communications is by using encryption devices which turn plain English text into a meaningless
jumble of letters.
Electronic Security (ELSEC): ELSEC includes the measures designed to deny unauthorized
persons information of value derived from the interception and analysis of noncommunications
electromagnetic radiations, such as radar. Each type of radar gives off unique signals and the enemy
can use these signals to their advantage. For example, if a certain type of radar is only found in an
artillery unit, any time the enemy detects that radar he knows there is an artillery unit in the area.
TEMPEST: TEMPEST, which is not an acronym, is the investigation, study, and control of
compromising emanations from electrical or electronic equipment. Computers, electronic
typewriters, and other such equipment send out signals when they are being used. If unauthorized
persons have access to the right location and have the right equipment, they can intercept these
signals and figure out what is being typed or processed by a computer or electronic typewriter.
Computer Security (COMPUSEC:): COMPUSEC includes all of the security measures and
controls that protect computers, and the information processed, against unauthorized (accidental or
intentional) disclosure, modification, or destruction.
Part F: Major Security Objectives
A good way to start our discussion of computer security is to take a look at what we are trying to
achieve. Regardless of the type, model, or size of computer that we use to process classified
information or unclassified-sensitive information, there are three major security objectives which must
be met
Confidentiality : Classified defense information must, of course, be protected from unauthorized
disclosure. However, certain unclassified-sensitive information, like For Official Use Only (FOUO)
information, must also be protected. As well as protecting the Army's official information, you want to
make sure that any computer which contains personal information about you is protected from
unauthorized access. You don't want a stranger getting access to your medical records or your 201
file.
Integrity : Information must be protected against unauthorized changes and modification.
Commanders use computer-based information to make important decisions and that information must
be accurate. A decision based on incorrect information, will probably be the wrong decision.
Imagine the impact on national security if some other county got Into US Army Personnel Central
Clearance Facility (CCFs) computer and started granting security clearances. If you have ever had
trouble getting a loan, you can appreciate the need for accuracy. One credit reporting agency did a
survey of its records and found out that one third of the credit information they had on file was
incorrect!
Availability : The Army depends on computers to perform its mission. Therefore, the Amy's
computer systems, the information processed, and the services provided must be protected from
deliberate or accidental loss, destruction, or interruption of services. We are totally dependent on
computers and without them we probably can't do our jobs!
1- 5
IT0772
Previous Page
