The document provides a refresher training for cleared employees at The George Washington University Medical Faculty Associates (GW MFA) on security practices and procedures. GW MFA has a facility security clearance allowing access to secret classified information due to its work with the Department of Defense. The training covers topics such as facility security contacts, operations security, information security classifications, counterintelligence threats, and reporting requirements for cleared employees. Cleared employees must receive annual refresher training to review security policies and procedures.
2. CLEARED
REFRESHER
SECURITY
TRAINING
Briefing Contents
Updated: June 2016
The Innovative Practice Section in the Department of Emergency Medicine works as a sub-contractor with the
Department of Defense (DoD) to provide medical staffing support services on government contracts where
securityclearancesmayberequired.
The objective of this refresher training is to provide all cleared personnel with a reviewof the basic knowledge of
The George Washington University Medical Faculty Associates’ security practices and procedures as a secured
facilityandtoidentifytheir securityresponsibilitiesandobligationsasemployees.
> Overview
> Introduction
> Cleared Facility Points Of Contact(POCs)
> OPSEC
> InformationSecurity
> Counterintelligence Threats and Awareness
> Cleared Employee Reporting Requirements
> Acknowledgement
3. CLEARED
REFRESHER
SECURITY
TRAINING
Overview
The George Washington University
Medical Faculty Associates (GWMFA) is a
non-possessing cleared facility (referred
to as Facility Security Clearance, or FCL)
withasecret-level clearance.
GW MFA has entered into a security agreement with the
Department of Defense in order to have access to
information that has been classified because of its
importance to the national defense. This agreement details
the security responsibilities of both the cleared organization
and the United States Government. The GW MFA and many
of its activities and programs are vital parts of the defense
and security systems of the United States of America.
The National Industrial Security Program Operating Manual
(NISPOM) prescribes the requirements, restrictions, and other
safeguards to prevent unauthorized disclosure of classified
information. A copy of the NISPOM is available to all GW
MFA employees by contacting the Facility Security Officer
(FSO).
Per the requirements outlined in the NISPOM, all cleared
employees must received refresher training at least annually
to review the information provided in the Initial Security
Briefing for Cleared GW MFA Employees and notify
personnel of changes in security regulations.
KEYTERMS
Classified National Security Information (“Classified
Information”): official information or material that
requires protection in the interests of National
Security and that is classified for such purpose by
appropriate classifying authority in accordance with
the provisions of Executive Order 13526
Facility Security Clearance (FCL): an administrative
determination that, from a security viewpoint, a
company is eligible for access to classified
information of a certain category (and all lower
categories)
Non-possessing facility: facility with no approved
storage for classified material
Facility Security Officer (FSO): a U.S. citizen
contractor employee, who is cleared as part of the
facility clearance, responsible for supervising and
directing security measures necessary for
implementing applicable NISPOM and related
Federal requirements for the protection of classified
information
SECRET Classification Level: as applied to
information, the unauthorized disclosure of which
reasonably could be expected to cause serious
damage to the national security that the original
classification authority is able to identify or describe
Updated: June 2016
4. CLEARED
REFRESHER
SECURITY
TRAINING
Introduction
In order to have a successful security program, we need active participation not
only from the FSO and management, butalso YOUas a cleared employee.
By being a cleared contractor/sub-contractor to the U.S. Government, we all have an
obligation to the security and reputation of our organization and country. The most important
thing we can do each day is to be AWARE.
Each one of us can make a difference by familiarizing ourselves with GW MFA’s facility security
clearance policies and procedures, being cognizant of our reporting requirements, and
understanding the threat and dangers of intelligence collection and the steps we can take to
countermeasure the risks.
Updated: June 2016
5. CLEARED
REFRESHER
SECURITY
TRAINING
Kyle Majchrzak
Operations Manager/ Facility Security Officer(FSO)
International Special Projects & Medical Education Training Programs
Department of Emergency Medicine
2120 L Street, NW
Suite 530, Office 5-119
Washington, DC 20037
Telephone: (202) 741-2944
Email: kmajchrzak@mfa.gwu.edu
Jason McKay
Training CenterManager/ Assistant Facility Security
Officer(FSO)
International Special Projects & Medical Education Training Programs
Department of Emergency Medicine
2120 L Street, NW
Suite 530, Office 5-107
Washington, DC 20037
Telephone: (202) 741-3421
Email: jmckay@mfa.gwu.edu
Updated: June 2016
Cleared Facility Points of Contact (POCs)
Yo u must report any known orsuspected
security violation, suspicious contacts, or
vulnerability of which you become
aware to the FSO, inde pe nde nt o f who
is re spo nsible o rat fault fo rthe situatio n,
so se c urity issue sc an be addre sse d
imme diate ly.
6. CLEARED
REFRESHER
SECURITY
TRAINING
Operations Security (OPSEC)
Violatorsof OPSEC:
#1 USMilitary
#2 U.S. CONTRACTORS!!!
…Don’t bea statistic
OPSEC:
> Is a process that identifies critical information and protects it from our adversaries
> Is an important part of every organization and we all have the responsibility to manage criticalinformation
> Helps to control information that could be used against us (the organization). Increased safety and security in
any setting and for any purpose is the benefit
Updated: June 2016
The most important security tool in operations security is YOU!
7. CLEARED
REFRESHER
SECURITY
TRAINING
OPSEC &the 5-Step Cycle
OPSEC 5-Step Cycle
1. Identify Critical Information – What needs to be protected and how do we protect it?
2. Analyze the Threat – Who is a potential adversary? (i.e. criminals, hackers, competitors,
foreign intelligence services, insider threats)
3. Analyze Vulnerabilities – (i.e. public conversations, poor document control, with which
information is not handled, stored or destroyed properly)
4. Assess Risk – What could happen? RISK= THREATx VULNERABILITY x IMPACT
5. Apply Countermeasures
IdentifyCritical
Information
Analyze the Threat
Analyze
Vulnerabilities
AssessRisk
Apply
Countermeasures
Updated: June 2016
8. CLEARED
REFRESHER
SECURITY
TRAINING
Information Security
Classified information (official information or material that requires protection in the interests
of National Security and that is classified for such purpose by appropriate classifying
authority) can be in the form of:
Updated: June 2016
The three levels applied to classified information are:
X TOP SECRET – the unauthorized disclosure of Top Secret information reasonably could be expected to cause
exceptionally grave damage to the national security that the original classification authority is able to identify or
describe
SECRET – the unauthorized disclosure of Secret information reasonably could be expected to cause serious
damage to the national security that the original classification authority is able to identify or describe
CONFIDENTIAL– the unauthorized disclosure of Confidential information reasonably could be expected to cause
damage to the national security that the original classification authority is able to identify or describe
A cleared contractor with a “need-to-know” (determination made by an authorized holder of classified information
that a prospective recipient has a requirement for access to, knowledge, or possession of the classified information to
perform tasks or services essential to the fulfillment of a classified contract or program), possessing the necessary
clearance level, and having been briefed accordingly may view classified material at or below their clearance level
Remember, GW MFA is cleared to the levels of Secret and Confidential
> Documents > Faxes > Personnel files > Equipment and machinery
> Working papers > Photographs > Maps & sketches > Meeting notes
> Emails > Medical records > Storage media > Employee travel plans/records
9. CLEARED
REFRESHER
SECURITY
TRAINING
Information Security
Need-to-Know
Things to rememberabout Need-to-Know:
> No one is entitled to classified information solely by virtue of office, position, rank or clearance
> You, as an authorized holder of classified information, have three choices in deciding whether or not to share
classified material entrusted to you:
i. Allowaccess when all items in the above formula are present
ii. Deny access when any item in the above formula is missing
iii. Delay access when any of the items in the above formula are unknown
Questions about Need-to-Know? Contact the Facility Security Officer
CLEARANCE
SF312
(ClassifiedInformation
Non-DisclosureAgreement)
NEED-TO-KNOW+ + =
Updated: June 2016
ACCESS
10. CLEARED
REFRESHER
SECURITY
TRAINING
The mission of counterintelligence (CI) as defined by DSS is to “identify unlawful
penetrators of cleared U.S. defense industry and articulate the threat for industry and
U.S. governmentleaders.”
Timely and accurate reporting from cleared industry is the primary tool to identify and mitigate collection efforts
targeting technologies and information resident in cleared industry.
On the following slides we will review:
> Overview of Counterintelligence Threats
> Insider Threats
> Reporting the Threat
> Cyber Security
> Elicitation: Can You Recognize It?
> Foreign Travel Vulnerability
Updated: June 2016
Counterintelligence Threats and Awareness
11. CLEARED
REFRESHER
SECURITY
TRAINING
The technology base ofthe U.S. is underconstant attack. DSS has identified foreign entities (most
aggressively East Asia and the Pacific, as well as Africa) seeking intelligence value in our:
> Information systems technology
> Aeronautics
> Lasers, optics and sensor technology
> In the commercial space, government-tendered requirements as well as information to compete against
competitors
Foreign Entities seek classified information formany reasons. Below are some examples:
> To obtain an advantage against regional adversaries
> Replicate U.S. capabilities
> Develop countermeasures to U.S. systems
> Profit commercially
As collection methods evolve, DSShas recognized the following trends:
> Collectors view request for information (RFI) (i.e. seemingly innocent requests made by collectors regarding
shipping logistics and export regulations)
> Cyber collection (i.e. foreign entities gaining access to unclassified cleared contractor networks, potentially
compromising sensitive, but unclassified, information present on those networks)
> Academic solicitation (foreign entities use students, professors, scientists and researchers as collectors ; i.e.
foreign students applying to cleared contractors associated with U.S. universities)
Updated: June 2016
Counterintelligence Threats and Awareness
Overview of Threats
12. CLEARED
REFRESHER
SECURITY
TRAINING
The numberone threat to national security comes from the “InsiderThreat”. An insider
can have a negative impact on national security and industry security in:
> Loss or compromise of classified, export-controlled, or proprietary information
> Loss of technological superiority
> Economic loss and/or loss of life
Updated: June 2016
Some indicators of an insiderthreat are:
> Engaging in classified conversations without a ne e d-to -kno w
> Working hours inconsistent with job assignment or insistence on working in private
> Repeated security violations
Ifnoticed, it is best to report these examples of suspicious activity to yourFSO.
Again, be aware of yoursurroundings and those around you.
Counterintelligence Threats and Awareness
InsiderThreats
13. CLEARED
REFRESHER
SECURITY
TRAINING
Itis yourOBLIGATIONTO REPORTactual, probable orpossible espionage, sabotage,
terrorism orsubversion promptly to the FSO.
DSS has warned that the majority of suspicious contacts originate from
commercial entities. Examples include:
> Feb 2012: Pangang Group (steel manufacturer in Sichuan province of
China) indicted in Northern California for conspiracy to commit economic
espionage including conspiracy to steal valuable trade secrets from
DuPont.
> Feb 2012: Hanjuan Jin was found guilty in Illinois for theft of trade secrets;
she illegally possessed thousands of Motorola trade secrets on her
computer and in other forms of digital storage; her intent was to pass the
information to the Chinese military.
Hanjuan Jin- November 7, 2011 (AP)
Attempted intrusions are the mostcommon suspicious activity in:
> Socially engineered emails with malicious attachments to exploit commercial software
> Spoofing emails that imitate valid domains
> Attempted intrusion from removable media
Counterintelligence Threats and Awareness
Reporting the Threat
Updated: June 2016
14. CLEARED
REFRESHER
SECURITY
TRAINING
Cybercriminals, hackers, insiderthreats, terrorists and foreign intelligence entities are
targeting ourtechnology by using the following methods:
> Phishing emails with malicious links or attachments
> Unpatched or outdated security software
> Removable media
> Weak or default passwords
> Website vulnerabilities
> Seeking information on social networks
Steps that can be taken to mitigate the risk include:
> Changing your passwords regularly
> Using complex alphanumeric passwords with combinations of numbers, symbols, letters, and multiple
characters
> Do not open emails/attachments from unfamiliar sources
> Do not install or connect personal software or hardware to your organization’s network without permission
from the IT department
> Do not share work information on social networks
Updated: June 2016
Counterintelligence Threats and Awareness
CyberSecurity
15. CLEARED
REFRESHER
SECURITY
TRAINING
Elicitation is used by intelligence officers in orderto subtly extract information about
you, yourwork and/ oryourcolleagues. Mostoften, illegal orunauthorized access to
classified orsensitive information is sought.
Updated: June 2016
Whatare some recruitmenttools thatintelligence officers use to lure a targetthatyou should be aware of?
> Money is offered by an intelligence officer (IO) to a target in exchange for information
> Appealing to ideology (IO expresses same worldview or political leanings with a target in order to gain trust)
> Ego (target becomes the subject of immense flattery and praise)
> Revenge (IO learns target is disgruntled and encourages retribution by passing on classified information)
> Blackmail (IO learns of damaging information and forces target to cooperate by threatening to expose
personal secrets)
> Industrial spies attend trade shows and conferences, which allows them to ask questions that might
otherwise seem suspicious in a different environment
Counterintelligence Threats and Awareness
Elicitation: Can You Recognize It?
16. CLEARED
REFRESHER
SECURITY
TRAINING
Whatcan be done to counterrecruitment attempts?
> Safeguard your words and actions to avoid becoming an easy target.
> Examine your own vulnerabilities and adjust your lifestyle to close gaps that hostile entities could exploit.
Updated: June 2016
Report any suspicious conversations to yourFSO.
This information willbe passed on to DSS, who willthen review and determine ifa
potentialcounterintelligence threat concern exists.
Counterintelligence Threats and Awareness
Elicitationand Recruitment
17. CLEARED
REFRESHER
SECURITY
TRAINING
As cleared contractors travel for business and/ or personal use, the knowledge they
have is sought-afterby foreign entities.
Collection techniques include the following:
> Bugged hotel rooms or airline cabins for audio and/or visual surveillance
> Intercepting faxes or email transmissions
> Recording of telephone calls/conversations
> Theft of electronic devices
> Unauthorized access to electronic devices
> Installation of malicious software
> Unnecessary and often unknown search of briefcases/luggage
Updated: June 2016
Counterintelligence Threats and Awareness
Foreign TravelVulnerability: CollectionTechniques
18. CLEARED
REFRESHER
SECURITY
TRAINING
To combat potential vulnerabilities, please apply the following countermeasures when
traveling abroad:
> Do not publicize travel plans and limit sharing of this information to people who need to know
> Inform the FSO prior to departure and receive an official foreign travel briefing
> Maintain control of media and equipment; do not leave them unattended in hotel rooms
> Keep hotel room doors locked and make a mental note of how the room looks when you leave/return
> Do not use computer or fax equipment at foreign hotels or business centers for sensitive matters
> Ignore or deflect intrusive or suspect inquiries or conversations about professional or personal matters
> Refrain from bringing portable electronic devices, especially if company-issued
> If using portable electronic devices, set passwords to restrict access and clear the device in the event of
theft
> Encrypt data, hard drives and storage devices whenever possible
> Use complex passwords
> Please refer to the State Department website for travel warnings prior to departure
Updated: June 2016
Counterintelligence Threats and Awareness
Foreign TravelVulnerability: Countermeasures
19. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
Updated: June 2016
In accordance with requirements outlined in the NISPOM, all cleared employees are required to report
the following issues to the FSO for investigation, resolution and reporting to the appropriate
government agency :
> Adverse Information
> Change in Personal Status
> Security Violations/Vulnerabilities
> Espionage, Sabotage, Subversive Activities
> Suspicious Contacts
20. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
Updated: June 2016
Adverse Information
Adverse information is any information that unfavorably reflects on the integrity or character of a cleared
employee, that suggests his or her ability to safeguard classified information may be impaired, or that his or her
access to classified information clearly may not be in the best interest of national security.
All cleared employees are required to notify the FSO if any of the following exist:
> Serious financial difficulties (excessive indebtedness, bankruptcy or wage garnishments)
> Excessive use of intoxicants (alcohol, prescription medications)
> Use of illegal drugs
> Required counseling for emotional or psychological problems
> Arrests or convictions for criminal offenses including drunk driving
> Tickets (over $300)
> Excessive/unexplained wealth
> Unusual/bizarre behavior
21. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
Updated: June 2016
Change in PersonalStatus
The following should be reported to the FSO for proper documentation:
> A change in name
> A recent change in marital status or a spouse-like relationship
> A change in citizenship
> When access to classified information is no longer required due to a change in job assignments
You must reportif you begin to act as a representative of or consultant to any foreign entity. This includes a
foreign government (or government agency), commercial business or an individual.
Example: Obtaining a foreign passport or entering into a business/partnership with a foreign national.
22. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
Updated: June 2016
Security Violations / Vulnerabilities
In addition to personnel security reporting requirements, you must reportany known orsuspected security violationor
vulnerability of which you become aware, independent of who is responsible or at fault for the situation. Security
violations/vulnerabilities include:
> The careless, intentional, or unintentional failure to comply with or disregard of facility security clearance policies
and procedures, regardless of intent, that has resulted in the loss, compromise or suspected compromise of
classified information
> The unauthorized receipt of classified material
> Report suspicious contacts, which are efforts by any individual, regardless of nationality, i) to obtain illegal or
unauthorized access to classified information, ii) to compromise a cleared employee, iii) all contacts by employees
with known or suspected intelligence officers from any country, or iv) any contact which suggests the employee
concerned may be the target of an attempted exploitation by the intelligence services of another country
> You must immediately report any situation related to actual, probable, or possible espionage, sabotage or
subversive activities directed at the United States
23. INITIAL
SECURITY
BRIEFING
Per the NISPOM, Section 1-304 a graduated scale of discipline has been put into place in the event of an
employee that violates or is negligent of his/her security requirements. The action must be reported directly to
the FSO and will be reviewed for a security violation if one or more of the following factors are present:
a. The violation involved a deliberate disregard of security requirements.
b. The violation involved gross negligence in the handling of classified materials.
c. The violation involved was not deliberate in nature but involved a pattern of negligence or carelessness.
You must immediately report any situation related to actual, probable, or possible violation directly to the FSO. The
FSO, if necessary will meet with the Compliance Officer and/or General Counsel to discuss the known or suspected
violation. It will be determined at that time is action consists of remedial or corrective measures and/or if
appropriate, disciplinary action, up to and including suspension or termination of employment pursuant to the
MFA’s disciplinary policies and procedures.
The FSO will maintain a record of all disciplinary and corrective actions. All disciplinary actions should be fairly and
firmly enforced.
If, after review with the Compliance Officer and General Counsel it is determined that an allegation does not warrant
an investigation, a report will be provided based on the initial review of the allegation and why the investigation is
not warranted.
Updated: June 2016
Cleared Employee Reporting Requirements
Security Violations / Vulnerabilities
24. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
Espionage, Sabotage, Subversive Activities
Espionage is the act orpractice of spying orof using spies to obtain
secretintelligence.
You mustreport potential espionage indicators exhibited by others:
> Unexplained affluence of wealth
> Keeping unusual work hours
> Divided loyalty or allegiance to the U.S.
> Disregarding security procedures
> Unauthorized removal of classified information
> Unreported foreign contact and travel (applie s to c le are d e mplo ye e s)
> Pattern of lying
> Attempts to enlist others in illegal or questionable activity
> Verbal or physical threats
> Inquiry about operations/projects where no legitimate need-to-know exists
Statute of limitations does NOTapply to Espionage
Updated: June 2016
25. CLEARED
REFRESHER
SECURITY
TRAINING
Suspicious contacts are:
> Any efforts by any individual, regardless or nationality, to obtain illegal
or unauthorized access to classified information or to compromise any
cleared employee.
> Any contact by a cleared employee with known or suspected
intelligence officers from any country.
> Any contact which suggests you or another employee may be the
target of an attempted exploitation by foreign intelligence.
Ifyou receive suspicious contacts please report them immediately to the FSO,
as they willthen be reported to DSS
Cleared Employee Reporting Requirements
Suspicious Contacts
Updated: June 2016
26. CLEARED
REFRESHER
SECURITY
TRAINING
DSSCase Study
In March 2009, a presumed South and Central Asian national contacted a cleared contractor in an attempt to
acquire export-controlled parts used in counter-battery radar systems.
In November 2009, a different U.S. cleared contractor received an unsolicited email from the same individual
expressing interest in purchasing the same radar system that was requested in the March incident.
The suspicious individual was a representative of a trading company from his home country. Multiple sources
indicate that his home government established the trading company as a front company to procure export-
controlled technology and equipment for the national military, and that the trading company had previously
sought products on behalf of several military services and defense-affiliated entities.
The trading company was the subject of several other SCRs reporting attempts to purchase export-controlled
electronics products and communications equipment used in military aircraft.
Updated: June 2016
Ifyou receive suspicious contacts please report them immediately to the FSO, as they
willthen be reported to DSS
Cleared Employee Reporting Requirements
Suspicious Contacts – DSSCase Study
27. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
Reporting Hotlines &Contact Information
•In addition to the FSO within our organization, Federal agencies maintain hotlines to allow an unconstrained
avenue for government and contractor personnel to report, without fear of reprisal, any known or
suspected instances of security irregularities or infractions concerning defense-affiliated contracts,
programs, or projects.
•You are also required to report any fraud, waste or abuse regarding work while working on a
government contract.
•WARNING: Do NOTdisclose classified information when reporting via one of the DoD Hotline methods,
as these channels are not secure!
DEPARTMENTOFDEFENSE(DoD) HOTLINE
The Pentagon
Washington, D.C. 20301-1900
(800) 424-9098
hotline.dodig.jil
http://www.dodig.mil/hotline
Updated: June 2016
NRC HOTLINE
U.S. NuclearRegulatory Commission
Office of the InspectorGeneral
Mail Stop O5-E13
11555 Rockville Pike
Rockville, MD 20852
(800) 233-3497
CIA HOTLINE
Office of the InspectorGeneral
Central Intelligence Agency
Washington, D.C. 20505
(703) 874-2600
DOEHOTLINE
Departmentof Energy
Office of the InspectorGeneral(IG)
ATTN: IG Hotline
1000 Independence Avenue, S.W.
Mail Stop 5D-031
Washington, D.C. 20585
(202) 586-4073
(800) 541-1625
DEFENSESECURITY SERVICE(DSS)
DSS IG Hotline: (571) 305-6660
MichaelIrvine, IndustrialSecurity Specialist
michael.irvine@dss.mil
(703) 617-2300
HectorRodriguez, Field CISpecialist
hector.Rodriguez@dss.mil
(571) 289-0657
28. CLEARED
REFRESHER
SECURITY
TRAINING
Cleared Employee Reporting Requirements
GlobalCompliance (Non Security-Related Reporting)
Ifyou suspect, orare asked
to coverup, any of the
following, report it to your
supervisor, to the MFA’s
Compliance Office orLegal
Department, orcontact
Global Compliance:
> Fraud/False Claims/Upcoding
> Kickbacks for referrals
> Conflicts of interest
> Theft
> Harassment or discrimination
> Criminal activity
> Violations of laws or regulations
> Health, safety, environmental
issues
> Violations of company policy or
procedure
Updated: June 2016
29. CLEARED
REFRESHER
SECURITY
TRAINING
Acknowledgement
Ihereby certify by my signature below that Ihave reviewed the information
contained herein and understand it is my responsibility to comply with all
necessary security measures outlined in the June 2016 Facility Security
Clearance RefresherTraining forCleared GW MFA Employees.
Name
Signature Date
Position and Department
Ple ase re turn this page to the Fac ility Se c urity Offic e ronc e it has be e n signe d
via e mailto kmajchrzak@mfa.gwu.edu orfac simile at 202-741-2214
Updated: June 2016