ALMAR 212/96


-----------------------------------------------------
Date signed: 06/10/96 ALMAR Number: 212/96

R 101900Z JUN 96 ZYB
FM CMC WASHINGTON DC//C4I//
TO ALMAR
INFO FLTINFOWARCEN NORFOLK VA//N6/N63//
DIRNSA FT GEORGE G MEADE MD//V114//
UNCLAS //N03501//
ALMAR 212/96
MSGID/GENADMIN/CMC C4I//
SUBJ/DEFENSIVE INFORMATION WARFARE ON-LINE SURVEY (OLS)//
REF/A/DOC/DODINST TS 3600.1/01DEC92//
REF/B/DOC MCO 3430.5A/14MAR94/-//
REF/C/DOC NTISSD 600,/COMSEC MONITORING/-//
REF/D/RMG/CNO WASHINGTON DC/081953Z/MAY 95/-//
REF/E/RMG/CMC WASHINGTON DC/161900Z/JUN 93/-//
REF/F/DOC/IRM-5239-08A-MAY95/-//
NARR/REF A DIRECTS IMPLEMENTATION OF DOD INFORMATION WARFARE (IW)
POLICY BY EACH SERVICE. REF B PROMULGATES USMC C2W POLICY, GUIDANCE
AND ORGANIZATIONAL RELATIONSHIPS. REF C OUTLINES GUIDELINES FOR
CONDUCTING COMMUNICATIONS SECURITY (COMSEC) MONITORING. REF D.
(ALCOM 021-95) PROVIDES POLICY GUIDANCE ON COMSEC SURVEILLANCE AND
MONITORING RESTRICTIONS INCLUDING PRIOR CONSENT AND NOTIFICATION
REQUIREMENTS (CMC MSG 101903Z MAY 95 READDRESSED THIS ALCOM). REF E
PROMULGATES REQUIRED LOGON WARNING BANNER FOR USMC COMPUTER SYSTEMS.
REF F CONTAINS INFORMATION RESOURCES MANAGEMENT COMPUTER SECURITY
PROCEDURES.//
RMKS/1. THIS MESSAGE PROVIDES ADVANCE NOTICE OF A MARINE CORPS
DEFENSIVE INFORMATION WARFARE ASSESSMENT VIA NETWORK SECURITY ONLINE
SURVEY (OLS) TO BE CONDUCTED DURING EARLY JUL-AUG 1996. THIS OLS
WILL COLLECT EMPIRICAL DATA TO IDENTIFY MARINE CORPS INFORMATION
SYSTEMS VULNERABILITIES AND QUANTIFY INFORMATION SYSTEMS SECURITY
POSTURE FOR ULTIMATE CORRECTION. THIS OLS WILL BE SPECIFICALLY
LIMITED TO UNCLASSIFIED SYSTEMS, AND WILL FOCUS ON MARINE CORPS
SYSTEMS CONNECTED TO MILNET, NIPRNET AND INTERNET.
2. DEFENSIVE IW FOCUSES ON ENSURING MARINE CORPS SYSTEMS ARE CAPABLE
OF PROVIDING COMPLETE AND UNALTERED INFORMATION WHILE WITHSTANDING
MALICIOUS DISRUPTIONS AND ATTACKS. THE MARINE CORPS MUST HAVE THE
ABILITY TO IDENTIFY THE RISKS TO ITS INFORMATION SYSTEMS, PROTECT
AGAINST ATTACK, DETECT ATTACKS, RESPOND APPROPRIATELY TO ATTACKS, AND
MAINTAIN AT LEAST MINIMUM CAPABILITIES IN THE PRESENCE OF ATTACKS.
3. REF C AUTHORIZES COMSEC MONITORING PROVIDED USERS ARE NOTIFIED
THAT USE OF THE SYSTEM CONSTITUTES CONSENT TO MONITORING FOR SECURITY
PURPOSES. PER REF D, THIS AUTHORIZATION APPLIES TO MARINE CORPS
COMPUTER NETWORKS PROVIDED PROPER NOTIFICATION IS GIVEN. THEREFORE,
THE LOGON WARNING SCREEN PROMULGATED IN REF E IS TO BE DISPLAYED AS
SOON AS POSSIBLE IF NOT ALREADY IN PLACE. THE WARNING SCREEN SHOULD
BE DISPLAYED AT THE FIRST POINT IN THE LOG-IN PROCESS. THE USE OF
THE LOG-IN SCREEN IS AN APPROPRIATE AND SUFFICIENT WAY TO PROVIDE
NOTIFICATION, HOWEVER, OTHER METHODS OF DISSEMINATION SUCH AS WARNING
LABELS, AND PERIODIC BULLETIN ITEMS ARE ALSO RECOMMENDED.
4. ALL MARINE CORPS NETWORK SYSTEMS MANAGERS ARE TO ENSURE THAT THE
WARNING SCREEN IN REF E IS DISPLAYED ON ALL SYSTEMS:
(QUOTE)"***USE OF THIS OR ANY OTHER DEPARTMENT OF DEFENSE (DOD)
INTEREST COMPUTER SYSTEM CONSTITUTES A CONSENT TO MONITORING AT ALL
TIMES***THIS IS A DOD INTEREST COMPUTER SYSTEM. ALL DOD INTEREST
COMPUTER SYSTEMS AND RELATED EQUIPMENT ARE FOR COMMUNICATION,
TRANSMISSION, PROCESSING, AND STORAGE OF OFFICIAL U.S. GOVERNMENT
OR OTHER AUTHORIZED INFORMATION ONLY. THESE SYSTEMS ARE SUBJECT TO
MONITORING AT ALL TIMES TO ENSURE PROPER FUNCTIONING OF EQUIPMENT
AND SYSTEMS INCLUDING SECURITY DEVICES, TO PREVENT UNAUTHORIZED USE
AND VIOLATIONS OF STATUTES OR SECURITY REGULATIONS, TO DETER CRIMINAL
ACTIVITY, AND FOR OTHER SIMILAR PURPOSES. ANY USER SHOULD BE AWARE
THAT ANY INFORMATION PLACED IN THE SYSTEM IS SUBJECT TO MONITORING
AND IS NOT SUBJECT TO ANY EXPECTATION OF PRIVACY. IF MONITORING OF
THIS OR ANY OTHER DOD INTEREST COMPUTER SYSTEM REVEALS POSSIBLE
EVIDENCE OF VIOLATION OF CRIMINAL STATUTES, THIS EVIDENCE AND ANY
OTHER RELATED INFORMATION, INCLUDING IDENTIFICATION INFORMATION ABOUT
THE USER, MAY BE PROVIDED TO LAW ENFORCEMENT OFFICIALS. IF
MONITORING OF THIS OR ANY OTHER DOD INTEREST COMPUTER SYSTEM REVEALS
VIOLATIONS OF SECURITY REGULATIONS OR MAKE UNAUTHORIZED USE OF DOD
INTEREST COMPUTER SYSTEMS ARE SUBJECT TO APPROPRIATE DISCIPLINARY
ACTION. POWER OFF SYSTEM TO CANCEL UNAUTHORIZED USE." (UNQUOTE)
5. THIS MARINE CORPS OLS WILL NOT BE CONDUCTED FOR THE PURPOSES OF
LAW ENFORCEMENT, OR THE COLLECTION OF INDIVIDUAL PRIVACY INFORMATION,
INTELLIGENCE, OR COUNTERINTELLIGENCE DATA. OLS IS AN AUTOMATED
PROCESS MAKING USE OF SOFTWARE TOOLS THAT PERFORM A SERIES OF SYSTEM
CHECKS. IT DOES NOT INVOLVE THE COLLECTION OF USER DATA THAT RESIDE
WITHIN A COMMAND'S INFORMATION SYSTEM. USER-OWNED EMAIL WILL NOT BE
VIEWED AND AT NO TIME WILL PRIVATE FILES BE VIEWED. THIS IS A SYSTEM
MONITORING/TESTING EFFORT ONLY. IN PLAIN ENGLISH, THE SURVEY
AUTOMATED TOOL WILL "FIRST KNOCK ON THE DOOR OR ENTRY POINT INTO AN
INFORMATION SYSTEM; THEN AN ATTEMPT WILL BE MADE TO TURN THE DOOR
KNOB TO SEE IF THE DOOR (OR SYSTEM ENTRY POINT) IS OPEN". SYSTEM
LEVEL ADMINISTRATIVE CHARACTERISTICS WILL BE CHECKED TO SEE IF
SYSTEM FILE SETTINGS REVEAL OBVIOUS VULNERABILITIES. AN EXAMPLE
WOULD BE AN UNPROTECTED SYSTEM PASSWORD FILE AVAILABLE TO HACKERS
WITHOUT THE KNOWLEDGE OF SYSTEMS MANAGERS. OLS IN THE PAST HAVE
COLLECTED VALUABLE DATA THAT HAVE ENABLED CORRECTION OF SYSTEM
NETWORK VULNERABILITIES.
6. THE DATA COLLECTED FROM THIS OLS WILL SIGNIFICANTLY CONTRIBUTE TO
FOCUSING PRIORITY ON INFORMATION AND NETWORK SECURITY. FOLLOW-UP
ACTION WILL BE INITIATED BY THE FLEET INFORMATION WARFARE CENTER
(FIWC) TO PROVIDE THE SPECIFIC "FIXES" OR RECOMMENDED ACTIONS THAT
SHOULD BE TAKEN TO CORRECT ANY OBVIOUS VULNERABILITIES.
7. THE OLS WILL BE CONDUCTED WITHIN THE "USMC.MIL" DOMAIN HOSTS AND
SUBNET ADDRESSES.
8. THE FOLLOWING IS PROVIDED FOR REPORTING ACTUAL OR SUSPECTED
COMPUTER SECURITY VIOLATIONS (I.E. COMPROMISE OR INTENDED HARM OF
SYSTEMS OR DATA AS A RESULT OF INTRUSION TO MARINE CORPS NETWORKS):
A. MARINE CORPS SYSTEM USERS WILL IMMEDIATELY REPORT THEIR CONCERNS
TO THE SYSTEMS (LAN) ADMINISTRATOR AND LOCALLY ASSIGNED COMPUTER
SYSTEMS SECURITY OFFICER (CSSO). IF NECESSARY, THE SYSTEMS
ADMINISTRATOR OR CSSO CAN SEEK NETWORK TECHNICAL ASSISTANCE FROM THE
MARINE CORPS NETWORK OPERATIONS CENTER (NOC), AT QUANTICO,
MANNED 7 DAYS X 24 HOURS, AT DSN 278-5986/7/8.
B. SEE REF F (PARA 2.3.14) FOR FURTHER GUIDANCE ON REPORTING
COMPUTER SECURITY INCIDENTS.
9. POC'S: FOR GENERAL INFORMATION CONCERNING MESSAGE CONTENT; MR.
R.M. KURTZ, CMC (C4I) DSN 223-3132; FOR MARINE CORPS WIDE NETWORKING
INFORMATION; MAJ MARK JOHNSON, MARCORSYSCOM DSN 278-3263; FOR HQMC
NETWORK INFORMATION; MS SHAROL LEONARD, CMC (ARI), DSN 224-1267.//