The word security, as it is used in the Navy, can mean many things. Physical security involving the protection of ships and stations and all the people and equipment associated with them is a primary consideration. As you can probably imagine, information security is also an important consideration in the military—keeping a real or potential enemy from knowing your plans in peacetime, crisis, and war is another obvious example.
Naval personnel must always be security-minded and alert to external and internal threats. A few examples include saboteurs, terrorist attacks, civil disorders, riots, and spies.
EXTERNAL SECURITY
Twice in our nation’s history, we have suffered the devastation and embarrassment of surprise attacks. On 7 December 1941, the U.S. Fleet and Army Air Corps units at Pearl Harbor, Hawaii, were surprised by an air attack from a Japanese fleet that caused severe damage and resulted in more than 2,500 deaths. On 11 September 2001, terrorists from several Middle Eastern countries, using hijacked American passenger aircraft, destroyed the World Trade Center in New York, severely damaged the Pentagon, and would likely have done further devastating damage were it not for the bravery and sacrifice of the passengers of United Airlines Flight 93, which crashed in Pennsylvania.
Those attacks and just plain common sense make it clear that we must expect attacks and take every precaution to prevent them or to minimize their effects should they occur. Threats to security may take many forms, and without resorting to outright paranoia, we must be alert to unexpected danger and implement preventative measures.
Force Protection Conditions (FPCONs)
Navy warfare publication NWP 3–07.2, Navy Doctrine for Antiterrorism/Force Protection, states:
The terrorist threat is not likely to diminish soon. On the contrary, events worldwide have shown the need for increased vigilance and preparation by U.S. Navy forces whether deployed or at home. Acts of terrorism are increasingly becoming the tactic of choice among those who wish to challenge the United States but do not have the capability or desire to directly confront U.S. forces using traditional military means.
To meet this need for “increased vigilance and preparation,” the Navy has adopted the system of force protection measures created by the Department of Defense known as “Force Protection Conditions” (FPCONs), which provide a means of alerting commands of the degree of probability of a terrorist attack and of triggering a series of measures designed to increase the level of a unit’s defense.
There are five levels of FPCONs beginning at “NORMAL” and progressing from “ALPHA” through “DELTA”—DELTA being the highest level of threat. Experience and logic make it clear that the threat of terrorism is always possible, therefore even “NORMAL” acknowledges this possibility and includes a number of defensive measures just in case. [Note: Because FPCONs are “joint” (pertaining to all services, not just the Navy), “ALPHA” is spelled this way, rather than the Navy way (“ALFA”).]
FPCON NORMAL. No known enemy threat exists.
FPCON ALPHA. There is an increased possible general threat of terrorist activity.
FPCON BRAVO. Increased and more predictable threat of terrorism.
FPCON CHARLIE. Imminent threat of terrorism.
FPCON DELTA. A localized, specific terrorist threat or an actual attack.
See TAB 9-A: Force Protection Conditions (FPCONs) for more details, including specific actions to be taken.
As the FPCON increases, your command will have certain specific actions to take that will heighten security. As the degree of threat elevates, so will the degree of caution. Specific measures taken will depend upon the location and circumstances.
During times of heightened danger, extra watches may be assigned for added protection of the ship. For example, when the threat condition is high, strangers approaching the ship will be regarded with suspicion, even though they might appear to be ordinary visitors, salespersons, newspaper carriers, or delivery people. All individuals coming aboard will not only be identified by the OOD or his or her representative, but all items such as packages, parcels, briefcases, and toolboxes might be inspected. Persons standing gangway or quarterdeck watches assist the OOD in identifying approaching boats, screening visitors, and checking packages.
Sentries and guards posted for security purposes are always guided by written instructions and will be armed when the situation demands. Armed guards will be well trained in the use of their weapons and when to employ those weapons.
When ships are moored to a pier, attackers may mingle with a returning liberty party, pose as visitors, or sneak aboard. Moored or anchored ships are vulnerable to sneak attacks and sabotage, particularly at night. Ships can be approached by swimmers, small boats, or submarines. Sentries must know how to challenge approaching boats in order to identify occupants before they come alongside.
Security Reaction Forces
Sometimes called “Shipboard Reaction Forces” (SRF) or “Base Reaction Forces” (BRF), these are teams that have been specially trained and equipped to respond when a security emergency arises, such as intruders on your ship. Sailors (and sometimes Marines) assigned to these teams are ready to respond on a moment’s notice much like volunteer firefighters in a community. In other words, they go about their normal duties and routines until called upon to respond to a security emergency.
You may be assigned to an SRF or BRF after you have been properly trained in weapons handling and other relevant topics. If you are not part of one of these teams, be sure to do what they tell you and do not impede them in any way. If, for example, they come into your compartment and tell you to lie face down on the deck, do so immediately. Kissing steel is better than being wounded in an attack!
![[9.1] As an armed...](../images/f0204-01.jpg)
Bomb Threats
A bomb threat may happen anytime or anywhere. Many bomb threats are not real, but you should not assume that this is the case. If you receive a bomb threat by telephone, keep your head and take the following actions if at all possible:
Keep the caller on the line and obtain as much information as you can.
Write down the exact words of the caller (or as close to the exact words as possible) as quickly as you can.
Try to determine the sex, approximate age, and attitude of the caller.
Ask the caller when and where the bomb is to go off, what kind of bomb it is, what it looks like, and where the caller is calling from.
Listen for background sounds that might give an indication of the caller’s location.
Note any accent or peculiarity of speech that may help identify the caller.
Each telephone at your command should have a copy of a “Telephonic Threat Complaint” form readily available to guide you if you receive a bomb threat.
There are certain other defensive actions you can take to reduce the chance of a real bomb attack:
Strictly comply with and enforce procedures for personnel identification and access control by always carrying your own identification card and, if you are on watch, carefully examine the ID cards of personnel boarding your ship or visiting your command, particularly if you do not recognize them.
Be suspicious of packages if you do not know where they came from.
Be suspicious of any item that is obviously out of place.
Maintain tight control of locks and keys.
Lock spaces that are not in use.
Report suspicious personnel and their actions.
Shipyard Security
Ships sent into shipyards for major repairs will have many civilians coming aboard to do their work. This increased traffic can make a ship more vulnerable to problems of theft, damage, and even sabotage, because it becomes more difficult to keep track of so many people on board. All workers coming aboard a ship must be identified. The shipyard itself will assist in this process by providing proper identification cards to its workers. Compartments containing classified matter must be secured, either by locks or with sentries. Shipboard personnel may be assigned as “fire watches” to each welder and burner who comes on board because of the increased potential for fire. Also, special precautions must be taken after each shift to inspect spaces for fire hazards.
WARTIME SECURITY
In times of war or when the potential for hostile action is very high, extra precautions must be taken to provide additional security to ships and stations. These precautions may be very elaborate and involve highly trained personnel, or they may be relatively simple and affect all hands.
Because modern technology enables an enemy to detect almost any electronic emission, a condition known as EMCON (emission control) may be set. When EMCON is imposed aboard ship, powerful equipment such as radio transmitters and radars will be shut down or tightly controlled. Even your personal radio and other electronic devices may be prohibited if they have signal-emitting characteristics, which many do.
In peacetime, ships display navigational lights for safety, but if military considerations take precedence (e.g., moving through waters where enemy ships or submarines may be present), navigational lights will be turned off. It is essential that you and your shipmates do not endanger the ship during such times. Smoking, for example, is now restricted to certain locations and prohibited during certain conditions; the glow of a cigarette can be seen for miles on a dark night. The light from an improperly shielded doorway will let a submarine make a successful periscope attack.
Sound travels better in water than in air. Unnecessary noises can aid an enemy in detecting a ship or submarine. When “quiet ship” is set, all banging and hammering will be prohibited, and everyone on board will be expected to avoid making any noises.
SECURITY OF INFORMATION
Some information—if obtained by an enemy, or a potential one—can be harmful to our nation. Obvious examples would be war plans, or the location of our forces during combat operations, or the codes that we use to keep things secret. Such information is labeled as “classified.” That rather general term can be further specified into certain categories of national security classifications, such as Confidential, Secret, or Top Secret. Because the safety of the United States and the success of naval operations depend greatly on the protection of classified information, it is important that you understand what classified information is, who may have access to it, and what the important rules and guidance for safeguarding it are.
Security Classification
Information is classified when national security is at stake. It is assigned a classification, which tells you how much protection it requires. There are three main classifications, each of which indicates the anticipated degree of damage to national security that could result from unauthorized disclosure:
Top secret—Exceptionally grave damage
Secret—Serious damage
Confidential—Damage
All classified material—such as messages, publications, electronic communications, software, equipment, or videos—must be plainly labeled with the appropriate classification. Following the classification, some material may have additional markings that signal extra precautions in handling. For example, “restricted data” means that the material pertains to nuclear weapons or nuclear power, and NOFORN indicates that the information cannot be disclosed to foreign nationals.
There is another category of government information, “for official use only” (FOUO). This is not considered classified information because it does not involve national security, but it is information that could be damaging in other ways and cannot, therefore, be divulged to everyone. Information such as the results of investigations, examination questions, and bids on contracts are “privileged information” and are kept from general knowledge under the designation FOUO.
Unauthorized disclosure, or “compromise,” means that classified information has been exposed to a person not authorized to see it.
Security Clearance
Before you can be allowed to have access to classified information, you must have a security clearance. You will be assigned a security clearance based upon how much classified material you will need to work with in order to do your job. If you have a need to work with top-secret material, you must first receive a top-secret clearance. If all you will need to work with is confidential information, you will be assigned a confidential clearance.
The standards for clearances and information security are listed in the Information Security Program Manual (SECNAV M-5510.36). In general you must be trustworthy, of reliable character, and able to show discretion and good judgment. A person may be loyal to his or her country but unable to meet the standards for a position of trust and confidence. Conduct such as drug abuse, excessive drinking, and financial irresponsibility can lead to denial of clearance. This could cost a promotion, cause a rate conversion, or lead to separation from military service. A clearance may be denied or revoked because of a mental or emotional condition, general disciplinary causes, UA (unauthorized absence) or AWOL (absent without leave), falsification of official documents, or disregard for public laws or Navy regulations.
INVESTIGATIONS
Before you can be granted a security clearance, an investigation is conducted into your background to make certain that you can be trusted with classified information. Investigators will look into your past records and may question people who know you. This process can take a while, so you may be given an “interim” clearance based upon some preliminary investigating before your “final” clearance comes through. The word “final” in this case means that the investigation is over and that you have been granted the clearance you need. It is not “final” in the sense that it cannot be taken away. Should you involve yourself in any of the disqualifying activities mentioned above, such as drug use or financial irresponsibility, your clearance may be revoked.
Access and Need to Know
Security clearances are granted only when access to classified material is necessary to perform official duties and only at the appropriate level. If your job requires you to see confidential material but not secret or top secret, you will only receive a confidential clearance. This is no reflection on you or the level of trust the government places in you. If you are ever denied the access you need, that is a cause for concern, but as long as you receive the level of clearance required for the performance of your assigned duties, you should be satisfied.
It is very important to understand the concept of “need to know.” Just because you have a secret clearance, that does not give you access to all secret material. Your secret clearance allows you to see all the secret material you need to know in order to do your job, but it does not entitle you to see information classified at that level in other locations or departments not related to your job. If circumstances change and your duties no longer require access, or require a lower level of access, your security clearance will be administratively withdrawn or lowered without prejudicing your future eligibility. Commanding officers may reinstate or adjust your security clearance as the need arises.
Safeguarding Classified Information
Classified information or material is discussed, used, or stored only where adequate security measures are in effect. When removed from storage for use, it must be kept under the continuous observation of a cleared person. It is never left unattended.
You are responsible for protecting any classified information you know or control. Before giving another person access to that information, it is your responsibility to determine that the person has the proper clearance and a need to know. If you are uncertain whether someone has the proper clearance and a need to know, find out before you allow him or her access. Never tell someone something classified just because he is curious, even if he has the proper clearance. Remember, there are two requirements for someone to have access to classified material: she must have the proper clearance and she must have an official need to know the information.
VOICE COMMUNICATIONS
Some radio circuits and telephones in the Navy are what we call “secure.” This means they are protected by special equipment that encrypts (scrambles) your voice so that an enemy or someone not authorized cannot listen in and understand what you are saying. But most are not secure. Never discuss classified information over a telephone or a radio circuit unless you know that it is secure.
CENSORSHIP
In war or during certain peacetime emergency conditions, censorship of personal mail may be imposed. The intent of censorship is to avoid security violations that might occur through carelessness or lack of judgment in writing letters or sending electronic messages. Under such emergency conditions, all such communications written aboard a ship, or in a forward area, must be passed by a censor. When censorship is imposed, instructions will be issued explaining what can and cannot be discussed in letters. You should avoid subjects such as ships’ movements, combat actions, or details of weapons in your communications under these circumstances.
Photographs may be censored as well. Cameras may be barred and all pictures taken aboard ship may require clearance for release.
Bear in mind that limitations may also be imposed upon all forms of communication, including telephone calls, texting, e-mails, and social media postings.
STOWAGE AND TRANSPORT
Classified material may not be removed from the command without permission. Authorized protective measures must be used when classified material is sent or carried from one place to another and it must be stowed (stored) properly. Do not, for example, take a classified manual home to study at night. It is admirable that you want to improve your knowledge so that you can do your job better, but you probably do not have the means to transport the material safely. You almost definitely do not have the means to stow it safely in your home. Do not take classified material home.
DISCOVERY OF CLASSIFIED INFORMATION
If you accidentally come across some classified material that has been left unguarded, misplaced, or not secured, do not read or examine it or try to decide what to do with it. Report the discovery immediately and stand by to keep unauthorized personnel away until an officer or senior petty officer arrives to take charge.
SECURITY AREAS
Spaces where classified materials are used or stowed or that serve as buffers are known as security areas. Some areas are more sensitive than others. A system has been developed to identify security areas properly. The government has established three types of security areas and identified them by levels. All three of these areas are clearly marked by signs with the words “Restricted Area.” The level of the area is not identified on the signs, however.
Level I. No classified material is actually used or kept in a level I space. This space is used as a buffer or control point to prevent access to a higher-level security area. A security clearance is not required for access to a level I area, but an identification system is usually in place to control access to the area.
Level II. Classified material is stowed or used in these areas. Uncontrolled access to a level II area could potentially result in the compromise of classified information. Therefore, it is mandatory that anyone not holding the proper clearance be escorted while visiting a level II area.
Level III. Classified material is used in a level III area. Mere entry into the area risks compromise. An example would be a command and control center where large decision-making displays have classified information posted on them. Only people with the proper clearance and the need to know are permitted access to a level III area. All entrances must be guarded or properly secured.
Information Security Threats
Foreign nations and adversaries may be interested in a wide variety of classified information, to include new developments, weapons, techniques, and materials, as well as movements and the operating capabilities of ships and aircraft.
Those who try to collect such information cannot be stereotyped or categorized, which is why they succeed in their work. A person who has access to classified material should never talk to any stranger about any classified subjects. A foreign intelligence agent collects many odd little bits of information, some of which might not even make sense to the agent, but when they are all put together in the agent’s own country they may tell experts much more than the Navy wants them to know.
Espionage agents prey upon the vulnerabilities of their intended targets. For example, service people with relatives in foreign countries can sometimes be intimidated into cooperation by threats to their relatives. People with financial problems or drug habits can be coerced into doing favors for the enemy. Some people may feel a need for attention. If a stranger offers to solve a problem you are having, you could be placed in the awkward position of accepting, without even knowing that your new friend is indeed from an unfriendly foreign nation. All this may sound like a scene from a spy movie but, unfortunately, it happens in real life. Enemy agents also like to infiltrate social gatherings where U.S. service personnel dance, drink, talk, text, and photograph. These agents may gather important pieces of information merely by listening to the conversation around them or by actively engaging in talk with service personnel. Then they pass on whatever is heard. Some agents even move into communities with service people so they can collect information from their neighbors.
Listed below are some ways to prevent being exploited by a foreign agent:
Don’t talk about a sensitive job to people who don’t need to know—not even to your family or friends.
Be especially careful about what you post online. Even seemingly routine information about yourself or your activities can help real or potential enemies piece together more important conclusions.
Be careful what you say in social situations. Even seemingly trivial information can be valuable in the wrong hands.
Be aware that telephone communications, text messaging, and e-mailing are all vulnerable to eavesdropping or hacking.
Know how to handle classified material properly.
If you have personal problems you feel might be exploited, use the chain of command to solve them. No one in the Navy is going to hit you over the head because you have a problem that might be solved by a senior petty officer or officer. If one of them cannot help, go to a chaplain. Chaplains are in the service for more than religion; they are there to help, whatever your problem is.
REPORTING THREATS
Report any suspicious contact. If someone seems more curious about your job than seems normal and presses you for information in any way, report it to your superiors. If the person is innocent, no harm will come of it. If the person is guilty, you will have done a great service to your country by calling attention to the incident.
If you are contacted by someone who you are certain is attempting espionage, do not try to be a hero by taking action yourself. Report it!
Report any contact with someone you know who is from a nation that is hostile or potentially hostile to the United States, even if the contact seems innocent. Remember that spies rarely start out trying to get classified information from their targets. If you are unsure whether the nation is considered a potential threat, report it. In matters of security, it is always better to be overly cautious than not cautious enough.
If you feel that your superior in the chain of command cannot be trusted with the information you have to report, request permission to see the next higher-up. And the next, if necessary. If you feel you cannot approach the people in your chain of command, go to the Naval Criminal Investigative Service (NCIS) office. If you cannot find one, visit their website at www.ncis.navy.mil.
If you are going to make a report, make a note of the date, time, place, and nature of the encounter. Describe how you were approached and mention who else in the Navy was also approached. Provide names if you know them. State your own name, grade, social security number, and anything else you feel is pertinent.
CYBERSECURITY
Cyber threats come from a variety of sources including nation states, profit-motivated criminals, ideologically motivated hackers, extremists, and terrorists. When you log on to a Navy network or system, you’re in the cyber battlespace.
If there are weaknesses in the Navy’s defenses, they may be networks and computers that can be compromised by intruders with relatively limited resources. Cyber enemies only have to be successful once to do significant damage; we cannot afford to make any mistakes. Always practice good cyber discipline as described below.
Don’t Take the Bait. Always verify the source of e-mails and the links you may find in them. If you are directed to a site for an online deal that looks too good to be true, it probably is fraudulent. Phishing is a form of e-mail spoofing. By clicking on a link in what appears to be a legitimate e-mail, you may be directed to a fraudulent website that installs bad software on your computer or captures data you enter on the website. Opening an infected e-mail attachment can also install bad software on your computer.
“Phishing” is a scam used to dupe an e-mail user into revealing personal or confidential information, such as passwords, social security numbers, or credit card information, that a scammer can use to harm you or the Navy. “Spear-phishing” is a form of phishing that targets a specific organization. Spear-phishing e-mails appear to be from an individual or business you know. Spear-phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by those seeking financial gain, trade secrets, or military information. Signs that an e-mail may be a spear-phishing attempt include:
Sender’s name, organization, or company does not match the e-mail address or digital signature
Words such as official, mandatory, urgent, etc.
Link text may not match associated URL
Unsolicited requests for personal information
Poor grammar and multiple misspellings
When in Doubt, Throw It Out. Do not open suspicious links in e-mails, tweets, posts, messages, or attachments, even if you know the source.
Don’t Connect Unauthorized Devices to Navy Networks. Connecting unauthorized devices, such as thumb drives and cell phones, to your computer is inviting trouble. Unauthorized devices may contain software that can allow an intruder inside the Navy’s network. Do not allow convenience to take precedence over national and cybersecurity.
Remove Your Common Access Card (CAC). Remove your CAC when you are not using it. Don’t make it easy for someone to access data on your computer when you’re away.
Use a Better Password. Don’t use easily guessed or weak passwords, and safeguard them so they can’t be stolen. Password best practices include:
Use different passwords for every account.
Make passwords a minimum of eight characters long and include at least one number, one capital letter, one lowercase letter, and one special character.
Select the first letter of each word in an easily remembered phrase for the letters in your password. For example, “stand Navy down the field, sails set to the sky” becomes “sNdtfsstts.”
Don’t use names or words that can be found in any dictionary (including foreign languages).
Don’t use keyboard patterns.
Routinely change passwords on all accounts.
Do not change passwords in a serial fashion (e.g., password 2016 replaced with password 2017).
If you save your passwords to a file, password protect and encrypt the file.
Don’t write down your passwords or keep them in your wallet/purse.
Don’t allow your browser to store your passwords.
Safeguard Your Personally Identifiable Information (PII). Cyber adversaries can use information they have obtained about you to appear legitimate so they can trick you into surrendering data they need to breach our networks and systems. To protect your PII, be smart about providing information online and use good security practices when using social media sites.
Choose security questions that have answers not discoverable on the Internet—for example, do not choose the street you grew up on, your mother’s maiden name, etc.—and don’t conduct work-related business on your personal account.
Facebook, Twitter, LinkedIn, and other social media platforms are invaluable tools, but they can introduce security hazards. Personal profile information on these sites may be used by hackers for social engineering or phishing purposes. Also, be extra vigilant about friending bogus Facebook accounts, which can allow hackers to harvest sensitive user photos, phone numbers, and e-mail addresses for social engineering attacks.
Don’t Use Peer-to-Peer (P2P) Programs. Don’t use peer-to-peer (P2P) file sharing programs. These programs can spread bad software inside the Navy’s network defenses.
Stay on Known, Good Websites. Use websites that are business related or known to not pose a hazard.
Don’t Use Systems in Unauthorized Ways. The Navy has established policies to protect itself from compromise. Don’t put others at risk by using systems in ways that are not authorized.
Complacency about cybersecurity makes the Navy vulnerable to compromises that could significantly affect operations. Your commitment to these cybersecurity best practices will protect the Navy’s operational capabilities and contribute to our cyber fight. Think cybersecurity before you act.
From seamen recruits to admirals, security is the responsibility of everyone in the Navy. Just as you are alert to dangers of all types in your own home, so should you be always vigilant and protective of your Navy. Your life and those of your shipmates may very well depend on it.