ANNUAL SECURITY REFRESHER BRIEFING MARCH 2010 Security Refresher

ANNUAL SECURITY REFRESHER BRIEFING MARCH 2010

Security Refresher Briefing ¥ ¥ Our contractual obligation to the Government requires that you receive the following Annual Security Refresher Briefing. It is designed to refresh your knowledge of your ongoing responsibilities for working with and protecting classified information as well as to update you with current security issues which affect your working environment and your travels. We hope that you continue to appreciate the need to protect information entrusted to you. You must certify your completion and understanding of this briefing for the record which is maintained in your Personal Security File for review by the Government.

Table of Contents ¥ ¥ ¥ ¥ Introduction Your Agreement Your Reporting Responsibilities Threat Awareness Reporting Foreign Travel Classified Information Safeguarding Need-to-Know Classification Reminders Public Disclosure Internet/E-mail Security Information Final Note

Introduction ¥ ¥ Koam Engineering Systems (KES, Inc. ) executed an agreement with the U. S. Government to conform with all security regulations and requirements for protecting classified national security information. A fundamental requirement is to ensure all employees who possess a security clearance receive annual security refresher briefings to update them on Government security requirements and remind them of their individual security responsibilities.

Your Agreement ¥ The President directed that: All persons with authorized access to classified information shall be required to sign a nondisclosure agreement as a condition of access. This requirement is reiterated in an executive order on classified national security information. ¥ Upon receiving your security clearance you read and signed a Classified Information Nondisclosure Agreement (SF 312) with the U. S. Government, which legally binds you to comply these requirements. Since you have been entrusted with access to our nations most vital and sensitive information, your trustworthiness and awareness of proper security practices is critical.

Reporting Responsibilities ¥ If you possess a Security Clearance you are required to report any changes to the information you reported in your Personal Security Questionnaire (EPSQ or E-Qip). You must also report: ¥ ¥ ¥ ¥ Security Infractions and violations Attempts by unauthorized persons to obtain classified or proprietary information Intent to become a representative of a foreign interest Extreme financial difficulties (including foreclosures, bankruptcy, unpaid back taxes etc. ) Arrests and convictions Counseling/Psychiatric treatment Changes in personal status (marriage, divorce, or name change)

Reporting Responsibilities (continued) ¥ You are required to report any information that reflects adversely upon the general character of any person who possesses a security clearance or any factor affecting their judgment, suitability, or reliability, or that indicates the person’s ability to protect classified information may be impaired. ¥ You should exercise good judgment when determining what information should be reported in the interest of national security, the company and to protect co-workers from their potentially self-destructive behavior. You will not be liable for defamation because of any reports you make to Security in support of Government requirements.

Threat Awareness ¥ ¥ The end of the Cold War, the collapse of the Soviet Union, and the new economic power of East Asia have changed the world as we knew it. The new reality of the espionage threat is that it extends beyond America’s traditional adversaries. One of the threats to the well being of the U. S. is economic espionage -- the covert acquisition of economic intelligence by foreign governments and companies. Increasingly, the espionage efforts directed against the U. S. come from our friends and allies in search of U. S. high-tech, industrial, and commercial secrets. The targets of hostile espionage efforts are the U. S. government and the business communities. As a cleared employee, you could be a possible target for Hostile Intelligence Services (HOIS) to obtain classified information. Report immediately to your Security Representative all efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified or sensitive unclassified information or to compromise a cleared employee. In addition, all contacts by cleared employees with known or suspected intelligence officers from any country or any contact which suggests the employee concerned may be the target of an attempted exploitation by the intelligence services of another country must be reported to the Facility Security Officer. HOIS officers employ various tactics in their campaigns to enlist targeted employees. The following are examples of techniques used:

Threat Awareness (Continued) ¥ ¥ ¥ They may use a honeyed, seemingly guileless approach. They befriend targets, treat them to gifts and money, wine and dine them. The HOIS officer may misrepresent himself or herself as a citizen of a country friendly to the U. S. Thus, a targeted American may be persuaded into handing over sensitive information by being led to believe that he or she is aiding an ally of the U. S. Marketing Surveys. Exploitation of Joint Ventures and Research. A cleared employee must be wary of glad-handing strangers who make an intensive effort at forming a friendship, and then slowly but surely begin to use that friendship to gather information about your work, your work assignments, and your coworkers. At any point where someone begins to inquire into aspects of an employee’s knowledge or activity that is classified, the employee certainly should stop to consider whether the inquiry is normal innocent curiosity, or whether it might be the beginning of an attempt to secure intelligence information for the benefit of another country.

Reporting Foreign Travel ¥ ¥ KES is always concerned for your safety and welfare when you travel to foreign countries to conduct company business or for personal reasons. You should report any suspicious foreign contacts or noteworthy activities that occurred during your travel to your FSO (Kim or Doreen) immediately upon your return.

Classified Information ¥ ¥ Classified information is received or developed in performance of a contractual requirement or other agreement with the U. S. Government. All classified information belongs to the U. S. Government which reserves the right to retrieve or require specific disposition of their classified information or materials. If you are a custodian or have possession of classified information, you must be able to located the material or provide proof of its disposition when requested. The DD Form 254 Department of Defense Contract Security Classification Specification is the only means to provide our employees with classification guidance, advice and procedures for handling classified materials received or generated during performance of a classified contract.

Safeguarding Classified Information ¥ ¥ ¥ The moment you gain knowledge of classified information you become a custodian of the information. You must not communicate, deliver, or transmit, in any manner, classified information to an unauthorized person or agency. You must determine a recipient's clearance and need to know before disclosing classified information to them. When not in use, classified information must be secured only in approved security containers. Classified information that is not safeguarded in an approved security container shall be constantly under the control of a person having the proper security clearance and need to know. If you find classified information unsecured it is your responsibility to properly protect and secure the material as well as follow any reporting procedures for the lab.

Need-to-Know ¥ ¥ Need to know is difficult to implement as it conflicts with our natural desire to be friendly and helpful. It also requires a level of personal responsibility that many find difficult to accept. Classified information is disseminated only on a strict “need-to-know” basis. This means that in the interest of national security: ¥ The individual must possess a security clearance equal to or higher than the classification level of the information ¥ The individual must have a requirement for access to, knowledge of, or possession of the classified information in order to accomplish their tasks or services on a contract.

Need-to-Know (continued) ¥ ¥ No person is entitled to classified information solely by virtue of office, title, position, rank or security clearance. You have a responsibility to assert the need to know policy as part of your responsibility to protect classified information. Determining need to know is also a supervisory responsibility. If you are in doubt as to an individual’s need to know, you should always check with your supervisor. Some contracts may require the U. S. Government to certify need to know prior to a visitor or other contractor having access to classified information.

Classification Reminders ¥ ¥ Original classification is the initial determination that information requires protection. Derivative classification is the act of classifying information ordinarily from a previously classified document or a classification guide issued by an original classification authority. Information is classified in one of two ways: originally or derivatively. Information shall not be classified for any reason unrelated to the protection of the national security. Only individuals in the government specifically authorized in writing have original classification authority.

Classification Reminders (continued) ¥ ¥ ¥ There are three levels of classification: Top Secret, Secret and Confidential. You may make derivative classification decisions based on the guidance in the DD 254. If the information was previously identified as classified, classify it derivatively. If not previously classified, but you believe that it should be, protect the information at the appropriate level and submit it to the government for classification determination. Information shall not be classified for any reason unrelated to the protection of the national security. Classifiers are responsible for assuring that information is appropriately classified and properly marked. If you believe that information in your possession is inappropriately classified, or inappropriately unclassified, you should bring your concerns to the attention of the original classification authority. Information shall not be classified for any reason unrelated to the protection of the national security.

Public Disclosure ¥ ¥ ¥ Before discussing your work in public, consider how an adversary or competitor might use that information to target our company’s employees or activities. Do not assume that the information is not sensitive just because it is not classified and is from open sources. You should always use discretion when discussing your work activities outside of your workplace and in public. Seeing classified information in open publications does not necessarily mean that it has been declassified. Report it to your security officer or client in person or by secure publications. When reporting a compromise or suspected compromise of classified information you should use secure means for reporting.

Internet/E-Mail Security ¥ ¥ ¥ A common occurrence in accidental disclosure of classified and sensitive information is: ¥ Downloading of seemingly unclassified files from a classified system and failing to review the file before sending it as an email attachment. When you use your computer to conduct daily business activities and to communicate, be aware that it is also the gateway for others to access our information. Unfortunately people still inadvertently transmit classified, sensitive or proprietary information over the Internet for all to view. Do not contribute to a compromise.

Internet/E-Mail Security (continued) ¥ ¥ ¥ Some vulnerabilities are: ¥ Lack of privacy ¥ Ease of accidental compromise ¥ Transmission of viruses ¥ Inability to ever fully erase ¥ Remote Access ¥ Uncertain Origin Should you receive classified or suspected classified information by e-mail: ¥ Do not manipulate the data, forward, delete, print, copy or save etc. ¥ Contact your manager and security as soon as possible via secure channels ¥ If you do not have secure means to communicate the incident you may use un-secure channels but exclude any reference to a particular date, time or subject matter Security will contact the required persons and coordinate the actions necessary.

Final Note ¥ ¥ ¥ Your signed nondisclosure agreement (SF 312) is held by the government for 50 years after its execution. However, you are responsible to protect classified information that you had access to long after your clearance has terminated and as long as the information remains classified. The briefing you have just received is designed only as a “refresher” to the information you should have already received. It by no means describes the totality of your obligation to protect information vital to the national defense and the success of our business. We encourage you to also read the additional information contained in the Employee’s Guide to Security Responsibilities at the DSS Website.

Annual 2010 Security Refresher Briefing ¥ My signature below indicates that I have carefully reviewed the Annual Security Refresher Briefing and I understood the information which was presented. ¥ Thank you for reviewing and certifying that you have read the KES, Inc. Annual Security Refresher Briefing. Information in this briefing was provided to reemphasize your continuing responsibilities for protecting classified information and materials, to inform you of any changes that my have been made to the National Industrial Security Program Operations Manual (NISPOM) and to update information regarding threats to national security information. ¥ Your cooperation in completing this requirement will ensure that KES’s continued eligibility for a Facility Security Clearance. If you require additional information or have any questions regarding security issues, please, contact your Facility Security Officer. ¥ Name (printed) ________________ Date __________ ¥ Signature _______________________________