Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


20 August 2008

Related: http://cryptome.org/deepwater/deepwater.htm


http://www.uscg.mil/acquisition/newsroom/feature/c4isrequipment.asp

Update: C4ISR Equipment on Bertholf

Since May 2008, unsubstantiated claims have appeared through various blogs speculating that prior to the arrival of U.S. Navy inspectors aboard the National Security Cutter Bertholf, the U.S. Coast Guard removed electronics and communication equipment, purportedly to improve the outcome of rigorous tests and trials. No evidence has been offered to support these claims, because they are not true.

In fact, at no time did the Coast Guard remove or re-install equipment to mislead Navy examiners. The Coast Guard has regularly and frequently discussed in detail with congressional oversight staffs the many actual activities associated with preparation and follow-on work for acceptance trials and delivery. Specifically, the Coast Guard presented Congressional staff with information that directly counters the false assertions and unsubstantiated claims regarding this matter. Because of the sensitive nature of the information provided to Committee staff, the Coast Guard cannot publicly disclose those documents, because that would disclose equipment capabilities.

The Coast Guard has worked diligently during the last two years to ensure that all Bertholf’s equipment, including electronic and communication gear, meets very strict operational requirements. These efforts have been complemented by expertise from the U.S. Navy, including its Naval Sea Systems Command (NAVSEA), Space and Naval Warfare Systems Command (SPAWAR), Commander Operational Test and Evaluation (COMOPTEV) and Board of Inspection and Survey (INSURV).

This spring, more than 80 representatives of INSURV tested shipboard equipment, assessed the quality of Bertholf’s construction, and evaluated the cutter’s compliance with contractual specifications and requirements established by the Coast Guard. During the course of the acceptance process, INSURV conducted inspections and surveys of the ship and its systems to determine whether they are ready for delivery. This included the electronics equipment then certified for operation. In addition, INSURV observed and determined whether the contractor’s equipment operates satisfactorily in accordance with contract requirements.

After inspection, the INSURV Board concluded that Bertholf is a “unique and very capable platform with great potential for future service.”

Prior to INSURV’s inspection – at each step of Bertholf’s construction, delivery and testing – the Coast Guard has exercised diligent, prudent and proven program management oversight. While delivery – which represents conditional acceptance by the Coast Guard – was a major milestone, thorough contractual oversight has continued. Bertholf now is well into an 18-24-month post-delivery work period, including operational testing and evaluation to ensure the cutter is suitable and effective, and that she meets all requirements for deployment.

TEMPEST testing of installed systems is still scheduled for later this year in the cutter’s homeport of Alameda, Calif.
 

http://www.uscg.mil/acquisition/newsroom/pdf/informationassurance.pdf

USCGC BERTHOLF
INFORMATION ASSURANCE
FACT SHEET - BACKGROUND

.. Built by a joint Lockheed Martin and Northrop Grumman partnership (Integrated Coast Guard Systems or ICGS), the BERTHOLF—the first ship in a new class of eight complex and technologically advanced 418 foot cutters—was preliminarily accepted by the Coast Guard on May 8th, 2008, and will be commissioned this upcoming summer.

.. Unlike older cutters, the BERTHOLF contains fully integrated command, control and communications systems that are designed to dramatically improve the Coast Guard’s ability to execute its vital maritime missions. Because of these tightly integrated systems, the Coast Guard must carefully ensure that confidentiality, integrity, and availability of information processed by these systems are appropriately protected.

.. Before the BERTHOLF becomes part of the Coast Guard’s fleet it must go through a standardized Information Assurance (IA) process based on Federal and Department of Defense (DOD) policies, wherein delivered equipment and installation procedures are certified for compliance by the Coast Guard.

.. The Coast Guard’s C4&IT Technical Authority, CG-6, anticipates that BERTHOLF will initially be granted a limited authority to operate some of its systems to facilitate the vessel’s transit to its new homeport in Alameda, CA. In fact, an ATO was granted on 30 April 2008 for a stand-alone classified messaging system; and on 09 May 2008, an Interim Authority to Operate (IATO) was approved for limited network connectivity of the unclassified local area network and general support system. No classified information is permitted to be loaded on any IT system until certification and accreditation is completed and approved by the Coast Guard’s Designated Accrediting Authority (DAA).

.. The IATO refers to the document that is issued by the DAA who must determine, after reviewing Certification and Accreditation (C&A), documentation whether or not to accept any residual risk as identified in the IA process and allow the systems to operate. The C&A package is reviewed by a Certifying Authority (CA) and DAA before the system is permitted to be connected to any government data network applicable to the classification of the system.

.. The IA process includes a large number of activities, one of which is known as TEMPEST testing. TEMPEST testing is comprised of visual and instrumented inspections to ensure compliance with emission security requirements.

.. “TEMPEST” (not an acronym – it is a formerly classified DoD code word from the 1950s) is the short name referring to investigation, study, and control of compromising emanations from telecommunications and Automated Information Systems (AIS) equipment. A compromising emanation is an unintentional signal that if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or automated information systems equipment. The elements of TEMPEST serve to ensure there are no compromising emanations.

.. The Coast Guard adheres closely to the Department of Homeland Security, Department of Defense and the National Security Agency rules, regulations, and protocols for TEMPEST testing and certification. As stated previously, no classified information is permitted to be loaded on any system that does not meet these stringent requirements.

.. The Consolidated Contracting Action (CCA), which was signed 08 Aug 2007, clarified contractual requirements pertaining to information assurance. The following standards were contractually required from the following U. S. Navy publications:

1. Information Assurance Shipboard Red/Black Installation Publication, IA 5239.31 of July, 2001. This instruction was updated in July, 2007. Since Fall 2007 the Coast Guard has conducted inspections in accordance with the updated standard.

2. Information Assurance Protected Distribution System (PDS) Publication, IA 5239.22 of October, 2003.

3. Red/Black Installation Guidance NSTISSAM TEMPEST/2-95 of December 12, 1995, with Amendment NSTISSAM TEMPEST/2-95A of February 3, 2000 incorporated.

.. TEMPEST consists of visual inspections and instrumented surveys of communications and information technology systems and infrastructure. Visual inspections are conducted to uncover issues of physical design, bonding, grounding, and separation of Red (classified) and Black (unclassified) wires and equipment. The instrumented survey determines whether there are compromising emanations through computer and electronic testing.

.. Instrumented TEMPEST surveys are conducted by the Navy’s Space and Naval Warfare Command, who is the Certified TEMPEST Testing Authority (CTTA) for the Instrumented TEMPEST Surveys on Coast Guard Cutters.

.. TEMPEST certification is one mandatory element of the Department of Defense Information Assurance Certification & Accreditation Process (DIACAP), which the Coast Guard adheres to for systems classified up to Secret Collateral.

.. DOD’s Defense Information Systems Agency (DISA), specifically the SIPRNet Connection Approval Office (SCAO), is the approving authority for the Coast Guard to connect to the classified network.

FACT SHEET - CURRENT STATUS

.. The Coast Guard recognized early-on that since the BERTHOLF was “first in class,” close attention needed to be paid to IA, since the contract emphasized commercial equipment and software use where possible. To mitigate this risk, the Coast Guard began testing and evaluating the systems as early as possible, often before installations were complete. This effort provided excellent data to the Coast Guard and contractor for focusing efforts. This preliminary testing revealed several areas within the BERTHOLF’s C4ISR suite that required attention.

.. To date, the testing regimen has included the following informal and formal tests:

o Mini Instrumented TEMPEST Survey: May 31-June 3, 2007 - Various discrepancies were noted to the contractor for corrective actions.

o Visual TEMPEST Inspection: July 2007 – The inspection generated approximately 650 trial cards. These cards were given to the contractor for corrective actions.

o Mini Instrumented TEMPEST Survey: January 11-14, 2008 – During this inspection, issues were identified and discrepancies were noted to the contractor for corrective actions.

o Mini Instrumented TEMPEST Survey of the NSC mock-up at Coast Guard Training Center Petaluma: February 25-29, 2008 – During this inspection, issues were identified and discrepancies were noted to the contractor for corrective actions.

o A formal Visual TEMPEST Inspection and partial Instrumented Test Survey performed by USN SPAWAR was conducted in April 2008. The formal visual TEMPEST inspection revealed significant progress toward TEMPEST compliance, in that only 122 visual discrepancies remained from the original 650 trial cards. Due to time constraints resulting from ongoing shipyard work and other Information Assurance activities conducted by SPAWAR (software scans), the full Instrumented Test Survey is not yet complete. The full ITS will be completed following BERTHOLF’s arrival to her new homeport in Alameda, CA. All outstanding discrepancies are documented on the DD250. The remaining TEMPEST discrepancies will be corrected prior to final certification and accreditation. The instrumented TEMPEST survey results are CLASSIFIED.

.. In April 2008, the Navy Board of Inspection and Survey (INSURV) inspectors verbally commented that the internal C4ISR cabling and wiring installation was of high quality. While there are some discrepancies, the C4ISR equipment functioned as designed for four separate underway trials. BERTHOLF’s C4ISR equipment configuration has remained unchanged throughout all trials and during TEMPEST testing. New capability is scheduled to be added during post shakedown availability after final acceptance. Additional equipment and improvements will be incorporated as necessary (test-fix-retest methodology) to ensure systems are adequately shielded, bonded, and/or separated to eliminate any compromising emanations. The Coast Guard, over the coming months, will work with SPAWAR to improve the Information Assurance posture of BERTHOLF until all systems are certified and accredited.

INSURV Message

DD250 [List of Ship Acceptance Deficiencies]