FAR EAST DISTRICT (FED) KOREA PROGRAM RELOCATION OFFICE (KPRO) Implementation of Intelligence Community Directive (ICD) 705 "Technical Specifications Construction and Management of Sensitive Compartmental Information Facilities (SCIF) For Yongsan Relocation Program (YRP) SCIF Projects New Era New Challenges 1
Schedule - Cost MISSION 2 BUILD FED SPONSORED SENSITIVE COMPARTMENTAL FACILITIES (SCIF S) IN ACCORDANCE WITH INTELLIGENCE COMMUNITY DIRECTIVE (ICD) 705 "TECHNICAL SPECIFICATIONS CONSTRUCTION AND MANAGEMENT OF SCIF S AND OBTAIN COGNAZANT SECURITY AGENCY ACCREDITATION WHILE STAYING ON SCHEDULE AND WITHIN FUNDING APPROVAL ALLOWENCES SECURITY SCHEDULE - COST
FED/KPRO Implementation of Intelligence Community Directive ICD 705 WHY? U.S. EMBASSY MOSCOW FOUO Legislative Mandate: Foreign Relations Authorization Act (P.L. 100-204) Intelligence Community Directive (ICD) # 705/705-1/705-2/ICD Tech Specifications for Sensitive Compartmented Information Facilities (SCIF) Department of State (DoS) Criteria for Threat Ratings: Environmental Threat List (SETL) The SCIF shall be built to have Integrity, by implementing measures to ensure that the SCIF has been designed and constructed in a manner to prevent technical compromise Technical compromise may occur if collection devices are embedded in the building during construction, and/or potential vulnerabilities within the facility systems can be exploited after the facility is put into operation by an adversary Certify appropriate steps are taken to ensure the security of overseas construction projects Provide uniform SCIF standards for physical & Technical security, accreditation, & reciprocal use, & IC technical specifications and best practices Construction Plan (CSP) Is Based On Threat: I - Critical/High for Tech & Building II - High for Tech & Low for Building III Low & Medium Tech Threat Authority Purpose 3
SCIF's are where our Commanders and Senior Executive Leadership use their highest level of C4I, (Specifically to Command & Control). Therefore, we must build SCIF s with assurances that what is processed and said in a SCIF is not compromised; hence, ICD 705 implementation ICD 705 Proponent: Effective May 2010, the Director of National Intelligence (DNI) directed full implementation of ICD 705 standards for SCIF construction The Cognizant Authorities (CSA) from the Defense Intelligence & National Agency (DIA/NSA) oversee SCIF Accreditation for FED built SCIFs. Therefore, FED has the inherent role as their trusted agent to assure that YRP SCIF s are built IAW ICD 705 standards Develop and implement a Construction Plan (CSP) for each YRP SCIF in tandem with SCIF design and construction methodologies/schedules Proponent for the CSP is the FED Site Manager (SSM) (for non-related YRP projects the organization who requires a SCIF provides the SSM) Develop and implement ICD 705 security, contracting, engineering, and construction guidance which cross-cuts with design and construction contractor equities (FED discernment on how contractors implement ICD 705 requirements into their designs and construction products) Use a Joint FED proponent approach for implementing FED ICD 705 guidance FED proponents include the FED Chief of Contracting, Engineering, Construction, (Plans/Operations), SSM, and Legal Council 4
ICD 705 is New to the FED Operating Environment FED ICD 705 implementation is a new line of business; Therefore, requiring an investment in human, operational, and training capital to better understand and account for risk premiums tied to ICD 705 SCIF Contracting, Designs and Construction Promulgate FED ICD 705 SCIF implementation best practices amongst USFK, ROK, Garrison, PMC, KTO, Joint Working Groups (JWG S) and other implementing partners and stakeholders Maintain close relationships with intelligence agency Cognizant Authorities (CSA) and SCIF Accreditation Officials (AO). Likewise, respective SCIF users and their Special Officers (SSO) Maximize the use of FED resident industrial security staff to oversee implementation of the DD FM 254 (Classification Guidance) for the lifecycle of SCIF Projects. Also, assist FED engineers, and Architecture and Engineering (AE) and construction firms to apply the classification guide to designs and construction activities Engage security stakeholders to support YRP SCIF construction security strategy with a 5 year outlook Installation access & emergency response Joint Fast track labor vetting checks & vehicle screening Garrison FED Site Manager PMC Officer Contract Team, CAG, CTA, CAE, etc Construction Contractor Manager Intelligence & Investigation Support Customer Special Officer FED Office USFK & SUSLAK Special Officers CSA/AO 5
ICD 705 advocates for establishing best business practices that impact National during SCIF Contracting, Design, Construction, and Operations Contracting Conduct independent government cost estimates to scope and scale how ICD 705 requirements impact design and construction contractors in time, logistics, materials, labor, and operating environments (secure and overseas environment) Preclude construction companies from overstating ICD 705 requirements for material acquisition, security operational restraints, labor, and logistics Preclude construction companies from understating ICD 705 requirements and thereby, causing construction delays and higher construction costs later in the construction schedule (change orders) Make design and construction contract language plain and CSP centric and host high quality Pre-Proposal Conferences with Bidders Include DD FM 254 (Classification Guidance) in the design and construction request for procurement (RFP) as well as for final design and construction contract awards Avert design and construction contractors from adding high/costly risk premiums to perform work Adjust security monitoring needs based on construction bid outcomes Cognizant Authority (CSA) and Accreditation Official (AO )review of SCIF design and Construction RFP 6
Prime AE firms working on ICD 705 projects work with numerous stakeholder which requires them to have a strong understanding of the SCIF accreditation process and the impacts that ICD 705 has on cost estimating Engineering/Design The design contractor must be cleared by the Defense Service (DSS) to work on SCIF designs The CSA issues classification guidance for design management and CSP initiation (What parts of the designs are classified) The design contractor must include estimates for construction based on ICD 705 equities and visibility on anticipated SCIF construction methodology (e.g., How SCIF s located in new office buildings will phase into the construction schedule for the entire facility) The FED Site Manager (SSM) works closely with the SCIF contract designer and FED Program/Project Managers (PM) from the start of a SCIF design to the end SSM develops the CSP throughout the life cycle of the design with a focus on "How do we secure the SCIF facility during construction in accordance with (IAW) ICD 705 Mandates? The SSM will finalize the Construction Plan (CSP) at the 95% stage of the design for approval from the CSA/AO and eventual release to the construction contractor 7
ICD 705 ad s risk premiums to constructing SCIFS in secure and overseas environments Construction The construction contractor must be cleared by the Defense Service (DSS) to build YRP SCIF s The construction company must work within the guidance of the CSP (Requires close coordination with security monitoring staff and SSM to avoid construction delays and possible security compromises) Before construction on a SCIF begins, the construction company must have site security equipment in place. In addition, CST s and CAG s must be on station and ready for duty The CSP allocates CST and CAG s based on labor ratios IAW CSA/AO requirements (See Labor / Ratio Matrix Slide #11) FED Quality Assurance (QA) personnel and the Resident Engineers (RE) assigned to YRP SCIF projects must possess a secret clearance and receive training in SCIF construction and the CSP 8
Construction Relationship Methodology SECURITY CONSTRUCTION Accrediting Official KPRO ACO (Resident Engineer) CSA Site Manager Project Engineer CAG CST Cleared Escort Quality Assurance Construction Contractor Site Personnel 9
Construction Continued The construction security plan (CSP) will apply a risk-based rationale to obtain the highest level of security at the lowest cost. The CSP contains information on: Administration DD FM 254 guidance, labor vetting, base access requirements, training and security clearance requirements for security staff, etc Construction Site Physical (secure storage area (SSA), fence, lighting, alarm standards, walk thru metal detectors (WTMD), X-Ray machines, iris scan, badge exchange (personnel, equipment, and material screening), CCTV, lighting, labor (Who can work on the project, e.g. no third country national can work on the SCIF site), radio communication only, etc Site Access Procedures Access Control Point: Personnel, vehicles, cargo, materials, tools, no cell phones, PDA s, guest escort procedures, etc Construction Surveillance Roles and responsibilities for Cleared American Guards (CAG), Construction Technician (CST), Cleared American Escorts (CAE), material inspection, labor monitoring ratios, and 24/7 site monitoring via CCTV and Cleared American Guards Construction Material Acquisition Random selection, inspectable and non-inspectable materials, BOM review, trusted source requirements, etc Construction Material Transportation Requirements for secure shipping of materials from point of origin to construction site, escort requirements, 10 etc
The CSP allocates Construction Technicians (CST) and Cleared American Guards (CAG) with labor ratios for labor surveillance monitoring. Building System A. Description CST/Laborer Ratio Superstructure* Build-Out Superstructure* Build-Out Roofing* Build-Out Exterior Closure* Build-Out Interior Construction* Rough-Out Interior Finishes* Fit-Up Specialties* Fit-Up Plumbing* Rough-Out HVAC* Rough-Out/ Fit-Up Special Mechanical* Rough-Out / Fit-Up Electrical* Rough-Out / Fit-Up Special Electrical* Fit-Up Equipment* Rough-Out / Fit-Up Conveying Systems* Rough-Out / Fit-Up Fit-Up Other All work below floor construction and the enclosing horizontal and vertical elements required forming a basement, together with the necessary mass excavation and backfill. Standard foundations, slab on grade, basement excavation, basement walls. For all concrete pours, a US Government representative with the appropriate CI technical expertise shall be present. This system includes all structural slabs, and decks and supports within basements and above grade. Structural work includes both horizontal items (slabs, decks, etc) and vertical structure components (columns and interior structural walls). Floor, roof and stair construction. For all concrete pours, a US Government representative with the appropriate CI technical expertise shall be present. All waterproof roof coverings and insulation, together with skylights, hatches, ventilators and all required trip. In addition to roof coverings, the system includes all waterproof membrane and traffic toppings over below grade enclosed areas, balconies, etc. Exterior facing of the facility, which includes all vertical and horizontal exterior closure, features excluding roof. Exterior walls, exterior windows and doors. Construction, which takes place inside the exterior wall or exterior skin. Interior partitions, interior doors and windows, and specialties/casework. (NOTE: Interior structural walls are part of the superstructure.) Finishes which are applied to interior surfaces, including the interior skin of exterior walls. Wall finishes, flooring and wall finishes, ceiling and ceiling finishes. Specialty items that are permanently fixed in place. Cabinetry, shelving, counters, etc. All water supply and waste items within the building. Plumbing fixtures, domestic water supply and sanitary waste and vent system. 1-5 All equipment, distribution systems, controls and energy supply systems required by heating ventilating and air conditioning systems. Heat and Cooling generating systems. Controls and instrumentations, systems testing and balancing. All standard fire protection and suppression systems. Water supply (Fire Protection), sprinklers, standpipe systems, and fire extinguishers. 1-5 Electric power and lighting. Service and distribution, lighting, and branch wiring. ROK citizens provide power to the distribution box. 1-5 Communication, security, and alarm systems. Fixed and moveable equipment. Built-in Maintenance equipment, window treatment. Elevators, escalators, pneumatic tube systems, conveyors, chutes, and others. (If applicable) Furniture, workstations, IT, comms, and electrical terminations. Recommend breaking out Mission Servers, Comms Equipment, Computer Workstations, Phone Systems, Other IT-related systems separately from furniture. Parking Lots; Utility Trenches; Protective Distribution Systems; Support Structures Outside of SCIF, etc. 1-10 1-10 1-10 1-10 1-7 N/A N/A 1-5 1-5 1-8 1-5 NA 1-10 CST/ Laborer Type Laborer Classified Areas U.S. Labor TOP SECRET or Secret Labor w/cst over watch U.S. Labor TOP SECRET or Secret Labor w/cst over watch CST: (US Citizen, Cleared TOP SECRET) Controls, instrumentation, systems testing, and balancing by U.S. citizen TOP SECRET Controls, instrumentation, systems testing, and balancing by U.S. citizen TOP SECRET, Conduit only. All other work by U.S. citizen, TOP SECRET, Conduit only. All other work by U.S. citizen, TOP SECRET US Only TOP SECRET 11
Construction Plan (CSP): Build Secure SCIF s at Cost & on Schedule and obtain full Accreditation from YRP SCIF Accreditation Authority s: NSA & DIA Construction Plan (CSP) Design Process 0% Decision Made to Build SCIF 30% Initial Floor Plans Developed 60% Detailed SCIF Designs Developed 95% SCIF design Plans Finalized Back Check Completed Concept Approval Letter (CAL) Signed by User agency Commander and is sent to the USFK Special Office (SSO) USER Appoints a Special Representative (SSR) SSR completes initial SCIF Preconstruction Facility Check-list (FFC) and Tempest Addendum (TA) and sends it to the USFK SSO FED Site Manager (SSM) Appointed SSM completes DIA Construction Work Sheet (CSW) and sends it to the USFK SSO USFK SSO sends DIA DAC 2 the CAL, FFC, TA, and CSW DAC 2 issues SCIF ID and Construction Plan (CSP) guidance Msg. SSM follows DIA CSP guidance and completes 30% CSP USER Completes Pre- Construction FFC and TEMPEST Form A and sends the documents to the USFK SSO USFK reviews the FFC and TA-A and sends them to DIA DAC-2 DIA DAC-2 reviews the FFC and TA and issues FFC ACK Msg. SSM adjusts CSP ID s Cleared American Guards (CAG), Cleared American Escort (CAE) & Construction Technician (CST) Rqmts. ID s Temp Rqmts. ID s ICD 705 Cost Assumptions for Monitoring ID s strategies to include security in-depth (SID) options and mitigate vulnerabilities Sends CSP to DIA Accreditation Authority (AO) for interim approval SSM completes CSP based on design methodology and on-site environment conditions and submits final CSP to AO AO approves CSP AO Continues to Monitor 12
Construction Plan (CSP): Build Secure SCIF s at Cost & on Schedule and obtain full Accreditation from YRP SCIF Accreditation Authority s: NSA & DIA Construction Plan (CSP) Construction Process 0% Bid Accepted Plans Reviewed 30% Building Shell Complete 60% SCIF Finish Work Starts 95% AO Acceptance Walk Through SSM Sets up Temporary with Construction Contractor SSM trains FED QA/COR/Resident Engineer on ICD 705 implementation equities CSP updated IAW the Construction Methodology CAGs, CAEs, and CSTs in Place Continue to Monitor Continue to Monitor AO Walk Through inspection of SCIF with CSA representative AO Submits Walk Through Results USER Submits Final FFC, TEMPEST Form B to AO FED Submit NIST & UL and As Built Drawings to AO AO/CSA Accredits SCIF 13
Accreditation Process Summarized FED 14
WE DO NOT HAVE CONSTRUCTABILITY PROBLEMS - WE HAVE SECURITY IMPLEMENTATION CHALLENGES - WE KNOW HOW TO BUILD STRONG 15
Risk Statement SCIF Risk Mitigation Strategy Schedule Cost - ICD705 is a new line of business for FED and AEs. FED is the first in DoD to lead large scale overseas ICD 705 SCIF builds under the new ICD 705 standards The new ICD 705 requirements impact stakeholders and implementing partner relationships in terms of culture, funding oversight, and organizational business protocols BOD Schedule Pre-Mitigation Risk Levels Cost Impact/Likelihood Impact/Likelihood Impact/Likelihood Low/Low High/High Med/Low Original DD 1391s did not fully capture ICD 705 design and construction equities Mitigation Transparency and no surprises among decision and funding stakeholders Accreditation Official (AO) reviews RFPs Protection Design Center (PDC) reviews SCIF designs at 30%, 60%, 90% and 95% stage ICD 705 training for contract specialists, AEs, engineers, & construction quality assurance (QA s) Strong FED Command emphasis to monitor and build upon the FED ICD 705 implementation Strategy User participation throughout SCIF design and construction (Special Representative (SSR)) BOD Schedule Post-Mitigation Risk Levels Cost Impact/Likelihood Impact/Likelihood Impact/Likelihood Low/Low Low/Low Low/Low For success, we must determine our fate for all matters where we can influence meeting schedule, cost, and security requirements How? All YRP stakeholders ask themselves? What risks do I see impacting schedule, cost, and security and how will I mitigate them? 16
Risk Mitigation Strategy Risk Statement SCIF construction integration between cleared US contractors and non-cleared Host nation contractors working on joint projects for the same user Example: Shared Mechanical room in support of a SCIF and Non-SCIF Facility Mitigation Build Construction Plans (CSP) through design w/ao guidance to accept & mitigate risks Write construction Request For Bid (RFP) language to forecast and unify collaboration between cleared & uncleared contractors Pre-Bid proposal conferences must address all ICD 705 requirements and Classification Guidance as well as relationship challenges between cleared & uncleared contractors Post review of construction methodology for bids & adjust security for value management User operational plans for SCIF must start early in the design process BOD Schedule Cost Impact/Likelihood Impact/Likelihood Impact/Likelihood Med/Low High/Med High/High BOD Schedule Pre-Mitigation Risk Levels Detection of these kinds of construction / security integration risks will reveal themselves throughout the design. Post-Mitigation Risk Levels Cost Impact/Likelihood Impact/Likelihood Impact/Likelihood Low/Low Med/Med Med/Low Expect mitigation of construction / security integration issues by the 30% design stage 17
Stakeholders and SCIF Construction Contractor Relationship K T O 18