without approval from the First Assistant Secretary Security and Vetting Service (FAS S&VS). Regarding material in the SCI, approval must be obtained from the DIS. 24. If an audio-secure room with a suitable Dw is not available, commanders and managers may, on receipt of advice from the DS&VS TSCM or approval from FAS S&VS, allow irregular meetings up to the SECRET level are to be held in an office room if the risks involved are adequately assessed and managed. Commanders and managers must also: DSM Part 2:65 Page 4 of 10

5 a. ensure that anyone in adjoining areas is cleared and authorised for access to the material to be discussed; b. put in place measures to ensure that nobody is allowed to loiter in adjoining corridors; c. document the frequency and nature of such arrangements, which may be subsequently used as evidence for creation and certification of an audio-secure room; and d. ensure signage is placed on all entry doors and on or near any equipment that is used to generate amplified speech. These signs will indicate that local SOP apply when using this equipment for classified conversions. Example: 'This room is fitted with a Unified Communications Conferencing Station; however this room is not rated as Audio-Secure. Before using this conferencing facility for sensitive/classified use, refer to your unit security SOP for audio control measures.' Authority to Vary the Audio Standards for Audio-Secure Rooms 25. The DS&VS TSCM may vary the Dw audio standards for rooms up to and including the SECRET level following a risk assessment. 26. Only the relevant compartment controller may vary requirements for compartmented material. Any audio-secure room that comes under international agreed audio-security requirements must not [Auth:None] be modified without the permission of the compartment controller. Security Requirements for Varying the Use of a ASL 2 Rated Room 27. ASL 2 rated rooms may be suitable for use at a higher ASL rating. This may only be done after seeking advice from the DS&VS TSCM. The room will also need a risk mitigation strategy. 28. ASL 2 facilities are not normally subject to TSCM testing unless special circumstances are identified through liaison between the user and the DS&VS TSCM. Electronic Equipment within Certified Audio-Secure Rooms 29. The following describes the electronic equipment requirements that can be used: a. DSD-approved secure telephones (including approved peripherals) may be installed; b. Accredited classified VoIP phones and desktop cameras may be installed; c. Information technology equipment and audiovisual equipment located within designated conference and briefing facilities must remain in the area. If equipment is removed for repair or replacement, seek advice from the Assistant Director TSCM for TSCM requirements before using the facility 30. The following describes the electronic requirements that cannot be used: a. The area must not [Auth:None] have installed any unaccredited audio or video transmitters, wireless microphones, intercom systems, facsimile equipment, public address systems or cordless telephones; and b. Other devices capable of transmitting or recording sound or video (including mobile phones) must not be brought into the room unless their purpose is to overtly record a meeting. The device(s) must be declared to the Security Officer, and the device(s) and media must be DSM Part 2:65 Page 5 of 10

6 classified, registered and labelled according to the maximum classification of the material recorded; refer DSM Part 2:52 Portable Electronic Devices and Media for further information. Exclusion: Accredited Defence laptops identified and classified as SECRET or higher may be brought into the room on a temporary basis if they are classified at or above the current activity within the room. 31. For more information on the physical requirements for the construction and acoustic testing of certified audio-secure rooms, see annex A. 32. External voice communications in certified audio-secure rooms. Installation advice for external voice communications such as two-way radios must be obtained from DS&VS. The purpose of this requirement is to mitigate against any vulnerabilities that may arise due to the use of external communications equipment in these facilities. Emergency service agencies when called to a secure-audio room can utilise the emergency voice communications system. This waiver is only for the duration of the visit/emergency. Operational Deployments, Military Field Trials and Field Exercises 33. Long-term operational deployments are to be treated, if possible, in the same manner as a fixed secure-facility in Australia. Commanders and managers should seek the advice from the DS&VS TSCM when setting up audio-secure facilities within these areas. 34. In the case of short-term operational deployments, military field trials and field exercises, commanders or managers can determine the need for audio-security, particularly where other measures have been taken to ensure security of the facility or area. Commanders or managers should take into consideration the occupational history of a fixed facility, and the possibility of audio-security compromise by non-australian Defence personnel. Note: This above requirements only apply to SECRET and below spaces. For TOP SECRET spaces refer to the DIS. ADF platforms 35. Normally TSCM assessments are not conducted on ADF platforms, however if the unit commander has a concern with or requires advice on audio-security, the DS&VS TSCM is to be contacted. Temporary Secure Video Conferencing Systems. 36. Temporary secure video conferencing systems are to be utilised for exercise or operational reasons and must not be used on fixed sites on a regular basis, unless the site has a certified audio-secure room. Hearing Augmentation in Conferencing Facilities 37. The National Construction Code requires facilities (conference rooms, video conference, theatres, etc) with certain criteria be fitted with a hearing augmentation system. The DS&VS TSCM has assessed the BCA, AS and AS for the requirements for hearing augmentation systems. There are four acceptable listening systems for hearing augmentation in the standards. Of these, the infrared light transmission system is acceptable in Defence Secure Audio rooms. 38. The listening system must be designed so as it can be physically isolated from the main AV system until it is required. The infrared must be contained within the audio-secure facility. DSM Part 2:65 Page 6 of 10

7 Obtaining a Technical Surveillance Countermeasures Test 39. TSCM tests are conducted to determine whether unauthorised devices have been placed in a facility to try to remove information. TSCM tests are not a guarantee of long-term audio integrity, which can only be assured by the appropriate use of physical security measures and access controls. 40. TSCM tests must be conducted periodically in audio-secure facilities, and before conferences and meetings in other facilities, if deemed necessary after consultation with the DS&VS TSCM. 41. The commander/manager responsible for the security of a certified audio secured rooms must arrange TSCM testing or assessment: a. at least two years, or as directed by the TSCM threat assessment; b. following any actual or suspected unauthorised entry into an audio-secure room; c. following any works, alterations, or furniture and appliance changes to an audio-secure room; or d. when the DS&VS TSCM considers TSCM testing is warranted. 42. The process for obtaining a TSCM test is detailed on the Defence Security Portal. Actions on Finding a Suspected Intelligence Collection Device 43. If a suspected intelligence collection device is found: a. cease all classified discussions; b. do not touch, move, or test the object; and c. immediately: (1) report it to the relevant commander/manager; and (2) secure the facility, if practical, so the suspect device cannot be removed. 44. The finding of a suspected intelligence collection device is a major security incident. When reported, the following actions must be completed: a. Immediately report the incident; (1) to the DS&VS SIC (see DSM Part 2:12 Security Incidents and Investigations); and (2) through the chain of command to the DS&VS TSCM. b. complete and send the AD429 Suspected Intelligence Collection Device form to DS&VS TSCM within 48 hours; and c. if possible, keep the facility isolated and secure. 45. The suspected compromise of audio-secure information is also a major security incident and must be reported immediately to: a. the DS&VS SIC; and b. through the chain of command to the DS&VS TSCM. DSM Part 2:65 Page 7 of 10

8 Roles and Responsibilities First Assistant Secretary Security and Vetting Service 46. FAS S&VS is responsible for: a. the provision of advice regarding audiovisual security compliance requirements and technical standards; Note: FAS S&VS has delegated the responsibility for the provision of advice regarding audiovisual security compliance requirements and technical standards to the DS&VS TSCM. b. being the first point of contact during the accreditation process to designate a facility as audiosecure; and c. ascertaining that the facility is physically suitable for use as an audio-secure room at the level required (see Annex A). Service Security Authorities 47. SSA may provide advice on physical security aspects of facilities, but are to redirect queries concerning audio appraisals to the DS&VS TSCM. Commanders and Managers 48. Commanders and managers are responsible for: a. the management of any audio-secure facility in their unit, business unit or DISP member entity, including access control measures to that facility; b. ensuring classified conversations only occur in appropriately rated facilities; c. seeking a TSCM assessment from DS&VS before conducting regular classified meetings; and d. ensuring that certified audio-secure room/s are administered accordingly as per regulations set out in DSM Part 2:60 Physical Security. Security Officer 49. Security officers are responsible to their commander, manager or DISP member executive for the necessary administrative action to enable compliance with this DSM part. Defence Personnel and External Service Providers 50. All Defence personnel and external service providers are responsible for the security of their classified and sensitive 1 conversations. They are responsible for ensuring that: a. people without a need to know are not able to overhear; b. conversations that warrant national security classification are allocated one and protected accordingly; and 1 Sensitive conversations are those that would normally be given a DLM or Sensitive protective marking, such as medical, legal, career and commercial. DSM Part 2:65 Page 8 of 10

9 c. private, unclassified conversations are not conducted in an area that could prejudice the privacy of individuals or entities concerned. Key Definitions 51. Technical surveillance countermeasures (TSCM). Measures taken to identify and mitigate potential vulnerabilities or a deliberate audio or visual attack. 52. Audio-security level (ASL). A designation that describes the level of audio-security of a facility. An ASL can be: a. ASL 1 an ordinary facility with no specific audio-security accreditation; or b. ASL 2 a secure facility with a weighted level difference (Dw) of at least 35, that has met additional defined security measures to be suitable for irregular SECRET conversations; or c. ASL 3 a secure facility with a Dw of at least 40, that has met additional defined security measures to be suitable for regular SECRET conversations and irregular TOP SECRET conversations; or d. ASL 4 a secure facility with a Dw of at least 45, that has met additional security measures to be suitable for regular TOP SECRET conversations; or e. ASL 5 a secure facility with a Dw of at least 50, that is used with amplified Sensitive Compartmented Information (SCI) audio. 53. Certified Audio Secure Room A room that is rated ASL3 or above and has been certified as audio secure. 54. Weighted level difference. A measure of audio privacy between two spaces. Further information is available in Australian/New Zealand Standard (AS/NZS) 717.1:2004 and Australian Security and Intelligence Organisation (ASIO) Technical Notes 1-06, which can be made available by DS&VS on request. 55. Voice over Internet Protocol (VoIP). A general term for a family of transmission technologies for delivery of voice communications over internet protocol or other packet-switched networks. 56. Amplified Speech. A general term for when audio is amplified into free space by means of a speaker. Amplified speech can be generated by, but not limited to, the following types of equipment: a. phones with a hand-free capability (analogue, digital, VoIP); b. audio visual equipment; c. television/monitors; and d. conferencing systems. 57. ADF platform a mobile or temporary fixed facility or capability that is used by the ADF on operations or exercises. Further Definitions 58. Further definitions for common DSM terms can be found in the Glossary. DSM Part 2:65 Page 9 of 10

10 Annexes and Attachments Annex A Constructing Audio-Secure Rooms (current version published July 2015) DSM Part 2:65 Page 10 of 10