MCO 5511.11D INTC 12 DEC 91 MARINE CORPS ORDER 5511.11D From: Commandant of the Marine Corps To: Distribution List Subj: TECHNICAL SURVEILLANCE COUNTERMEASURES (TSCM) PROGRAM Ref: (a) SECNAVINST 5500.31A (b) OPNAVINST 5510.1H (c) OPNAVINST 5513.4C Encl: (1) TSCM Support Request Guidelines (2) USMC TSCM CIT's (3) NISCOM Technical Support Detachments (4) NISCOM Regional Offices Report Required: Technical Surveillance Countermeasures Penetration (Report Control Symbol EXEMPT), pars. 13d and 13e 1. Purpose. To implement reference (a) which establishes policy, standards, criteria, and guidance for the Department of the Navy (DON) Technical Surveillance Countermeasures (TSCM) Program as directed by the Secretary of Defense (SecDef). Specifically, this order provides guidance for requesting, conducting and reporting TSCM support within the Marine Corps. Further, this Order emphasizes the critical need to protect classified and sensitive defense information from technical surveillance operations directed against Marine Corps assets. 2. Cancellation. MCO 05511.11C. 3. Background. Historically, Foreign Intelligence Services have employed technical surveillance devices in espionage operations directed against U.S. personnel and installations both in the United States and abroad. The protection of classified and sensitive information from technical surveillance is the responsibility of every commander. In today's high technology environment, the availability of technical surveillance equipment is such that virtually any foreign intelligence, terrorist, or dissident group can acquire and employ technical surveillance against Marine Corps assets. Properly used, TSCM can reduce the likelihood of a technical penetration and will serve to nullify the effectiveness of technical surveillance devices. The TSCM Program is an augmentation to the command's overall security program and is designed to detect the presence of technical surveillance operations and technical security hazards or vulnerabilities that may lead to a technical penetration. It is imperative that commanders employ effective physical security measures as well as implementing positive access controls in spaces where TSCM services are conducted. TSCM capable Counterintelligence Teams (CIT's) within their respective Marine Expeditionary Force (MEF) can provide TSCM threat briefings upon MCO 5511.11D request. These briefings are classified and will normally be provided after the completion of TSCM support for a facility. 4. DEFINITIONS a. Technical Surveillance. The use of optical or audio monitoring devices or systems against a target area for the purpose of surreptitiously collecting information of intelligence value. b. Sensitive Facility. A facility used for the processing or discussion of sensitive information. c. Sensitive Information. Information that requires protection from unauthorized disclosure. d. Technical Surveillance Penetration. A deliberate emplacement of a technical surveillance device/system or the exploitation of existing technical security hazards/weaknesses. e. Technical Security Hazard. A condition which could permit the technical penetration of an area through building design or from equipment which by reason of its normal design, installation, operation, or damage, may allow the unintentional transmission of sensitive information outside the perimeter of sensitive facilities. f. Technical Security Weakness. A defect in the security of a sensitive area which would either permit access by uncleared personnel or facilitate the installation of a technical surveillance device. g. TSCM (Technical Surveillance Countermeasures). All measures employed to prevent or detect the unauthorized visual or audio intercept of sensitive information. h. TSCM Survey. A complete electronic, visual, and physical examination of a sensitive facility by authorized TSCM personnel to ascertain that the area is free of technical penetrations and to detect technical security hazards and weaknesses. i. TSCM Inspection. A noninstrumented evaluation of a sensitive facility to determine physical security measures required to protect against technical penetration or unaided audio leakage. This inspection may also include an examination of equipment and furnishings prior to their introduction into a facility which has previously received a TSCM survey. j. TSCM Qualified Personnel. Selected Marine Corps counterintelligence officers and specialists who have received specialized TSCM training as outlined by reference (a). k. TSCM Preconstruction Assistance. A service conducted by TSCM personnel during the planning stages of new construction or 2 MCO 5511.11D renovation of sensitive facilities to ensure appropriate physical and technical security standards are met. 5. Policy a. All Marine Corps commanders have the responsibility to detect and prevent technical penetration efforts directed against their commands. The most effective means to meet that responsibility is the implementation of adequate physical security measures and the conduct of periodic TSCM support. This support includes TSCM surveys, inspections, and preconstruction assistance as well as periodic TSCM threat awareness briefings. b. The Commander, Naval Investigative Service Command (COMNISCOM) is charged with the responsibility for providing TSCM support and centralized management for all DON TSCM matters. The respective MEF commander will be cognizant of the TSCM program and provide operational direction for TSCM support within his MEF. Selected Marine Corps Counterintelligence Teams assigned a TSCM mission by HQMC, will provide TSCM support to the MEF. Upon approval and direction from the MEF commander, these teams may also provide TSCM support to COMNISCOM. c. The coordination of routine TSCM support with Army and Air Force commands without prior approval of COMNISCOM is prohibited. All cross-service and non-MEF Marine Corps TSCM support requests will be forwarded to and coordinated with COMNISCOM. TSCM support for deployed MAGTF's is addressed below. Requests for emergency or immediate TSCM support may be coordinated with COMNISCOM (Code 0026B) via STU III with followup message traffic. d. TSCM support may be provided to Marine Corps commands by qualified Air Force, Army, or NISCOM TSCM personnel, in accordance with regional cross-servicing arrangements executed by COMNISCOM. A Memorandum of Understanding is in effect within DoD to facilitate this regional TSCM support. e. Direct liaison among the 5th CIT, 6th CIT, 9th CIT, NISCOM (Code 0026B), and NISCOM Technical Services Detachments is authorized and encouraged in order to obtain appropriate assistance and guidance for TSCM matters. 6. Discussions. Reference (a) provides specific criteria to be used in determining the selection of spaces/facilities for TSCM support and Operational Security (OPSEC) considerations for projected and ongoing TSCM services. a. It must be assumed, until a TSCM service indicates otherwise, that a technical penetration has occurred. b. TSCM surveys can be rendered ineffective if any discussion concerning the service takes place in the spaces to be surveyed prior to the TSCM support. Such discussions could result in the removal or deactivation of technical surveillance devices. Failure 3 MCO 5511.11D to maintain adequate physical security for serviced spaces will negate the residual value of any TSCM service. c. The compromise of a pending or ongoing TSCM service is a serious security violation that will be reported in accordance with the procedures outlined in reference (b). d. All requests for TSCM support will be classified SECRET. Classification guidance for TSCM support is provided in reference (c). Additionally, information pertaining to impending TSCM operations must be held on a strict need-to-know basis. Enclosure (1) of this Order provides a list of required data for submission of a TSCM Support Request. Telephone requests for TSCM support or telephonic discussions of the support are not authorized and are considered security violations. Emergency TSCM requests should be forwarded via STU III to the appropriate TSCM support element. However, the STU III used for the request must not be located within the area that requires TSCM services. 7. TSCM Assets. Marine Corps TSCM capable CIT's are the 5th CIT, 6th CIT, and the 9th CIT. Enclosure (2) provides mailing addresses and telephone numbers for these CIT's. NISCOM TSCM support elements are located at various naval installations around the world, mailing addresses and telephone numbers are provided in enclosure (3). 8. Control and Priorities a. The SecDef requires centralization of all TSCM activities at the departmental level. Accordingly, all TSCM policy, cross-servicing support, training, equipment, procedures and reporting within the DON is centralized under the managerial cognizance of COMNISCOM. b. MEF commanders exercise administrative control over their assigned TSCM assets. They approve and coordinate requests received for Marine Corps TSCM support. First priority is to subordinate MEF commands, including deployed MAGTF's under the operational control of the Commanding General, Fleet Marine Force, Atlantic or the Commanding General, Fleet Marine Force, Pacific. Second priority is to provide TSCM support for requests received via COMNISCOM. 9. Justification and Selection of Spaces Requiring TSCM Support a. Reference (a) contains criteria for justification of TSCM support within the DON. b. In addition to those areas addressed by reference (a), it is recognized that other sensitive spaces exist within the Marine Corps which may be vulnerable to technical surveillance and require TSCM support. TSCM support for these areas will be handled on a case- by- case basis and be based on an evaluation of the threat to the sensitive area. 4 MCO 5511.11D 10. Restrictions. No exception to the following restrictions will be granted without prior approval of the Commandant of the Marine Corps (INTC). a. Public disclosure or foreign release of information relative to TSCM or technical surveillance techniques and services is prohibited. b. The procurement of TSCM end items will only be accomplished by the Commanding General, Marine Corps Research Development and Acquisition Command (MCRDAC). c. Within the Marine Corps, TSCM equipment will only be held by HQMC designated TSCM capable CIT's and CG MCRDAC. d. Marine Corps TSCM equipment will only be used by TSCM qualified counterintelligence officers and specialists. e. Marine Corps TSCM personnel are specifically prohibited from participation in any TSCM activities except those authorized by appropriate DON or Marine Corps authority. 11. Responsibility a. COMNISCOM. Throughout the DON, COMNISCOM is responsible for: (1) Providing TSCM policy and operational guidelines. (2) Approving/disapproving TSCM requests submitted to NISCOM. (3) Coordinating all cross-servicing TSCM requests between the DON and other elements of DoD. (4) Funding for all NISCOM requested TSCM support. (5) Analyzing and evaluating TSCM support reports. (6) Disseminating TSCM technical information to TSCM CIT's. b. Commandant of the Marine Corps (INTC). CMC (INTC), as the acquisition/MOS specialist for CI/TSCM, is responsible for: (1) Coordinating with NISCOM and other U.S. Government agencies involved in TSCM policy. (2) Selecting, training, and coordinating assignment of personnel for TSCM duties. c. Commanding General, Marine Corps Research, Development and Acquisition Command (MCRDAC). The CG MCRDAC is responsible for: 5 MCO 5511.11D (1) Monitoring TSCM equipment and technical developments within the intelligence community, security agencies and supporting industries. (2) Coordinating with U.S. Army Intelligence Material Activity (IMA) and with NISCOM regarding Marine Corps TSCM equipment requirements. (3) Purchasing select pieces of TSCM equipment for operational testing and evaluation by Marine Corps TSCM CIT's. (4) Budgeting for and procuring all major items of TSCM equipment. d. MEF Commanders. The MEF commanders are responsible for: (1) Approving and coordinating requests for TSCM support within their respective command. (2) Ensuring support is provided in accordance with criteria established by reference (a), this Order, and other guidance from COMNISCOM. (3) Budgeting for TSCM equipment maintenance and procurement of TSCM expendable supplies. (4) Budgeting for Temporary Additional Duty (TAD) for MEF requested TSCM support. e. Team Commanders of Designated TSCM Capable CIT's. Selected TSCM CIT's, one within each MEF, have primary responsibility for: (1) Providing TSCM support to their respective MEF's. (2) Providing TSCM support to deployed MEF units under the operational control of a Fleet Marine Force commander (i.e., MAGTF's) when approved and validated by the cognizant MEF commander. (3) Conducting direct liaison with IMA relative to TSCM equipment maintenance and supply with copies of correspondence forwarded to the appropriate MEF Staff Counterintelligence Officer (SCIO). (4) Provide an information copy of all TSCM reports and threat evaluations with updated computer work sheets to COMNISCOM 0026B, to ensure proper recording and inclusion of Marine Corps TSCM support into the departmental case file and threat evaluation program. f. Commanders. Commanders are responsible for: (1) Safeguarding all classified information within their commands, including protection from compromise through technical penetration. 6 MCO 5511.11D (2) Employing effective security measures along with implementing positive access controls in areas where classified information is processed or discussed. (3) Ensuring that appropriate security precautions are taken to avoid the compromise of pending and ongoing TSCM support. (4) Immediately reporting all possible or actual compromises of pending and ongoing TSCM support in accordance with procedures outlined in this Order and reference (b). g. Senior Marine Corps Counterintelligence Personnel Assigned. The senior CI person assigned or SCIO shall: (1) Act as the focal point between the command and the supporting TSCM team. (2) Advise the commander on the conduct of TSCM activities in accordance with this Order and the references. (3) Assist the commander and command security manager with security measures that will afford the TSCM effort protection from compromise. 12. Specific Action for Commanders. Commanders will ensure that appropriate technical surveillance countermeasures are included in their overall security program. Specifically, commanders will: a. Ensure that personnel are indoctrinated relative to the threat of technical surveillance. b. Provide appropriate security measures and controls to reduce technical penetration vulnerabilities. c. Request TSCM support in compliance with the criteria set forth in reference (a) and this Order when: (1) Specific information exists indicating a technical penetration has occurred. (2) Increased threat to the command has been identified. (3) Command operational commitments dictate increased security. (4) No previous TSCM support has been provided. (5) When an area has been substantially modified by new construction. d. TSCM support for qualifying spaces will be conducted on a recurring basis as outlined by reference (a). Specific reasons for accelerated TSCM support would include: 7 MCO 5511.11D (1) Upgraded threat status of the facility/command. (2) Unmonitored access to the space has been gained by uncleared personnel. e. Request for TSCM support by Marine Corps units. (1) MEF commands will forward requests for TSCM support to the appropriate MEF commander. (2) MEF units deployed under operational control of CG FMFLant or CG FMFPac will forward their request for TSCM support via the respective FMF HQ to the appropriate MEF. (3) Non-MEF commands will forward requests for TSCM support to COMNISCOM (Code 0026B), listed in enclosure (1). f. Commands will take immediate action to correct weaknesses identified as a result of TSCM support. Further TSCM support will not be provided until such deficiencies are corrected or the request is fully justified. 13. Detection or Suspicion of a Technical Penetration. Should a technical penetration be discovered or suspected, the following action will be taken: a. Conduct no discussion of the penetration within the space where the penetration is suspected. b. Conduct no searches or physical activities relative to the penetration that might be observed by visual or video surveillance. It is critical that suspected devices not be removed, examined, or modified by other than TSCM qualified counterintelligence personnel. While such efforts may be well intended, they may destroy valuable evidence or sophisticated hardware and result in further compromise. c. Immediately upon discovery, take action to secure the area to preclude unauthorized removal of the device. d. The finder will expeditiously report the discovery details to the Commander, NISCOM (PLAD: COMNISCOM WASH DC //0026B//) by IMMEDIATE SECRET LIMDIS message, with an information copy to CMC (INTC). If the suspected penetration involves a MEF unit, the respective MEF commander and the cognizant TSCM CIT will also be an addressee. This report is exempt from reports control. e. At a minimum, the report should include the following: (1) Time and date of discovery. (2) Area, installation, or facility involved. The specific location including room number and location within the room (e.g., Room 111, taped under conference table). Level and categories of classified material that have been potentially 8 MCO 5511.11D subjected to compromise, specifically including any suspected or confirmed compromise of crypto/communications systems. If required, level and category of classified material may be reported by other means (BOM). (3) Identity of device type (e.g., wired microphone, modified telephone, video, RF transmitter, etc.), if known. (4) Method of discovery. (5) Estimate as to whether opposition was alerted to discovery. (6) Date of most recent TSCM support. f. The cognizant commander shall also be notified of the discovery and the action taken. Information concerning the discovery of the technical penetration will not be released to other persons until authorized by the Commandant of the Marine Corps (INTC). g. No representative of any foreign government shall be informed and no information will be released to the public or press regarding the discovery without approval of the Commandant of the Marine Corps (INTC). 14. Critical Nature of Timely Reporting. The importance of timely reporting of actual or suspected technical penetrations can not be over emphasized. In addition to the message notification addressed in paragraph 13 of this Order, secure telecommunications via the STU III network (outside the area of suspected penetration) may provide the most expedient notification. 15. Reserve Applicability. This Order is applicable to the Marine Corps Reserve. H. W. JENKINS, JR. Assistant Chief of Staff, Command, Control, Communications and Computer, Intelligence and Interoperability (C4I2) DISTRIBUTION: Copy to: 7000110 (55) 8145005 (2) 7000144/8145001/NIC/NISC (1) 9 MCO 5511.11D TSCM Support Request Guidelines 1. All requests for TSCM support should be classified SECRET. 2. All requests should be forwarded in accordance with the following, as appropriate: a. All requests for TSCM support, excluding requests from FMF commands, should be forwarded to the Commander, Naval Investigative Service Command, Washington, DC 20388, Attn: Technical Services Department (Code 26). The Plain Language Address (PLA) for naval messages is "COMNISCOM WASHINGTON DC//0026//." An information copy should be provided to the appropriate NISRO for the area involved as set forth in enclosure (4). b. Requests for support for Marine Corps FMF commands should be forwarded to the cognizant MEF commander as authorized in the appropriate MEF TSCM order. 3. All requests should include the following: a. Complete identification of the area requiring TSCM support, to include: name of the area, room number, building number, address, location, and command (if other than requestor). b. Square footage of the area. c. Identity and telephone numbers (AUTOVON, commercial with area code, Automatic Secure Voice Communication) of the command's point of contact and an alternate. d. Clearance requirements for TSCM support personnel. e. Date and serial number of the last TSCM report and the status of previous recommendations provided. f. Information that may impact on the scheduling of support (i.e., date scheduled construction will commence, completion date of construction in progress, etc.). Should unexpected events occur which would interfere with a TSCM inspection, notify Commander, Naval Investigative Service Command (Code 26), to prevent unnecessary expenditures of manpower and funds. ENCLOSURE (1) 1 MCO 5511.11D USMC TSCM CIT's 5th CIT - Team Commander 5th Counterintelligence Team Headquarters, FMF Atlantic U.S. Naval Base Norfolk, VA 23515-0307 AV 565-4636 6th CIT - Team Commander 6th Counterintelligence Team I Marine Expeditionary Force, FMF MCAS El Toro Santa Ana, CA 92709-6035 AV 997-2540 9th CIT - Team Commander 9th Counterintelligence Team III Marine Expeditionary Force, FMF FPO San Francisco, CA 96606-8442 AV 623-4185 ENCLOSURE (2) 1 MCO 5511.11D NISCOM Technical Support Detachments Naval Investigative Service (05TV) Technical Services Detachment Norfolk Naval Station Norfolk Norfolk, VA 23511-6493 (804) 444-8615 PLA - NAVINVSERV TECHSVC DET NORFOLK VA//05TV// Naval Investigative Service (06TM) Technical Services Detachment Mayport P.O. Box 296 Naval Station Mayport, FL 32228-5296 (904) 241-6708 PLA - NAVINVSERV TECHSVC DET MAYPORT FL//06TM// Naval Investigative Service (11TC) Technical Services Detachment San Diego Naval Air Station Miramar, CA 92145-5140 (619) 672-1448 PLA - NAVINVSERV TECHSVC DET MIRAMAR CA//11TC// Naval Investigative Service (12TD) Technical Services Detachment, Walnut Creek P.O. Box 4247 Walnut Creek, CA 94596-0247 PLA - NAVINVSERV TECHSVC DET WALNUT CREEK CA//12TD// Naval Investigative Service (60TL) Technical Services Detachment Europe Box 11 FPO New York 09510-3000 (44-1) 868-2457 PLA - NAVINVSERV TECHSVC DET LONDON UK//60TL// Naval Investigative Service (80TH) Technical Services Detachment Hawaii Box 132 Pearl Harbor, HI 96860-5091 (808) 474-9059 PLA - NAVINVSERV TECHSVC DET PEARL HARBOR HI//80TH// Naval Investigative Service (81TY) Technical Services Detachment Japan FPO Seattle, WA 98773-5000 011-81-9889-2-5111 PLA - NAVINVSERV TECHSVC DET YOKOSUKA JA//81TY// Naval Investigative Service (83TP) Technical Services Detachment Philippines Box 36 FPO San Francisco, CA 96651-2500 315 384-6351 PLA - NAVINVSERV TECHSVC DET SUBIC BAY RP//83TP// 1 ENCLOSURE (3) MCO 5511.11D Naval Investigative Service Regional Offices NIS Mid-Atlantic Region (05HQ) 293 Independence Blvd Suite 525, Pembroke 5 Virginia Beach, Va 23462 (804) 445-2243 PLA - NAVINVSERV MIDLANTREG NORFOLK VA//05HQ// NIS Southeast Region (06HQ) Naval Base Charleston, SC 29408-6425 (803) 743-4790 PLA - NAVINVSERV SEREG CHARLESTON SC//06HQ// NIS Southwest Region (11HQ) P.O. Box 80667 San Diego, Ca 92138-0667 (619) 532-2791 PLA - NAVINVSERV SWREG SAN DIEGO CA//11HQ// NIS Northwest Region (12HQ) P.O. Box 4247 Walnut Creek, Ca 94596-0247 (415) 933-4503 PLA - NAVINVSERV NWREG WALNUT CREEK CA//12HQ// NIS Europe Region (60HQ) Box 11 FPO New York, NY 09553-3000 In UK (801) 868-2457 Outside UK 44-1-868-2457 PLA - NAVINVSERV EURREG LONDON UK//60HQ// NIS Middle Pacific Region (80HQ) Box 76 Pearl Harbor, HI 96860-7200 (808) 471-8473 PLA - NAVINVSERV MIDPACREG PEARL HARBOR HI//80HQ// NIS Far East Region (81HQ) P.O. Box 76 FPO Seattle, Wa 98762-2500 In Japan (0468) 27-0629 Outside Japan 011 (468) 27-0629 PLA - NAVINVSERV FAREASTREG YOKOSUKA JA//81HQ// NIS Southeast Asia Region (83HQ) Box 36 FPO San Francisco, Ca 96651-2500 011-63-47-884-6351 PLA - NAVINVSERV SEASIAREG SUBIC BAY RP//83HQ// 1 ENCLOSURE (4)