Information Systems Technician Training Series

Size: px

Start display at page:

Download "Information Systems Technician Training Series"

Milo Harrison
6 years ago
Views:

1 NONRESIDENT TRAINING COURSE Information Systems Technician Training Series Modue 1 Administration and Security NAVEDTRA Notice: NETPDTC is no onger responsibe for the content accuracy of the NRTCs. For content issues, contact the servicing Center of Exceence: Center for Information Dominance (CID); (850) or DSN: DISTRIBUTION STATEMENT A: Approved for pubic reease; distribution is unimited.

3 PREFACE About this course: This is a sef-study course. By studying this course, you can improve your professiona/miitary knowedge, as we as prepare for the Navywide advancement-in-rate examination. It contains subject matter about dayto- day occupationa knowedge and ski requirements and incudes text, tabes, and iustrations to hep you understand the information. An additiona important feature of this course is its reference to usefu information in other pubications. The we-prepared Saior wi take the time to ook up the additiona information. Training series information: This is Modue 1 of a series. History of the course: Apr 1997: Origina edition reeased. Authored by RMCS(SW/AW) Deborah Hearn and DPC(SW) Water Shugar, Jr. Aug 2003: Administrative update reeased. Administrative changes and corrections have been entered into the text. No significant technica content changes were made. NAVSUP Logistics Tracking Number 0504-LP

4 TABLE OF CONTENTS CHAPTER PAGE 1. AIS Administration Communications Administration Communications Security AIS Security Genera Security APPENDIX I. Gossary... AI-1 II. Gossary of Acronyms and Abbreviations... III. References Used to Deveop This NRTC... AII-1 AIII-1 INDEX...INDEX-1 ASSIGNMENT QUESTIONS foow Index.

5 CHAPTER 1 AIS ADMINISTRATION LEARNING OBJECTIVES Upon competing this chapter, you shoud be abe to do the foowing: Describe the preparation and monitoring of the run schedue. Examine consoe printouts, ogs, and describe the anaysis of consoe printouts and ogs. Schedue computer downtime with users, to incude hardware maintenance and software upgrades. Prepare emergency urgent change requests, to incude appication and system programs. Prepare, review, and coordinate troube reports. Describe how to conduct and update an AIS equipment inventory. Describe the preparation and anaysis of system performance reports. Expain the estabishment and maintenance of system resource imits. Describe how to project future appication growth capabiities. Expain how to prepare guideines for contingency/disaster recoveries, to incude adequate repacement parts and backup media and current backups. Are scheduing systems reay necessary to get the work done? No; but uness you are working at an AIS faciity with unimited resources, it woud not be ong before confusion and disorder set in if you did not have one. That woud be foowed by unhappy and dissatisfied users demanding their output products in a timey manner. Users rey on computer operations and support personne to get their jobs done on time. Whether your AIS faciity has one or severa computers, it wi be your job to see that the AIS production work of your command is processed in a timey reamer. This means schedues. You wi need to deveop monthy production schedues in coordination with user-assigned subsystem coordinators. You wi aso need to deveop daiy workoad schedues to meet user-estabished deadines. If your computer system has onine capabiities, you wi need to be sure users have access when they need it and that the system is responsive. Technica administration and support are important aspects of automated information system (AIS) faciity management. As a technica administrator, you wi be making hardware and software projection reports, software performance reports, hardware utiization reports, and troube reports. You wi be responsibe for 1-1

6 impementing performance-tuning initiatives to improve computer system performance. You wi aso be expected to project future appication growth capabiities. A these are technica functions needed to ensure the smooth operation of an AIS faciity. In this chapter, you wi earn about the many varied tasks you may perform as an input/output contro cerk and then as a scheduer, reports preparation, troube reports, technica assists, and operationa guideines. Our objective is to give you a better understanding of the importance, scope, and responsibiities that go with processing production jobs receiving jobs, scheduing AIS production within the AIS faciity, and ensuring the accuracy and timeiness of products. I/O CONTROL I/O contro is the interface between the user and the computer system. Figure 1-1 shows an exampe of the roe payed by I/O contro in the processing of computer jobs. I/O CONTROL PROCEDURES I/O, as you know, stands for input/output. The peope who perform I/O functions are caed contro cerks, I/O contro cerks, job-staging cerks, distribution cerks, or computer aids. In short, these are the peope who are responsibe for the quaity and contro of data processing input and output media and products. They ensure that the data to be processed meets a the requirements as outined in the input criteria (instructions and procedures), that a data are processed, that a processing steps are performed, that the output products are distributed to the appropriate users once they are compete. To be an efficient and effective I/O contro cerk, you shoud be abe to work on your own with a minimum of supervision; work we with other peope; dispay tact and dipomacy; be a good communicator; use sound judgment; be ogica, methodica, and persuasive; and most of a be abe to respond to users requests. Athough you may manage to stay out of the imeight in this job, you do perform an integra function in the overa ADP operation. The importance and impact you have (whether it be aboard ship or ashore) is far-reaching and invauabe. Most opinions formuated by the AIS users (customers) are based on the quaity of their output products and their persona contact with you as an I/O contro cerk. Your attitude toward your job and its importance is seen not ony by the customer, but aso by your feow workers, supervisor, and, in some cases, management. The quaity of your work wi be your signature when deaing with other AIS personne and customers. I/O contro is a process. Your job wi be to foow your instaation s procedures. Athough the procedures may differ from one instaation to another, they a require the same knowedge and skis. As an I/O contro cerk, you act as the midde person between the user (customer) and the computer. Normay, the users come to you with a transmitta or request form and sometimes with their input source documents, magnetic tapes, diskettes, and so on. Before accepting and ogging in their jobs, take a few moments to ook over the transmitta form. Be sure that a the necessary entries are propery fied in, that they are readabe, and that any specia instructions are understandabe. It is better to cear up any misunderstandings right then and there, rather than having to contact the user again ater and possiby cause a deay in the job getting on the computer. Never be embarrassed to ask questions. You must remember that many of the users you come in contact with are non-adp oriented; therefore, it is up to you to hep them understand the process and its requirements. Once you have ogged the job in, you may work with data entry to prepare data or programs; then with the media ibrary to pu the needed tapes or disks; and then with computer operations to have the job run. Once the job has been run on the computer, you may check the output products. When you are sure the outputs are OK, you distribute them according to instructions, og the job out, and fie or return the job materias to the user. Study figure 1-1 for a few moments. It wi hep you see how the work fows and how you, as an I/O contro cerk, fit in the picture. The functiona areas are isted across the top of the figure. As you enter the eve of midde management, you wi be required to take on added duties and additiona responsibiities. You wi be a technica administrator, and you wi provide support to management. You wi use your expertise to evauate current procedures and equipment and to make recommendations for improvements to operations. This incudes estimating future equipment needs. 1-2

7 Figure 1-1. Typica I/O contro workfow. 1-3

8 OPERATIONAL REQUIREMENTS Your operationa requirements wi incude some or a of the foowing tasks: Receive user job requests. Maintain input and output contro ogs. Verify inputs to be processed to ensure they are correct and in accordance with the run foder or run instructions. Make system contro anguage (SCL) run stream changes as required for correct data processing of the user s runs. Input the user s run package (jobs) to the computer operations personne according to a schedue. Monitor the jobs in progress to ensure that a data are processed and that a processing steps have been propery performed. Baance the number of records input reative to the number output. Verify the format and the number of copies of each printed output in accordance with instructions in the run foder. Reconcie processing discrepancies and inconsistencies. Ensure that printed outputs are compete, propery coated, and assembed. Arrange for distribution of outputs to authorized users. Operate a variety of auxiiary equipment: copying machines, decoators, tape ceaners, CRT terminas, and so on. Become famiiar with the basic operations of the AIS computer faciity. Now that you are famiiar with the process and with operationa responsibiities, et s ook at the parts: transmitta forms, input contro ogs, job preparation, scheduing, monitoring, and output products. Processing AIS Service Requests Your first task may be to receive jobs from users. Each job wi have an AIS service request of some type. A typica AIS service request is iustrated in figure 1-2. In ooking over this form, you wi notice that it provides you with such information as the foowing: o The program name, job number, or task number that is used to reference a particuar job appication; The user s name, department and/or organization, and phone number; Where and/or to whom the output is to be sent; The desired competion date of the job; The computer (machine type) to be used for the job. The type of operation to be performed: production, test, assembe, compie, and so on; The quantity and type of input media and/or materia to be used: magnetic tape, bank checks, and so on; and Any specia instructions or remarks the user wishes to incude. You wi aso notice that the ower portion of the AIS service request (see figure 1-2) is reserved for operations use ony. This is where you enter the time and date that the job was accepted for processing (ower eft-hand corner). The remaining bocks are used by the peope in operations to indicate when the job started, when it was competed, aong with any significant comments about the job during the time it was run. If, whie reviewing the user s request, you happen to come across a discrepancy or find something that is incompete or uncear, be sure to bring it to the user s attention. Just remember that throughout the course of your conversation, you are to be tactfu and dipomatic. You must aways keep in mind that you are representing your command, and the image you project, both personay and professionay, is as important to your job as the work that is being submitted. The key word is communication, NOT confrontation. Once you have accepted the user s request, you make the necessary entries in the job contro og. Job Contro Log A job contro og is important, especiay when you dea with mutipe users. It wi be up to you to keep an up-to-date record of a jobs received for processing. A job contro og wi serve as a continuous point of 1-4

9 Figure 1-2. A typica AIS service request. 1-5

10 reference. Figure 1-3 iustrates a typica ayout of input contro information. When you receive a job, make an initia entry in the og. As the job progresses, make additiona entries as appropriate. For exampe, if you send input to data entry to be keyed, record this in the og. In the event a job or its accompanying input becomes side-tracked, mispaced, or ost, you sti have a means of tracking down the job or its input. The og can be of great hep. It points out such things as when the job was submitted, the disposition of the input media, the ocation or the computer system to which the job was assigned, the progress (number of steps) the job has aready gone through, the type and amount of input submitted, the person who accepted the job, and soon. If you are sti unabe to ocate the missing item, you are abe to notify the user. That person s name, organization, and phone number were initia entries in the og. Job Preparation To propery prepare the user s job (specificay the input) for processing, you must have a certain amount of information. This information is ocated in what is caed a task foder, job foder, run foder, or run procedure. Do not confuse these with run book, run manua, or run instructions, which provide computer program operating instructions for the operators. The task foder provides you with such things as a run sheet, contro parameters, and output requirements. RUN SHEET. The run sheet contains the program name or names and the job or task number under Figure 1-3. Job contro og. which the job (or system) is to be executed or run. In addition, it indicates a of the inputs: magnetic tapes, disks, and diskettes required, depending upon the type of run or possibe options the user seected. There coud be one or severa magnetic tapes and/or disk fies needed for the job. You might be required to retrieve them from the media ibrary, or you might just ookup the tape/disk numbers and annotate them on the run sheet. CONTROL PARAMETERS. The task foder wi aso indicate any parameters that are required. These parameters provide appication programs with variabe information, data eements that change from one run to the next. For exampe, the type of run requested: (D)aiy, (W)eeky, (M)onthy, (Y)eary, (E)dit input ony, and so on, or the entering of a date. You maybe required to key in one or severa of these parameters, depending upon the compexity of the system. OUTPUT REQUIREMENTS. The task foder and/or the computer run sheet show you a of the output products: magnetic tapes/disks, and specia forms that are produced during the running of the job or system. As an I/O contro cerk, you maybe tasked to provide the computer operators with the correct number of bank, handwritten, or preprinted output tape/disk abes and ensure a sufficient suppy of tapes, disks, paper, and specia forms are on hand before the job or system is schedued to be run. Job Monitoring Athough we woud ike to beieve a jobs run without error, there are occasions when a program 1-6

11 prematurey or abnormay terminates. It does not process to norma end of job (EOJ). When this occurs, the operator is expected to take whatever corrective actions are necessary to get the job going again. More often than not, the operator is abe to recover a job by recreating a tape/disk fie, moving the fie to another device, or possiby ceaning the read/write mechanisms of the device prior to rerun. But, there are times when the operator wi notify you (the I/O contro cerk) to assist in correcting the probem. Such woud be the case when the input parameters are in error, the user s input is bad, or the job aborted because of an unrecoverabe program error. If this happens, you maybe responsibe for coecting a the data, both input and output, aong with any memory dumps, and forwarding them a to the programmer. During the recovery phase of an operation, the operator may need you to provide certain input parameters or tape/disk fies before the job can be executed. Because of time constraints, a job that abnormay terminates may have to be reschedued. If so, you may be responsibe for seeing to it that the job gets reschedued and that the user is notified of any job deay. We coud go on and on, but by now you are beginning to get the picture. These exampes are just a few of the many things that can get in the way of achieving a norma EOJ. We bring them to your attention to make you aware of the types of probems that can and do arise, and the manner in which you are to respond. Hopefuy, you now know and are aware that monitoring a job means more than just caing up the operator to see how the job is progressing. It means you must oversee the job to its competion, doing whatever is necessary to hep keep the job (or system) on track. Output Products Output from computer processing The work that has been competed may take the form of a printed document, magnetic tape, or magnetic disk or diskette. In a cases, both you and the computer operator are responsibe for ensuring that a competed jobs run successfuy. In addition, you are responsibe for identifying and coordinating the various outputs for each job, and for initiating their correct distribution. To determine whether a job (or system) ran successfuy (to a norma EOJ) and that a processing steps were propery performed, you may have to review the computer consoe printout. This printout indicates such things as the number of input records read, the various input fies updated, a error conditions (error messages) that the operator encountered during the run and the resuting actions taken, the various output fies created, and so on. In the majority of cases, the computer consoe printout wi provide you with the answers you are ooking for when it comes to reconciing processing discrepancies. For exampe, it wi inform you of the reasons certain output products tapes, diskettes, or report istings were not produced. Possiby the operator seected an incorrect program option, or the input parameters were incorrect or incompete before starting the job. In short, you are responsibe and aso accountabe for every job you work on, from the time it is submitted by the user unti its deivery back to the user. When checking the user s output, you shoud once again refer to the run sheet and/or task foder to verify that a items requested were, in fact, produced. If the output is in the form of magnetic tape, disk, or diskette, be sure it is abeed propery, given the proper cassification, and it is on the appropriate media (magnetic media that has been designated for mai-out or distribution ony). When checking reports, make sure they were run on the proper forms (size and type), that no pages are missing and the correct number of copies were printed, and that a print is egibe and ined up propery. Once the output is checked, you then package each competed copy of the report, aong with any other output products and the origina input, pace it in the proper pickup area, and og the job out in the job contro og. You may need to notify the user when the job is ready. If, during the course of checking over the user s output, you happen to come across something unusua or you find an error, by a means, pu (reject) the job immediatey, bring it to the attention of your superior, and notify the user of the deay. Even at this ate stage, it is better to reject a job to correct any probems or discrepancies rather than to reease it, ony to have it returned for rerun ater. USER SUPPORT The term user support covers a broad range of duties. They incude answering inquiries from users, providing ogistica support, and processing troube reports. User Inquiries Norma inquiries from users incude system status, job status, and reporting troube. It is the job of the technician to answer these questions prompty and accuratey. A user might ask: Why is the system sow? 1-7

What is the status of a particuar job? What step is it in? Has it printed out yet? Do I have a probem with my termina?

This wi incude the need for new or different equipment to meet the command s mission or current equipment that needs corrective maintenance, or scheduing preventive maintenance.

Troube Cas As the technician, you wi be receiving and responding to troube cas.

12 What is the status of a particuar job? What step is it in? Has it printed out yet? Do I have a probem with my termina? Logistica Support The most common user support you wi dea with is ogistica support. This wi incude the need for new or different equipment to meet the command s mission or current equipment that needs corrective maintenance, or scheduing preventive maintenance. Forward this type of user support to the division chief or the division officer, since it requires the reocation or the acquisition of equipment. Troube Cas As the technician, you wi be receiving and responding to troube cas. When the user cas to submit a troube ca, remember to get a the required information: * User s name; Type of troube encountered;. Date and time; and Job being done when the troube started. The preceding is ony an exampe of what might be incuded on the troube report at your command. Your command wi have the reporting procedures for submitting troube reports, with an exampe of a troube report. Each command has a specific troube ca format and a tracking procedure. CUSTOMER LIAISON When invoved with or communicating with the user (customer), you must use tact and dipomacy. You must be abe to understand and resove the requests of the customer. You wi aso have to dea with discrepancies and expain probems to customers. You must be abe to independenty recognize and resove discrepancies and be knowedgeabe enough to know when you can resove a discrepancy and when to refer compex probems to your supervisor or eading chief. MANAGING PRODUCTION Once you become a shift supervisor, you wi be responsibe for managing the scheduing and operation of a production activities associated with computer processing within your shift. You wi monitor the workfow and make adjustments to meet changing requirements. During your work shift, one of your many jobs wi be to monitor job/production status on a reguar basis to determine if there is any actua or potentia sippage in the schedue. It wi be your job to baance operations resources and optimize workfow. There wi be times when you must make adjustments in the sequence of work (within the constraints of the overa schedue) to optimize productivity. In computer operations, you must be abe to examine probems that have occurred during production and initiate corrective action within operations or with the users. THE SCHEDULING ENVIRONMENT AND REQUIREMENTS Scheduers and production contro coordinators are responsibe for coordinating the work efforts of many peope. They prepare, distribute, and maintain production schedues for their AIS faciity or data center. They anayze job requirements (od and new) to determine the impact each job has on production resources. They aso inform the LPO or division chief when scheduing requirements wi exceed computer system resources. In short, scheduers act as coordinators from the time a request is received unti a job is successfuy competed. The scheduer is responsibe for keeping the AIS faciity s assemby ine running as smoothy and effcienty as possibe. Scheduers ensure that jobs are schedued and entered into the production job stream at the proper time. They aso ensure that a necessary resources are avaiabe to maintain a constant workfow throughout the AIS faciity. PEOPLE, PLACES, and THINGS are the important factors of a scheduer s job. The first factor is PEOPLE. You must earn to dea with various personaities. The second factor is PLACES. You have to earn what goes on in other fictiona work areas. The third factor is THINGS. You have to cope with run times, deadines, computer hardware and software 1-8

13 mafunctions, probems with production programs, and TIME itsef (that 24-hour period in which you are to schedue as much production work as possibe). THE SCHEDULING ENVIRONMENT How difficut is it to prepare a schedue? you might ask. That depends on the size and compexity of your data processing instaation in terms of hardware, software, and support personne. You must consider many things when preparing a schedue. As a start, you have to ask yoursef the foowing questions: o What types of jobs are to be processed? In what processing environment wi the jobs run rea-time? onine? batch? What specia-handing requirements are there, if any? What amount of work is to be processed (workoad)? As scheduer, you wi be responsibe for: Preparing and maintaining estabished schedues for various time periods: daiy, weeky, and monthy; Reviewing and acting on a types of AIS service requests as they are submitted to you; Distributing production schedues to various work areas within your AIS faciity; Organizing data processing priorities for both schedued and nonschedued work; Entering jobs into the production job stream to achieve maximum use of computer resources; Tracking work in progress to ensure everything is running according to schedue; Anayzing probems in connection with production jobs and adjusting computer processing schedues to use whatever time is avaiabe unti probems can be corrected and a rerun can be initiated; Maintaining accurate ogs and adhering to administrative reporting requirements; and Determining the accuracy of schedues based on reviewing production resuts. How you go about scheduing work on the computer system wi depend on two factors. The first factor deas with how the system is configured. You must consider the number of processors and periphera devices avaiabe and how they interconnect. The second factor deas with the operating mode of the computer. The operating mode may be batch, onine, rea-time, time sharing, mutiprogramming, mutiprocessing, teeprocessing, networking, or any combination of these. Having knowedge of the different operating modes wi hep you understand the operating environment in which you wi be working. This knowedge wi hep you understand how to go about scheduing work for the system. THE JOB OF SCHEDULER The job of scheduer, or production contro coordinator as it is sometimes caed, requires you to have specific knowedge and skis if you are to effectivey schedue the computer and the other reated activities that revove around it. You must have a good working knowedge of AIS concepts and be thoroughy famiiar with the operation of your faciity s computer system(s) the actua hardware components themseves. You aso need to know how the operating system in use works, what appications and production jobs you are to schedue, the time it takes to run them, how to make up job streams using system contro anguage (SCL) statements, and so on. One of your primary jobs wi be to keep production schedues up-to-date and as accurate and compete as possibe. In addition to making up production schedues for computer processing, you must be equay concerned with two other factors: precomputer processing and postcomputer processing. Precomputer processing incudes ensuring a inputs are received on time according to prearranged schedues. Postcomputer processing incudes ensuring output products are compete, accurate, and deivered to the user when promised. Too often these areas are either overooked or forgotten, because our interest is generay focused on the computer. We can easiy overoad or underoad precomputer and postcomputer resources. This wi have the same effect as overoading or underoading the computer either user service deteriorates or AIS services are underused. For TOTAL AIS scheduing to be achieved, YOU must consider a of the fictiona work areas in the assemby ine, especiay the end users. A are affected by the scheduing process, and because of this, you must give each work area proper consideration. Having working knowedge and experience in the fictiona areas for which you wi prepare schedues wi aso hep you. As scheduer, you wi be putting 1-9

14 together information from severa sources: I/O contro, data entry, and the magnetic media ibrary. Depending upon how your AIS faciity is structured, your operationa requirements wi incude tasks, duties, and functions as foows: * o o o o 8 Receive user job requests. Anayze production requirements. Assign job/run contro numbers. Maintain accurate ogs. Carry out administrative reporting requirements. Prepare production schedues. Write SCL statements. Make up job streams for production runs. Maintain and revise production schedues. Distribute production schedues. Monitor production. Know how jobs interface. Be abe to read consoe run sheets and ogs. Know the capabiities and capacities of the computer systems. Know the fies in use and how to reconstruct them. Know how to readjust schedues. Know the time it takes to run each production job. As scheduer, you wi work on your own with ony minima supervision. To be effective, you wi need more than a good working knowedge of your faciity s hardware components, data processing concepts, operating systems, and system contro anguages. You must be abe to: Work we with other peope; Demonstrate tact and dipomacy; Use sound judgment; Be ogica, systematic, and persuasive; Demonstrate anaytica abiity; Be a good communicator (speaking, istening, and writing); and. Be responsive to users needs. The job of a scheduer is a high-visibiity position. You wi be responsibe not ony for the fow of work throughout the AIS faciity but aso for the amount of work that wi be accompished within an aocated period of time. AIS WORKFLOW ANALYSIS Every AIS faciity is site unique regarding the types of hardware and operating system (OS) software in use. However, every site does have a forma or informa workoad structure that encompasses a of the AIS fictiona work areas and the users. Figure 1-4 iustrates a typica AIS faciity s workfow structure. This particuar site operates in a mutiprogramming environment and handes batch, onine batch, and rea-time processing. Study this figure for a moment. You wi see how the work fows in, and about, and out of the AIS faciity. You wi see how you, as a scheduer, fit into the picture. In ooking at figure 1-4, you wi notice this AIS faciity is composed of five fictiona work areas: o * o Production Contro Scheduing, I/O Contro, Quaity Contro; Data Entry; Computer Operations; Media Library; and Technica Support. Each functiona work area is responsibe for specific segments of the workfow. How they work together and with you, as the scheduer, wi determine if your job is easier or more difficut. Learn what they do. The next paragraphs wi give you a basic understanding of their responsibiities and their interactions with other work areas. PRODUCTION CONTROL personne act as iaison between the AIS faciity and the user community. The division chief and LPO normay dea with users during the initia scheduing phase. They wi assist scheduing by ironing out any probems eary in the scheduing phase. When necessary, they wi aso work with the users to adjust data fow and output schedues based on user and production requirements. SCHEDULING personne make production commitments for the AIS faciity to meet user requirements. They provide processing schedues to coordinate inputs and outputs between I/O contro, data 1-10

15 Figure 1-4. AIS faciity workfow structure. 1-11

16 entry, computer operations, and the magnetic media ibrary. I/O CONTROL personne hande a incoming work for AIS services aong with a types of input media from the user. Some of these inputs are source documents, magnetic tape, and diskettes. I/O contro personne perform the foowing tasks: Count, verify, edit, and tota a source documents received; Check that the amount of input data is approximatey the same amount as was indicated in the production schedue; Verify a incoming work for accuracy and egibiity; Log a inputs received in various input/output contro ogs; Coordinate the receipt of ate submissions with users and scheduing; Forward source documents to data entry and computer inputs to either computer operations or the media ibrary depending on when the job is schedued; Receive output products from quaity contro; process, og, and package output products; and ensure proper and timey deivery to users. QUALITY CONTROL personne review a competed output products from data entry and computer operations to determine their accuracy and competeness before reeasing them to I/O contro personne for further processing and distribution. They forward incompete or incorrect jobs to scheduing or technica support for further investigation. DATA ENTRY personne convert source documents into machine-readabe form using some type of key-driven (termina) device if this is not done by the user. They accept source documents, key-enter and verify a inputs, and return competed data to quaity contro so it can be checked for competeness and accuracy before turning it back over to I/O contro to be submitted with the job. COMPUTER OPERATIONS personne operate the computer and associated periphera devices in accordance with authorized schedues. They receive inputs and associated run instructions from I/O contro, update schedues as the work is competed, forward output products to quaity contro, and transfer magnetic media to the ibrary for further handing and processing. MEDIA LIBRARY personne check in/out tapes, disks, diskettes, and documentation to computer operations personne. They aso condition, cean, retire, store, and transfer magnetic media to off-site storage and other outside activities. TECHNICAL SUPPORT personne provide scheduing and production contro with technica support, as needed, to resove production probems. They examine probems that occur during production to determine if errors were caused by hardware or system/appications software. Then, they initiate corrective action with computer operations and/or scheduing. By charting a AIS faciity functions and defining their interreationships, you, as scheduer, are abe to create a workfow diagram for your particuar scheduing environment. It wi hep you to decide which functions and fictiona areas require scheduing and which do not. Now that you have some idea of how the work fows in, and about, and out of the AIS faciity, et s see how you, as a scheduer, fit into the picture. Normay, the users get together with the division chief, LPO, and yoursef (as scheduer) to make their requests for AIS services known for the upcoming month(s). This initia scheduing phase is known as the panning phase or forecasting phase. By knowing these workoad demands eary, more time is avaiabe to determine where excessive demands and inadequate demands are being made on resources. To put it another way, the forecasting phase aows everyone to see where there may be an overoading or underoading of AIS resources. As the users go about presenting their daiy, weeky, and monthy requirements, you wi be busy incorporating their requirements into the production schedue. During the forecasting phase, you must remember to set aside whatever time is needed for fie and computer maintenance. You shoud pay particuar attention to those out-of-the-ordinary and one-time requests that tend to pop up. These, too, must be accommodated in the schedue. When given a new job where there are no previous production statistics, ask the user for a rough time estimate of how ong the job may run. Ask if there wi be input data, and if so, wi it require data entry services. Know how many and what resources the job wi use. Know the environment in which the job wi run onine, batch, or rea-time. You wi want to keep a cose eye on new jobs. Using previous schedues and scheduing procedures as a guideine, you can begin to prepare 1-12

17 (pan) a rough schedue. When scheduing od jobs, you wi have expience and history to foow. Knowing what resources (hardware, software, and personne) your AIS faciity has avaiabe wi hep you see where the peaks (overoading) and vaeys (underoading) are in the schedue. It wi be your job to take the resources, the time avaiabe, the estimated run times, the time jobs must be started and competed, and whatever other information is needed to estabish a meaningfu and workabe schedue with the best job mix possibe. You wi prioritize and pan. Once you have ironed out a the wrinkes and prepared a smooth schedue, you wi submit it up the chain of command for approva. Once approved, you wi distribute the schedues to the various functiona work areas. THE BENEFITS OF SCHEDULING What are some of the benefits of having a schedue/ scheduing system in pace? One answer is PREDICT- ABILITY. A scheduing system makes everyone s job easier by adding predictabiity to the AIS environment. To your superiors, it provides a means of hoding down costs through better use of personne and equipment. Other possibe benefits of scheduing areas foows: Effective use of a AIS resources; Increased throughput; Decreased turnaround time; User deadines met; Users made responsibe for providing input on schedue; Improved communications with users; Avoidance of overoading and underuse of resources; Job deays more readiy apparent; Documentation of scheduing deviations and their causes; Reduced confusion within the AIS faciity; Better use of mutiprogramming capabiities; AIS faciity abe to review its own effectiveness; Predictabiity of the effects of an increased workoad; and Predictabiity of future equipment and personne needs. A of these benefits can be achieved through an effective scheduing system. THE SCHEDULING PROCESS The scheduing process has three moving parts: you, the information, and the method. Let s ook at each. THE SCHEDULER As scheduer, you must be we organized. Scheduing jobs through the various work areas within your AIS faciity is much ike scheduing the events of your own persona day-to-day ife, except it s a ot more technica and invoved. You set aside predetermined amounts of time to do certain things. Ca it a things-to-do ist if you wi. It woud be nice if your things-to-do ist consisted of nothing more than having to accept incoming requests from the users, finding hoes to pug their jobs into the schedue, and waiting for the jobs to show up on the competed ist. If that were the case, your things-to-do ist woud be reativey sma and seemingy uncompicated. If your AIS faciity has such an abundance of resources that any demands made by the users can be easiy met, then your faciity is probaby wasting resources and incurring more expenses than it shoud. This is probaby not the case. To the contrary, your command wi probaby have just enough resources or too few. As scheduer, you must decide which jobs to process first, second, third, and so on. Which jobs can be run together? You need to determine the job mix. How big are the jobs in terms of memory use? What resources do they use-disk drives, tape drives, printer, and so on? How ong wi each job run? In what environment must each job be run? Under idea conditions, you can work through your things-to-do ist in a reativey short period of time and come up with a workabe schedue. In reaity, however, things do not necessariy go according to pan or, rather, according to schedue. Equipment, other peope, and outside infuences are a probem areas. A ack of productivity and missed deadines can be caused by unexpected probems, such as: o Late submission of input from the user; Waiting for data entry to compete a job step; Having to ocate a missing fie in the ibrary; Job stream parameters entered into the system incorrecty. 1-13

18 You may face any number of these and other situations each day. You shoud have a backup or contingency pan in the event you ose a piece of hardware. For exampe, if the fastest printer is down, wi the user be satisfied with one printed copy now and the remaining copies printed tomorrow? Or is there another AIS faciity in your immediate area that wi et you use its printer? It wi be your job to prepare the most reaistic schedue you can, and then be ready to adjust it. What toos wi you have to hep you prepare the schedues? What information wi you need? What methods can you use? In the foowing section, we tak about the types of information you wi need to prepare a schedue. Then we expore a few of the scheduing methods you might use. INFORMATION NEEDS Regardess of the scheduing method used, you wi need to know specific types of information. Some information is job-reated; that is, information about the resources, media, and time needed for a particuar job. Some information is AIS faciity-reated; for exampe, workoad, anticipated resource changes, number of operators avaiabe, the system capabiities and capacities, and so on. You wi need to consider both. Let s ook at the job-reated and AIS faciity-reated areas in a itte more depth. One of the most apparent pieces of job-reated information is that every job has resource requirements. These requirements vary consideraby from one job to the next. One job may require 125K of memory with no other periphera devices except a printer for output. Another job may require four tape drives, two disk drives, a printer, and ony 40K of memory. But a job s resources cannot be ooked at in these terms aone. Can you reca the terms PREcomputer and POSTcomputer processing? A AIS faciity resources must be considered. You must consider data entry functions, job setup functions, and output contro functions. Overoading data entry can deay jobs, causing them to be assembed for computer processing ater than schedued. Suppose I/O contro is overoaded. What difference woud it make if jobs were processed and competed as schedued? They woud ony be deayed because work is backed up or personne are not avaiabe. Overutiization of resources affects service. Underutiization of resources is expensive and wastefu. The baance wi be up to you and the efficiency of your schedue. Another piece of job-reated information to consider is processing time. To set aside a sufficient amount of time for processing, you must know how ong a job wi reside in memory. Processing time is normay estimated for a mutiprogramming environment since most computers today process programs/data in this fashion, and job mix affects the overa processing time for a job. Let s assume you have a static workoad with no jobs being added to or deeted from the schedue. Even under these conditions, you can expect job processing to deviate from the schedue. Why? you might ask. The reasons for this are the uncertainty about job processing time and disrupted processing. Take, for exampe, a job that normay has a processing time of 45 minutes. Today, because of a arge increase in input, the job processing time is 1 hour, thus deaying a the foowing jobs by 15 minutes. This is unavoidabe and must be expected. The same is true of disrupted processing, whether it is hardware faiure or software probems. One way to avoid these deays is to incude a specified amount of buffer time in your schedue. You might add a safety factor of 10 percent to the expected processing time. In our previous exampe where processing time increased from 45 minutes to 1 hour, a buffer time of 10 percent woud ony give you an additiona 4.5 minutes of processing time. This woud sti have been inadequate. However, since a the foowing jobs aso have buffer time buit into their schedued processing time, the job overrun shoud not be that critica for meeting the overa schedue of a shift. Another piece of job-reated information to consider appies to mutiprogramming environments. The chaenge here is to combine as many jobs as possibe so that each resource is used to its maximum. In a nonmutiprogramming environment, you have no probem in scheduing jobs because you can process ony one job at a time. However, resources are underutiized, and that s a fact you must ive with. This is a direct resut of having a resources dedicated to one computer, even when they are not needed. On the other hand, mutiprogramming aows you to execute severa jobs at the same time using as many resources as possibe. The difficuty of manuay preparing such a schedue for a system that runs in a mutiprogramming environment is in trying to obtain a job mix that makes the best use of most resources without bogging down the entire computer system. Figure 1-5 gives you some idea of how main storage and peripheras can be fuy utiized as a resut of the proper job mix. It shows where the jobs are in memory, and what tapes and disk drives are used by each job. It aso shows information about printing and printers. It 1-14

19 Figure 1-5. Resource utiization in a mutiprogramming environment. 1-15

20 is difficut to obtain an optimum job mix using manua scheduing techniques, but it can be done. Most often, the soution to obtaining maximum throughput in a mutiprogramming environment (on a continuous 24-hour basis) is to use one of the more sophisticated automated scheduing packages. These packages have a of the considerations we have been discussing programmed into the software. Another piece of job-reated information to consider is job dependencies. Most AIS faciities process both singe-program jobs and mutiprogram systems. Exampes of mutiprogram systems are the suppy and 3-M systems. These systems consist of many programs that are normay executed as separate job steps within a system. Or, the programs may be processed as separate jobs that must be processed in a specific sequence. Therefore, you must know their proper sequence. It woud be fooish to execute a job that prints the output of an updated fie that had yet to be updated. It shoud be just as obvious if a job abnormay terminates that a jobs foowing it must be canceed and reschedued, aowing sufficient time for the terminated job to be rerun. Canceing and rescheduing dependent jobs may seem ike an easy task to perform. However, in reaity, it can become a compex and difficut operation. And finay, we have priorities and deadines to consider. Some scheduing methods pace primary importance on priority. Each job is assigned a priority, and the jobs are processed according to the highest-priority job that can be schedued based on avaiabe resources. Priority scheduing is often used in automated scheduing systems. Some scheduing methods pace primary importance on deadines, processing jobs according to the eariest deadine or sometimes atest deadine. When you prepare a schedue, remember to take into account job requirements that incude the foowing: * Data entry; Job setup and output contro functions; Computer processing time; Resource requirements; Operating environment; Job dependencies; Job priorities; and Deadines. Now that we have covered job-reated information, we wi discuss AIS faciity-reated areas and how these can affect your production schedue. You may reca that to prepare an effective schedue, you must know your AIS faciity s resources: how work comes into, fows through, and eaves your faciity; the capabiities and capacities of your system; and workoad demands on the system. As a scheduer, your goa is to match resource capacities (peope, paces, and things) to workoad demands whie satisfying user deadines and priorities. This is often difficut to do, especiay when resource capacities vary because of hardware faiures, specific shift requirements, personne on eave, and unpredictabe user demands. Your workoad can exceed capacity, which has a direct effect on service. Or, the capacity can exceed the workoad. This eaves AIS resources underutiized. So how do you reach a happy medium? you might ask. You do it by ensuring that the workoad demands put upon the AIS faciity s resources are baanced as much as possibe and that the tota resources avaiabe are kept as cose to the maximum capacity as possibe. The effective use of resources has a ot to do with how you prepare a schedue. However, other things affect scheduing effectiveness. One thing that disrupts schedues is the ate receipt of input from the users. This often resuts in a ot of hectic activity. Data entry, possiby I/O contro, and computer operations have to try to meet origina deadine commitments. If they cannot, you, as the scheduer, have to reschedue jobs, whie dissatisfied users compain because their jobs are not out on time. But you say the user has no right to compain? You are right. Often, the users do not reaize they are the cause of the deays. So what can you do? Educate them! Inform the users of the effects ate input submissions have on the schedue. They sometimes do not reaize how ong it takes to prepare their input. A jobs schedued shoud have an estabished input receipt time. When scheduing, incude in your schedue sufficient buffer time between schedued receipt time and actua due time. And ast, but not east, report scheduing deviations and their causes to your superiors. In this way, the process can be reviewed and improved. Something ese you have to consider in connection with scheduing effectiveness is your abiity to reschedue quicky. You must be prepared to make adjustments to schedues. You wi have to contend with power outages, corrective maintenance, deadines or priority changes, specia job requests, and so on. You must aso consider processing deays. Rejected transactions may have to be reentered before a priority 1-16

21 job can continue. An unreadabe tape or disk fie may have to be recreated. Errors in SCL statements in the job stream may have to be corrected. The most serious deays usuay resut from abnormay terminated jobs and hardware faiures. Regardess of what the situation may be, you must be prepared to readjust schedues as quicky as possibe with a minimum of disruption. PRODUCTION SCHEDULING The AIS faciity is tasked with the responsibiity of providing computer support to the command. This incudes support to medica/denta, suppy, administration, financia, and maintenance. Each of these areas wi have a subsystem coordinator assigned to work with you on monthy schedue requirements and on processing probems. You wi aso prepare daiy workoad schedues. MONTHLY PRODUCTION SCHEDULE DEVELOPMENT As the AIS manager, you wi be responsibe for deveoping and distributing a monthy AIS operations schedue. You have used monthy schedues, but you may never have given much thought as to what it takes to deveop one. To deveop the monthy schedue, you must know the requirements of a the appication systems/jobs to be run during the month. Many production jobs are run on a cycic basis daiy; Monday, Wednesday, and Friday; weeky; monthy; quartery; semiannuay; or annuay. Be sure time is incuded for testing, panned maintenance, fie maintenance, and backup procedures. For systems with onine users, be sure to provide ampe capacity and time. Schedue Review Once you have deveoped the monthy schedue, you must ensure that the schedue is adequate and meets the requirements. To do this, you wi see that the proposed monthy production schedue is distributed to the appropriate subsystem coordinators for their review. Before the end of the current month, the subsystem coordinators are to return the monthy schedue with their concurrences or changes and recommendations back to you for screening. You wi screen it to ensure they have not overschedued any day, and that there wi be enough time for system backups and panned maintenance. The screening process shoud incude a review by the production contro coordinator, who ooks for any specific input/output requirements. For exampe, specia forms may have to be ordered. This must be done eary enough to have the forms when the job is to be run. After screening the changes and recommendations and making any adjustments needed, have a smooth copy of the schedue prepared and distributed to a subsystem coordinators and the department head before the beginning of the month to which the schedue appies. Figure 1-6 is an exampe of part of a monthy production schedue. Figure 1-6. Part of a monthy production schedue. 1-17

22 Effects on Monthy Schedues After the monthy schedue is competed and approved, there wi aways be times when it has to be changed. The subsystem coordinators are responsibe for adjusting their schedue and for submitting the schedue changes to the AIS faciity. Some of the things that wi cause the schedue to be changed are as foows: System/program errors. Jobs may abort because of system or program processing errors. The operator wi get an error message or an indication on the system consoe. This may require the operator to reboot the system, recreate an input fie, or rerun a job. The operator wi annotate the run sheet describing the probem. The abort code wi be the key to determining what caused the probem. Software testing. You wi schedue an amount of time for software testing based on your best estimate. No matter how much time you aow for software testing, it wi never seem to be enough. Probems seem to arise every time you start to test a new software system. These incude the system going down, the system hanging up, the system entering a oop, or a syntax error occurring that the programmers missed. New/changed requirements. There wi be times when jobs are added to the schedue to meet specia needs. Exampes are budget cuts, extra money at the end of the month, requisitions, tracking, and assist visit preparation. Job conficts. A job with a high priority maybe submitted ate. Input fies not avaiabe. Sometimes there wi be a deay in receiving the input fies for a job. Whatever the probem, it wi be the production contro coordinator s job, with your approva, to adjust the schedue to accommodate the changes required. WORKLOAD SCHEDULE DEVELOPMENT When we tak about workoad schedues, we are referring to how to set up the daiy work schedue in an AIS faciity. These are the daiy adjustments to the monthy production schedue and how they affect personne requirements and staffing. This is an interna schedue that you wi prepare for the AIS faciity. The format varies among faciities; there is no wrong or right format. Normay, we break the day into three shifts days, eves, and mids. The day shift is responsibe for testing. The eve shift is responsibe for production. The mid shift is responsibe for finishing production and doing the nighty saves. You wi have to deveop the workoad schedue by reviewing the monthy schedue and combining it with any newer information. The input/output requirements wi have to be reviewed, and you wi need to be ready to make changes to the schedue based on unforeseen events. System Input/Output Requirements Before a job is started, certain input and output requirements must be met. The I/O contro cerk must review the production workoad schedue to see which job is to be run. Then the cerk must ook at the job run foder to make sure that a the input fies are avaiabe and a the necessary output media is readiy avaiabe. o Input requirements. If the job requires tapes or disk fies as input, the I/O contro cerk wi check with the media ibrarian to see if these fies are ready and avaiabe. And, if they are not ready, when they wi be avaiabe for the job. In some cases, it maybe necessary to reschedue a job whie waiting for the input. Output requirements. The job may require specia forms or mutipart paper to be printed. The I/O contro cerk wi check the job run foder to see if the job wi require any specia forms and then check to see that they are avaiabe. The production contro coordinator wi have ooked at the requirements when the monthy schedue was deveoped to aow enough time to order the forms. The job may produce output tapes or diskettes, requiring the I/O contro cerk to check with the media ibrarian to make sure enough scratch tapes and bank diskettes are avaiabe for the job. Effects on Workoad Schedues On any given day or shift, amost anything can go wrong. A job may abort. A tape may not read. User requirements may change. A high-priority job maybe submitted. Personne may be caed off the job to do something ese. This means there wi be times when you must change the way work is to be competed 1-18

23 during the day. For exampe, to stay on schedue during monthy, quartery, or yeary processing, production work wi have to be run during the day shift. You may aso have to have additiona saves run in association with monthy, quartery, or yeary processing. Another exampe is as you are preparing to oad a software update, you might have specia saves run during another shift. This wi ensure that the data is backed up and a good copy of the software is avaiabe if the update does not work propery. You may aso have to reschedue some of the production work. Anytime the norma work schedue is changed, it may affect the onine users by sowing the system response time or causing the system to be unavaiabe to the users. Care must be taken when the schedue is to be changed. Try to cause the minimum interruption to onine users, and do keep them notified of the changes. PRODUCTION PROCESSING During production processing, the I/O contro cerk, production contro coordinator, and operators wi monitor the schedue and the jobs to see that the work is being accompished as panned. When probems arise, as they wi, you may need to become invoved. You may be invoved in determining the cause of the probem and in working with the user to sove the probem. The common causes of probems are appication program processing errors and system downtime. Users must be informed concerning any production probems pertaining to their jobs. When you tak to the users, you must know which job had the probem, what the probem was, and what, if anything, AIS can door did do to correct the probem. Besides notifying the user of production probems, you wi be required to notify them of system downtime or nonavaiabiity. Setting up procedures for the operator and the production controer to foow wi hep in soving probems and in communications with users. For onine users, the subsystem coordinators are the most quaified and highy trained individuas on their particuar subsystem and shoud be assisting users with processing probems. This does not eiminate the need for the operators to become knowedgeabe in the workings of each subsystem, since they normay are caed first when a probem occurs. You wi need to examine any production probems that occur and work with the shift supervisor and/or production contro coordinator to be sure proper corrective action was taken. APPLICATION PROGRAM PROCESSING ERRORS To determine the causes of appication program errors, you have two areas of concern hardware and software. Let s ook at some of the most common causes in each of these areas. Hardware Probems With respect to the hardware, not ony each specific piece of equipment is a possibe cause of a probem, but you aso have externa environmenta concerns. Some of the most frequent hardware probems are:. Head crash;. Tape drive damage to a tape; and. Tape read/write errors. If tape read/write errors cannot be conected by ceaning the read/write heads, a maintenance technician shoud be caed. For head crashes and tape drive damage, a maintenance technician shoud aways be caed. The most common externa environmenta probems are: Loss of power; Votage spikes; and Loss of air conditioning. What action shoud be taken wi depend on the damage done. The operator may be abe to recover the job competey by rebooting and restarting the job. If the data fies have been corrupted, the operator may need assistance from the user and/or the media ibrarian. Software Probems Exampes of the common software probems are: Wrong fie specified; Program entered a oop; and Fie not avaiabe. The preceding is ony a very brief ist of possibe probems. There are too many different causes to ist in 1-19

24 this manua because of the number of different appication software programs being used. To correct software-reated probems, the operator must refer to the job run foder and the program operator manua for the corrective action to take. Your operators wi have predefined steps to foow when researching the cause of the error in the specific program operator s manua. The operator manua expains the steps to foow in connecting the probem and any restart points. The job run foder wi contain the name and phone number of the person to contact if the probem cannot be easiy corrected. SYSTEM DOWNTIME The system downtime and nonavaiabiity can be categorized under two different topics schedued and unschedued. Schedued Downtime Schedued downtime and nonavaiabiity incude the time for system saves, schedued maintenance for the equipment, and schedued processing preparation. You wi incude schedued downtime on the monthy production schedue when the requirement is known in time. You may aso add it to a workoad schedue when needed. Unschedued Downtime Unschedued downtime and nonavaiabiity incude the system being down because of power faiures, the oss of air conditioning, or rebooting the system. They may aso incude system degradation because apiece of equipment is down, even though the system can sti be used for production. Since unschedued downtime is not something you can pan for, you wi have to react, repan schedues, and advise users of changes when their work and/or deadines wi be adversey affected. If you are using an automated system, it is usuay a simpe task to produce a new schedue. You can usuay direct the system with a command or two to produce a new schedue or a simuated schedue. In a manua scheduing system, it wi require some cooperation between the subsystem coordinators and AIS operations to repan the schedue to get a the work done in a timey manner. HELP-DESK SUPPORT The hep-desk procedures we tak about here are those reating primariy to onine users. To hep your operators communicate effectivey with onine users, you wi want to have procedures estabished for them to foow. To deveop hep-desk procedures, keep severa steps in mind. These steps incude ogging the probem, researching the probem, fixing the probem, and anayzing the probem for possibe changes to training and/or documentation. Once the probem has been fixed, the operator wi notify the user that processing may be continued. You wi want to monitor the hep-desk support for its effectiveness and to provide feedback to, and receive feedback from, the users, subsystem coordinators, and managers as we as your own staff. Logging the Probem The operator ogs a probem to document its occurrence and to provide the information needed to sove the probem. The information incudes the abort code, what step in processing the user was doing, what system the user was on, and what corrective action was taken. Figure 1-7 is an exampe of a og sheet that can be used for making entries. This og provides a tracking system for user probems and can be used to show if a pattern is deveoping. If a pattern deveops, this og wi provide the necessary background information needed when the programmer is notified. Figure 1-7. Hep-desk og. 1-20

25 Researching the Probem In researching the probem, you wi need the abort code. With the abort code, you can determine the cause and what action wi need to be taken to get the user processing again. Soving the Probem To sove the probem, the operator may have to reboot the computer, reoad a disk fie, contact the programmer, or have the users restart processing. A these soutions are dependent on what the abort code is. Monitoring Hep-Desk Support You wi need to review the hep-desk og to determine if the probems reported can be corrected by changing or adding a training program. To sove the probem, you may need to update the program documentation to show the probem and its cause and soution. Be sure the users are receiving the types and eves of support they need. Listen to them. Ask if they are satisfied with the hep-desk support. What ese do they need? Listen to your staff, get their ideas, and work with them to continuay improve support. PRODUCTION CONTROL When you hear the term production contro, you usuay think of the quaity of the faciity s output products. This is not the ony area of concern. You shoud be ooking at a areas of production, particuary daiy operations. DAILY OPERATIONS You wi want to ook at the previous day s og. Evauate what happened. Were a schedued jobs run? When something went wrong, was the user notified? What action was taken to correct the probem? Was the job rerun? Was it necessary to rerun a series of jobs? If so, was it done? Are there corrections/adjustments you need to make to the workoad schedue for today? Remember, you are responsibe for overseeing the work accompished. Provide feedback to the production contro coordinator, I/O contro cerk, and shift supervisor, as needed, to improve performance and operation. Tak to the subsystem coordinators; are they satisfied with the service and the products? Look carefuy at new appications: How does the new appication affect the other appications running concurrenty? Can the system efficienty hande the new work or do adjustments need to be made to the job mix and schedues? What is the impact of the new appication on onine user response time? Look carefuy at modified appications: What is their impact on the system? Does it take more or ess time to process the modified appications? Were any probems encountered? Do you need to tak to users about the impact of changes on the overa workoad or throughput time? Look for trends in the production process: Are there times when the system seems overoaded and sow? Are jobs backogged that must be run the next day? Are there times when the system is amost ide? Your review of daiy operations and asking yoursef these questions wi provide vauabe input to that process as we as having an impact on how jobs wi be schedued in the future. OUTPUT REPORTS Output reports can be broken into two major categories management and customer/user reports. Management Reports Management reports are usuay a consoidation of information prepared for presentations and briefings. These reports sometimes require a cover etter or your comments as to the content. You wi need to review 1-21

26 the data contained in the reports to make sure it is vaid. You wi aso be responsibe for ensuring that the reports are compete and presentabe. When we say presentabe, we mean readabe a the characters are there and can be read. It woud be unprofessiona to submit these reports in ess than perfect condition. Customer/User Reports Being invoved in a customer-oriented service, you have overa responsibiity for ensuring the quaity of a the products prepared in the AIS faciity. The main compaints from users are poor print quaity, missing pages, and poor aignment of the printing. Remember, this checking appies to a reports that eave the AIS faciity. Be sure your operators, production coordinators, and I/O contro cerks know the standards of quaity expected. Ensure they are checking the products during processing and before sending them to the customer/users. AUTOMATED INFORMATION SYSTEM (AIS) REPORTS You wi be expected to prepare a variety of reports. It wi be your responsibiity as a technica AIS manager to report to upper management on the status, performance, equipment inventory, and requirements of the AIS faciity. At a minimum, you shoud incude information concerning your areas of responsibiity incuding user-reated information. The form of these reports is the responsibiity of each parent command s upper management. We can ony provide exampes and genera suggestions, not authoritative guidance. Reports shoud be reguar, concise, and graphica, if possibe. The amount of information you report shoud not exceed upper-management s requirements. Too much, too often is a probem common to many performance reporting schemes. Information shoud be easy to understand, but sufficient to support the decision-making process. The reports shoud compare the faciity s current eve of performance against a set of predefined performance goas. Exampes of reports needed for management of an AIS faciity incude the foowing: Hardware and software projection reports; Appication software performance reports; System utiization reports; and Operating system software reports. HARDWARE AND SOFTWARE PROJECTION REPORTS Aong with ife-cyce management, you wi be required to prepare reports to project what hardware and software wi be needed to meet the command s future missions. It is important to keep this in mind as you submit the Abbreviated System Decision Paper (ASDP), as required by Life Cyce Management Poicy and Approva Requirements for Information System Projects, SECNAVINST The foowing is a brief overview of a portion of what is required in the ASDP: Outine the need for automation as it reates to specific eements of the command s mission. Summarize the fictiona requirements and information-dependent tasks. Summarize the seected Federa Information Processing (FIP) resource soution (functiona requirements of the hardware and software) intended to satisfy the information processing need. Expain the acquisition strategy, indicating whether acquisitions wi be competitive or noncompetitive and from what source the hardware and software may be acquired. Summarize the projected costs (personne, hardware, software, security mechanisms, and faciities) associated with deveoping an operationa system. Incude any additiona information that wi faciitate understanding and evauating the information system proposa. Training, security, privacy, maintenance, mobiity, and site preparation shoud be addressed. You wi be expected to have the insight to predict the future, since the users wi not aways know what they wi need ater. APPLICATION SOFTWARE PERFORMANCE REPORTS Management wi require reports that show whether the appication software in use is performing as designed. Here are two items of information to incude in these reports: Average ength of time any particuar job remains in the system; and 1-22

27 How ong a priority job (priority 1, 2, and 3) waits to be run. This information can be used to change your existing standard operating procedures (SOPs) and aid in preparing schedues. For exampe, you might want to change the maximum time a priority job waits to be run. HARDWARE UTILIZATION REPORTS In addition to the appication software performance reports, you wi prepare the reports that cover hardware utiization. Your hardware utiization reports shoud incude the foowing types of information: The amount of system ide time; The amount of system setup time; The amount of system production time; The amount of downtime, not ony for the whoe system but aso for each particuar piece of equipment. (This coud hep you expain why the ide time seems unusuay high, if it does.) This information can hep you schedue the work for your system. Keep in mind that under-utiization of hardware can resut in a oss of equipment and/or personne. Equipment may be removed if it is not being fuy used. If you aren t doing the amount of work for the number of peope assigned, you may have biets taken away. OPERATING SYSTEM SOFTWARE REPORTS Operating system software reports are primariy used for the AIS faciity s research. They can cover such probems as hardware under-utiization and appication software aborts. Hardware under-utiization can be measured by excessive ide time. This can be caused by no jobs to be run or no users ogged on. Aso, constant or excessive downtime for a specific piece of equipment with no effect on production wi be considered as a waste of hardware. Some of the most common probems that resut in appication software aborts are as foows: Wrong fie specified. The wrong-fie-specified abort can be caused by transposing the characters in the fie name or inputting an od fie instead of the new fie. Job run out of sequence. The job-run-out-ofsequence abort can be caused by the schedue being incompete, not isting a the jobs, or the schedue not being turned in on time. Another cause might be an inexperienced operator running the wrong job. Fie corrupted. The fie-corrupted abort is normay caused by a system faiure. This can be the resut of a disk head crash, the oss of power, or a power fuctuation. Fie not avaiabe. The fie-not-avaiabe abort is caused when the input fie was not received or when the job was run out of sequence and the input fie has not been created yet. Out of free disk space. The out-of-free diskspace abort is usuay a resut of poor housekeeping techniques. For exampe, fies that are no onger needed have not been removed. Be sure housekeeping tasks are performed on a reguar basis. This probem aso can be remedied by using some of the performance-tuning initiatives discussed ater in this chapter. These operating system software reports are a good source of information for preparing the management reports and aiding in the performance-tuning initiatives. We aso need these reports for background information for submitting troube reports, which are covered ater in this chapter. EQUIPMENT INVENTORIES With the ever-increasing need to trim the budget, AIS resources have become a critica area. This is causing a rea need for accurate and compete computer hardware inventories. We must verify the accuracy of these inventories annuay to ensure we can support our command s mission. When new equipment is acquired, it is to be added to the inventory. The inventory wi contain such information as: Manufacturer; Type of equipment; Mode number; Seria number; Q Minor property number; 1-23

28 Location; and custodian. Normay, a compete inventory is conducted annuay, with spot inventories conducted periodicay throughout the year. A of this wi be controed by your oca SOP. PERFORMANCE-TUNING INITIATIVES The reports we have covered are good sources for determining what performance-tuning techniques to impement. Now et s ook at some performancetuning choices avaiabe, both hardware and software. Be sure they are authorized by your command before impementing them. HARDWARE Three possibe hardware choices are as foows: Increase computer memory; Reduce fie fragmentation; and Add or change a disk drive. Increase Computer Memory To increase a computer system s memory, we can add memory chips or memory boards. This wi aow us to run arger, more compex programs on the system. We can aso create cache memory, which is used with the centra processor to improve execution speed and enhance centra processor performance. This is accompished by reducing the access time required to repeatedy fetch frequenty used information stored in main memory. For average program mixes, cache memory yieds a 50-percent increase in processing speeds. The cache memory is a random-access memory (RAM) buffer that provides high-speed storage capabiities from main memory and makes this data avaiabe to the centra processor with a private centra processor/cache interface. Reduce Fie Fragmentation Fie fragmentation occurs when you deete a fie, eaving, basicay, a hoe in the information on the hard disk, or when you add information to an existing fie when there is no contiguous space eft next to the fie. To correct fragmentation, you can make a backup, reformat the hard disk, and restore your fies. You can aso run a software program referred to as a defragmenter to reorganize the fies so the data in each fie is contiguous. Add or Change a Disk Drive By adding a new disk drive or repacing a disk drive with a arger drive, you wi reduce the probems you may have with disk space. Remember, if you add or change a disk drive, you must modify the system setup so the system wi recognize the new drive. SOFTWARE Let s ook at some operating system changes avaiabe. Remember, anytime you are preparing to make changes to your operating system, you must consut the system operator manua first. It wi show you what can and cannot be changed on your particuar system. The operating system changes you can make are as foows:. Reconfigure the system; Change buffer sizes; Change memory addresses. Reconfigure the System When we reconfigure the system, we can move the device drivers into extended memory. We can move disk fies from a smaer capacity disk drive to a arger capacity drive; this wi aso hep with fragmentation. Change Buffer Sizes By changing buffer sizes, we increase the input/output activity of the system, resuting in the job finishing faster. This wi aso hep reduce the chances that the system wi ock up. Change Memory Addresses By changing memory addresses, you can taior extended and expanded memory to the system s needs. This resuts in freeing memory for the execution of production jobs. TROUBLE REPORTS AND TECHNICAL ASSISTS You wi be responsibe for submitting troube reports on software and hardware probems. Remember to foow the instruction from the command receiving the troube report. In most cases, this wi be the Navy Maintenance and Suppy Systems Office (NAVMASSO). As shown in figure 1-8, the troube report contains a ot of information. Items 13, 14, and 1-24

29 Figure 1-8. Typica troube report form. 1-25

30 15 are reserved for the receiving command s use. Most of the items are sef-expanatory, but et s cover two that aren t as obvious. Item number 3 asks for the priority assigned. Critica means that you cannot work around the probem to continue operating. Urgent means that you can work around the probem, but a resoution is required immediatey. Routine means the correction is needed, but you can work around the probem and ive with it unti it is fixed. When you start to fi in item 11, remember to enter a compete, detaied description of the probem you are experiencing. Incude the screen or menu number, if appicabe, the option number, if appicabe, and any error message received. Various procedures wi have to be foowed for persona computers (PCs), depending on the probem. For commercia software probems, inform the software manufacturer of the probem giving as much information as possibe. Normany, the manufacturer wi te you how to correct the probem over the phone, or if the probem wi be corrected with the reease of the next version of the program. For hardware, it is usuay covered by either a maintenance contract or manufacturer s warranty. With a maintenance contract, you wi foow the instructions for repair as outined in the contract. The owner s manua of equipment covered by a manufacturer s warranty wi have a phone number to contact a repair technician. SOFTWARE TROUBLE REPORTS Normay, the troube reports for the software are submitted by that subsystem s coordinator, after notifying the AIS faciity. Some of the most common troube reports for software incude the foowing: Monthy fies are not being ceared at the beginning of the new month. Report tites are wrong.. Bad data was entered into a fie and cannot be removed through norma procedures. HARDWARE TROUBLE REPORTS It is the AIS faciity s responsibiity to submit the troube reports on system hardware probems. The common reasons for hardware troube reports incude the foowing: A fie has become corrupted and no good save tapes are avaiabe to rebuid the fie. The system keeps hitting 100 percent of capacity and ocks up. The system keeps dropping I/O channes. If the hardware probem can be traced to a specific piece of equipment, notify the maintenance technicians to hande the probem. TECHNICAL ASSISTS After submitting a troube report, you wi need to coordinate with the centra design activity to see if the probem can be taken care of over the phone or if it wi require a technica assist. If it requires a technica assist, there may be a requirement to arrange for transportation, entry to the faciity, and/or escorts. You wi need to schedue time for the technician to use the system and notify the users that the system is unavaiabe. OPERATIONAL GUIDELINES When preparing the operationa guideines for your faciity, you shoud consider four major areas as foows:. Future growth capabiities; o Backup operations; Contingency pans and disaster recoveries; and Emergency responses. To deveop these and other operationa guideines, you wi need to review the current SOPS, command s mission, run foders, and monthy production schedues. Whie reviewing these, you are ooking to make sure that the current and/or proposed operationa guideines wi aow the AIS faciity to meet the command s mission. FUTURE GROWTH CAPABILITIES Projecting future growth capabiities is often the most overooked operationa guideine. Projecting future growth shoud have been done when the system was designed, but it can be done at any time it is needed. Users are one of your ast sources of information when it comes time to start projecting. They know how their workoad has increased in the past and can forecast what it wi be in the future. With this information, and 1-26

31 by knowing the imitations of the existing system, you can project what additiona equipment wi be needed to hande the future workoad of the command. This may incude additiona network drops and terminas ocated throughout the command, spare parts, backup media, and personne. The most important thing to remember when projecting the future growth capabiities is to take your time when doing the research. You don t want to come up short when requesting the additiona materias that you expect to need ater on. BACKUP OPERATIONS Backup operations fa into two categories: norma and specia saves. Norma saves. Norma saves are the ones worked into the monthy production schedues. These saves are normay done every day or night and are the most important recovery too avaiabe to you. Specia saves. Specia saves are the ones that need to be done before and after the impementation of a software upgrade and during monthy and yeary production runs. The saves that are done in association with a software upgrade are not covered on your production schedue, since upgrades are not reeased on any pubished schedue. CONTINGENCY PLANS AND DISASTER RECOVERIES The most important part of disaster recovery is having a contingency pan and current backup fies. The AIS faciity s contingency pan covers what is required to get the faciity back onine as soon as possibe. Your contingency pan shoud incude emergency response, backup operations, and recovery pans. To have current backups, we must ensure that norma saves are done as schedued. The saves can be categorized as either whoe system or data fie saves. The AIS faciity s resources, schedue, and instructions wi be the governing factors as to which category of saves and the frequency with which the saves wi be done. For further guidance, as to the minimum frequency and the category of saves, refer to the oca type commander s (TYCOM) instructions. Another part of the recovery process is making sure that repacement parts are avaiabe. There are constraints as to the number of parts maintained onboard your activity. Before a major depoyment (or periodicay for shore activities), it is important to take an inventory of the parts so if the parts are not on board, they can be ordered. EMERGENCY RESPONSES The ast major area we are going to ook at is emergency response. When a probem occurs, such as a job aborts or the system goes down, the steps you and your AIS staff must foow are: Log the probem. A good rue is to og everything; this can save time and hep to identify probems eary. Notify management, users, and the maintenance technician. By notifying management, you provide them the information they need to answer questions and make decisions concerning the system. If the users are kept informed, they won t be as apt to keep caing the operators when the operators are busy trying to get the system back up and running. In notifying the maintenance technicians, whether hardware or software, you need to te them what you were doing, exacty what happened, and what you have tried to do to fix the probem. Adjust staffing when possibe. Adjusting staffing works in two ways. If the system is going to be down for an extended period of time, it is a waste to keep a the operators there with nothing to do. Likewise, there are times when additiona expertise wi have to be brought in to hep get the system up and running. Either way, this wi be your decision as the AIS faciity manager. You wi have to anayze the situation and decide what skis are needed to sove a probem, who has the skis, who is avaiabe, how many personne are needed, and so on. EMERGENCY URGENT CHANGE REQUESTS Occasionay, the best-aid pans wi have to be changed. One of these times is when an emergency urgent change request (priority job) comes in. Normay, there is a good reason for each emergency urgent change request. These change requests cover both appication and system programs. For appication programs, some reasons for urgent change requests are a specia report needed for a meeting, ast-minute corrections before starting a monthy or yeary job, and a deadine that is moved to 1-27

32 an earier time. Invariaby, a priority job comes in that must be run just when the shift is amost over. Being a customer-oriented service, it is our job to get the product out. With system programs, three common reasons for urgent change requests are specia saves, changes to the operating system, and system testing by NAVMASSO. SUMMARY Scheduing is the interface between the user, I/O contro, and computer operations. The scheduer s job is to foow the AIS faciity s scheduing procedures to deveop daiy, weeky, and/or monthy production schedues. You wi be depended on to effectivey and efficienty schedue the computer and other reated resources of your AIS faciity to meet user processing requirements. Input/output contro is an important AIS function. It is the point of contact for AIS users (customers). Like in any other business, customers must be treated with courtesy, tact, and dipomacy. It is the I/O cerk s job to receive jobs from users; maintain ogs, prepare jobs to be run on the computer; make sure everything is ready on time; communicate with users on job requirements and probems; and check, prepare, and distribute output products. Each of the I/O contro cerk s tasks may invove customer iaison. Maintaining good customer reations is as important as processing the customer s jobs. We taked about different types of reports, performance-tuning initiatives, appication software ibraries, troube reports and technica assists, operationa guideines, and emergency change requests. This is, by no means, a compete ist. As you continue in your career, you wi be adding new skis and more responsibiities to these. This chapter gives you the foundation needed to buid on, with the skis you have and those you wi earn. 1-28

33 CHAPTER 2 COMMUNICATIONS ADMINISTRATION LEARNING OBJECTIVES Upon competing this chapter, you shoud be abe to do the foowing: Identify the background and mission of the departments within the Nationa Communications System. Identify the mission and poicy of nava communications. Identify the functions of the Nava Teecommunications System and the roes of communications management personne. Identify the eements and responsibiities reated to standard message processing. Identify the procedures for minimize consideration and processing of messages. Identify the procedures used for genera administration and handing of communication fies. Identify the procedures used in communications panning. Identify the procedures for conducting watch-to-watch inventories and updating the NWPs. Identify the roe of the nava warfare pubications ibrary (NWPL) incuding NWPL administration and maintenance. Nava communications is the term assigned to the entire communications effort of the Department of the Navy, both afoat and ashore. The nava communications compex is the tota of a Navy-operated communications instaations and services. The communications compex provides, operates, and maintains tactica communications, incuding feet broadcast, ship to shore, and air to ground. The operating forces and a commands and activities ashore depend on this compex for reiabe transmission and receipt of information. In this chapter, we wi give you a broad overview of how nava communications is organized at shore commands and aboard ship. We wi aso discuss the various pubications used in nava communications. These pubications provide standard guidance for a phases of nava communications, such as basic communications doctrines, message preparation, and proper circuit discipine. NATIONAL COMMUNICATIONS SYSTEM The Nationa Communications System (NCS) was estabished to achieve a cohesive effort in the event of war. The NCS provides a unified governmenta system that inks together the communications faciities and 2-1

34 components of the various Federa agencies. Essentiay, a branches of the Federa Government, both civiian and miitary, are part of the NCS. Each department and branch, however, has its individua organization, methods, and procedures. DEFENSE COMMUNICATIONS SYSTEM The Defense Communications System (DCS) exists to support the three miitary departments (Navy, Army, Air Force) and other Department of Defense activities. The circuits that make up the DCS are government-owned or eased and are point-to-point circuits that are ong-hau and wordwide. The DCS combines many of the communication eements of the three miitary forces into a singe communications system. Athough the Nava Teecommunications System (NTS) and the DCS are two different communications systems (feet and ashore, respectivey), they are constanty intermixed. For exampe, as often happens, a nava message originated aboard ship and destined for a shore activity eaves the ship over the NTS, but fina routing is accompished over the DCS circuits. The interface between the NTS and DCS is aways provided by the shore communications faciity. DEFENSE INFORMATION SYSTEMS AGENCY The Defense Information Systems Agency (DISA) gives operationa direction to the DCS. With reference to the DCS, the DISA must ensure that the system is operated and improved so as to meet the continua ong-hau, point-to-point requirements that arise. The DISA functions under the management of a director who is appointed by the Secretary of Defense. The director is a fag-rank officer and is responsibe for coordinating the combined communications eements of the three miitary departments. MISSION OF NAVAL COMMUNICATIONS The mission of nava communications is to provide and maintain reiabe, secure, and rapid communications, based on war requirements, to meet the needs of nava operating forces. Nava communications must aso satisfy the requirements of the Defense Communications System (DCS) and the Nationa Communications System (NCS). Nava communications must aways be ready to shift to the requirements of wartime. Our peacetime organization and training must be capabe of making this shift rapidy and with a minimum of changes. Without this capabiity, our forces woud be severey handicapped, and vita defense information woud never reach its destination. For this reason, we have a we-defined communications structure, with responsibiities assigned to each eement, from the Chief of Nava Operations (CNO) down to individua feet units. POLICY OF NAVAL COMMUNICATIONS The poicy of nava communications is to: Estabish and maintain effective communications within the Department of the Navy; Encourage at a eves of command an effort to improve techniques, procedures, and efficiency; Cooperate with the miitary services, Defense Information Systems Agency (DISA), and other departments and agencies of the U.S. Government and aied nations; Encourage deveopment of the amateur and commercia communications activities of the United States to enhance their miitary vaue and to safeguard the interests of the nation; and Promote the safety of ife at sea and in the air by maintaining communications faciities with the U.S. Merchant Marine, aircraft over sea, and appropriate U.S. and foreign communication stations. NAVAL TELECOMMUNICATIONS SYSTEM The word teecommunications incudes a types of information systems in which eectric or eectromagnetic signas are used to transmit information between or among points. The Nava Teecommunications System (NTS) is comprised of a the end termina processing equipment, transmission, switching, cryptographic, and contro devices used to transmit operationa information in the Navy. 2-2

35 The NTS provides eectrica and optica communications from the commander in chief and nava commanders down to a nava forces under its command. You shoud remember that the NTS is used primariy to exercise command and contro over the nava operating forces; not the shore estabishment. Most shore estabishments are served through the Defense Communications System (DCS). Naturay, there are overapping portions of each system where necessary. Operationa direction and management contro of the assigned eements of the NTS are the responsibiity of the Commander, Nava Computer and Teecommunications Command (COMNAVCOM- TELCOM). In nava communications, COMNAVCOM- TELCOM determines the responsibiities of each of the various commanders, whether a feet commander or the commanding officer of a ship. For exampe, direction and contro of a nava feet broadcasts, ship shore, air-ground, and other direct feet-support teecommunications are assigned to the feet commanders in chief. That is to say, a Pacific Feet nava broadcasts are under the operationa direction and contro of the Commander in Chief, Pacific Feet (CINCPACFLT). The same appies to Atantic Feet navak broadcasts. These broadcasts are under the operationa direction and contro of the Commander in Chief, Atantic Feet (CINCLANTFLT). Feet commanders in chief are responsibe for the adequacy of communications to satisfy the needs of their respective feets. They, in turn, assign broad communications responsibiities in the form of feet operation orders (OPORDs). OPORDs are to be compied with at every eve down through individua commanding officers of operating ships. The commanding officers use ony those portions of the feet commander s communications OPORD that affect them. In this simpe, yet direct, manner, the NTS is administered at every operationa eve in the feet, according to that ship s mission and communication needs. We wi tak more about OPORDs ater in this chapter. The Nava Teecommunications Command is composed of the foowing eements: Commander, Nava Computer and Teecommunications Command (COMNAVCOMTEL- COM); Nava Computer and Teecommunications Area Master Stations (NCTAMSs); Nava Computer and Teecommunications Stations (NAVCOMTELSTAs, sometimes referred to as NCTSs); Nava Communications Detachments (NAVCOMTEL DETs, aso abbreviated NCTDs); Nava Data Automation Commands (NAV- DACs); Nava Security Group Departments (NAV- SECGRUDEPTs) of NAVCOMTELSTAs; and Navy-Marine Corps Miitary Affiiate Radio System (MARS). COMMANDER, NAVAL COMPUTER AND TELECOMMUNICATIONS COMMAND With the merging of Automated Information Systems (AIS) and teecommunications, the mission and responsibiities of COMNAVCONTELCOM have greaty increased. You wi see COMNAVCOM- TELCOM continue to change and grow as teecommunications technoogy advances into the 21st century. There have aready been changes in the makeup of the COMNAVCOMTELCOM caimancy as communications stations have merged with Nava Regiona Data Automated Centers (NARDACs). Those communications stations that do not merge with an AIS activity wi become Nava Computer and Teecommunications Stations (NCTSs) or Nava Computer and Teecommunications Detachments (NCTDs). Athough not a-incusive, COMNAVCOMTEL- COM s responsibiities incude the foowing: Integrates and consoidates Navy common-user ashore communications and information resources (IR) (incuding personne) into the NAVCOMTELCOM caimancy, and impements Navy IR management poicy within the caimancy; 2-3

36 Advises the Director, Nava Space and Warfare Command, of vaidated communications requirements that may demand deveopment or modification of sateite communications systems; Formuates poicy on, and exercises authoritative contro over, the Navy Communications Security Materia System (CMS), and reviews or initiates action in cases of oss or compromise of CMS materia; Serves as Department of the Navy (DON) manager of eased portions of Navy dedicated and common-user information transmission systems; Manages the Navy and Marine Corps Miitary Affiiate Radio System (MARS) and coordinates Navy participation in amateur radio matters; Estabishes, impements, and maintains the Feet Operationa Teecommunications Program; Manages Internationa Maritime Sateite (INMARSAT) communications ground interfaces to nava communications for the DON and handes any other commercia teecommunications authorized by aw or treaty; Operates and maintains the NCTSs, NARDACs, and assigned eements of the Defense Communications System (DCS); Serves as technica advisor to CNO for communications/enisted ratings (RM, ET, and assists in career deveopment and training for these ratings; and Serves as centra design agency for communications in the DON, performs ife-cyce management on Navy Standard Communications Software components. NAVAL COMPUTER AND TELECOMMUNICATIONS AREA MASTER STATIONS (NCTAMSs) As we mentioned earier, there have been changes in the caimancy of NAVCOMTELCOM. As a resut, each of the former NAVCAMS has been redesignated as a NCTAMS, and has merged with a NARDAC. The four NCTAMSs are NCTAMS EASTPAC, Honouu, Hawaii; NCTAMS LANT, Norfok, Virginia; NCTAMS WESTPAC, Guam; and NCTAMS MED, Napes, Itay. The word is divided into four Nava Communications Areas (NAVCOMMAREAs): Western Pacific (WESTPAC), Eastern Pacific (EASTPAC), Atantic (LANT), and Mediterranean (MED) (figure 2-). A communications activities within any of these geographica areas are organized to operate under the operationa contro of a NCTAMS. These master stations are the major sites in a COMMAREA and are the primary keying stations for that area. They are the entry points for Navy Tactica Sateite Systems and aso operate and maintain one or more Defense Sateite Communications System (DSCS) terminas. The NCTAMSs have, as part of their organization, a feet teecommunications operations center (FTOC). This is the foca Point for feet communications support. To support the operating forces of each feet commander in chief (FLTCINC), the authority to exercise operationa direction over a NAVTELCOMs is deegated on an area basis to the commanding offiers of the master stations. Operationa direction is decentraized down to the commanding officers of the NCTAMSs. These commanding officers report to and are immediatey responsibe to the FLTCINC. COMNAVCOMTELCOM, however, exercises overa operationa direction to assure integration of the wordwide system, taking into consideration the requirements and priorities of other FLTCINCs and/or higher authority. You shoud refer to the appropriate Feet Operationa Teecommunications Program (FOTP) manua for futher information. Within the various NAVCOMMAREAs are aternate NCTAMSs. They coordinate contro of communications under the direction of the primary NCTAMSs. NAVAL COMPUTER AND TELECOMMUNICATIONS STATION A Nava Computer and teecommunications Station (NAVCOMTELSTA) is a communications station with the primary responsibiity for communications in a arge specific area. This responsibiity incudes a communications faciities and equipment required to provide essentia feet support and fixed communications services. For exampe, NAVCOMTELSTA, Diego Garcia, serves a arge geographica area of the Pacific and Indian oceans. It aso incudes faciities and equipments necessary to interface with a other NAVCOMTELSTAs or 2-4

37 Figure 2-1. Nava communications areas. communications detachments on a nava communications matters. It aso provides Nava Industria Fund (NIF) AIS services to Navy customers. NAVAL COMPUTER AND TELECOMMUNICATIONS DETACHMENT A Nava Computer and Teecommunications Detachment (NAVCOMTELDET) is a sma teecommunications faciity that is assigned a imited, or speciaized, mission and has a imited number of personne and faciities. NAVAL DATA AUTOMATION FACILITY A Nava Data Automation Faciity (NAVDAF) comes under the contro of an NCTS or a NARDAC. NAVDAFs provide AIS services in areas where no NARDACs are ocated. The workoad of a NAVDAF is normay ess than that of a NARDAC. NAVAL SECURITY GROUP DEPARTMENTS The Nava Security Group Departments (NAVSECGRUDEPTs) come under the authority of Commander, Nava Security Group Command (COMNAVSECGRU), and are responsibe for the cryptoogic and reated functions of the Navy. NAVSECGRUDEPTs maybe part of a NCTAMS or a NAVCOMTELSTA. As such, COMNAVSECGRU exercises technica contro over the cryptoogic operations, whereas COMNAVCOMTELCOM has overa responsibiity for the management and operating efficiency of the NAVSECGRUDEPTS. MILITARY AFFILIATE RADIO SYSTEM (MARS) A function of the Miitary Affiiate Radio System (MARS) is to provide auxiiary communications to miitary, civi, and/or disaster officias during periods of emergency. The Navy encourages amateur radio operators to affiiate with MARS. Many of the 2-5

38 operators have earned their amateur radio icenses from the Federa Communications Commission. The amateur radio operators, using their amateur stations on Navy radio frequencies, receive training in nava communications procedures and practices. Besides assisting in emergency situations, MARS operators aso create interest and furnish a means of training members in nava communications. You can find detaied information about the MARS program in U.S. Navy-Marine Corps Miitary Affiiate Radio System (MARS) Communications Instructions, NTP 8. NAVAL COMMUNICATIONS MANAGEMENT As radiomen advance, they can expect to assume additiona authority and responsibiity. A first cass or chief wi most ikey be paced in charge as a watch supervisor, eading petty officer or chief, or even as a division officer. These are ony a few of the many eadership positions to which they might be assigned. In summary, eventuay, a career Radioman is going to be a manager. The Navy has conducted extensive studies to pinpoint probems in the area of communications organization and management. These were done to aow communications personne to take corrective action on the probem areas. Use of sound manageria principes heps us accompish our mission. A eves of management require an evauation standard. Managers are then abe to propery evauate specific communication systems or components. Such an evauation provides a basis for comparison of equipment, personne, and even compete faciities. This evauation forms the basis for estabishing additiona standards and guideines. A continuing evauation requires data coection via a system of feedback reports from a manageria eves. EVALUATING PERFORMANCE Effectiveness of nava communications is the first consideration in the management of any communications faciity. The overa capabiity must be viewed in reation to each functiona unit. Standards of performance can be estabished and contro eements determined. An evauation of the entire system must be competed by the highest eve of command. Each operationa unit must be scrutinized by the chief or first cass in charge. Estabishing Standards Standards of performance must be estabished to determine the effectiveness of operations and service provided against customer requirements and system capabiity. Standards must be estabished for interna functions as we as for overa system performance. After performance standards are estabished, the contro eements and manner of contro can be determined. It is most important that performance standards be estabished in the genera areas of reiabiity, speed, security and economy. These areas can be broken down into standards for interna operation, equipment, personne, maintenance, suppy, and so forth. Reaistic standards of performance must be estabished. This aows maximum use of resources without overcommitment. The standards must be compatibe with command requirements and within resource capabiity. The standards must aso be fexibe enough to aow for changing operating conditions. Ski eves and manning eves change constanty. Equipment status and configurations are never stabe. Operating conditions and commitments change from day to day. Therefore, each communications faciity manager must estabish fexibe standards to accommodate changing requirements and situations. Management Responsibiities Mid-management radiomen must reaize the need for progressivey improving standards. The foowing points may assist mid-management radiomen in improving standards within their division: Overcoming Resistance The practice of reying on past performance as a basis for estabishing standards is often sound. With an organized effort, however, conditions can be changed to improve performance. If the personne responsibe for better performances participate in the organized effort, the probem of resistance to higher standards is often eiminated. Improving Conditions Owing to the rapid growth and change in the character of communications systems, considerabe manageria effort must be devoted to improving the effectiveness of operations and service. The essentia approach to this type of probem can be summarized in a sequence of three stages: Discovery of the probems; that is, what part of an existing condition needs improving; 2-6

Diagnosis to determine what changes are needed to bring about the needed improvement; and Remedia action; that is, impementing the necessary changes.

39 Diagnosis to determine what changes are needed to bring about the needed improvement; and Remedia action; that is, impementing the necessary changes. Responsibiity Responsibiities must be estabished in accordance with the organizationa structure and be ceary defined. Organizationa Considerations Leading radiomen must reaize that the existing organizationa structure may be a contributing factor to poor personne performance. In such instances, recommendations to reaign the organizationa structure must be seriousy considered. Conservation of Personne Resources The communications faciities manager must be constanty aware of the need to conserve personne resources at a eves. Conservation of personne resources is accompished by evauating personne requirements propery and by using avaiabe personne effectivey through proper training and assignment. GENERAL ADMINISTRATION A communications faciity shoud function effectivey and efficienty. This is normay the resut of the senior supervisor s abiity to set up and manage the organization. Good supervisors retain open minds. They recognize the need for change and impement those changes as required. They acquire a thorough knowedge of the functions performed by their area of responsibiity and understand how it reates to the overa mission. Ony then can they pan a rationa approach to correct a probem or make positive changes. Athough the current structure and methods may meet the objectives of the division, a periodic review shoud sti be conducted. The goa is to deveop more efficient office methods, techniques, and routines. Procurement of state-of-the-art equipment may require a compete evauation and reorganization of divisiona workfow and workspace ayout. To pan propery, the supervisor must know the foowing information: WHAT work is to be done; WHY the work is to be performed; WHEN the work is to be performed; HOW the work is to be accompished; WHERE the work is to be performed; and WHO is responsibe for competing the work. PERSONNEL MANAGEMENT Good manageria traits and supervisory abiities are prerequisites for the first cass or chief petty officer who is required to function as a front ine supervisor and manager. The RM1 or RMC wi normay be the RM supervisor and wi have many manageria and supervisory responsibiities added to those present at the junior petty officer eve. Supervision invoves working with peope, and a major responsibiity of a supervisor is production. A good supervisor knows how to get a job done by getting the most out of personne. However, the desire to attain an acceptabe production eve must not be at the expense of personne assets. Peope have the right to be treated as individuas and respected as such. If treated in any other reamer, no amount of pressure wi create a permanent increase in production eves. Whie you want to achieve a high eve of production, you aso want your personne to produce wiingy and be interested in their work. OFFICE MANAGEMENT The physica ocation of a communications office is normay predetermined by higher authority. Furthermore, the space aotted to the various sections is usuay determined by competent engineers based on avaiabe space. After discussing the matter with the senior petty officers in the division, the division officer or division chief usuay determines the physica ocation of furniture and equipment. When the office ayout is being panned, primary consideration must be given to proper fow of paper and work, the physica ocation of workspaces, and the interna communications of the division. Secondary factors to be considered are the number of personne to be accommodated, safety standards, security of cassified materia, structura ocation of eectrica outets, and physica ocations of bukheads and passageways. Paper and Work Fow Good paper fow is the smooth movement of paperwork from one desk or individua to another. As much as possibe, the paperwork shoud fow in one direction through various sections with no reversas or 2-7

criss-crossing. Figure 2-2 shows the idea communications space ayout with sequentia workfow. Pacing reated tasks in adjacent spaces reduces distance and increases efficiency of operations.

40 criss-crossing. Figure 2-2 shows the idea communications space ayout with sequentia workfow. Pacing reated tasks in adjacent spaces reduces distance and increases efficiency of operations. This utimatey increases the work accompished. Workfow affects the pacement of sections within the division and the ocation of desks, fies, and other equipment. Changes shoud ony be made to improve workfow. Deviations from approved methods can resut in oss of time and motion and cause deays in competion of work assignments. Physica Factors The physica ayout of workspaces shoud be reviewed when: There is evidence of improper workfow; The number of personne or office procedures change; The voume of work increases or decreases; Figure 2-2. Idea communications space ayout. New equipment is ordered or is to be instaed; or. There is a change in aotted space. Before actuay moving personne or equipment, it is a good idea to draw a scae mode of the anticipated ayout. You can then evauate the idea and judge its effectiveness. In evauating an office ayout, you shoud consider the foowing factors: Office congestion; Personne supervision; Use of space; Voume of work versus peope; and Office appearance. Interna Communications A arge portion of communications office work consists of receiving, distributing, and fiing communications, reports, instructions, and records. Another major portion of the work is the disposition of correspondence. When handing correspondence, the supervisor must estabish standard procedures. Once decided, these procedures shoud be conveyed both verticay and horizontay. Vertica communications are routed up and down the chain of command. Horizonta communications are routed to other divisions and departments. Vertica communications can be either forma or informa. Forma information usuay consists of office procedures, watches, schedues, job instructions, and written orders. Forma communications are handed to ensure wide dissemination and accuracy of information, to avoid distortions, and to provide a permanent record. Informa information is usuay passed oray and provides guidance and instructions on work assignments. Horizonta communications can be either forma or informa. Personne hoding parae positions (two watch supervisors for instance) can sometimes resove probems through informa communications without invoving higher authority. On the other hand, forma communications must be used when the subject requires approva through the chain of command. Forma communications may be in the form of station directives, administrative procedures, or station watch bis. 2-8

41 COMMAND COMMUNICATIONS ORGANIZATION The structure of the communications organization of a command depends on command size and whether the command is ship- or shore-based. Not a Navy ships have a communications department. Basic Operationa Communications Doctrine (U), NWP 4 (NWP 6-01), designates the types of ship that shoud have a communications department. In ships that are not so designated, communications personne are assigned to the operations department, but the communications functions are the same as those for ships with a communications department. Future organization may structure communication and automated systems into a combined information systems department. Senior enisted personne may be assigned communications duties normay assigned to officers if there are insufficient officers to fi communications biets. Figure 2-3 shows a norma shipboard communications organization. Key biets are further discussed in this chapter. Commanding Officer The commanding officer of a ship or a shore command is responsibe for the communications of that command. The ony exception to this is when a fag officer is embarked aboard a ship, making that vesse the fagship. In such cases, the embarked commander assumes contro of fagship communications. The commanding officer is sti responsibe for the proper handing of message traffic within the ship. Communications Officer The communications officer (COMM officer) is responsibe for the organization, supervision, and coordination of the command s exterior communications. At shore stations, the COMM officer is the department head. Aboard ship, the COMM officer may be assigned as a department head or may be assigned under the operations officer. Aboard ship, the COMM officer is aso responsibe for the management of reated interna communications systems. Radio Officer The radio officer is in charge of the communications center. This officer is responsibe for organizing and supervising assigned personne to ensure accurate, secure, and rapid communications. The radio officer is responsibe to the communications officer Preparing the command s communications pan; Figure 2-3. Communications organization. 2-9

42 Monitoring the proper aocation of equipment for operations; Preparing and maintaining the communications watch, quarter, and station bi; Conducting the communications training program; and Preparing standard operating procedures (SOPs) for the communications center. On sma ships, the communications officer and the radio officer maybe the same person. Communications Security Materia System (CMS) Custodian The CMS custodian is responsibe to the commanding officer for: Managing the CMS account in accordance with the instructions contained in the Communications Security Materia System (CMS) Poicy and Procedures Manua, CMS 1; Advising the commanding officer on matters concerning the physica security and handing of CMS pubications and materias; Stowage of CMS pubications and materias, as we as the drawing, correcting, and authorized destruction; and Submitting a reports concerning the accountabiity and issuance of CMS pubications and materias. Watch Section Personne The functions of the operationa organization of a communications command consist of: Message processing, circuit operation, technica contro, data processing, and operation; and Contro of voice circuits and the operation of sateite circuits, where instaed. The combined efforts of the operationa organization are performed in various spaces simutaneousy. In the next section, we wi discuss the duties and responsibiities of some of the key biets within this organization. COMMUNICATIONS WATCH OFFICER (CWO). The CWO is responsibe to the communications officer for: Ensuring that communications capabiities are accompished in accordance with the command s mission; Incoming and outgoing traffic, ensuring that a messages, transmitted or received, are handed rapidy and accuratey in accordance with existing reguations; and Ensuring compiance with existing communications directives and monitoring the performance of on-watch personne and spaces. Feet Communications (U), NTP 4, contains a detaied isting of the duties of the CWO. SENIOR WATCH SUPERVISOR (SWS). When assigned, the SWS is the senior enisted person on watch in communications spaces and is responsibe to the CWO for: The proper handing of a communications; Notifying the CWO on a matters of an urgent or unusua nature; Examining operationa ogs and monitoring equipment aignment and operation; and Directing action necessary to prevent or overcome message backogs. In addition to the duties isted in NTP 4, the SWS is aso responsibe for any other duties as maybe assigned by the CWO. COMMUNICATIONS CENTER SUPER- VISOR. The communications center supervisor is responsibe to the CWO and SWS for: Supervising message processing and circuit operations; Directy supervising a radiomen on watch in the message processing center; and Notifying the CWO and SWS on a matters of an unusua or urgent nature. TECHNICAL CONTROL SUPERVISOR. The technica contro ( tech contro ) supervisor is responsibe to the CWO for: Estabishing and maintaining required circuits, and initiating action to restore or bypass faied equipment; 2-10

43 Ensuring that quaity monitoring and contro procedures are used on a systems; Maintaining the status board showing pertinent information on a equipment, nets, and circuits in use; and Directy supervising a personne assigned to technica contro and transmitter room spaces. Command Ship Communications The term fagship is sometimes used instead of command ship but means the same thing. Either term means that a group, squadron, or division commander is embarked on board, thereby making that vesse the fagship, or command ship. We mentioned earier that, in fagships, the embarked commander assumes responsibiity for communications functions. The fag communications officer is responsibe for ship and fag communications requirements. However, the interna routing of message traffic remains the responsibiity of the commanding officer of the ship in which the fag is embarked. When a fag officer is embarked, the ship s communications officer, communications watch officers, and enisted communications personne may be ordered to additiona duty in the fag communications division. These personne are directy responsibe to the fag communications officer for the operation of the fag communications functions. The ship s communications officer reports to the fag communications officer and is the contact officer for matters pertaining to the handing of ship and staff message traffic. Figure 2-4 iustrates a standard watch organization aboard a ship with a fag embarked. By now, you shoud have a basic idea of how nava communications is organized at shore commands and aboard ship. Remember that there are variations in a organizations. The command size, scope of operations, and personne assets are just a few of the factors that affect the structure of the communications organization. OPERATION ORDERS Operation orders (OPORDs) are directives issued by nava commanders to subordinates for the purpose of effecting coordinated execution of an operation. Figure 2-4. Communications watch organization. 2-11

44 Operation orders are prepared in accordance with a standing format, as set forth in Nava Operationa Panning, NWP 11 (NWP 5-01). An OPORD is an operations pan made up of the heading, body, and ending. The basic pan, contained in the body of the OPORD, is concise and contains minimum detai. More detaied information on various ship departments is contained in encosures (caed annexes and appendixes). The annex of most concern to radiomen is the communications annex. The communications annex, aong with its appendixes and tabs, discusses the many detais to be considered in panning communications for a particuar operation. In this annex, you can find such information as the appicabe circuits, equipment, and frequencies that wi be used in the upcoming operation. STANDARD OPERATING PROCEDURES In addition to the OPORDs, you shoud aso become famiiar with the standard operating procedures (SOPs) used by your division and department. SOPs shoud be sufficienty compete and detaied to advise personne of routine practices. The detai depends upon such variabes as the state of training, the compexity of the instructions, and the size of the command. Staff sections, divisions, and departments often find it convenient to estabish their own SOPs for operating their respective areas and for guiding their personne in routine matters. Some exampes of communications SOPs are: Procedures for persons going aoft; Handing of visitors in radio spaces; and MINIMIZE procedures. Communications SOPs are written to meet an objective. SOPs may vary from command to command and may differ according to their objectives. Your job wi be to recommend changes or maybe even write the objectives. In any event, a compete set of SOPs wi enabe you and your shipmates to perform your duties in a responsibe, professiona, and safe manner. MESSAGE LOGS Accounting for messages addressed to your guard ist (ist of commands for which you receive message traffic) is the most important part of processing messages. Accounting for a messages processed in your message center is accompished with ogs. Athough ashore and afoat automated systems automaticay og, store, and retrieve messages, there sti is a need to manuay og and fie both incoming and outgoing messages. CENTRAL MESSAGE LOG Depending upon the traffic voume processed, a message center may use either a separate outgoing/incoming og or a combined Centra Message Log to record processed message traffic. A messages are ogged in the Centra Message Log after they have been ogged in the appropriate circuit og. The norma practice is to use separate ogs for outgoing and incoming messages (figure 2-5). The entries in the Centra Message Log are station seria number (SSN), precedence, DTG (origina on a readdressa), originator (origina on a readdressa), subject, cassification, time of receipt (TOR) for incoming messages or time of deivery (TOD) for outgoing messages for each message. It is aso usefu to indicate on the og over which circuit the message was reayed. This is hepfu during tracer situations. The Centra Message Log is fied in the communications center master fie on top of the messages processed for that radio day (raday). TOP SECRET CONTROL LOG Upon receipt of a Top Secret message, incuding SPECAT SIOP-ESI, addressed to the parent command or subscriber of the message center, the center assigns a sequentia number and enters the originator, DTG, and copy count of the message into the Top Secret Contro Log. A separate entry is made for each addressee. The messages must be annotated as Copy of and Page of. The message must aso be assigned a Top Secret contro sequentia number. CIRCUIT LOGS Records of messages sent via ship-shore circuits, whether primary shipshore, fu-period termination, and soon, must be maintained. This ensures continuity of traffic, accurate times of deivery/receipt, and precise fies for possibe tracer action. These actions shoud be recorded on the Received Message Record, OPNAV 2-12

45 Figure 2-5. Centra Message Log for outgoing and incoming messages. 2-13

46 Figure 2-6. Received Message Record, OPNAV Form

47 Form (figure 2-6). Athough this form is primariy designed as a record of received messages, ony a pen-and-ink change is necessary for its use as a send og. JOURNAL LOGS In most automated systems, a significant system events are entered in a journa og. This og is a chronoogica record of data processing operations, which may be used to reconstruct a previous or updated version of a fie. A system-eve commands entered by an operator are ogged. Log entries are usuay queued for deivery to a printer as they are generated, but this is optiona. However, they are aways journaed to a fie from which they can be recaed and printed at a ater time, as desired. This og gives a system operator or supervisor the abiity to review current and previous system events. In addition, the journa og supports message accountabiity. The system records the receipt of every forma message and the termination of every forma message deivery that it schedues. PROCESSING OUTGOING MESSAGES Outgoing messages are those messages originated by: The command; Commands served by the communications center; An afoat command if a fag officer is embarked; An addressabe unit onboard the ship as we as a messages accepted for reay. The fow chart in figure 2-7 shows the actions required to process outgoing messages. HANDLING AUTOMATICALLY PROCESSED OUTGOING MESSAGES Those messages introduced into the LDMX/NAVCOMPARS from a PCMT, VDT, paper tape reader, data speed reader (DSR), card reader, or magnetic tape are considered outgoing. They are prepared in JANAP 128, modified ACP 126, or other acceptabe formats. Most outgoing messages are destined to be deivered to distant communications centers and commands. Others aso have deivery requirements for in-house distribution to commands Figure 2-7. Steps for processing outgoing messages. 2-15

48 serviced by the communications center. The basic steps for processing outgoing messages are shown in figure 2-8. The system recognizes whichever format is used upon entry and then vaidates the start-of-message and end-of-message. After vaidation, the system outputs either an accept or a reject notice to the operator via the outgoing og. Together with the action notice, the system then outputs a unique header ine to identify the message. Accepted messages are assigned a Process Sequence Number (PSN), which is incuded in the accept notice. They are then stored on diskette for recovery purposes and queued for processing on a first-in, first-out basis by precedence order. Emergency command or FLASH precedence messages cause any ower precedence messages to be interrupted and a cance transmission (bust) sequence to be transmitted. The emergency command or FLASH message is transmitted, and norma message processing by precedence is resumed. Messages are seected for processing based on their precedence and on the order they arrived into the system; first ones in are the first ones processed out. The LDMX/NAVCOMPARS vaidates the message header and assigns routing indicators (RIs) for deivery as required. If the system cannot assign an RI automaticay, it wi dispay the addressee ine to the router VDT. The router may assign the correct RI, pace the message on a queue, reject the message from further processing, or correct the short tite of the addressee if in error. A system status containing accounting information pertinent to a the messages on a hod queue wi be dispayed to the router via the VDT, when the router queue is empty or upon demand by the operator. The router can then retrieve any message on the hod queue by its PSN. If the router rejects the message, the system wi record it and print a reject notice on the service og. Any message determined by the LDMX/ NAVCOMPARS system to be dupicated wi be rejected to the service printer with the proper annotation. After a routing is appended to the message, the system assigns the anguage and media format (LMF) Figure 2-8. Steps for processing automatic outgoing messages. 2-16

49 (JANAP 128), content indicator code (CIC) (JANAP 128), originating station routing indicator (OSRI), station seria number (SSN), and time of fie (TOF) to the message. The message is then paged and sectioned according to JANAP 128, and queued for transmission. Data-pattern messages may be introduced into the system via card or magnetic tape. The format wi be in accordance with JANAP 128 procedures for data messages. During the message preparation, processing, transmission, and fiing, the same contros and restraints used for narrative message processing wi aso appy to data-pattern messages. The message may aso have deivery requirements for distribution to commands serviced by the communications center. The system wi automaticay assign interna message distribution for a guard commands. If the system cannot provide interna distribution, the message wi be dispayed to the inrouter for assistance. MESSAGE AND ROUTING ADDRESSEES Most messages have at east one addressee responsibe for taking action on the contents and for originating any necessary repy. Addressees who have an officia concern in the subject of the message, but who do not have primary responsibiity for acting on it, receive the message for information. Athough information addressees are usuay concerned ony indirecty with a message, they occasionay must take action of some kind within their own commands. Some messages contain ony information addressees. Messages may be divided into types, according to the way they are addressed, as foows: Singe-Address A message that has ony one addressee, which may be either for action or information. Mutipe-Address A message that has two or more addressees, which may be either action or information and where each addressee is informed of a other recipients. Book A message destined for two or more addressees but where the drafter considers it unnecessary that each addressee be informed of other addressee(s). Book messages are routed according to each addressee s reay station. A unnessary addressees are deeted from the face of the message before being sent to the addressee(s) served by that particuar reay station. Genera Message A message that has a wide, predetermined, standard distribution. Genera messages are normay tited with a sequentia number for the current year; for exampe, ALCOM 28/96, NAVOP 30/96. The tite indicates distribution and serves as the address designator. ADDRESS GROUPS Address groups are four-etter groups assigned to represent a command, activity, or unit. In miitary communications, address groups can be used in the same manner as ca signs to estabish and maintain communications. Generay speaking, the Navy uses address groups the same way as ca signs. Address groups never start with the etter N; hence, they are easiy distinguishabe from nava radio ca signs. Address groups, however, foow no distinctive pattern, and the arrangement of the four etters that constitute them conveys no significance whatsoever. Afoat commands (except individua ships) and shore-based commands or activities not served by their own communications faciities are assigned address groups. For exampe: Senior commands and commanders ashore, such as the Secretary of Defense and the Secretary of the Navy; Navy bureaus, systems commands, and district commandants; and Eements of the shore estabishment having a need for direct addressing and receipt of message traffic (such as weather centras). Among other uses, address groups faciitate deivery of message traffic when a communications center serves so many activities that its own ca sign is insufficient to identify the addressee. Address groups are contained in Aied Ca Sign and Address Group System Instructions and Assignments, ACP 100, and in U.S. Ca Sign &Address Group System Instructions & Assignments (U.S. Suppement No. 1), ACP 100 U.S. SUPP-1. Like ca signs, address groups are divided into the foowing types: Individua activity; Coective; Conjunctive; Geographic; Address indicating; and 2-17

50 Specia operating. Individua Activity Address Groups Individua activity address groups are representative of a singe command or unit, either afoat or ashore. For exampe: DTCI COMNAVSURFLANT; and SSMA CHIEF OF NAVAL OPERATIONS (CNO). Coective Address Groups Coective address groups represent two or more commands or activities. Incuded in this group are commanders and their subordinate commanders. For exampe: JTBC DESRON 6; and YQHV SUBRON 16. Conjunctive and Geographic Address Groups Conjunctive and geographic address groups are discussed together because they are interreated in their usage. Conjunctive address groups have incompete meanings and must have geographic address groups added to them to denote a specific command or ocation. For this reason, conjunctive address groups are used ony with one or more geographic address groups. For exampe, the conjunctive address group XZKW means A ships present at. To compete the meaning, it must be foowed by a geographic address group. Geographic address groups are the equivaent of geographica ocations or areas. They are aways preceded by conjunctive address groups. For exampe, the address group DEXL coud represent Newport, R.I. Therefore, a ships present at Newport woud be addressed XZKW DEXL. Address Indicating Groups Address indicating groups (AIGs) represent 16 or more specific and frequenty recurring combinations of action and/or information addressees. The purpose of AIGs is to increase the speed-of-traffic handing. They shorten the message address by providing a singe address group to represent a arge number of addressees. This eiminates individua designators for each address used in the heading. Messages that are repetitivey addressed to a constant group of 16 or more addressees can effectivey be processed by an AIG address designator. For exampe, et s assume that a hypothetica AIG (AIG 31) is used to address SUBMISS/SUBSUNK message traffic by COMSUBLANT to 30 action addressees and 35 information addressees. Since a singe AIG (AIG 31) is used, 65 ca signs and address groups are eiminated from the heading of the message. AIGs are normay created when particuar types of message traffic become repetitive enough (at east 12 times a year) and are addressed to enough of the same addressees to warrant it. Among such message traffic are: Aerts, air defense warnings, operationa or emergency actions, and so forth; Destructive weather warnings, such as hurricanes and typhoons; Logistica transactions and reports; Inteigence summaries; Movement reports, such as aircraft, ships, and personne; and Notices to airmen (NOTAMs). A point for you to remember is that an AIG wi not be estabished for groups of addressees numbering fewer than 16. A compete isting of AIGs by number, cognizant authority, and purpose is contained in U.S. Navy Address Indicating Group (AIG) and Coective Address Designator (CAD) Handbook, NTP 3 SUPP-1. A partia isting of AIGs, aong with specific action and information addressees, can be found in ACP 100 U.S. SUPP 1. Specia Operating Groups Specia operating groups (SOGs) are four-etter groups that are identica in appearance to address groups. SOGs are provided for use in the headings of messages to give specia instructions. However, SOGs are not used uness specificay authorized by CNO. They must aways be encrypted. SOGs may be used singy or with encrypted or unencrypted ca signs or address groups. DISTRIBUTION CLERK The distribution cerk reproduces copies of the messages according to the routing instruction of the inrouter and outrouter. The distribution cerk is responsibe for making the required number of copies 2-18

51 each subscriber requires and sotting the messages into the appropriate subscriber box. It is important that the cerk remain aert to prevent sotting messages into the wrong box. This coud cause an undeivery situation. The distribution cerk, who handes a great number of messages throughout the watch, must be aware of high-precedence messages and ensure that they are reproduced and distributed in a timey manner for immediate pickup by the subscriber. The cerk must aso be up on the message center s current SOP for handing specia and cassified messages. To prevent viewing by unauthorized personne, certain messages, such as PERSONAL FOR, AMCROSS, and cassified messages, must be paced in enveopes for pickup by subscribers. Cassified messages are paced in two enveopes; the inner enveope is stamped with the cassification and any specia-handing markings, and then seaed in accordance with oca instructions. The outer enveope is marked with the addressee, originator, and DTG of the message, and then seaed. After reproducing and distributing a message, the distribution cerk paces the origina copy into a box for fiing by the fie cerk. When a message is reproduced from the soe copy of a broadcast message, the origina copy or a fier must be returned to the broadcast fie. If two-py paper is used on the circuit, the top copy may be used as the master fie copy and the bottom copy retained as the circuit monitor copy. COMMON MESSAGE ELEMENTS Before covering the basic format of miitary messages, we wi first discuss the time system and precedence categories used in nava communications. TIME Time is one of the most important eements in communications. Messages are normay identified and fied by either date-time group or Juian date, depending on the method of transmission. Date-Time Group The date-time group (DTG) is assigned for identification and fie purposes ony. The DTG consists of six digits. The first two digits represent the date, the second two digits represent the hour, and the third two digits represent the minutes. For exampe, Z AUG 96 means the 22nd day of August pus the time in Greenwich mean time (GMT). The dates from the first to the ninth of the month are preceded by a zero. We wi tak more about the GMT system shorty. The DTG designation is foowed by a zone suffix and the month and year. The month is expressed by its first three etters and the year, by the ast two digits of year of origin; for exampe, Z AUG 96. The zone suffix ZULU (Z), for Greenwich mean time, is used as the universa time for a messages. The exception is where theater or area commanders prescribe the use of oca time for oca tactica situations. Radiomen never use 2400Z and 0000Z as the DTG of a message. The correct time woud be either 2359Z or 0001Z, as appropriate. GREENWICH MEAN TIME. In nava communications, the date-time group is computed from a common wordwide standard. To meet the need for wordwide time standardization, the internationa Greenwich mean time (GMT) system was deveoped. The GMT system uses a 24-hour cock instead of the two 12-hour cyces used in the norma civiian word. In the GMT system, the Earth is divided into 24 zones. Zone zero ies between 7 1/2 east and 7 1/2 west of the 0 meridian. The 0 meridian passes through Greenwich, Engand. The time in this zone (zone zero) is caed Greenwich mean time (GMT). The miitary more commony refers to this as ZULU time. Both names refer to the same standard. Each time zone extends through 15 of ongitude. Zones ocated east of zone zero are numbered 1 through 12 and are designated minus. To obtain Greenwich mean time, you must subtract the zone number in which you are ocated from oca time. Zones ocated west of zone zero are aso numbered 1 through 12 but are designated pus. These zones must be added to the oca zone time to obtain GMT. As we wi discuss shorty, the 12th zone is divided by the 180th meridian, which is the internationa date ine. Each zone is further designated by a etter. Letters A through M (J is omitted) designate the eastern, or minus, zones. Letters N through Y designate the western, or pus, zones. The designating etter for GMT is Z (ZULU). The zone number, prefixed by a pus or minus sign, constitutes the zone description. Zones crossing and areas often foow boundaries, natura features, or regiona demarcations to keep simiar or cosey reated areas within the same zone. 2-19

52 CONVERTING GMT AND LOCAL TIMES. Most countries have adopted the GMT system. As a Radioman, you wi need to be abe to convert oca time to GMT. To do this, you must understand the GMT system. Figure 2-9 is a chart showing the time zones of the word. Refer to the chart as you study the materia in the next paragraphs. To iustrate converting oca time to GMT, assume that we are in zone R and the oca time is 1000R (10 a.m.). Referring to the time chart in figure 2-9, you can see that zone R ies west in ongitude from zone zero, and is designated pus 5. Therefore, we add 5 hours to the oca time, 1000, to find that GMT is 1500Z. To convert GMT to oca time, we reverse the process and subtract 5 hours from the GMT (1500Z) to obtain 1000R. The U.S. miitary services use the 24-hour system to express time in four-digit groups. The first two digits of a group denote the hour and the second two digits, the minutes. Thus, 6:30 a.m. becomes 0630; noon is 1200; and 6:30 p.m. is Midnight is expressed as 0000 (never as 2400), and 1 minute past midnight becomes Remember, to eiminate any possibe confusion, never use 0000Z or 2400Z as the date-time group of a message. The correct time woud be either 2359Z or 000IZ. We mentioned earier that the 12th zone is divided by the 180th meridian. This meridian is the internationa date ine (IDL) (figure 2-9). This is where each wordwide day begins and ends. A westbound ship crossing the ine oses a day, whereas an eastbound ship gains a day. This time zone is divided into itera zones MIKE and YANKEE. The eastern haf of zone 12 is designated MIKE (-12), and the western haf is designated YANKEE (+12). Now we come to a very important point in our discussion. Since MIKE and YANKEE are two parts of a singe zone, the time in MIKE and YANKEE is aways the same. When the IDL is crossed from either direction, the day must change. Since we have aready estabished that there is a -hour difference between each of the 24 time zones, it is cear that there is aways a situation where it is a day earier or ater in one part of the word than it is in another. The primary point to remember about this zone is that it is aways the same time in zone MIKE as it is in zone YANKEE, but it is never the same day! You can find more information on time zones in Communication Instructions Genera (U), ACP 121. Juian Date The Juian date consists of seven digits. The first three digits represent the day, and the ast four digits represent the hour and minutes. The first day of the caendar year is Juian 001, and each day is numbered consecutivey thereafter. For exampe, in Juian , 031 is the 31st day of the caendar year (January 31), and 1315 is the fiing time. PRECEDENCE The message drafter indicates the desired writer-to-reader deivery time (speed-of-service) through the assignment of a message precedence. Athough the drafter determines the precedence, the reeaser shoud either confirm or change it. (We wi tak more about the responsibiities of the drafter, originator, and reeaser ater in this chapter.) Precedence is assigned according to urgency, based soey on speed-of-service, not according to the importance of the subject matter or the text. For exampe, an uncassified message may be assigned an IMMEDIATE precedence, whereas a Secret message may be assigned a ROUTINE precedence. In this situation, the uncassified message requires fast action or response, whereas the Secret message may not require any action at a. The foowing paragraphs ist the various precedence categories, their indicators, and basic definitions: ROUTINE (R) This category is assigned to a types of traffic that justify eectrica transmission but which are not of sufficient urgency to require a higher precedence. PRIORITY (P) This category is reserved for messages that furnish essentia information for the conduct of operations in progress. This is the highest precedence normay authorized for administrative messages. IMMEDIATE (O) This category is reserved for messages reating to situations that gravey affect the nationa forces or popuace and which require immediate deivery to addressees. FLASH (Z) This category is reserved for initia enemy contact reports or operationa combat messages of extreme urgency; message brevity is mandatory. YANKEE (Y) In addition to the four major precedence categories, an EMERGENCY COMMAND PRECEDENCE (ECP) is used within the 2-20

53 Page Figure 2-9. Time zone chart of the word.

54 AUTODIN system. This ECP is identified by the precedence prosign Y and is imited to designated emergency action command and contro messages. MESSAGE USER RESPONSIBILITIES A message user is any individua authorized to draft, reease, and/or process eectronicay transmitted messages. There are certain responsibiities associated with the origination of a message. These responsibiities are separate and distinct and concern the foowing parties: Originator; Drafter; and Reeaser. Occasionay, the responsibiities may overap, especiay if one person is serving a dua capacity. For exampe, communications officers may occasionay draft and reease messages, thus making them both drafters and reeasers. ORIGINATOR The originator is the authority (command or activity) in whose name the message is sent. The originator is presumed to be the commanding officer of the command or activity. Most often, the originator and the reeaser are one and the same. In some cases, the drafter, reeaser, and originator are a the same person. For exampe, if the commanding officer drafts a message for transmission, he or she is the drafter as we as the reeasing authority for the activity in whose name the message is sent. DRAFTER The drafter is the person who actuay composes the message. In accordance with NTP 3, the drafter is responsibe for: a e Proper addressing and using pain anguage address (PLA) designators correcty; Cear, concise composition; Seecting the precedence; Ensuring the proper format; Assigning the proper cassification; and Ensuring the appication of proper downgrading and decassification instructions to cassified messages, except those containing Restricted Data or Formery Restricted Data. RELEASER The reeaser is a propery designated individua authorized to reease messages for transmission in the name of the command or activity. The reeasing individua ensures that the drafter has compied with the requirements contained in NTP 3. In addition to vaidating the contents of the message, the signature of the reeaser affirms compiance with message-drafting instructions. The signature of the reeaser authorizes the message for transmission. After a message has been propery reeased, it is deivered to the teecommunications center (TCC) for transmission. The DTG is normay assigned here. Proper transmission, receipting, and fiing procedures are done by the communications personne. An important point that you shoud remember about the DTG is that it is assigned for identification and fie purposes ony. It is not used to compute message processing time. MESSAGE READDRESSALS If you receive or send a message and ater determine that another activity may need to act on or know about the information in the message, you can readdress the origina message to that activity. If you receive a copy of a message as an information addressee, you can ony readdress the origina for information purposes. Use a short form or ong form, depending on how ong ago the origina message was sent. For both the short form and ong form, you must: Fuy identify the message you are readdressing. Enter the new addressee(s). Enter the origina message originator. Incude the origina date-time group. Use the Process Sequence Number (PSN), if contained in the origina message. If the origina message was sent within the ast 60 days, use the short form to readdress it. Messages are hed in the message center fie for up to 60 days. On the short form, enter the from, to, and information addressees in the fieds provided. Send the short form to the message center where it wi be combined with the text of the origina and then sent. 2-22

55 The short form readdressa is aways uncassified. However, it must state the cassification of the readdressed message. Messages over 60 days od are routiney deeted from the message center fies. If the origina message to be readdressed is more than 60 days od, use the ong form. Enter the from, to, and information addressees in the fieds provided. Unike the short form, you retype the entire message. Cassify the ong form the same as the origina message. When a sectionaized message is readdressed, each section of the message must be readdressed separatey. The headerines and addressees must be the same on each readdressa. The PSN must match that of the section being readdressed, but the respective section number is omitted. Each section of the readdressed message shoud have the same date-time group. The precedence of the readdressa message maybe ower, the same as, or of a higher precedence than the origina message when deemed operationay imperative by the readdressa authority. Genera formatting instructions and preparation guidance are avaiabe in NTP 3. Message readdressa procedures may vary sighty at different TCCs. The required procedure may be verified through the oca TCC. MINIMIZE MESSAGES Miitary teecommunications systems tend to become overoaded during an emergency. Naturay, it becomes necessary to reduce unnecessary traffic voume to cear user circuits for essentia traffic. This reduction in traffic is accompished by use (usuay by message) of the word MINIMIZE. Minimize means It is now mandatory that norma message and teephone traffic be reduced drasticay so that vita messages connected with the situation indicated wi not be deayed. A message ordering minimize consists of the word MINIMIZE t foowed by the area affected (scope), reason, and duration of the minimize condition (when known). Minimize messages must be brought to the immediate attention of the eading communications petty officer (LPO) and the communications officer. The Chief of Nava Operations (CNO), feet commanders in chief, and area coordinators are authorized to impose minimize conditions on users of nava communications systems. Subordinate commanders may impose minimize over eements of their commands ony with prior permission from one of the three authorities just mentioned. During minimize conditions, FLASH and IMMEDIATE traffic shoud be restricted to a maximum of 100 and 200 words, respectivey. Message reeasers are aso kept to a minimum and must be specificay designated in writing. We briefy discuss additiona minimize guideines ater in this chapter. NWP 4 (NWP 6-01) contains information pertaining to the types of norma, environmenta, and suppy traffic that may be sent over norma channes and circuits during minimize. SERVICE MESSAGES Service messages are short, concise messages between communications personne. These messages have the authority of an officia communication and must receive prompt attention. If the action requested in a service message cannot be accompished within a reasonabe time, the station originating the service message shoud be notified. Service messages are normay assigned a precedence equa to the message being serviced. Service messages dea with many topics. You wi find that most dea with corrections, repetitions, broadcast reruns, and misrouted or missent messages. You must remember that a service message shoud be prompty deat with and retained unti a actions concerning it have been competed. Once action is compete, it is good practice to attach a copy of the service message to the serviced message when it is fied, or mark it with the DTG of the service(s). Requests for information through service messages shoud be as brief, concise, and accurate as possibe. Carefu attention to detai and the use of proper operating techniques by communications and crypto personne wi reduce the number of service messages required. Service messages are normay prepared in abbreviated paindress format and may be assigned sequentia reference numbers. (We discuss paindress messages ater in this chapter.) The service message number immediatey foows the abbreviation SVC in the message text. If used, sequentia service reference numbers may continue throughout the caendar year. When you repy to a service message received with a reference number, the text of the repy shoud refer to the number. For exampe: 2-23

56 This exampe is a service message inviting attention (ZUI) to a previous service message with a reference number of Occasionay, you wi see the acronym COSIR in a service message text, which means Cite Our Service in Repy. Authorized operating signas are used to the greatest extent possibe in service messages, but carity must not be sacrificed for brevity. The security cassification is the first word of a service message text. This is foowed by the abbreviation SVC. If the service message requires specia handing, the specia-handing designator foows the security cassification. For exampe: A service message may quote the textua content of a cassified message or refer to the cassified message in a manner that reveas textua content. In this case, the service message must be assigned the same cassification as the cassified message being serviced. You can find detaied information on service messages in Automatic Digita Network (AUTODIN) Operating Procedures, JANAP 128. Tracer Messages Tracer messages are specia types of service message. Tracers are sent to determine the reason for excessive deay or nondeivery of a message previousy sent. Normay, tracer requests are initiated by a message originator or addressee. However, a situation may dictate that tracer action be initiated by the originating communications station, the reay station, or the communications station of the addressee. Tracer action continues on a station-to-station basis unti the cause of deay has been determined. Upon receipt of a tracer, a station shoud examine its records for the time of receipt and transmission of the message being traced. This information is compied and transmitted with the tracer action to the preceding station(s) and to the station that originated the tracer. The station that caused the deay or nondeivery must cite the reason and provide a summary of corrective action in the report. Tracer action requests must be initiated as soon as the discrepancy is discovered. Action must be initiated no ater than 4 days after the origina time of transmission for a tactica addressee. For nontactica addressees, action must be initiated no ater than 30 days from the origina time of transmission. In-station records, fies, ogs, and tapes must be retained beyond the required retention imit if tracer action is in progress prior to the expiration date. You can find detaied information concerning tracer action in JANAP 128. Termination Request Messages Ships send termination request messages to estabish circuits with a NCTAMS or NAVCOMTELSTA on a imited or fu-time basis. A termination request message must be sent to the cognizant NCTAMS at east 48 hours prior to activating the requested termination. If the ship has a requirement for a fu-time termination, it wi be assigned a routing indicator by the cognizant NCTAMS. NTP 4 contains detaied information pertaining to termination requests and formats. Communications Guard Shift Messages Communications guard shift (COMMSHIFT) messages are required when a command shifts its guard from one broadcast or servicing communications center to another. When possibe, the shift takes effect at 0001Z of the new radio day. When broadcasts are shifted, an overap period before and after the effective time is observed to ensure continuity of traffic. The command guards both broadcasts during the overap period. COMMSHIFT messages are sent to the NCTAMS of the communication areas from which the od and the new broadcasts originate. COMMSHIFT messages are necessary because of operationa considerations or changes in the depoyment schedue of a ship. These messages are necessary when a command needs to effect a shift at a time other than that indicated by its movement report. Detaied information concerning communications guard shift messages and formats is contained in NTP 4. Broadcast Screen Requests Broadcast screen requests (BSRs) are service messages to request the rerun (ZDK) of missed or garbed messages. BSRs are sent to the Broadcast Keying Station (BKS) or to the designated broadcast screen ship that is responsibe for the broadcast channe. NTP 4 provides detaied information and prescribes proper format for drafting a BSR. COMMSPOT Reports COMMSPOT reports are used to advise of any situation that might cause significant disruption of 2-24

57 tactica communications. These reports are submitted by a ships and nonterminated units when unusua communications difficuties are encountered. COMMSPOT reports must be submitted as soon as unusua communications difficuties are experienced to minimize further deterioration of the communications situation. COMMUNICATIONS CENTER FILES Every message handed by a ship or communications station is paced in one or more fies. Some fies are maintained by a ships and stations. Other fies are optiona and are maintained ony to fi the needs of a particuar ship or station. COMMUNICATIONS CENTER MASTER FILE The communications center master fie is the heart of the fiing system. This fie contains a copy or fier of every message sent or received by your command. Messages or fiers must be fied in DTG order to faciitate speed in ocating messages. Those messages not having DTGs shoud be fied behind messages of the same date. Separate incoming and outgoing communications center master fies maybe maintained. CRYPTOCENTER FILE The cryptocenter fie contains a copy of each Top Secret, SPECAT (ess SIOP-ESI), and messages designated for specia privacy, regardess of cassification. Tight Contro (TICON) and NATO messages must have their own fies. Fiers for messages in this fie must be paced in the master station fie. SPECAT SIOP-ESI FILE The SPECAT SIOP-ESI fie contains the master copy of a SIOP-ESI messages received by the communications center. Fiers for these messages must be paced in the master station and cryptocenter fies. BROADCAST FILE The broadcast fie contains a copy or fier of each message transmitted or received by the broadcast method. This fie must be stored in accordance with the highest cassification of the information contained. Top Secret and SPECAT messages addressed to the command must be fied in their appropriate fies and a fier for these messages paced in the broadcast fie. STATION FILE The station fie is divided into two parts: communications center master fie and visua station fie. With the exception of broadcast messages, the master fie contains the circuit or as is copy, incuding any message endorsements, of a messages transmitted, received, or reayed by the communications center. Narrative visua messages or fiers must be fied in the communications center master fie. GENERAL MESSAGE FILE The genera message fie contains copies of a effective genera messages that require retention based on the communications center s current guard ist. This fie is subdivided by genera message tite (such as ALNAV, ALCOM, NAVOP), and messages are fied in seria number order instead of DTG order. An exampe of a genera message seria number is ALNAV 10/96. This indicates that it is the 10th ALNAV sent in The individua fie is marked with the cassification of the highest cassified message contained therein. The cassified fies may be segregated by security cassification if desired. If a genera message is canceed during the current year, the message may be destroyed, but a fier must be paced in the fie to identify and indicate the disposition of a current-year genera messages. FACSIMILE FILE The facsimie fie contains a copy of a transmissions processed by facsimie equipment. A fier for a facsimie messages must be paced in the communications center master fie. COMMERCIAL TRAFFIC FILE The commercia traffic fie contains messages sent by commercia systems in accordance with Feet Communications (U), NTP 4. This fie is maintained by the commercia traffic cerk. EMBARKED COMMAND FILE The embarked command fie is maintained by the embarked commander s staff. When embarked commanders depart their fagships, they may require 2-25

58 that their fies accompany them. Therefore, the embarked command fie is maintained separatey from the fagship fie. Fagship communications personne are responsibe for processing outgoing and incoming messages for the embarked staff. NATO/ALLIED FILES Cassified messages of foreign origin must be provided the same protection as U.S. messages of equivaent cassification. Foreign Restricted messages, for which there is no U.S. equivaent, must be protected the same as U.S. Confidentia messages, except that Restricted messages do not have to be stored in a security container. You can find U.S. equivaent and foreign cassifications in the Department of the Navy Information and Personne Security Program Reguation, OPNAVINST , hereinafter caed the Security Manua. NATO cassified messages may not be fied with U.S. cassified message. However, NATO cassified message fies may be stored in the same storage area with U.S. messages provided that the NATO fies are ceary marked as such. FILE FILLERS Because of repeated reference to previousy sent message traffic, you must be abe to ocate a messages easiy and quicky. Therefore, you must aways return a message to the same fie from which it was removed and in the proper fiing order. When you remove a message from a fie, aways insert a fier, or ticker, in its pace. Fiers are ocay prepared forms that identify the message by the origina DTG, the message originator, information as to where the message is ocated, and the persona sign of the person removing the message from the fie and competing the fier. For readdressa messages, a fier is made for each readdressa date-time group. The message itsef is fied under the origina date-time group. Figure 2-10 shows an exampe of a message fier, or ticker. FILE MAINTENANCE Messages and fiers are fied in ascending date-time group order. The eariest message of the radio day (raday) wi be at the bottom of the fie. Automated systems print the DTG of each message on the ower right-hand corner of each message. For messages processed on nonautomated systems, the DTG shoud Figure Exampe of a message fier. aso be printed on the ower right-hand corner. This aids personne in easiy ocating messages in the fies. When a message is removed from a fie, it is important that it be refied as soon as possibe. The importance of maintaining we-kept fies and of moderating among the various watch sections cannot be overemphasized. Maintaining accurate fies and records and observing proper procedures contribute to an efficient shipboard or shore communications organization. You shoud be aware that different ships and stations may do basic procedures in sighty different ways. A commands, however, must conform to the requirements contained in communications operating instructions and pubications. RETENTION OF FILES Communication ogs and fies are retained by a communications center for a specified time period, as shown in tabe 2-1. After the time period indicated, the ogs and fies shoud be destroyed either by burning or shredding. Because of the voume of message traffic processed, ogs and fies can take up significant space in the message center; therefore, they shoud be destroyed in a timey manner. 2-26

59 Tabe 2-1. Retention Period of Logs and Fies COMMUNICATIONS PLANNING The primary objectives of communications panning are: To provide for effective connectivity to support the exercise of command and the exchange of essentia information; and To advise the commander of the impications of communication capabiities and imitations for the operation pan and its execution. The communications pan has to consider reiabiity, security, and speed. The communications panner chooses faciities and methods that wi best satisfy operationa requirements. The pan provides for the command and contro capabiity by which the operation wi be controed and directed. To be effective, the communications panner needs comprehensive knowedge of the organizationa structure estabished for the operation and the capabiities and imitations of the communications and command center faciities avaiabe to the force. COMMUNICATIONS REQUIREMENTS The operationa tasks assigned to various units require radio nets that ink units engaged in the same activity or task. Communications circuits foow the command ines of the task unit or contribute to its tactica effectiveness by providing for essentia information exchange. These considerations provide the essentia eements for determining communications requirements. 2-27

60 PROTECTION OF COMMUNICATIONS Enemy interception and disruption of communications are of primary concern to any communications panner. Every facet of communications faciities, methods, and procedures needs to be examined in terms of security, vunerabiity to deception, and the eectronic protection (EP) required for maximum protection. Communications Security Security is the safeguarding of information. As it pertains to communications, security is usuay referred to in terms of communications security (COMSEC) and signa security (SIGSEC). Security wi be discussed in more depth in chapter 3. Various devices and procedures are used to increase security, incuding: Authentication A security measure designed to protect communications systems against acceptance of fase transmissions or simuations by estabishing the vaidity of a transmission, message, or originator. Codes Any system of communication in which arbitrary groups of symbos represent units of pain text. Codes are often used for brevity and/or security. Ciphers Any cryptoogic system in which arbitrary symbos or groups of symbos represent units of pain text. Radio Sience A condition in which a or certain radio equipment is kept inoperative (frequency band and/or types of equipment are specified). Monitoring The act of istening, carrying out surveiance on, and/or recording the emissions of one s own or aied forces for the purpose of maintaining and improving procedura standards and Security. Identification Friend or Foe (IFF) A system using eectromagnetic transmissions to which equipment carried by friendy forces automaticay responds. For exampe, by emitting predetermined IFF puses, friendy forces can distinguish themseves from enemy forces. Communications Deception Communications deception, part of the fied of tactica deception, is the use of devices, operations, and techniques with the intent of confusing or miseading the user of a communications ink or a navigation system. EA and EP Eectronic attack (EA) is that division of eectronic warfare (EW) invoving actions taken to prevent or reduce an enemy s effective use of the eectromagnetic spectrum. Enemy EA concerns the communications panner because overcoming enemy jamming and deception imposes certain restrictions on genera communications operations procedures. Eectronic protection (EP) is that division of EW invoving actions taken to ensure friendy effective use of the eectromagnetic spectrum despite an enemy s use of eectronic warfare. The panner must be aware of EP capabiities avaiabe. THE COMMUNICATIONS PLAN The communications pan satisfies the communications requirements of an operation. It specifies circuits, channes, and faciities to be used and stipuates the poicies and procedures that are appicabe. The pan is, in effect, an assignment of communications tasks to be performed by subordinate commanders or by supporting commands. The panner first estabishes requirements for communications and then determines the best means for satisfying them. This process may revea shortages or inadequacies in what is avaiabe. If inadequacies are identified, it may become necessary to share circuits or faciities, as we as merging or consoidating requirements. A possibiities shoud be considered to support vaid operationa requirements. In panning communications, the panner must evauate such factors as the performance, capabiities, and capacities of systems, faciities, and personne. These factors are merey guides and averages. They represent the sum resut of experience in previous simiar situations, and are considered ony after any oca factors are determined. These factors change from time to time and must a be avaiabe for fina determination of communications requirements. 2-28

61 TELECOMMUNICATIONS SERVICE REQUEST (TSR) When a command requires additions, deetions, or changes in existing Defense Communications System (DCS) circuits, it must initiate a TSR. The submission of a TSR is not a simpe process and requires research and panning. The Defense Information Systems Agency (DISA) pubishes a pubication caed Submission of Teecommunications Service Request, DISA CIRCULAR , that provides instructions for preparing and submitting TSRs. New, increased, or updated services are expensive and require substantia justification. The increasingy high cost of teecommunications support, especiay eased services, has resuted in the high visibiity of communications programs at a eves of government. This fact underscores the need for manageria awareness and improved ife cyce documentation of teecommunications resources. Panning and deveoping a responsive nava teecommunications system requires eary identification and consideration of user requirements. Programming is required to obtain necessary resources. Normay, these requirements shoud be defined and submitted at east 2 years in advance to permit timey system panning and programming. TELECOMMUNICATIONS SERVICE ORDER (TSO) The TSO is the authorization to start, change, or discontinue circuits, trunks, inks, or systems. It is used to amend previousy issued TSOs and to effect administrative changes. The basic circuit design information for a new or changed circuits wi be provided by the TSO. The TSO may aso be used as the authority to procure specific devices and anciary equipment necessary to insta the circuit or services designated. FREQUENCY MANAGEMENT Over the ast quarter century, eectronics has pervaded virtuay every facet of our ife. High-tech eectronic devices, especiay those that radiate, make constant use of the eectromagnetic spectrum. The term eectromagnetic spectrum refers to the natura vibrations that occur when a force is appied to a substance. These vibrations occur with various speeds and intensities. The speed at which they occur is caed frequency, and the distance between each vibration is caed waveength. Frequency and waveengths are discussed in a ater modue. Spectrum Management A great invention in the 19th century utimatey ed to the need for spectrum, or frequency, management. This invention was the wireess or, as we know it today, the radio. At first, there were ony two radio frequencies 50 kiohertz (khz) and 1000 khz. Today, the spectrum is recognized by internationa treaty to extend up to 3000 gigahertz (GHz). The deveopment of radar, sateites, and other technoogicay advanced systems and their subsequent demands on the frequency spectrum have contributed to the need for frequency management. Frequency Aocation The Department of the Navy wi obigate no funds for equipment unti a frequency aocation has been obtained. This means that a actions necessary to estabish a frequency band for a specific item must be competed and approved prior to budgeting funds. The aocation approva authority considers the type of service the item wi provide and the cassification of the emission. This authority aso enforces rues and reguations and compiance with technica standards. The approva authority aso ensures the compatibiity of emerging equipment with other equipment operating in the same eectromagnetic environment. Interservice frequency coordination is another important consideration. It reduces the potentia for harmfu inteference if more than one service deveops simiar items that wi operate in the same band. The coordination is the responsibiity of the Chief of Nava Operations (CNO), working through the United States Miitary Communications Eectronics Board (USMCEB). Frequency Assignment Frequency assignment is the process of authorizing a system or equipment to operate on a discrete frequency (or frequencies) and within a specified set of constraints. Exampes of constraints are power, emission bandwidth, ocation of antennas, and operating time. Authority for using radio frequencies by Navy and Marine Corps activities within the United States and 2-29

62 Possessions (US&P) is obtained from the Administrator, Nationa Teecommunications and Information Administration (NTIA), Washington, D.C. The CNO estabishes overa poicy for spectrum management within the Department of the Navy. Authority for using radio frequencies by Navy and Marine Corps activities within the area of responsibiity of a unified or specified commander is obtained from the Joint Chiefs of Staff through the USMCEB. Within the Department of the Navy, the Nava Eectromagnetic Spectrum Center (NAVEMSCEN) authorizes frequency assignment appications and ensures a prerequisites are competed. SPECIAL-HANDLING MARKINGS Certain types of messages require specia-handing markings in addition to that provided by the security cassification. Among these markings are such designations as Caveat, Restricted Data (RD), Formery Restricted Data (FRD), LIMDIS, FOUO, EFTO, SPECAT, PERSONAL FOR, NATO RESTRICTED, and ALLIED RESTRICTED. Caveat Messages When used with specia-handing instructions, the word caveat means a warning by authoritative orders that directs or imposes one to protect an eement, usuay specia message traffic. Restricted Data and Formery Restricted Data The marking Restricted Data (RD) is appied to a data concerned with the design, manufacture, or use of nucear weapons. Aso incuded in this category is the specia nucear materia used in energy production. The marking Formery Restricted Data (FRD) pertains to defense information that has been removed from the RD category but must sti be safeguarded as cassified defense information. FRD materia cannot be reeased to foreign nationas except under specific internationa agreement. LIMDIS (Limited Distribution) The LIMDIS designator is appied ony to cassified messages which, because of the subject matter, require imited distribution within the addressed activity. For Officia Use Ony (FOUO) FOUO is the designation used on officia information not requiring a security cassification but which must be withhed and protected from pubic reease. Uncassified messages containing FOUO information must have the abbreviation FOUO after the designation UNCLAS. Encrypt for Transmission Ony (EFTO) Certain categories of uncassified messages may be identified as having potentia vaue if subject to anaysis, but do not meet the criteria for security cassification. The specia designation EFTO was estabished to protect these uncassified messages during eectrica transmission. EFTO is not required on uncassified messages addressed excusivey among Navy, Marine Corps, and Coast Guard commands. EFTO is authorized for use within the Department of Defense, incuding the Nationa Security Agency. However, EFTO is required on FOUO messages addressed to DOD activities outside the continenta United States. Bear in mind, however, that just because information is FOUO, it is not automaticay EFTO, and vice versa. As we mentioned earier, EFTO is a transmission marking for uncassified messages. FOUO markings, however, define a certain category of information requiring specia handing. Neither FOUO nor EFTO markings are security cassifications; both are specia-handing designations. You can find detaied information on EFTO and FOUO markings in Basic Operationa Communications Doctrine (U), NWP 4 (NWP 6-01). SPECAT The SPECAT marking means specia category. SPECAT messages are cassified messages identified with a specia project or subject. SPECAT messages require specia-handing procedures in addition to the handing procedures for the security cassification of the message. There are four SPECAT categories: SPECAT; SPECAT EXCLUSIVE FOR (SEF); SPECAT Singe Integrated Operationa Pan-Extremey Sensitive Information (SIOP-ESI); and PSEUDO-SPECAT. 2-30

63 SPECAT and SPECAT EXCLUSIVE FOR messages must be at east Confidentia. SPECAT SIOP-ESI messages are aways Top Secret. PSEUDO-SPECAT messages are normay uncassified messages that require imited distribution. Exampes of PSEUDO-SPECAT messages incude AMCROSS messages, urinaysis test resuts, and HIV test resuts. SPECAT messages are handed ony by those personne who are authorized by the commanding officer in writing to view them. The types of information assigned SPECAT and handing procedures can be found in NWP 4 (NWP 6-01) and in Feet Communications (U), NTP 4, respectivey. PERSONAL FOR PERSONAL FOR is the marking appied when message distribution must be imited to the named recipient. Ony fag officers, officers in a command status, or their designated representatives may originate PERSONAL FOR messages. NATO RESTRICTED The United States does not have a security cassification equivaent to NATO RESTRICTED. NATO messages cassified as restricted must be safeguarded in a manner simiar to FOUO messages. Messages originated by NATO must be handed in accordance with NATO Security Procedures (U), OPNAVINST C ALLIED RESTRICTED The United States does not have a security cassification equivaent to ALLIED RESTRICTED. However, these messages must be handed in the same manner as Confidentia messages. U.S.-originated messages containing ALLIED RESTRICTED information are marked as Confidentia immediatey foowing the security cassification. MINIMIZE CONSIDERED During an actua or simuated emergency, it may become necessary to decrease the amount of record and/or voice communications on miitary teecommunications circuits. When this occurs, it is caed MINIMIZE. In essence, a messages that are not urgent wi not be transmitted. Those messages that concern a mission or safety of ife are considered imperative and, therefore, require transmission during minimize. The same criteria pertaining to minimize conditions noted earier in this chapter sti appy. The reeasing officer must review and decide on the message s merit, which means the message wi be sent, either eectricay or by another means. When a message is reeased, it must incude the words MINIMIZE CONSIDERED and RELEASED BY. Messages that wi not be sent eectricay during minimim periods shoud be returned to the originator with the reason for their return. Normay nontransmitted messages wi be sent via U.S. mai if they meet estabished security guideines. JCS EMERGENCY ACTION MESSAGES Joint Chiefs of Staff (JCS) Emergency Action Messages (EAMs) contain key instructions or information from high-eve authority and have predetermined formats (pro forma). Such messages are transmitted by various communications systems and normay carry FLASH (Z) precedence. They are vita messages of an extremey time-sensitive nature, and rapid processing is mandatory to achieve the fast reaction required by their content. Usage and handing procedures are issued by the JCS to those who have a need to know. SPECAT messages come in two variations. One type incudes both the genera SPECAT and the SPECAT Singe Integrated Operationa Pan Extremey Sensitive Information (SPECAT SIOP-ESI). This type of SPECAT message is associated with code words or projects. For exampe, a Secret message whose subject matter deas with a specia project entited TACAMO woud have a cassification ine reading SECRET SPECAT TACAMO. SPECAT SIOP-ESI messages are aways cassified Top Secret. SPECAT (ess SIOP-ESI) messages must be cassified at east Confidentia. The other type of SPECAT message is SPECAT EXCLUSIVE FOR (SEF). SEF is used ony within the nava community for highy sensitive matters, high-eve poicy, or when poiticay sensitive information is to be passed ony to a particuar individua. The cassification ine woud then contain the name of that individua. For exampe, a Secret message destined excusivey for Admira W. T. Door woud read: SEF messages are reserved for use by fag officers and officers in a command status. These messages are not intended for use in operationa matters, and they 2-31

64 may not be readdressed nor referenced in other narrative messages. SPECAT messages are handed ony by those personne who are authorized to view them as approved in writing by the commanding officer. NAVAL WARFARE PUBLICATIONS LIBRARY The nava warfare pubications ibrary (NWPL) is the designation assigned to that group of communications and operationa pubications designated as part of the pubication aowance for the command. These pubications contain required procedures, signas, and other information of an operationa or mission-essentia nature. They may aso incude information invoving safety. The NWPL provides for the centra administration and maintenance of communications and operationa pubications. These pubications incude, but are not imited to: Nava teecommunications pubications (NTPs); Nava warfare pubications (NWPs); Feet exercise pubications (FXPs); Aied tactica pubications (ATPs); Aied exercise pubications (AXPs); USN addenda to aied pubications; and Misceaneous aied pubications. The objective of centra administration of nava warfare pubications (NWPs) is to ensure that these pubications are correct and readiy avaiabe for their intended use. Some NWPs contain information that is necessary for the proper performance of individua duties and is important for individua professiona deveopment. Therefore, NWPs must be readiy avaiabe for use by individuas with a duty-reated need or a genera professiona need for the information. NAVAL WARFARE PUBLICATIONS CUSTODIAN The responsibiity for managing the NWPL is assigned to an officer or senior petty officer who is responsibe to the executive officer, department head, or division officer. This assignment is a coatera duty, and the person assigned is known as the nava warfare pubications custodian (NWPC). This person is responsibe for the overa administration and security of the NWPL in accordance with the Nava Warfare Documentation Guide, NWP 0 (NWP 1-01). NAVAL WARFARE PUBLICATIONS LIBRARY (NWPL) CLERK The NWPL cerk is a person assigned by the NWPC. The cerk is responsibe for the upkeep and maintenance of the ibrary. The NWPL cerk maintains a records and receipts in the centra fie, orders a necessary pubications and changes thereto, and enters a changes and amendments to pubications physicay hed in the NWPL. The cerk reports a matters of concern to the ibrary custodian. NWPL ADMINISTRATION The NWPL custodian issues pubications to hoders and short-term users. A hoder is a person who has permanent subcustody of a pubication under the centra contro of the NWPL. The hoder is responsibe for maintaining the pubication, entering a changes and amendments, and providing adequate security. A user is a person who checks out a pubication for temporary or short-term custody. Signature custody and discosure records for cassified materia are maintained as required by the Security Manua. Signature custody of uncassified pubications is not required. However, the records of the NWPL shoud provide an up-to-date ocation of pubications that have been issued to hoders or checked out to users. Where signature custody is not required, a ocator card maybe used in pace of a cataog card to check out pubications to users. NWPL MAINTENANCE Severa basic fies are used in maintaining the NWPL. One is the custody fie, which contains a NWPL Cataog Card, OPNAV Form (figure 2-11), for each nava warfare pubication on aowance or on board. The purpose of this fie is to maintain an up-to-date record of the hoder and ocation of each pubication. This record aso heps keep track of entries and changes to the pubication. The cataog card can aso be used as a custody card and as a destruction record. When used as a record for security purposes, it must be retained as required by the Security Manua. The administrative fie, sometimes caed the transaction fie, contains designation etters for custodian, oca aowance/inventory sheets, the directives fie, responsibiity acknowedgment forms, 2-32

65 Figure NWPL Cataog Card. 2-33

66 pubication notice route sips, destruction records, inspection documentation etters, and copies of a correspondence pertaining to nava warfare pubications. Incuded in the administrative fie is the Change Entry Certification form, OPNAV 5070/12, shown in figure This form is fied out by the hoder of the appicabe pubication. Materia in the administrative fie must be retained for 2 years. NWPL BINDERS Binders for U.S. nava warfare pubications are coor-coded according to their security cassification. The coor codes are RED for Secret, YELLOW for Confidentia, and BLUE for uncassified. Aied/NATO pubications have white binders regardess of security cassification. Figure Change Entry Certification form. 2-34

67 ENTRY OF CHANGES The timey and accurate entry of changes to NWPL pubications is necessary to ensure accurate, up-to-date information as we as information continuity. The NWPL cerk is responsibe for making changes or corrections to NWPL pubications or ensuring that hoders receive. and make the changes in a timey manner. Changes are often so numerous that a communications personne may become invoved in making them. The NWPL cerk is responsibe for ensuring that a personne making changes or corrections to NWPL pubications know the proper procedures for making these changes. These procedures are a foows: Check the Foreword or Letter of Promugation of the change for the effective date of the change/correction to ensure that the pubication to be corrected is effective. Read a the specific instructions contained in the change or correction before making the entry. Use any dark ink EXCEPT RED for pen-and-ink entries. Red is not visibe under red night ights used aboard ship. Type engthy pen-and-ink corrections on a paste-in cutout. A superseded matter must be deeted in ink prior to inserting the cutout. Use faps when no room exists for a cutout. When used, faps shoud be attached to the binder side of the page. Use rubber cement or muciage for pasting instead of gue or gummed tape. Make a notation in the margin adjacent to the entry after making pen-and-ink corrections, citing the source of the correction; for exampe, ALCOM 007/96. After page changes are entered, a page check must be conducted and the page change and page check recorded on the Record of Changes and Corrections sheet. Corrections to NWPL pubications are issued by message when the materia requires rapid dissemination. These numerica message corrections (NMCs) are normay sent as genera messages. NMCs are assigned a two-number designation separated by a sant sign. The first number indicates the sequentia number of the message correction to the origina or revised pubication. The ast number is the printed change that incorporates the materia. For exampe, NMC 7/3 is the 7th message correction and is incorporated into the pubication by change 3. PUBLICATION NOTICE A pubication notice gives a brief summary of a new pubication or change. The notice is incuded with each hardback copy and is furnished soey for routing by the NWPC. These notices keep a cognizant personne informed of the changes to nava warfare pubications. The notices are destroyed when no onger usefu. WATCH-TO-WATCH INVENTORY To ensure positive contro of NWPL pubications, a watch-to-watch inventory shoud be conducted. At the change of each watch, the watches jointy conduct a visua inventory of every pubication hed by the watch section. Those oose-eaf pubications requiring a page check at the end of the watch must be indicated on the inventory sheet. The signing of the watch-to-watch inventory by the reieving watch certifies that the pubications were sighted, the required page checks were conducted, and that the reieving watch stander is responsibe for them. Any discrepancies shoud be resoved prior to the reieving of the watch. A signatures in the watch-to-watch inventory must be in ink. The inventory may be destroyed after 30 days if it is no onger needed for oca reference. If watch-to-watch inventories are not required aboard ship, a daiy inventory is required. EXTRACTS Nava warfare pubications may be extracted/ reproduced for use in training or operations of U.S. forces. A extracts must be propery marked with the security cassification and safeguarded in accordance with the Security Manua. The cassification assigned to an extract is the highest cassification assigned to any artice, paragraph, page, or pages from which the information is taken. Guidance for aied (NATO) pubications is found in their NATO etters of promugation. 2-35

68 RECEIVING NEW OR REVISED PUBLICATIONS When new or revised pubications are received, you shoud check the Foreword and the U.S. Letter of Promugation for the effective status of the pubication. The Foreword shows the effective status of the pubication for aied usage; the U.S. Letter of Promugation for U.S. use. A revision to a pubication can be issued that is effective for U.S. use but not for aied use. Particuar care shoud be taken not to destroy the previous edition unti the new revision is effective for aied use as we. ALLIED COMMUNICATIONS PUBLICATIONS With wordwide cooperation among friendy nations and the United States, the need arose for coordinated and standardized communications. To meet this need, the aied communications pubications (ACPs) were deveoped. The ACP series provides communications instructions and procedures essentia to conducting combined miitary operations and communications in which two or more aied nations are invoved. A Radioman s work often requires famiiarity with ACPs. JOINT ARMY-NAVY-AIR FORCE PUBLICATIONS Joint Army-Navy-Air Force pubications (JANAPs) were deveoped to coordinate and standardize communications among the U.S. miitary services. The pubication Status of Noncryptographic JANAPs and ACPs, JANAP 201, ists the short and ong tites, content of each pubication, and the current edition of JANAPs and ACPs. NAVAL TELECOMMUNICATIONS PUBLICATIONS Nava teecommunications pubications (NTPs) are the main communications pubications in use by the U.S. Navy, Coast Guard, and Marine Corps. The NTPs incude information and guidance from basic communication information (NTP 4), to frequency spectrum management (NTP 6), and commercia traffic (NTP 9), just to name a few areas of communications. NAVAL WARFARE PUBLICATIONS Nava warfare pubications (NWPs) incorporate the resuts of feet tactica deveopment and evauation programs and feet and aied (NATO) experience. NWPs aso provide information about the tactica capabiities and imitations of equipment and systems. NWP 0 (NWP 1-01) provides guidance for managing the NWPL and ists the pubications contained in the ibrary. FLEET TELECOMMUNICATIONS PUBLICATIONS Feet teecommunications pubications (FTPs) are the guiding doctrine of a NCTAMS for the communications area under its jurisdiction. To provide optimum communications responsiveness to feet requirements. FTPs incorporate the unique communications procedures for the COMMAREA into a standardized feet-oriented procedura document. FTPs are based on the NTP series. COMMUNICATIONS INFORMATION BULLETINS Communications information buetins (CIBs) are deveoped by each NCTAMS to provide reference information on specific tactica communications subjects. CIBs aso provide communications operating personne with communications procedura information appicabe to a specific COMMAREA. NTP 4 ists the CIBs and their contents. SUMMARY As you have earned from this chapter, the nava communications estabishment is quite compex. We communicate not ony with other U.S. nava commands, both at sea and ashore, but aso with other U.S. miitary services and aied nations. Before the messages that you send reach their destinations, they may trave through other networks in the Defense Communications System. We have introduced you to the basic principes of communications management, evauation of both personne and the work area, and duties of individua positions within the command. We have aso covered various categories of messages that have both interna and externa use in the message center. 2-36

69 This chapter has introduced you to the standard procedures associated with handing incoming and outgoing messages. Because of the voume of messages a teecommunications center processes, it is essentia that communications personne observe a the handing procedures to prevent osing or deaying deivery of messages to subscribers. Understanding the communication pan wi give you a view of the ever-changing overa pans for your ship or shore station and its requirements for mission competion. The various pubications that you, as a communicator, rey on are continuay being updated. Communications is an area that is constanty changing in areas of equipment and procedures. Therefore, it is important you become thoroughy famiiar with a the pubications and current changes that pertain to your communications area. The tasks of a message center are extremey important. Your understanding of the handing procedures is key to providing fast and accurate communication to the feet. 2-37

71 CHAPTER 3 COMMUNICATIONS SECURITY LEARNING OBJECTIVES Upon competing this chapter, you shoud be abe to do the foowing: Identify the procedures used in handing, inventorying, destroying, and setting up COMSEC equipment. Identify reports and forms associated with CMS reporting requirements. Identify the procedures and measures to be used with transmission security. As a Radioman, you wi often dea with sensitive subject matter that requires specia security handing. It is for this reason that we have communications security (COMSEC). Within the framework of COMSEC, we have directives and requirements that dea specificay with communications materia. COMSEC invoves a the protective measures taken to deny unauthorized persons information derived from the possession and study of teecommunications reating to nationa security. COMSEC aso consists of the measures taken to ensure the authenticity of our communications. COMSEC incudes the foowing: Cryptosecurity, which resuts from measures taken to provide technicay sound cryptosystems and their proper use; Physica security, which resuts from physica measures taken to safeguard COMSEC materia and information; Transmission security, which resuts from measures designed to protect transmissions from interception and expoitation by means other than cryptoanaysis; and Emission security, which resuts from measures taken to deny unauthorized persons information derived from the interception and anaysis of emanations from crypto and teecommunications equipments. In this chapter, we wi see how these eements of COMSEC are unique to the duties of a Radioman. CRYPTOSECURITY The Navy has instituted a unique distribution system to achieve technicay sound cryptosystems. The Navy has aso deveoped strict accountabiity and contro procedures to ensure proper use of cryptosystems. COMMUNICATIONS SECURITY MATERIAL SYSTEM (CMS) The CMS is designed to ensure the proper distribution, handing, and contro of COMSEC materia and to maintain the cryptographic security of communications. Procedures governing the CMS can be found in Communications Security Materia System (CMS) Poicy and Procedures Manua, CMS 1. CMS Account Every command with a CMS account is assigned an account number by the Director, Communications Security Materia System (DCMS). A command or activity with a CMS account number receives its COMSEC materia directy from nationa and Navy sources. A CMS account command may aso be responsibe for COMSEC materia transferred to other commands. The command assigns a CMS custodian 3-1

72 and aternates the responsibiity for a overa management of the CMS account. CMS Custodian and Aternate Custodians The CMS custodian is the person designated in writing by the commanding officer to maintain the CMS account for the command. The aternate custodians are aso designated in writing by the commanding officer and assist the CMS custodian. In the custodian s absence, the aternates assume the duties of the custodian. Their duties incude receiving, inventorying, destroying, and issuing COMSEC materia and equipment to authorized users and oca hoders. They are aso responsibe for training a personne invoved in CMS and submitting required COMSEC reports to the proper authority in a timey manner. CMS 1 provides detais on the responsibiities of the CMS custodian and aternates. CMS Loca Hoder A CMS oca hoder is a command or activity that receives its COMSEC materia support from a CMS account command. The oca hoder command has a designated CMS custodian and aternates who are responsibe to their commanding officer for the proper handing of COMSEC materia and training of personne invoved. For exampe, if a ship drew a of its COMSEC materia from a centra account maintained by the squadron commander, the ship woud have to be a oca hoder. Loca hoders must draw a of their materia from ony one CMS account and may not be oca hoders to two or more accounts. CMS User A CMS user is an individua who requires COMSEC materia to accompish an assigned duty or who needs COMSEC materia for advancement study or training purposes. A CMS user must be propery ceared and authorized by the commanding officer to hande CMS materia. As a Radioman, you wi most ikey become a user of COMSEC materia. CMS Witness There may be times when you wi be assigned as a CMS witness. You wi be responsibe for assisting a custodian or user in performing routine administrative tasks reated to the handing of COMSEC materia. As a witness, you must be famiiar with appicabe CMS procedures and command directives. CMS Responsibiities Whether you are a CMS user or a witness, you are responsibe for the proper security, contro, accountabiity, and destruction of CMS materia in your workspace. Everyone invoved with CMS materia must compy with the procedures in CMS 1-reated administrative and procedura pubications. You must aso compy with the CMS instructions of the command and higher authority. CMS Training Requirements The CMS custodian and aternates are responsibe for training a personne invoved with COMSEC materia in the proper handing, security, accounting, and destruction of COMSEC materia. The CMS custodian may use the Personne Quaifications Standards (PQS) for CMS as a training too. A personne who become invoved with CMS shoud compete the PQS training course. CMS Storage Requirements COMSEC materia must be stored separatey from non-comsec materia. This heps ensure separate contro for COMSEC materia and makes emergency destruction of COMSEC materia easier. COMSEC materia of different security cassifications may be stored in the same security container drawer. COMSEC materia, however, must be segregated according to cassification so that it can be destroyed in a timey manner in an emergency. Storage requirements for COMSEC keying materia are more stringent than for nonkeying materia. A COMSEC keying materia requiring two-person integrity (TPI) must be stored in such a manner that a singe person, incuding the CMS custodian, cannot obtain access. CMS 1 ists the storage requirements for COMSEC keying materia. 3-2

73 Receipt When COMSEC materia is issued to a watch station, the area must be occupied and operated on a 24-hour, 7-day-a-week basis; an 8-hour, 5-day-a-week basis; or any simiar basis (for exampe, combat information center (CIC)). COMSEC materia received at a watch station must be signed for on a oca custody document. When you are on duty, the watch supervisor is responsibe for a the COMSEC materia isted on the watch-to-watch inventory. Additionay, any required page checks wi be conducted prior to assuming responsibiity for the isted COMSEC materia. Any inventory discrepancies found must be reported immediatey to the CMS custodian or an aternate custodian in accordance with CMS 1 and aso ogged in the RADAY og. CMS Inventory Each time a watch section changes, the oncoming watch supervisor and a witness must inventory a COMSEC materia hed at a watch station. Two-person integrity must be maintained at a times during the inventory. When you inventory COMSEC materia, you must do the foowing: Account for a keying materia and page-check open keying packages; Visuay inventory a COMSEC equipment and account for equipment by quantity; and Page-check a COMSEC pubications. The inventory sheet must ist COMSEC materia by short tite, edition, and accounting number (if any). Both persons must sign the inventory sheet. CMS 1 outines the requirements for inventorying COMSEC materia. COMSEC Materia Accounting Reports COMSEC materia accounting reports provide an audit trai for a accountabe COMSEC materia. Reports may be prepared manuay or be computergenerated. There are specific requirements for submitting a reports, incuding where they go and who they go to. These requirements are found in CMS 1. The foowing reports are briefy described as to their genera use. This ist is not a-incusive Transfer Report Used to document and report the transfer of COMSEC materia from one CMS account to another or one hoder to another. Destruction Report Used to document or report the physica destruction of COMSEC materia. The destruction must be witnessed by two appropriatey ceared and authorized persons. The report must be competed immediatey after the materia is destroyed. Destruction reports are not normay submitted to DCMS uness directed to do so by DCMS. a. Loca destruction Destruction wi be documented and retained ocay using a SF 153, or a ocay prepared equivaent form (CMS 25). Top Secret and Secret destruction reports must be kept for 2 years. Loca destruction records are mandatory for a AL 1 and 2 COMSEC, regardess of cassification, and optiona for AL 3 and 4 COMSEC materia cassified Confidentia and beow. Receipt Report Used to document or report receipt of COMSEC materia (usuay used with a transfer report). Inventory Report Used to document and report the physica inventory of COMSEC materia. There are three types of CMS inventories. Fixed-cyce (FC), Specia, and Combined. a. b. c. Fixed-cyce inventory is to ensure that a accounts satisfy the nationa requirements for a semiannua inventory of keymat and an annua inventory of equipment and pubications. Specia SF 153 inventory is to satisfy the Navy requirement to conduct and document the mandatory Change of Command and Custodian inventories. Combined SF 153 inventory may sometimes be used for both the requirements for a Fixed-cyce inventory and a Specia inventory. CMS 25 ONE-TIME KEYING MATERIAL DESTRUCTION REPORT This report is a two-sided document used to record destruction of individua, one-time keying materia segments of COMSEC materia. Side one is numbered 1-31 for daiy use; the reverse side 3-3

74 expains the digraphs that are printed to the eft 6. CMS 25B COMSEC KEYING MATERIAL of the short tite on each segment of extractabe LOCAL DESTRUCTION REPORT- The tape (figure 3-). CMS 25B is a two-sided report used to record CONFIDENTIAL (When Fied In) CMS-25 ONE-TIME KEYING MATERIAL DESTRUCTION REPORT Retain this form ocay AW Annex T, CMS 1. See Chapter 7, Art 790 for instructions on destroying one-time keying materia These individua one-time keying materia cards or segments were destroyed on the dates and by the two individuas indicated beow: Forma destruction of the entire pubication iu accordance with CMS 1 on TN Grade/Signature Grade/Signature CLASSIFIED BY CMS-1 dated I CONFIDENTIAL (When Fied In) Figure 3-A.-CMS-25 ONE-TIME KEYING MATERIAL DESTRUCTION REPORT (front). 3-4

75 Figure 3-1B. CMS-25 ONE-TIME KEYING MATERIAL DESTRUCTION REPORT (back). 3-5

76 destruction of keytape segments of COMSEC keying materia packaged in the VF format (62 unique segments per canister). Destruction of segments -31A must be recorded on the A side and segments -3 1B on the B side (figure 3-2) CMS25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT The individuas whose signatures appear beow, certify that they have destroyed the individua keytape segments on the dates indicated. Retain this form in accordance with Annex T, CONFIDENTIAL (When fied in) Signature Signature Date of Destruction 29A 30A 31A, (Command Tite and Account Number) SHORT TITLE EDITION REG# AL Code Cassified by: CMS 1 Decassify on: Originating Agency s Determination Required. CONFIDENTIAL (When fied in) Figure 3-2A.-CMS 25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT (front). 3-6

77 CMS25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT The individuas whose signatures appear beow, certify that they have destroyed the individua keytape segments on the dates indicated. Retain this form in accordance with Annex T. CONFIDENTIAL (When fied in) Se Signature Signature Date of Destruction 2A 3A 4A 5A 6A - 7A 8A 9A 10A 11A A.I. 14A 15A 16A 17A (Command Tite and Account Number) Cassified by: CMS 1 Decassify on: Originating Agency s Determination Required. CONFIDENTIAL (When fied in) -- - SHORT TITLE EDITION REG # AL CODE Figure 3-2B.-CMS 25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT (back). 3-7

78 7. CMS 25MC COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT- The CMS 25MC is used to record destruction of mutipe-copy segments of COMSEC keying materia packaged in canisters (figure 3-3). CMS Destruction As a Radioman, you may very we be invoved with the routine destruction of COMSEC materia. The destruction methods that we discussed earier are aso used for COMSEC materia. CMS 1 gives compete detais on priority of destruction of CMS materias. ROUTINE DESTRUCTION.- Superseded COMSEC materia must be destroyed as soon as possibe after supersession. Keying materia marked CRYPTO must be destroyed no ater than 12 hours after supersession. Superseded authentication pubications and document; must be destroyed no ater than 5 days after supersession. EMERGENCY DESTRUCTION.- COMSEC materia that must be destroyed in an emergency is divided into three categories: Keying materia; COMSEC documents; and * COMSEC equipment. As we mentioned earier, an emergency pan consists of both precautionary destruction and compete destruction. PRECAUTIONARY DESTRUCTION.- When precautionary destruction is ordered, COMSEC materia must be destroyed as foows: CMS25B COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT The individuas whose signatures appear beow, certify that they have destroyed the individua keytape segments on the dates indicated. Retain this form in accordance with Annex T. CONFIDENTIAL (When fied in) Seg/Copy # Signature Signature Date of Destruction (Command Tite and Account Number) Cassified by: CMS 1 Decassify on: Originating Agency s Determination Required. CONFIDENTIAL (When fied in) SHORT TITLE EDITION REG# AL CODE Figure 3-3.-CMS 25MC COMSEC KEYING MATERIAL LOCAL DESTRUCTION REPORT. 3-8

79 Keying Materia Superseded keying materia must be destroyed first, then keying materia that becomes effective in 1 or 2 months. Nonessentia Cassified COMSEC Documents This materia incudes maintenance, operating, and administrative manuas. COMPLETE DESTRUCTION. When compete destruction is ordered, COMSEC materia must be destroyed as foows: Keying Materia Keying materia is aways destroyed first in the foowing order: superseded, effective, then reserve. Superseded keying materia that has been used to encrypt traffic is the most sensitive of the three categories. If superseded keying materia fas into enemy hands, a past intercepted traffic is subject to compromise and anaysis. Superseded keying materia must be destroyed within 12 hours after supersession. Effective keying materia is destroyed after superseded keying materia. Reserve keying materia is keying materia that wi become effective within the next 30 days. Reserve keying materia is destroyed after effective keying materia. Keying materia must be stored in priority order for destruction. Top Secret materia must be destroyed ahead of Secret materia, and Secret materia destroyed ahead of Confidentia materia. This appies to a categories of keying materia. COMSEC Documents COMSEC documents are destroyed next. COMSEC documents incude cryptoequipment maintenance manuas, operating instructions, genera pubications, status pubications, CMS-hoder ists and directories. COMSEC documents contain information on the types of cryptoequipments we use, the eve of technoogy we have attained, and the way our COMSEC operations are organized and conducted. COMSEC Equipment COMSEC equipment is destroyed ast. In emergencies, the immediate goa regarding cryptoequipment is to render the equipment unusabe and unrepairabe. The operating and technica manuas for cryptoequipments provide detais on the techniques for rapid and effective destruction. VERIFY DESTRUCTION. There are two parts to verifying the destruction of COMSEC materia, witnessing and inspection of destroyed materia. Two individuas conducting the destruction must personay witness the compete destruction of the materia. Then, they wi sign and date the destruction documents after a materia has actuay been destroyed. An inspection of the destroyed materia must ensure that the destruction is compete and the destruction device is working propery. When using shredders, choppers, puverizers or pupers, you need ony to examine a sampe of the residue. If you are using an incinerator, verify that a residue is broken up by stirring or sifting through the remains. The ast detai is to inspect the surrounding area afterwards to ensure that no materia escaped during the destruction process. The destruction pan itsef is contained in the overa emergency pan. The emergency pan shoud aways provide for securing, removing, or destroying the materia, depending on the situation. The appropriate course of action and timing shoud be stated in the overa destruction pan. For exampe, if there is a oca civi uprising that appears to be short-ived, destroying a materia woud probaby not be necessary. In this situation, a partia destruction of the more sensitive superseded materia might be made, some of the remaining materia removed, and the rest secured. The commanding officer wi normay impement the emergency pan. Shoud the situation prevent contact with the commanding officer, other individuas, such as the COMSEC officer or COMSEC custodian, are usuay authorized to impement the pan. During an emergency, personne safety overrides the destruction priority. TWO-PERSON INTEGRITY Two-person integrity (TPI) is the security measure taken to prevent singe-person access to COMSEC keying materia and cryptographic maintenance manuas. TPI is accompished as foows: The constant presence of two authorized persons when COMSEC materia is being handed; The use of two combination ocks on security containers used to store COMSEC materia; and 3-9

80 The use of two ocking devices and a physica barrier for the equipment. At no time can one person have in his or her possession the combinations or keys to gain one access to a security container or cryptographic equipment containing COMSEC materia. Neither can one person have soe possession of COMSEC materia that requires TPI security. CRYPTOGRAPHIC OPERATIONS AND OPERATOR REQUIREMENTS As a Radioman, you wi be required to earn and understand the more detaied procedures and processes invoving cryptographic operations. Cryptographic procedures and associated equipments are governed by many strict rues and standards. To understand cryptographic operations and their importance, you must understand the foowing terminoogy: CRYPTO The marking CRYPTO is not a security cassification. This marking is used on a keying materia and associated equipment to protect or authenticate nationa security-reated information. A materia and equipment marked CRYPTO require specia consideration with respect to access, storage, and handing. CRYPTOMATERIAL The term cryptomateria refers to a materia, such as documents, devices, or apparatus, that contain cryptoinformation. Furthermore, the materia must be essentia to the encryption, decryption, or authentication of teecommunications. Cryptomateria is aways cassified and is normay marked CRYPTO. Cryptomateria that suppies equipment settings and arrangements or that is used directy in the encryption and decryption process is caed keying materia. Keying materia is afforded the highest protection and handing precautions of a information and materia within a cryptosystem. Keying materia is aways given priority when an emergency pan is impemented. CRYPTOINFORMATION The category of cryptoinformation is aways cassified. This type of information normay concerns the encryption or decryption process of a cryptosystem. It is normay identified by the marking CRYPTO and is subject to a the specia safeguards required by that marking. CRYPTO-RELATED INFORMATION Crypto-reated information may be cassified or uncassified. It is normay associated with cryptomateria but is not significanty descriptive of it. In other words, it does not describe a technique or process, a system, or equipment functions and capabiities. Crypto-reated information is not marked CRYPTO and is not subject to the specia safeguards normay associated with cryptoinformation. CRYPTOSYSTEM The term cryptosys- tern encompasses a the associated items of cryptomateria that are used together to provide a singe means of encryption and decryption. A items of a reated nature that combine to form a system must be given the strictest security. Any faiure, equipment, or operator that adversey affects the security of a cryptosystem is caed cryptoinsecurity. GENERAL AND SPECIFIC CRYPTO- SYSTEMS During your cryptographic duties, you wi sometimes hear the terms genera and specific appied to some cryptosystems. A genera cryptosystem consists of a basic principe and method of operation, regardess of the cryptomaterias used. In other words, regardess of the types of materias or eements used, the method of operation wi aways be the same, whether encrypting, decrypting, or authenticating. A specific cryptosystem is one within a genera system that is necessary and confined to actua encryption, decryption, or authentication. These systems are identified by the short and ong tites of their variabes. CRYPTOVARIABLES A cryptovariabe is an eement of a cryptosystem that directy affects the encryption and decryption process. These variabes are divided into two types: primary and secondary. A primary cryptovariabe is the most readiy and frequenty changed eement of a cryptosystem. A secondary cryptovariabe is one that permits change of circuit operation without atering the basic equipment. A secondary cryptovariabe must aso be used in conjunction with appropriate primary variabes. The commanding officer is responsibe for ensuring that personne are thoroughy trained and certified for cryptographic duties. This training may be forma or 3-10

81 on-the-job training. The CMS custodian is responsibe for ensuring that cryptographic operators receive the training necessary to perform these duties and that they meet the foowing minimum quaifications: Be propery ceared for access to the materia with which they wi be working; Be authorized by the commanding officer to perform crypto duties; and Be famiiar with oca crypto procedures. TRANSMISSION SECURITY Transmission security resuts from measures designed to protect transmission from interception and expoitation by means other than cryptographic anaysis. In the next paragraphs, we wi discuss specific methods of transmission security. COMMUNICATIONS SECURITY (COMSEC) EQUIPMENT There are numerous types of cryptographic equipment used throughout the Navy. However, they a perform the same basic function to encipher or decipher a communications signa. During secure transmission, the cryptoequipment accepts a pain text teeprinter or data signa containing cassified information from the cassified (red) patch pane and adds a key (randomy chosen bits generated internay). This composite signa is reayed as an encrypted signa. Foowing this encryption, the signa is fed to the uncassified (back) patch pane where it is patched directy to a converter. This converted audio signa is then routed to the transmitter for transmission. Over-the-Air Rekey/Transfer (OTAR/OTAT) Many of the new cryptosystems that use the 128-bit eectronic key (ANDVT, KY-58, KG-84A/C, and KY-75) are now capabe of obtaining new or updated key via the circuit they protect or other secure communications circuits. This process is known as over-the-air rekey (OTAR) or over-the-air transfer (OTAT). The use of OTAR or OTAT drasticay reduces the distribution of physica keying materia and the physica process of oading cryptoequipments with key tapes. A station may have nothing to do with actua physica CRYPTO changeovers on a day-to-day basis. A an operator woud have to do is observe the aarm indications and ensure the aarm indicator returns to operate. The eectronic key woud normay come from the Net Contro Station (NCS). The added feature of OTAT is that the key can be extracted from an OTAT-capabe cryptosystem using a KYK-13 or KYX-15/KYX-15A. The key is then oaded into another cyptosystem as needed. More detaied information on OTAR/OTAT is avaiabe in the Procedures Manua for Over-the-Air Transfer (OTAT) and Over-the-Air Rekey (OTAR) and Fied Generation and Over-the-Air Distribution of Tactica Eectronic Key, NAG-16C/TSEC. Authentication Authentication is a security measure designed to protect a communications or command system against frauduent transmissions or simuation. Authenticating systems have instructions specifying the method of use and transmission procedures. By using an authenticating system propery, an operator can distinguish between genuine and frauduent stations or transmissions. A station may incude authentication in a transmitted message. This security measure is caed transmission authentication. The types of authentication are: Chaenge and Repy This is a prearranged system whereby one station requests authentication of another station (the chaenge). By a proper response, the atter station estabishes its authenticity (the repy). Transmission Authentication A station estabishes the authenticity of its own transmission by either a message- or a sef-authentication method. A message authentication is a procedure that a station uses to incude an authenticator in the transmitted message. Sef-authentication is a procedure that a station uses to estabish its own authenticity, and the caed station is not required to chaenge the caing station. The foowing exampes are instances when authentication is mandatory: A station suspects intrusion on a circuit; A station is chaenged or requested to authenticate; A station directs radio sience or requires another station to break an imposed radio sience; and 3-11

82 A station transmits operating instructions that affect communications, such as cosing down a station, shifting frequency, or estabishing a specia circuit. You can find further information on authentication in Communications Instructions Security (U), ACP 122. MEACONING, INTRUSION, JAMMING, AND INTERFERENCE (MIJI) MIJI is a term used to describe four types of interference that you are ikey to experience in a given situation. Meaconing is the interception and rebroadcast of navigation signas. These signas are rebroadcast on the received frequency to confuse enemy navigation. Consequenty, aircraft or ground stations are given inaccurate bearings. Meaconing is more of a concern to personne in navigation ratings than to you as a Radioman. However, communications transmitters are often used to transmit navigation signas. Since communications personne operate the transmitters, they must know how to dea with any communications probems resuting from meaconing. Intrusion is defined as any attempt by an enemy to enter U.S. or aied communications systems and simuate our traffic to confuse and deceive. An exampe of intrusion is an unauthorized radio transmission by an unfriendy source pretending to be part of an air traffic contro service and giving fase instructions to a piot. Jamming is the deiberate radiation, reradiation, or refection of eectromagnetic signas to disrupt enemy use of eectronic devices, equipment, or systems. In jamming operations, the signas produced are intended to obiterate or obscure the signas that an enemy is attempting to receive. Some common forms of jamming incude: Severa carriers adjusted to the victim frequency; Random noise ampitude-moduated carriers; Simuated traffic handing on the victim frequency; Random noise frequency-moduated carriers; Continuous-wave carrier (keyed or steady); and Severa audio tones used in rapid sequence to ampitude moduate a carrier (caed bagpipe from its characteristic sound). Interference is normay a nondeiberate intrusion upon a circuit. It unintentionay degrades, disrupts, obstructs, or imits the effective performance of eectronic or eectrica equipment. Interference usuay resuts from spurious emissions and responses or from intermoduation products. Sometimes, however, interference may be induced intentionay, as in some forms of eectronic warfare. An exampe of interference is the interruption of miitary transmissions by a civiian radio broadcast. The more effective methods of deaing with MIJI are contained in Feet Communications, NTP 4, and in Reporting Meaconing, Intrusion, Jamming, and Inteference of Eectromagnetic Systems, OPNAVINST SUMMARY In this chapter we introduced you to the basic concepts of communications security, described various cryptosystems, and famiiarized you with the procedures and methods of transmission security. As a Radioman, you have a two-fod job concerning security. The first, of course, is to propery perform your duties within genera security guideines. Security guideines pertain to everyone in every officia capacity. Second, you must aso perform your duties in such a manner as to protect the integrity and overa vaue of secure communications. Security vioations resut from bad persona habits, security indifference, occupationa fatigue, or ignorance of estabished reguations. When security vioations occur in instaations ocated in foreign countries, the vioations become more serious because of an activity s greater vunerabiity to hostie expoitation. With respect to COMSEC, security vioations coud prove costy. Security precautions mentioned in this chapter do not guarantee compete protection, nor do they attempt to meet every conceivabe situation. Anyone who adopts a commonsense outook can, however, sove most security probems and gain a knowedge of basic security reguations. For information on oca security rues, study your command s security reguations. 3-12

83 CHAPTER 4 AIS SECURITY LEARNING OBJECTIVES Upon competing this chapter, you shoud be abe to do the foowing: Identify the procedures for issuing and updating user identification and passwords and for vaidating customer authorization. Identify the procedures for performing, directing, and vaidating security inspections and for reporting and investigating security vioations. Identify the procedures for deveoping and updating security pans. Recognize how to impement and evauate countermeasures and contingency pans. Identify the procedures for preparing and updating emergency action pans. Expain how to impement and evauate security test and evauation procedures. Expain how to safeguard AIS cassified materia. AIS security is a cyce of events that never ends. You start with the deveopment of a security pan for the faciity. This pan incudes conducting an in-depth risk assessment covering different types of disasters that threaten the security of the AIS faciity. Once the security pan is in pace, the inspections begin. You wi be responsibe for preparing the inspection pan and conducting the inspection using the guideines provided in the security instructions. In this chapter, you wi earn about AIS security from the impementation of the security pan through conducting security inspections. This incudes AIS threat and risk anaysis, disaster protection, contingency panning, inspection preparation, and data privacy. WHAT IS AIS SECURITY? AIS security is more than protecting cassified information and keeping unauthorized personne out of your AIS faciity. It is protecting equipment, media, data and peope. AIS security is imiting access, avoiding misuse, and preventing destruction. It is preventing changes to data that woud make the data unreiabe. It covers the denia of service and the destruction of computer rooms, the oss of confidentiaity, fraud, the theft of computer time as we as the computer itsef. AIS security is a critica part of your job. As you probaby noticed from reading the earning objectives, AIS security has its own terminoogy and jargon. To carry out your AIS responsibiities, you need to be famiiar with these terms and their meanings. AIS SECURITY CONCEPTS Our AIS security goa is to take a reasonabe measures to protect our AIS assets. Keep in mind that AIS assets (hardware, software, data, suppies, documentation, peope, and procedures) have vaue. 4-1

84 Their vaue can usuay be stated in doar terms. It costs money to repair or repace hardware. It costs money to reprogram and redocument. It costs money to retrain personne. Unauthorized access costs money. Service deays cost money. AIS Assets Our AIS assets (figure 4-1) incude the faciities, hardware, software, data, suppies, documentation, peope and procedures. These assets combine to provide service. Service is computer time, teecommunications, data storage, user support, appication system deveopment, and operation. Service must be avaiabe to those authorized to receive it when they request it. Information is at the top of the triange. It is the utimate AIS asset. Information is the reason the rest exists. Threats Threats are things that can destroy your assets (figure 4-2). Easy to recognize, threats come in two basic forms: peope and environmenta changes. Peope are a threat because they sometimes do unexpected things, make mistakes, or misuse resources, stea, subvert, and sabotage (deiberate threats). Some of us even smoke and spi soft drinks in computer rooms. Environmenta threats are things ike heat, humidity, exposions, dust, dirt, power peaks, power faiures; and natura disasters ike fire, foods, hurricanes, thunderstorms, and earthquakes. Hardware faiures and compromising emanations are aso threats. Another term associated with threats is their probabiity of occurrence. What is the ikeihood that something wi happen? Probabiities are measured in time once a pico second, once a memory cyce, once a fisca year, once a century. Vunerabiity Threats cannot reach an AIS asset without the aid and assistance of a vunerabiity. Vunerabiities are the hoes threats sneak through or weaknesses they expoit. Vunerabiities are caused by ack of AIS security panning, poor management, disorganization, disorder, inadequate or improper procedures, open data and open door poicies, undocumented software, unaware or unconcerned personne. You can hep imit the vunerabiities by foowing estabished AIS security. poicies and procedures. Successfu Attacks and Adverse Events Successfu attacks and adverse events resut from a combination of threats, vunerabiities, and AIS assets. When a threat takes advantage of a vunerabiity and does harm to your AIS assets, a successfu attack or adverse event has occurred. Successfu attacks and adverse events may be roughy grouped as osses or abuses. You can ose hardware, software, and data. You can ose documentation and suppies. You can ose key staff personne. Losses often resut in denia of service, preventing access to information when it is Figure 4-1. AIS assets. 4-2

85 Figure 4-2. Threats to AIS assets. needed. Abuse reates to unauthorized access to service, unwanted destruction or ateration of data and software, and unauthorized discosure of cassified information. We have an adverse event with every fire and with every food caused by a broken pipe in a computer room. We have a successfu attack with every bowing score, recipe, or schoo paper stored onine, and with every computer hacker that pays crash-the-computer or scrambe-the-data. Likeihood and Risk Likeihood and risk reate to successfu attacks and adverse events. Likeihood reates to chance-what is the ikeihood (probabiity) that a successfu attack or an adverse event wi occur? Risk has to do with money; it tes us about the cost of oss or abuse from an adverse event overtime. We first ask, What is the vaue of the AIS asset that wi be abused or that we wi ose if a given successfu attack or adverse event occurs? Then we ask, How often can we expect that 4-3

86 particuar attack or event to occur? Remember, the successfu attack or adverse event resuts from a particuar threat expoiting a particuar vunerabiity. It is very specific reasoning. The greater the vaue of the AIS asset and the more ikey the successfid attack or adverse event, the greater the risk. Figure 4-3 shows this risk anaysis concept. Risks are usuay expressed in terms of doars per year, the annua oss expectancy. Countermeasures Once the threats and vunerabiities are known and the ikeihood and risk of a successfu attack or an adverse event are determined, a pan is deveoped to set up countermeasures (contros) to essen or eiminate the vunerabiities. If you have a countermeasure, you have a protected vunerabiity. If you have an unprotected vunerabiity, you do not have a countermeasure. Some countermeasures hep us prevent adverse events, whereas others detect adverse events. We have measures to minimize the effects of successfu attacks or adverse events. We aso have measures, caed contingency pans, to recover from a successfu attack or an adverse event. Figure 4-4 gives an exampe of each type of security measure strategy as it reates to fire oss. Figure 4-5 shows threats, vunerabiities, and countermeasures to our assets. Another way to categorize countermeasures is by type: physica, technica, administrative, and manageria (figure 4-6). PHYSICAL CONTROLS. We usuay think of physica contro first. They incude the ocked computer room door, physica ayout, fire extinguishers, access barriers, air conditioners, moisture detectors, and aarms. Figure 4-3. AIS security risk anaysis. TECHNICAL CONTROLS. Technica contros are embedded in hardware, software, and teecommunications equipment. They are diagnostic circuitry, component redundancies, and memory protect features. They are contros buit into the operating system. They incude og-on IDs and passwords to enabe ony authorized users access to the computer system. They are accounting routines, encryption coding, and audit trais. ADMINISTRATIVE CONTROLS. Administrative contros concern peope and procedures. They incude who is authorized to do what, methods to keep track of who enters a sensitive area, who receives a deivery, and who requests a sensitive report. The operating procedures you foow wi sometimes incude security requirements. You are responsibe for adhering to the procedures to ensure AIS requirements are met. MANAGERIAL CONTROLS. Manageria contros tie everything together. They concern panning and evauation. They incude audits to review the effectiveness and efficiency of the countermeasures. They check to make sure that the measures are actuay in pace, being foowed, and working. Probems found require repanning and reevauation to see that corrections are made. RISK MANAGEMENT Risk management invoves assessing the risks, determining oss potentia estimates, and seecting countermeasures appropriate to prevent, detect, minimize, and recover from successfu attacks and adverse events. Management seects the countermeasures, making sure that the cost of the measure is ess than the cost of the risk. The trick is to seect the countermeasure that wi resut in the owest tota cost whie taking a reasonabe measures to protect our AIS assets. Keep in mind that the presence of a vunerabiity does not in itsef cause harm. A vunerabiity is merey a condition or set of conditions that may aow the computer system or AIS activity to be harmed by an attack or event. Aso, keep in mind that an attack made does not necessariy mean it wi succeed. The degree of success depends on the vunerabiity of the system or activity and the effectiveness of existing countermeasures. Countermeasures may be any action, device, procedure, technique, or other measure that reduces the vunerabiity of an AIS activity or computer system to the reaization of a threat. 4-4

87 Figure 4-4. An exampe of countermeasures against fire oss. Not a attacks and events can be avoided. If we cannot reasonaby prevent something, we want to detect the probem as eary as possibe, minimize the damage and destruction, and recover as quicky and efficienty as possibe. To hep us minimize and recover, we deveop contingency pans. Figure 4-5. Threats, vunerabiities, and countermeasures. Contingency pans (backup pans) provide for the continuation of an activity s mission during abnorma operating conditions. These are pans for emergency response, backup operations, and post-disaster recovery. They incude a preparation phase that incudes the steps to be taken in anticipation of a oss to Figure 4-6. Types of AIS security countermeasures. 4-5

88 essen damage or assist recovery. The action phase incudes the steps to be taken after a successfu attack or adverse event to minimize the cost and disruption to the AIS environment. SCOPE OF AIS SECURITY As the Navy has become increasingy dependent on the use of AIS for its payro, suppy functions, tactica information, and communications, the need to protect AIS assets has taken on greater importance. Risk management is an ongoing effort. Whether you are in a arge AIS faciity with a fu-time information system security manager (ISSM) or a faciity where the functions of the ISSM are a coatera duty, your instaation wi have estabished security measures to protect its AIS assets. The five areas of consideration for the Navy s AIS security program are hardware (I), data (II), human resources (III), software (IV), and communications (COMM) (V). These are shown in figure 4-7. Because each AIS faciity is different, each faciity has its own AIS security risk management program. You be responsibe for foowing the requirements of your faciity s AIS security program. In the next paragraphs, you wi earn about management responsibiities, your responsibiities, physica security measures, and data security measures. Again, our goa in AIS security is to prevent or minimize the opportunity for modification, destruction, discosure, or denia of service. MANAGEMENT RESPONSIBILITY AIS security is everyone s responsibiity, and ony the commanding officer (CO) can ensure that AIS security receives the support required at every eve. The success of your command s AIS security program depends upon the support of the CO. The CO and the AIS security staff are responsibe for taking the necessary steps to provide an adequate eve of security for a AIS-reated activities, automated information systems, and networks, incuding those deveoped, operated, maintained, or provided by contractors. Each AIS faciity has an information system security manager (ISSM). His or her primary duty is to serve as the singe point of contact for a matters reating to AIS security at your command. The ISSM usuay reports directy to the CO. Now, et s tak a itte about the security staff. Figure 4-7. Department of the Navy AIS security areas. 4-6

89 Many factors determine the numbers and types of peope assigned to the AIS security staff. These factors incude the type of activity, its size, its hardware configuration(s), types of work to be processed, and so on. Your command s AIS security staff may incude any one, severa, or a of the foowing peope: Command security manager; Information system security manager (ISSM); Information system security officer (ISSO); Network security officer (NSO); Termina area security officer (TASO). These peope are speciaists. Some day you may be one of them. They have been trained and are knowedgeabe in such areas as the foowing: * Genera security awareness; User and customer security; Security administration; Security vioation reporting; Hardware and software security; Systems design security; Termina and device reated security; Teecommunications security; Physica security; Personne security; Computer auditing; Data security; Risk assessment methodoogy; Contingency and backup panning; AIS security and Navy contractors; Disaster recovery; Security accreditation; and Security test and evauation. From this ist you can see that AIS security is a compex area and requires many speciaized skis and knowedges. In addition, each member of the AIS security staff is responsibe for ensuring that you are adequatey trained in AIS security. Do you know the name of your command ISSM? If not, seek him or her out and find out what your responsibiities are, rather than finding out the hard way through a bad experience. That brings us to your responsibiities. PERSONAL RESPONSIBILITY You pay an important roe in the success of your command s security program. As we stated earier, security is everybody s job, from seaman recruit to admira. Do not eave istings unattended or fies open for unauthorized browsing. If you see a stranger in your work area, it is your job to confront (chaenge) that individua regardess of his or her rate or rank, job tite, or status within or outside of your command. For the most part, you know who is authorized to be in your work area. As a computer operator, you are responsibe for protecting hardware from fire, food, sabotage, and interna tampering. You are aso concerned with protecting appications software, systems software, program and data fies, and a forms of input and output media with which you wi be working. If you are working in the magnetic media ibrary, you are responsibe for protecting a ibrary-reated equipment (tape/disk ceaners, tape degaussers, tape/disk certifiers, and so on). If you are handing and working with cassified media and materias, you must hande, store, and dispose of them in accordance with estabished procedures. The same rues appy regardess of what area you maybe working in; whether you are a data entry operator, a contro cerk in production contro (I/O), a computer programmer, or an anayst. A positions require you to pay attention to AIS security. The key word is protect. Beieve it or not, AIS security is not reay that difficut to understand, nor is it difficut to carry out. Sixty-five percent of it is nothing more than using good od common sense; the remaining thirty-five percent comes from awareness that you get through proper training. Try thinking of AIS security and protecting its reated assets the same way you woud protect your home and persona effects. In AIS we are taking miions of doars, some of them yours. Think about the kind of AIS security you woud want to have instaed if that AIS faciity were yours and what you woud do to protect a its assets. From this point on, the rest is up to you. Stay aert, keep your eyes and ears open to what is going on around 4-7

90 you, and never hesitate to chaenge or question someone or something that you fee is wrong or out of character. PHYSICAL SECURITY MEASURES Physica security is the one area with which you are most ikey to be famiiar. It deas with such things as personne, the environment, the faciity and its power suppy(ies), fire protection, physica access, and even the protection of software, hardware, and data fies. Your command must provide physica security for your AIS faciity. The degree of physica security at your instaation or command depends on its physica characteristics, its vunerabiity within the AIS environment, and the type of data processed. Minimum physica security requirements incude four basic areas that your command must address: physica security protection, physica access contros, data fie protection, and natura disaster protection. Physica security protection. Physica security protection takes on two forms. The first is physica barriers, such as soid was, caged-in areas, buetproof gass, ocked doors, and even continua surveiance of the controed area. The second invoves peope and the procedures that you must foow, such as ooking up names on the access ist to determine who is authorized in a given space or area. There are aso escort procedures you must foow to be sure that your party gets to the right pace and/or person. Physica access contros. Physica access contros are impemented to prevent unauthorized entry to your computer faciity or remote termina areas. Physica access contros can be accompished in severa ways: conventiona key and ock set, eectronic key system, mechanica combination ock, or eectronic combination ock. Regardess of the type of system instaed at your command, it is important to remember that keys beong on your key-ring or chain, eectronic keys or cards shoud be in your possession at a times (except when seeping), and combinations shoud be memorized, not written down somewhere for everyone to see. Data fie protection. Physica access to data fies and media ibraries (magnetic disks, tape fies, microforms, and so on) is authorized ony to those personne requiring access to perform their job. Natura disaster protection. The effects of natura disasters must be prevented, controed, and minimized to the extent economicay feasibe by the use of detection equipment (heat sensors, smoke detectors), extinguishing systems, and we conceived and tested contingency pans. Environmenta Security Temperature and humidity can affect the operation of your - computer faciity. Whenever possibe, computer equipment is operated within the manufacturer s optimum temperature and humidity range specification. Fuctuations in temperature and/or humidity over an extended period of time can cause serious damage to the equipment. So, with that in mind, you are probaby asking yoursef, What are the acceptabe eves for computer operation? Normay, you can find this information in the command s standard operating procedures (SOPs), or you can check with your supervisor. If neither are avaiabe, a safe rue of thumb is a temperature of 72 Fahrenheit, ±2, and a humidity of 55%, ±5%. To maintain a constant temperature and humidity to the computer faciity or remote termina areas, keep a doors and windows cosed. Because temperature and humidity are vitay important to computer performance, it is essentia that ony designated personne be aowed to reguate these types of environmenta contros. If your workspace has a recording instrument to monitor the temperature and humidity, by a means check it periodicay to be sure it is within the prescribed imits. If you notice a significant fuctuation (up or down), notify your supervisor. Some devices have buit-in warning signas (a ight, audibe sound, or both) to warn you of near-imit conditions for temperature and/or humidity. Lighting You are responsibe for ensuring that adequate ighting is maintained. Be particuary attentive to emergency ights. If they are not functioning propery, report the probem to your supervisor as soon as possibe. Emergency ights are instaed for your protection and safety, not for the safety of the equipment. They are there to ensure a quick exit if you must evacuate in a hurry. 4-8

91 Physica Structure Security In the Navy we often decide we need computer equipment and then wonder where we are going to insta it. The existing buiding (or shipboard compartment) may not end itsef to the physica security requirements needed to protect the system. Things ike fase overheads (ceiings) can concea water and steam pipes. The pipes shoud be checked on a reguar basis and any irreguarities reported immediatey. Personne shoud be famiiar with the ocations and operation of the cut-off vaves for the pipes. Air-conditioning ducts in the overhead, if not propery insuated, can resut in condensation, causing water to drip down on the computer. When repair work is schedued within the computer spaces (working under the raised foor or in the overhead), be sure to take a necessary precautions to protect the equipment. Use pastic sheeting to cover the system (particuary the CPU). Watch out for overhead water or steam pipe bursts and for activated sprinker systems. Ensure maximum personne safety, whie keeping disruption to a minimum. Dust coming from the work area can damage the equipment: cogged fiters resut in overheated components, a head crash on a disk drive, dirty read/write heads on tape drives, and so on. Remember, the key word is to protect a AIS assets. WARNING Shoud your equipment be exposed to water, do not turn it on unti it has been thoroughy checked out by quaified maintenance personne. Power Suppy Protection Your computer faciity and remote termina areas require adequate power. Variations in eectrica power can affect the operation of computer equipment. Most computer equipment is designed in such away that it is abe to rectify the incoming ac current, fiter it, and reguate the resuting dc current before it is appied to the computer circuitry. However, this fitering and reguation cannot be expected to eiminate votage variations beyond a reasonabe range. Power fuctuations can cause unpredictabe resuts on hardware, ogic, and data transfer. Shoud your system encounter such fuctuations, it is highy recommended that the equipment be shut down at once unti the probem is corrected. Some computer systems are equipped with an uninterrupted power source (UPS). A UPS provides the auxiiary power for your equipment that may be required if your command s mission dictates continuous AIS support to fufi its obigations or if your computer system is in an area where there are frequent brownouts. Auxiiary power shoud be checked on a periodic basis. Fire Protection Fire protection is one of the major eements of any command s physica security program. A personne (miitary and civiian) receive periodic training in emergency procedures in case of fire. The training usuay incudes, at a minimum, proper equipment shutdown and startup procedures, information about your fire detection and aarm systems, use of emergency power (especiay aboard ship), use of fire-fighting equipment, and evacuation procedures. Master contro switches are used to shut off a power to your AIS spaces in the event of fire. If your air-conditioning system is not setup for smoke remova, it is probaby connected to the master contro switches. The master contro switches are normay ocated at the exit doors, so in an actua emergency you do not have to pass through a dangerous area to activate the switches. These switches shoud be easiy recognizabe. They are ceary abeed and protected to prevent accidenta shutdown. Commands that process critica appications wi have master contro switches that aow for a sequentia shutdown procedure of your equipment. Learn the ocation of the switches and procedures used in your computer spaces. There wi be enough portabe fire extinguishers for you to fight a reativey sma or sef-contained fire. Extinguishers are paced within 50 feet of the computer equipment. Prominenty dispayed markings and/or signs are above each extinguisher, and each is easiy accessibe for use. WARNING Be sure to use ony carbon dioxide or inert-gas fire extinguishers on eectrica fires. One fina note. Experience has shown repeatedy that prompt detection is a major factor in imiting the amount of fire damage. Computer areas require a fire detection system capabe of eary warning and with an automatic fire extinguishing system. 4-9

92 Hardware Protection Hardware security is defined in the Department of the Navy Automatic Data Processing Security Program, OPNAVINST , as Computer equipment features or devices used in an AIS system to precude unauthorized, accidenta or intentiona modification, discosure, or destruction of AIS resources. DATA PROTECTION MEASURES FIPS (Federa Information Processing Standards) PUB 39 Gossary for Computer Systems Security defines data security as The protection of data from unauthorized (accidenta or intentiona) modification, destruction, or discosure. We are aways concerned with the integrity of data; is the data the same as that in the source documents? We want to ensure that the data has not been exposed to accidenta or intentiona modification, discosure, or destruction. Depending on the type of data being processed, the other users with access to the system, and the technica features of the system to provide the needed safeguards, the system may have to operate in a specific security mode. If your command processes cassified and/or sensitive uncassified data, it must abide by certain rues to protect it. In the centra computer faciity (where the host computer is ocated), the physica security requirements wi be equa to the highest cassification of data being handed. If there are two or more computer systems ocated in the same controed area, the systems shoud be separated to imit direct personne access to a specific system. In remote termina areas, security requirements are based upon the highest cassification of data to be accessed through the terminas. Each remote termina must be identifiabe through hardware or software features when it is connected to a computer system or network processing cassified data. The system or network must know who is ogging on. If the computer system to which your remote termina is connected is processing cassified data and your termina is not authorized, controed, or protected for that cassification of data, it must be disconnected. The disconnect procedures may be by a hardware measure (such as turning off a switch at the host computer) or a software measure (such as deeting the ID of your termina during certain processing periods). Because each data cassification has different security requirements, we cover each separatey. Cassified Data Handing requirements and procedures for cassified AIS media (Confidentia, Secret, and Top Secret) are the same as those for handing cassified information. Anyone who has possession of cassified materia is responsibe for safeguarding it at a times. You need to be famiiar with the four security modes that provide for processing cassified data: system high, dedicated, mutieve, and controed. SYSTEM HIGH SECURITY MODE. A computer system is in the system high security mode when the centra computer faciity and a of the connected periphera devices and remote terminas are protected in accordance with the requirements for the highest cassification category and type of materia then contained in the system. A personne having computer system access must have a security cearance, but not necessariy a need-to-know for a materia then contained in the system. In this mode, the design and operation of the computer system must provide for the contro of concurrenty avaiabe cassified materia in the system on the basis of need-to-know. DEDICATED SECURITY MODE. A computer system is operating in the dedicated security mode when the centra computer faciity and a of its connected periphera devices and remote terminas are excusivey used and controed by specific users or group of users having a security cearance and need-to-know for the processing of a particuar category(ies) and type(s) of cassified materia. MULTILEVEL SECURITY MODE. A computer system is operating in the mutieve security mode when it provides a capabiity permitting various categories and types of cassified materias to be stored and processed concurrenty in a computer system and permitting seective access to such materia concurrenty by unceared users and users having differing security cearances and need-to-know. Separation of personne and materia on the basis of security cearance and need-to-know is accordingy accompished by the operating system and associated system software. In a remotey accessed resource-sharing system, the materia can be seectivey accessed and manipuated from variousy controed terminas by personne having different security cearances and need-to-know. This mode of operation can accommodate the concurrent processing and storage of (1) two or more categories of cassified data, or (2) one or more categories of cassified data with uncassified data, depending upon the constraints 4-10

93 paced on the system by the designated approving authority. CONTROLLED SECURITY MODE. A computer system is operating in the controed security mode when at east some personne (users) with access to the system have neither a security cearance nor a need-to-know for a cassified materia then contained in the computer system. However, the separation and contro of users and cassified materia on the basis, respectivey, of security cearance and security cassification are not essentiay under operating system contro as in the mutieve security mode. Sensitive Uncassified Data Sensitive uncassified data is uncassified data that requires specia protection. Exampes are data For Officia Use Ony and data covered by the Privacy Act of The Privacy Act of 1974 imposes numerous requirements upon federa agencies to prevent the misuse of data about individuas, respect its confidentiaity, and preserve its integrity. We can meet these requirements by appying seected manageria, administrative, and technica procedures which, in combination, achieve the objectives of the Act. The major provisions of the Privacy Act that most directy invove computer security are as foows: e Limiting discosure of persona information to authorized persons and agencies; Requiring accuracy, reevance, timeiness, and competeness of records; and Requiring the use of safeguards to ensure the confidentiaity and security of records. To assure protection for AIS processing of sensitive uncassified data, the Navy has estabished the imited AIS access security mode. A computer system or network is operating in the imited access security mode when the type of data being processed is categorized as uncassified and requires the impementation of specia access contros to restrict the access to the data ony to individuas who by their job function have a need to access the data. Uncassified Data Athough uncassified data does not require the safeguards of cassified and sensitive uncassified data, it does have vaue. Therefore, it requires proper handing to assure that it is not intentionay or unintentionay ost or destroyed. AIS MEDIA PROTECTION MEASURES AIS media protection is important because that is where we store data, information, and programs. A data and information, whether cassified or not, require some degree of protection. Software aso requires protection. You woud not want to ose the ony copy of a program you had worked 4 months to write, test, and debug. The amount of protection depends on the cassification of data, the type of AIS storage media used, the vaue of the materia on it, and the ease with which the materia can be repaced or regenerated. AIS media incudes magnetic tapes, disks, diskettes, disk packs, drums, cathode-ray tube (CRT) dispays, hard copy (paper), core storage, mass memory storage, printer ribbons, carbon paper, and computer output microfim and microfiche. You are responsibe for controing and safeguarding (protecting) the AIS media at a times. For purposes of contro, AIS media can be divided into two types or categories: working copy media and finished media. You wi be working with both. Working copy media is temporary in nature. It is retained for 180 days or ess and stays within the confines and contro of your activity. Exampes of working copy media are tapes and disk packs that are used and updated at frequent intervas and coding forms that are returned immediatey to the user after processing. Finished media is permanent in nature. It incudes tapes and disk packs, hard-copy output, or any other AIS media containing data or information to be retained for more than 180 days. Finished media can be reeased to another activity. For exampe, a magnetic tape can be sent to another activity as a finished media. However, the receiving activity may treat it as working copy media if it is kept 180 days or ess. Of course, AIS media, whether working copy or finished copy, requires the use of security contros. Security Contros The security contros we discuss are genera in nature and are considered the minimum essentia contros for protecting AIS media. Your activity s standard operating procedures (SOPS) are designed to ensure that an adequate eve of protection is provided. Cassified working copy media must be dated when created, marked, and protected in accordance with the 4-11

94 highest cassification of any data ever recorded on the media. If cassified working copy media is given to a user, the user is then responsibe for its protection. Cassified finished media must be marked and accounted for. You may be responsibe for inventorying magnetic tapes, disk packs, and other forms of AIS media. Your activity must maintain a master ist of AIS media that is cassified as Secret or Top Secret. This master ist incudes the overa security cassification of the media and the identification number permanenty assigned to it. The media must aso be controed in the same manner prescribed for cassified materia outside an AIS environment. For additiona information, consut the Department of the Navy Information and Personne Security Program Reguation, OPNAVINST (hereinafter caed the Security Manua). Security Markings Your activity wi have procedures for marking AIS media. These are important to protect the media from unauthorized, accidenta, or intentiona discosure, modification, destruction, or oss. You can imagine how easy it is to pickup an unmarked tape, oad it on the tape drive, and have whatever is on it recorded over by a program. You have probaby done this to tapes with your tape cassette recorder/payer. This is why we have mechanica means, ike tape rings and diskette notches, to protect magnetic media. These methods, combined with ceary marked abes, go a ong way toward protecting data and programs on magnetic media. Let s ook at the types of markings the Navy uses for the various types of media for marking cassified data. MAGNETIC MEDIA. Each magnetic tape, diskette, and disk pack must be externay marked with a stick-on abe with the overa security cassification and a permanenty assigned identification number. When the tapes, diskettes, and disk packs are to be decassified by degaussing, a externa abes indicating the cassification must be removed uness the media wi be immediatey used to store information of the same cassification. Many instaations set aside groups of tapes and disks for recording cassified data at each security eve. HARD-COPY REPORTS, MICROFILM, AND MICROFICHE. Hard-copy reports or printouts from a printer, termina, potter, or other computer equipment and microfim and microfiche must be propery marked. Those prepared during cassified processing must be marked at the top and bottom of each page with the appropriate cassification or the word uncassified, and each page shoud be consecutivey numbered. CRT DISPLAYS. The appropriate security cassification marking is dispayed at the top of the screen when dispaying cassified data or information. Disposition of Media There comes a time when the media or the information on the media is no onger needed. With microfim, microfiche, and printouts, we destroy the media with the data. The same is not true of magnetic media. We can erase and reuse the media when the data is no onger needed. However, the media cannot function forever. Tapes and disks become damaged or eventuay wear out. When a disk or tape becomes unusabe, it must be disposed of. But first, each disk and tape must be accounted for. It may have been used for cassified data. The magnetic media ibrarian wi see that it is disposed of propery. If the media contained cassified data, it wi be degaussed before being destroyed. There are two other probem areas we tend to forget: printer ribbons and carbon paper. Ribbons and carbon paper must be disposed of propery. Because of the arge variety of ribbons and printers, it is difficut to state with certainty that any and a cassified information have been totay obscured from a given ribbon uness you examine that ribbon in detai. Therefore, printer ribbons are controed at the highest cassification of information ever printed by that ribbon unti that ribbon is destroyed. The same ribbon is used in the printer for cassified and uncassified information consistent with the eves of physica security enforced for the area. Carbons are easiy readabe and must be handed and disposed of in accordance with the cassification of data they contain. Remember, regardess of what the media is, it must be disposed of in accordance with the Security Manua if it ever contained cassified information. Basicay, the requirement states that the data must be destroyed beyond recognition. If the media did not contain cassified information, foow your activity s standard operating procedures (SOPs). 4-12

95 AIS SECURITY PROGRAM IMPLEMENTATION The risk anaysis and higher authority instructions provide the basis for an AIS security program. Even though impementation of the program depends on oca instructions/directives and conditions, it may not be cear just where to begin. AIS SECURITY PROGRAM PLANNING Foowing is a suggested outine to use as a basis for panning an AIS security program: o o Perform preiminary panning. Estabish an AIS security team to prepare an AIS security program and make responsibiity assignments. Perform a preiminary risk anaysis. This wi identify major probem areas. Seect and impement urgent quick fix security measures. This shoud be done on an as-needed basis. Perform and document a detaied risk anaysis. This wi aow for review and approva. Justify cost and document action pans. Based on the approved risk anaysis seected, deveop budgets and schedues for security measures, contingency pans, training and indoctrination pans, and test pans. Carry out the approved action pans. Repeat the detaied risk anaysis and subsequent steps reguary, at east annuay. Conduct more frequenty if required based on the resuts of tests, inspections, and changes in mission or environment. AIS SECURITY PLAN DOCUMENTATION Incude adequate documentation in the action pans. For exampe, the documentation might incude the foowing: A security poicy statement that provides genera guidance and assigns responsibiities; A security handbook (with instructions) that describes in detai the security program and procedures and the obigations of AIS personne, users, and supporting personne; Q Command standards for system design, programming, testing, and maintenance to refect security objectives and requirements; Contingency pans for backup operations, disaster recovery, and emergency response; and Bookets or command instructions for AIS staff indoctrination in security program requirements. Depending on the norma practices of the AIS faciity, these documents may be competey separate items or they may be incuded in other documents. For exampe, emergency response pans for the AIS faciity might be incuded in the command s Disaster Contro Pan. Simiary, security standards coud be added to existing documents. The fina point to be made is the importance of continuing the inspection and review of the security program. A major effort is required for the initia risk anaysis, but once it is competed, reguar review and updating can be done much more quicky. By evauating changes in command mission, the oca environment, the hardware configuration, and tasks performed, the AIS technica manager can determine what changes, if any, shoud be made in the security program to keep it effective. AUTHORITATIVE REFERENCES Numerous higher authority instructions reate to physica security, data protection, and security in genera. You shoud have a thorough knowedge of them before impementing any security pan. Refer to the foowing instructions and manuas to earn about AIS security and when making security decisions: o Department of the Navy Automatic Data Processing Security Program, OPNAVINST with encosures; Guideine for Automatic Data Processing Risk Anaysis, FIPS PUB 65 (encosure 3 to OPNAVINST ); Department of the Navy Information and Personne Security Program Reguation, OPNAVINST ; Department of the Navy Information Systems Security (INFOSEC) Program, SECNAVINST

96 AIS THREATS AND RISK ANALYSIS First, when designing its security program, a command must ook at the potentia AIS threats and perform a risk anaysis. AIS THREATS When panning a security program, the AIS technica manager shoud be aware of a the types of threats that may be encountered. Not every Navy AIS faciity wi be faced with each type of threat, especiay if the faciity is aboard ship. The impact of a given threat may depend on the geographica ocation of the AIS faciity (earthquakes), the oca environment (fooding), and potentia vaue of property or data to a thief, or the perceived importance of the faciity to activists and demonstrators or subversives. Exampes of natura and unnatura threats incude: Unauthorized access by persons to specific areas and equipment for such purposes as theft, arson, vandaism, tampering, circumventing of interna contros, or improper physica access to information; AIS hardware faiures; Faiure of supporting utiities, incuding eectric power, air conditioning, communications circuits, eevators, and mai conveyors; Natura disasters, incuding foods, windstorms, fires, and earthquakes; Accidents causing the nonavaiabiity of key personne; Neighboring hazards, such as cose proximity to chemica or exposive operations, airports, and high crime areas; Tampering with input, programs, and data; and The compromise of data through interception of acoustica or eectromagnetic emanations from AIS hardware. The preceding ist of threats to the operation of an AIS faciity contains ony a few of the reasons why each command shoud have an ongoing security program adapted and taiored to its individua needs and requirements. Not a threats and preventive measures can be discussed in this chapter. However, we wi cover the more common threats and remedia measures. For a thorough review of the subject, refer to the Department of the Navy Physica Security and Loss Prevention, OPNAVINST RISK ANALYSIS The AIS faciity upper management shoud begin deveopment of the security program with a risk anaysis. A risk anaysis, as reated to this chapter, is the study of potentia hazards that coud threaten the performance, integrity, and norma operations of an AIS faciity. Experience at various commands shows that a quantitative risk anaysis produces the foowing benefits: Objectives of the security program reate directy to the missions of the command. Those charged with seecting specific security measures have quantitative guidance on the type and amount of resources the AIS faciity considers reasonabe to expend on each security measure. Long-range panners receive guidance in appying security considerations to such things as site seection, buiding design, hardware configurations and procurements, software systems, and interna contros. Criteria are generated for designing and evauating contingency pans for backup operations, recovery from disaster, and deaing with emergencies. An expicit security poicy can be generated that identifies what is to be protected, which threats are significant, and who wi be responsibe for executing, reviewing, and reporting the security program. Loss Potentia Estimates The first step to consider when preparing the risk anaysis is to estimate the potentia osses to which the AIS faciity is exposed. The objective of the oss potentia estimate is to identify critica aspects of the AIS faciity operation and to pace a monetary vaue on the oss estimate. Losses may resut from a number of possibe situations, such as: Physica destruction or theft of tangibe assets. The oss potentia is the cost to repace ost assets and the cost of deayed processing. Loss of data or program fies. The oss potentia is the cost to reconstruct the fies, either 4-14

97 o from backup copies if avaiabe or from source documents and possiby the cost of deayed processing. Theft of information. The oss potentia because of theft is difficut to quantify. Athough the command itsef woud sustain no direct oss, it ceary woud have faied in its mission. In some cases, information itsef may have market vaue. For exampe, a proprietary software package or a name ist can be sod. Indirect theft of assets. If the AIS is used to contro other assets, such as cash, items in inventory, or authorization for performance of services, then it may aso be used to stea such assets. The oss potentia woud be the vaue of such assets that might be stoen before the magnitude of the oss is arge enough to assure detection. Deayed processing. Every appication has some time constraint, and faiure to compete it on time causes a oss. In some cases the oss potentia may not be as obvious as, for exampe, a deay in issuing miitary paychecks. To cacuate the oss potentia for physica destruction or theft of tangibe assets, AIS technica managers and upper management shoud construct a tabe of repacement costs for the physica assets of the AIS faciity. The physica assets usuay incude the buiding itsef and a its contents. This tabuation, broken down by specific areas, heps to identify areas needing specia attention. Whie the contents of the typica office area may be vaued at $100 to $500 per square foot, it is not unusua to find the contents of a computer room are worth $5,000 to $10,000 per square foot. The estimate is aso hepfu in panning for recovery in the event of a disaster. The remaining four oss potentia types isted are dependent on the characteristics of the individua data processing tasks performed by the AIS faciity. AIS technica managers shoud review each task to estabish which osses a faciity is exposed to and which factors affect the size of the potentia oss. Ca on users to hep make these estimates. To make the best use of time, do a rapid, preiminary screening to identify the tasks that appear to have significant oss potentia. An exampe of preiminary estimates is shown in tabe 4-1. Having made a preiminary screening to identify the critica tasks, seek to quantify oss potentia more precisey with the hep of user representatives famiiar with the critica tasks and their impact on other activities. Mishaps and osses that coud occur shoud be considered, on the assumption that if something can go wrong, it wi. The fact that a given task has never been tampered with, used for an embezzement, or changed to misead management in the command is no assurance that it never wi be. At this stage of the risk anaysis, a eves of management shoud assume the worst. Threat Anaysis Tabe 4-1. Exampe of Preiminary Estimates of Loss Potentia The second step of the risk anaysis is to evauate the threats to the AIS faciity. Threats and the factors that infuence their reative importance were isted earier in this chapter. Detais of the more common threats are discussed ater in this chapter and, to the extent it is avaiabe, genera information about the probabiity of occurrence is given. Use these data and higher authority instructions/manuas and appy common sense to deveop estimates of the probabiity of occurrence for each type of threat. 4-15

98 Whie the overa risk anaysis shoud be conducted by the AIS technica manager, other personne at the AIS faciity can contribute to the threat anaysis, and their hep shoud be requested. Tabe 4-2 incudes a ist of common threats at a shore AIS faciity, with space for isting the agency or individua to contact shoud the need arise. Your AIS faciity shoud have a simiar ist with oca contacts of hep and information. Annua Loss Expectancy The third step in the risk anaysis is to combine the estimates of the vaue of potentia oss and probabiity of oss to deveop an estimate of annua oss expectancy. The purpose is to pinpoint the significant threats as a guide to the seection of security measures and to deveop a yardstick for determining the amount of money that is reasonabe to spend on each of them. In other words, the cost of a given security measure shoud reate to the oss(es) against which it provides protection. To deveop the annua oss expectancy, construct a matrix of threats and potentia osses. At each intersection, ask if the given threat coud cause the given oss. For exampe, fire, food, and sabotage do not Tabe 4-2.-Threat Hep List cause theft-of-information osses; but, in varying degrees, a three resut in physica destruction osses and osses because of deayed processing. Likewise, interna tampering coud cause an indirect oss of assets. In each case where there can be significant oss, the oss potentia is mutipied by the probabiity of occurrence of the threat to generate an annua estimate of oss. Remedia Measures Seection When the estimate of annua oss is compete, AIS upper management wi have a cear picture of the significant threats and critica AIS tasks. The response to significant threats can take one or more of the foowing forms: Ater the environment to reduce the probabiity of occurrence. In an extreme case, this coud ead to reocation of the AIS faciity to a ess-exposed ocation. Aternativey, a hazardous occupancy adjacent to or inside the AIS faciity coud be moved esewhere. Erect barriers to ward off the threat. These might take the form of changes to strengthen the buiding against the effects of natura disasters, LOCAL PHONE COMMON THREATS SOURCES OF LOCAL INFORMATION AND HELP NUMBER Fire Food Earthquake Windstorm Power faiure Air-conditioning faiure Communications faiure AIS hardware faiure Intruders, vandas Compromising emanations Interna theft Interna misuse 4-16

99 saboteurs, or vandas. (See the Security Manua and OPNAVINST for evauation guideines.) Specia equipment can be instaed to improve the quaity and reiabiity of eectric power. Specia door ocks, miitary guards, and intrusion detectors can be used to contro access to critica areas. Improve procedures to cose gaps in contros. These might incude better contros over operations or more rigorous standards for programming and software testing. Eary detection of harmfu situations permits more rapid response to minimize damage. Fire and intrusion detectors are both typica exampes. Contingency pans permit satisfactory accompishment of command missions foowing a damaging event. Contingency pans incude immediate response to emergencies to protect ife and property and to imit damage, maintenance of pans and materias needed for backup operation offsite, and maintenance of pans for prompt recovery foowing major damage to or destruction of the AIS faciity. The command s Disaster Contro Pan shoud coincide with the AIS faciity s contingency pans. Tabe 4-3 shows exampes of remedia measures for a few threats. When seecting specific remedia measures, use the foowing two criteria: Tabe 4-3. Exampe of Remedia Measures by Threat Type The annua cost is to be ess than the reduction in expected annua oss that coud be caused by threats. The mix of remedia measures seected is to be the one having the owest tota cost. The first criterion simpy says there must be a cost justification for the security program-that it returns more in savings to the AIS faciity than it costs. This may seem obvious but it is not uncommon for an AIS manager to ca for a security measure, to compy with higher authority security instructions and directives, without first anayzing the risks. The second criterion refects the fact that a given remedia measure may often be effective against more than one threat. See tabe 4-3. Since a given remedia measure may affect more than one threat, the owest cost mix of measures probaby wi not be immediatey obvious. One possibe way to make the seection is to begin with the threat having the argest annua oss potentia. Consider possibe remedia measures and ist those for which the annua cost is ess than the expected reduction in annua oss. Precision in estimating cost and oss reduction is not necessary at this point. If two or more remedia measures woud cause a oss reduction in the same area, ist them a, but note the redundancy. Repeat the process for the next most serious threat and continue unti reaching the point where no cost justifiabe measure for a threat can be found. If the cost of a remedia measure is increased when it is extended to cover an additiona threat, the incrementa cost shoud 4-17

100 be noted. At this point, there exists a matrix of individua threats and remedia measures with estimates of oss reductions and costs, and thus an estimate of the net saving. This is shown graphicay in tabe 4-4. For each threat (A, B, C, and D), the estimated oss reduction (coumn 1), the cost of the remedia measure (coumn 2), and the net oss reduction (coumn 3) are given in thousands of doars. By appying remedia measure J to threat A at a cost of $9,000, a oss reduction of $20,000 can be expected (a net saving of $1 1,000). Furthermore, remedia measure J wi reduce the threat B oss by $10,000 at no additiona cost and the threat C oss by $4,000 at an added cost of ony $1,000. Finay, though, it appears that it woud cost more than it woud save to appy J to threat D. Therefore, J woud not be impemented for D. The net oss reduction from J coud be expressed as: The tabe indicates that J and K have the same reduction effect on threat A. Since K costs more than J, it might, at first gance, be rejected. However, and Therefore, whie J and K are equay effective on threat A, K appears to be more effective than J on the other threats. Further checking shows their combined use resuts in the greatest overa net oss reduction. By going through the process just described, using preiminary estimates for cost and oss reduction, you can test various combinations of remedia measures, and thus identify the subset of remedia measures that appears to be the most effective. At this point, review the estimates and refine them as necessary to ensure compiance with higher authority security instructions. If a the preceding procedures are foowed, the foowing factors wi be estabished and documented: The significant threats and their probabiities of occurrence; The critica tasks and the oss of potentia reated to each threat on an annua basis; A ist of remedia measures that wi yied the greatest net reduction in osses, together with their annua cost. With this information at hand, AIS upper management can move ahead with impementing the AIS security program. Since the anaysis of remedia measures wi have identified those with the greatest impact, reative priorities for impementation can aso be estabished. AIS DISASTER PROTECTION Fires, foods, windstorms, and earthquakes a tend to have the same basic effects on AIS operations. They cause the physica destruction of the faciity and its contents and interrupt norma operations. They aso represent a threat to the ife and safety of the AIS staff. To iustrate the effects of the physica destruction of a faciity, we have seected fire safety. Other causes of disasters incude the oss of support utiities and breaches of AIS faciity physica security. FIRE SAFETY Tabe 4-4. Threat Matrix Tabe Experience over the ast two decades demonstrates the sensitivity of AIS faciities to fire damage resuting in disruption of operations. A number of major osses 4-18

101 have invoved noncombustibe buidings. In the cases where vita magnetic media tapes were safeguarded and the computer hardware was reativey uncompicated, rapid recovery was possibe, often in a matter of days. However, if a arge computer configuration were destroyed or if backup records were inadequate, recovery coud take many weeks or months. Fire safety shoud be a key part of the AIS faciity s security program. It shoud incude the foowing eements: Location, design, construction, and maintenance of the AIS faciity to minimize the exposure to fire damage; Measures to ensure prompt detection of and response to a fire emergency; Provision for quick human intervention and adequate means to extinguish fires; and Provision of adequate means and personne to imit damage and effect prompt recovery. Faciity Fire Exposure The first factor to consider in evauating the fire safety of an AIS faciity is what fire exposure resuts from the nature of the occupancy (materia) of adjacent buidings and the AIS faciity buiding. Generay speaking, the degree of hazard associated with a given occupancy (materia) depends on the amount of combustibe materias, the ease with which they can be ignited, and the ikeihood of a source of ignition. The second and third fire safety factors are the design and construction of the buiding. Five basic types of construction are described in tabe 4-5, with their approximate destruction times. Tabe 4-5. Estimated Destruction Time by Fire for Seected Construction Types The actua performance of a buiding wi depend not ony on the type of construction, but aso on design detais, such as: Fire was, which, in effect, divide a structure into separate buidings with respect to fires; Fire-rated partitions, which retard the spread of a fire within a buiding; Fire-rated stairwes, dampers, or shutters in ducts; fire stops at the junction of foors, and was and simiar measures to retard the spread of smoke and fire within a buiding; and Use of ow-fame spread materias for foor, wa, and ceiing finish to retard propagation of fame. Understand that this discussion is very simpified. However, consideration of these factors as they appy to an existing or projected AIS faciity wi hep to determine the amount of attention to pay to fire safety. Seek the assistance of a quaified fire protection engineer or oca base fire personne in evauating the inherent fire safety of the AIS faciity and identifying hazards. The fourth factor in fire safety is the way in which the buiding is operated. Keep in mind that the inherent fire safety of a buiding can be rendered ineffective by careess operation; for exampe: Fire doors propped open; Undue accumuation of debris or trash; Careess use of fammabe fuids, weding equipment, and cutting torches; Substandard eectric wiring; Inadequate maintenance of safety contros on ovens and boiers; or Excessive concentration of fammabe materias (AIS faciities, for exampe, have a particuar hazard from the accumuation of int from paper operations). The AIS security program shoud strive, in coordination with the buiding maintenance staff, to identify and eiminate dangerous conditions. NOTE: This must be a continuing effort and a consideration in the assignment of security management responsibiities. The security inspection pan shoud incude verification of compiance with estabished standards. 4-19

102 Fire Detection Despite carefu attention to the ocation, design, construction, and operation of the AIS faciity, there is sti the possibiity of a fire. Experience shows repeatedy that prompt detection is a major factor in imiting fire damage. Typicay, a fire goes through three stages. Some event, such as a faiure of eectrica insuation, causes ignition. An eectrica fire wi often smoder for a ong period of time. When an open fame deveops, the fire spreads through direct fame contact, progressing reativey sowy, with a rise in the temperature of the surrounding air. The duration of this stage is dependent on the combustibiity of the materias at and near the point of ignition. Finay, the temperature reaches the point at which adjacent combustibe materias give off fammabe gases. At this point, the fire spreads rapidy and ignition of nearby materias wi resut from heat radiation as we as direct fame contact. Because of the high temperatures and voumes of smoke and toxic gases associated with this third stage, fire fighting becomes increasingy difficut and often prevents peope from remaining at the fire site. Given the objective to discover and dea with a fire before it reaches the third stage, one can see the imitation of fire detection that depends on detecting a rise in air temperature. For this reason, the areas in which eectronic equipment is instaed shoud be equipped with products-of-combustion (smoke) detectors. Such detectors use eectronic circuitry to detect the presence of abnorma constituents in the air that are usuay associated with combustion. In designing an effective fire detection system, consider the foowing points: Location and spacing of detectors. The ocation and spacing of detectors shoud take into consideration the direction and veocity of air fow, the presence of areas with stagnant air, and the ocation of equipment and other potentia fire sites. Note that detectors may be required under the raised foor, above the hung ceiing, and in air-conditioning ducts as we as at the ceiing. It may aso be wise to put detectors in eectric and teephone equipment cosets and cabe tunnes. Contro pane design. The design of the detection contro pane shoud make it easy to identify the detector that has aarmed. This impies that the detectors in definabe areas (for exampe, the tape vaut, the east end of the computer room, and administrative offices) shoud be dispayed as a group on the contro pane. In other words, when an aarm sounds, inspection of the contro pane shoud indicate which area or zone caused the aarm. Generay, and preferaby, each detector incudes a piot ight that ights when the detector is in the aarm state. In some cases there shoud be a separate indicator ight at the contro pane for each detector. It is aso important to see that the aarm system itsef is secure. Its design shoud cause a troube aarm to sound if any portion of it fais, or if there is a power faiure. Take steps to assure the system cannot be deactivated readiy, either maiciousy or accidentay. Personne response. Meaningfu human response to the detection and aarm systems is necessary if they are to be of any vaue. This means the fire detection system shoud be designed to assure that someone wi aways be aerted to the fire. Typicay, the computer room staff is expected to respond to an aarm from the AIS faciity aarm system. A remote aarm shoud aso be ocated at another point in the buiding that is occupied at a times, such as the obby guard post, security center, or buiding engineer s station. This provides a backup response when the computer area is not occupied. If there is any possibiity the remote aarm point wi not be occupied at a times, a third aarm point shoud be ocated offsite, usuay at the nearest fire station or the command s fire department for the faciity. Maintenance. Proper maintenance is essentia to the fire detection system. The nature of smoke detectors is such that nuisance aarms may be caused by dust in the air or other factors. Because of this, there is a tendency to reduce sensitivity of the detectors to eiminate nuisance aarms, with the resut that detection of an actua fire may be deayed. To ensure proper operation, see that quaified personne (a vendor representative, buiding engineer, or Pubic Works Center personne) verify correct operation at the time of instaation, and at east once each year thereafter. Furthermore, each faut condition shoud be corrected immediatey. Unfortunatey, a common tendency is to turn off the fire detection system or sience the aarm be, creating the danger that there wi be no response if a fire shoud occur. 4-20

103 In addition to aerting personne to the presence of a fire, the detection equipment can be used to contro the air-conditioning system. There is some support for the view that, upon detection, air-handing equipment be shutdown automaticay to avoid fanning the fames and spreading smoke. This is not the best pan, as nuisance aarms wi resut in needess disruption. The preferred technique is to cause the system to exhaust smoke by stopping recircuation, and switching to 100-percent outside air intake and room air discharge. As a rue, this can be done by adjusting air-conditioning damper contros and their interconnection with the fire detection system. However, it may be necessary to modify the air-conditioning system. The use of either technique is at the discretion of command poicy. Fire Extinguishment Fire extinguishment may be accompished using one or more of the foowing four methods: Portabe or hand extinguishers. Operated by miitary or civi service personne to hep contro the fire before it gets out of hand. Hose ines. Used by miitary, civi service, or professiona fire fighters to attack the fire with water. Automatic sprinker systems. Reease water from sprinker heads activated in the temperature range of 135 F to 280 F. Voume extinguishment systems. Fi the room with a gas that interferes with the combustion process. To ensure the effectiveness of portabe extinguishers, severa measures shoud be observed. Pace extinguishers in readiy accesssibe ocations, not in comers or behind equipment. Mark each ocation for rapid identification; for exampe, paint a arge red spot or band on the wa or around the coumn above the point where each extinguisher is mounted. It is important for each AIS technica manager to ensure proper inspection in accordance with command poicy. Each extinguisher shoud have an inspection tag affixed to it with the signature of the inspecting petty officer or fire marsha and the inspection date. In a probabiity, the AIS faciity technica manager wi want to estabish a first ine of defense against fire invovement between the time of notification of, and response by, professiona or highy trained firefighters, and wi incorporate this as part of the command s Disaster Contro Pan. Every command, regardess of size, needs miitary personne who are knowedgeabe and trained in fire safety. Any practica and effective organization for fire protection must be designed to assure prompt action immediatey at the point where a fire breaks out. This usuay necessitates every organizationa unit or area of a command having a nuceus of key personne who are prepared, through instruction and training, to extinguish fires prompty in their beginning stage. Such individuas become knowedgeabe in speciaized fire protection and the systems appicabe to the faciity in question: how to turn in an aarm, which type of extinguisher to use for which type of fire, and how to use it. Further, such individuas can serve as on-the-job fire inspectors, constanty seeking out, reporting, and correcting conditions that may cause fires. They can hep ensure that fire-fighting equipment is propery ocated and maintained, that storage does not cause congestion that coud hamper fire fighting, and that genera housekeeping is maintained at a reasonaby high eve to minimize fire risk. SUPPORTING UTILITIES PROTECTION Every Navy AIS faciity is dependent upon supporting utiities, such as eectric power and air conditioning, and may have to depend on communication circuits, water suppies, and eevators for its operation. Not a commands are sef-sufficient; they contract some or a of these utiities from civi sources. In using these utiities, AIS technica managers shoud consider the probabiity of occurrence and the effects of breakdowns, sabotage, vandaism, fire, and fooding. These effects can then be reated to the needs of the AIS faciity as estabished by the risk anaysis. We have seected eectrica power to iustrate support utiity protection. Variations of a norma waveform in the eectric power suppy can affect the operation of AIS hardware. The AIS hardware rectifies the aternating current, fiters, and votage; reguates the resuting direct current; and appies it to the AIS circuitry. The fitering and reguation cannot be expected to eiminate votage variations beyond a reasonabe range. If ine votage is 90 percent or ess of nomina for more than 4 miiseconds, or 120 percent or more of nomina for more than 16 miiseconds, excessive fuctuations can be expected in the dc votage appied to the hardware circuitry. This power fuctuation causes unpredictabe resuts on hardware, ogic, and data transfer. These power ine fuctuations, referred to as transients, are usuay caused by incement weather. 4-21

104 Internay generated transients depend on the configuration of power distribution inside the AIS faciity. The effects of interna transients can be minimized by isoating the AIS hardware from other faciity oads. Ideay, the computer area power distribution panes shoud be connected directy to the primary feeders and shoud not share step-down transformers with other high-oad equipment. The risk anaysis shoud incude a compete power transient and faiure study. It shoud aso carefuy consider the projected growth in particuary sensitive appications (such as rea-time or teeprocessing) in projecting future oss potentia. In some cases it may be economicay feasibe to connect the AIS faciity to more than one utiity feeder via a transfer switch. If one feeder fais, the faciity s oad may be transferred to the aternate feeder. This technique is of greater vaue if the two feeders connect to different power substations. If the AIS faciity is in a remote area, an uninterrupted power suppy (UPS) is usuay required as a backup power source. The UPS system can be manuay or automaticay controed from prime power sources or from the AIS computer site. The typica UPS consists of a soid-state rectifier that keeps batteries charged and drives a soid-state inverter. The inverter synthesizes aternating current for the computer. A simpified bock diagram is shown in figure 4-8. Depending on the ampere-hour capacity of the battery (or batteries), the UPS can support its oad for a maximum of 45 minutes without the prime power source. At the same time, it wi fiter out transients. To provide extra capacity to protect against a faiure of the UPS, a static transfer switch can be inserted between the UPS and the computer, as shown in figure 4-9. The contro circuitry for the static switch can sense an overcurrent condition and switch the oad to the prime power source without causing noticeabe transients. Figure 4-9. UPS with transfer switch. If the faciity s current needs exceed its UPS capacity, it may be economicay feasibe to use mutipe, independent UPS units, as shown in figure Since each unit has its own disconnect switch, it can be switched offine if it fais. Finay, if the risk anaysis shows a major oss from power outages asting 30 to 45 minutes or beyond, an onsite generator can be instaed, as shown in figure The prime mover may be a diese motor or a turbine. When the externa power fais, UPS takes over and the contro unit starts the prime mover automaticay. The prime mover brings the generator up to speed. At this point, the UPS switches over to the generator. Barring hardware faiures, the system supports the connected oad as ong as there is fue for the prime mover. Note that the generator must be arge enough to support other essentia oads, such as air conditioning or minimum ighting, as we as the UPS oad. Figure 4-8. Simpified bock diagram of an uninterrupted power suppy (UPS). Figure Mutipe, independent UPS units. 4-22

105 Figure UPS with onsite generation. When this configuration is used, maintain a cose communication iaison with the power pant source to ensure the generator is coming up to norma speed for the switchover from UPS. The UPS system takes over automaticay, and the change in power source may not be noticed in the AIS faciity. However, when the UPS system changes over to the generator, it may require a manua power pane setting in the AIS faciity by the AIS technica manager. AIS FACILITY PHYSICAL PROTECTION The physica protection of the AIS faciity can be thought of as the process of permitting access to the faciity by authorized persons, whie denying access to others. The physica protection of an AIS faciity is not as stringent for an AIS faciity that processes uncassified data as it is for an AIS faciity that processes cassified data. In the foowing exampe/discussion, assume the faciity processes cassified materia and provides physica protection in accordance with OPNAVINST and OPNAVINST Pay particuar attention to appying physica protection and security poicy wherever AIS equipment is used for processing cassified information in accordance with OPNAVINST Ensure pans are deveoped for the protection, remova, or destruction of cassified materia in the case of a natura disaster, civi disturbance, or enemy action. The pans shoud estabish detaied procedures and responsibiities for the protection of cassified materia so that it does not fa into unauthorized hands in the event of an emergency. Aso, indicate what materia is to be guarded, removed, or destroyed. An adequate emergency pan for cassified materia shoud provide for guarding the materia, removing the cassified materia from the area, compete destruction of the cassified materia on a phased priority basis, or appropriate combinations of these actions. The emergency pans shoud aso provide for the protection of cassified information in a manner that minimizes the risk of oss of ife or injury to AIS personne. The immediate pacement of a trained and preinstructed perimeter guard force around the affected area to prevent the remova of cassified materia is an acceptabe means of protecting the cassified materia. This action reduces the risk of casuaties. Security requirements for the centra computer AIS faciity area shoud be commensurate with the highest cassified and most restrictive category of information being handed in the AIS. If two or more computer systems are ocated in the same controed area, the equipment comprising each system may be ocated so that direct personne access, if appropriate, is imited to a specific system. Boundary Protection The threat anaysis may indicate the need to protect the property boundary of the AIS faciity. This may be accompished by instaing fences or other physica barriers, outside ighting, or perimeter intrusion detectors, or by using a patro force. Often a combination of two or more of these wi be sufficient. Fences shoud be 8 feet high with three strands of barbed wire. Fences provide crowd contro, deter casua trespassers, and hep in controing access to the entrances; however, they do not stop the determined intruder. In situations where manpower shortages exist, the fence can be equipped with penetration sensors that shoud sound an interna aarm ony. This type of 4-23

106 physica protection system uses sma sensors mounted at intervas on the fence and at each gate. Emanations Protection In evauating the need for perimeter protection, take into account the possibiity that eectromagnetic or acoustic emanations from AIS hardware may be intercepted. Tests show that interception and interpretation of such emanations may be possibe under the right conditions by technicay quaified persons using generay avaiabe hardware. As a rue of thumb, interception of eectromagnetic emanations beyond 325 yards is very difficut. However, if there is reason to beieve that a potentia exposure to interception exists, seek technica guidance from upper management and the Chief of Nava Operations. Measures to contro compromising emanations are subject to approva under the provisions of Contro of Compromising Emanations, DOD Directive C , by the cognizant authority of the component approving security features of the AIS system. Appication of these measures within industria AIS systems is ony at the direction of the contracting activity concerned under provisions of the Security Requirements for Automated Information Systems (AIS s), DOD Directive , and the requirements are to be incuded in the contract. Interior Physica Protection Intrusion detection systems (IDSs) (OPNAVINST ) provide a means of detecting and announcing proximity or intrusion that endangers or may endanger the security of a command. The use of an IDS in the protective program of a command may be required because of the critica importance of a faciity or because of the ocation or the ayout of the command. Remember, IDSs are designed to detect, not prevent, an attempted intrusion. Thus, a comprehensive security pan must contain appropriate security measures aong with procedures for an effective reaction force. Remote Termina Areas Protection The physica and personne security requirements for the centra computer faciity area are based upon the overa requirements of the tota AIS system. The remote termina area requirements are based upon the highest cassified and most restrictive category and type of materia that wi be accessed through the termina under system constraints. Each remote termina shoud be individuay identified to ensure required security contro and protection. Identify each termina as a feature of hardware in combination with the operating system. Before personne of a component that is not responsibe for the overa AIS operation can use a remote device approved for handing cassified materia, security measures must be estabished. These security measures are estabished by the authority responsibe for the security of the overa AIS. They are agreed to and impemented before the remote device is connected to the AIS. DOD component systems may become part of a arger AIS network. The approva and authority to authorize temporary exceptions to security measures for the component s system in the network requires two components. These incude the DOD component operating the AIS system and the DOD component having overa responsibiity for the security of the network. Each remote termina that is not controed and protected as required for materia accessibe through it shoud be disconnected from the AIS system when the system contains cassified information. Disconnect procedures are used to disconnect remote input/output terminas and periphera devices from the system by a hardware or software method authorized by the designated approving authority of the centra computer faciity. Security Survey An annua security survey of the AIS faciity area shoud be conducted by the AIS technica manager. The first step of the survey is to evauate a potentia threats to the AIS faciity as discussed earier in this chapter. The second step is to define and tabuate areas within the faciity for contro purposes. Detais depend on the specifics of each faciity, but the foowing are common areas to consider: * Pubic entrance or obby; Loading dock; Spaces occupied by other buiding tenants; AIS faciity reception area; AIS input/output counter area; AIS data conversion area; Media ibrary; Systems anaysis and programming areas; Computer room spaces; 4-24

Incude a access points and any adjacent areas beonging to the AIS faciity, such as parking ots and storage areas.

107 Communications equipment spaces; and Air conditioning, UPS, and other mechanica or eectrica equipment spaces. The survey shoud verify security measures aready in pace and recommend any improvements to upper management. Obtain a current foor pan on which to depict a areas within the faciity. Incude a access points and any adjacent areas beonging to the AIS faciity, such as parking ots and storage areas. Begin the survey at the perimeter of the AIS faciity, considering the foowing: Property ine. Incude fencing, if any, and type. Note the condition, the number of openings according to type and use, and how they are secured. Are there any manned posts at the property ine? Outside parking faciities. Are these areas encosed, and are there any contros? Are parking ots controed by manned posts or are devices used? Perimeter of faciity. Note a vehicuar and pedestrian entrances and what contros are used, if any. Check a doors their number, how they are secured, and any contros or devices, such as aarms or key card devices. Check for a ground foor or basement windows and how they are secured, screening or bars, for exampe, and their vunerabiity. Check for other entrances, such as vents and manhoes. Are they secured and how? Check for fire escapes their number and ocations and accessibiity to the interior of the faciity from the fire escape (windows, doors, roof). How are accessways secured? Interna security. Begin at the top foor or in the basement. Check for fire aarm systems and devices. Note the type, ocation, and number. Where does the aarm annunciate? Check teephone and eectrica cosets to see if they are ocked. Are mechanica and eectrica rooms ocked or secured? Note any existing aarms as to type and number. Determine the number and ocations of manned posts, hours, and shifts. Monitoring faciity. Know the ocation, who monitors, who responds, its type, and the number of aarms being monitored. Tabe 4-6 is a checkist of other questions that shoud be asked in the survey. Tabe 4-6. Secunty Measures Checkist 4-25

SEMS MAINTENANCE SYSTEM

Standardized Emergency Management System (SEMS) Guideines Part III. Supporting Documents Standardized Emergency Management System SEMS MAINTENANCE SYSTEM A System Description for the Ongoing Deveopment,