When we think of Communications Security (COMSEC) we no doubt think of cryptographic systems, secure communications and telecommunications infrastructure and the security they require. And all of those are accurate. Secure communications require secure cryptographic systems, devices, keys and code. Together they mesh to protect information. The reality is COMSEC, or Communications Security is much more than simply securing the information technologically, it encompasses the creation of the environment where information is shared on a need-to-know basis. In the late-18th Century, Thomas Jefferson used a cryptographic disk for some of his correspondence and a substitution cipher for others. He knew information in transit was vulnerable information. He went to great lengths to admonish those who were receiving his missives and responding to him, how the cipher key must be protected.
We all know the adage, “Loose lips might sink ships,” and while this was a war-time admonishment made famous in the 1940’s, it remains valid today. When confidential information is shared inappropriately or in an unauthorized manner it puts the information at risk. This risk may be as extreme as putting an individual’s life in peril or a nation as a whole, by rendering vulnerable the national infrastructure to a nation’s adversary. The recent revelations coming from the information purloined by former government contractor, Edward Snowden, is a clear case of communications protocols being ignored or insufficient. Which is to say, that while the information may have been technologically encrypted and protected, its ultimate security relied upon the following of information security protocols.
COMSEC is so much more than simply securing the information technologically and cryptographically, it encompasses the creation of the environment where information is treated securely. COMSEC custodians will go through the necessary protocols to ensure personnel treat the classified information securely. You the employee must be sure to do your part as well.
For additional reading on the subject of securing information in a government contractor environment, the current DSS Self Inspection Handbook focuses on three areas. A) Facility Security Clearance (FCL), (B) Access Authorizations, and (C) Security Education.