National Initiative Protection Program — Sentry Eagle

Oct. 10 2014 — 11:03p.m.


TOP DRAFT (S) National Security Agency/Central Security Service (N SS) and U.S. Strategic Command Joint Functional Component Command - Network Warfare (JFC C-NW) National Initiative Protection Program Sentry Eagle National Initiatht on: Secret: Dcrivcd From: 1-52 Dated: 20041 123 Dcclassify On: 20310524 TOP SECRETSCOMIN 10524

TOP [0524 DRAFT (S) National Initiative Brief Sheet . You are being indoctrinated on SENTRY EAGLE, the and compartrnented program protecting the highest and most sensitive level of information related to and support to the US. Government's efforts to protect America?s cyberspace. America?s cyberspace is the combination of US. National Security Systems, Military Systems, Intelligence Systems, Federal Government Systems, Critical Infrastructure Systems and all other US. systems (private industry, academia and private citizen.) . effort to protect America?s cyberspace encompasses the combination of all abilities to detect nation and non-nation attacks on US. cyberspace via active and passive SIGINT and Information Assurance means. JFCC-NW's effort to protect America?s cyberspace encompasses the efforts to plan, and when tasked, attack an adversary?s cyber space via Computer Network Attack. The combination of these two e?'orts constitutes and Core Computer Network Operations (CNO) Secrets. . In order for and JFCC-NW to accomplish, along with other US. and foreign government agencies/elements, the protection of America?s cyberspace, must combine the full capabilities of authorized Computer Network Operations capabilities (SIGINT, Computer Network Exploitation Information Assurance, Computer Network Defense (CND), and Network Warfare, Computer Network Attack and all supporting activities. . SENTRY EAGLE and its subordinate programs protect the combined facts related to and abilities to conduct CNO operations. It encompasses the most sensitive aspects of relationships with industry (U.S. and foreign) and the US. lnforrnation Operations/CNO community; ability to exploit cneiphered communications; ability to conduct CN ability to conduct and, relationships with Human Intelligence (HU MINT) Agencies. . These and JFCC-NW Core CNO Secrets are being provided to you based upon your ?need to know" as determined by the Director, NSA/Chief, Central Security Service and Commander, JFCC-NW. While many of the facts in this brie?ng are contained in separate Exceptionally Controlled Information (ECIs) or DOD Special Access Programs (SAPS) structures, no other program combines the totality of all these facts into one overarching program. The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to overall mission. As such, depending upon TOP [0524 DRAFT

TOP 10524 DRAFT your mission need-to-know or management position, you may be read on for one, a combination of two or more, or all aspects of SENTRY EAGLE. . Individuals briefed into SENTRY EAGLE may not share information regarding this program with those not read into this program, or with foreign nationals, including those with whom has Second and Third Party relationships. Depending upon a speci?c fact, you may share such a fact with foreign partners as noted on the SENTRY EAGLE or subordinate classi?cation guides as paragraph marked or within speci?c SAP or ECI channels. Under no circumstances will you share the totality of SENTRY EAGLE nor facts that are marked NOFORN. . (S) SENTRY EAGLE material must be protected within this compartment and discussed only with cleared personnel on a need-tooknow basis. Disclosure of SENTRY EAGLE information to non-indoctrinated personnel may result in disciplinary action to include criminal prosecution. When sharing SENTRY EAGLE compartmented information, it will be protected with when transmitted via electronic means or with sealed, by name envelopes when transmitted via hard copy. TOP 10524 DRAFT

TOP DRAFT (U) SENTRY EAGLE DATA SHEET COVERNAME: SENTRY EAGLE TRIGRAPH: SEE CONTROL AUTHORITY CONTACT INFORMATION: Name: Org:? Phone E-maik Name: Org:? Phone E-mail: (U) INFORMATION REQUIRING SENTRY EAGLE PROTECTION: Details related to the combination and abilities to conduct CNO in the defense of America?s cyberspace. (U) VALUE OF SEE: Protecting sensitive industrial and human intelligence relationships; SIGINT exploitation of adversary computers and computer networks and infrastructure and their use of encipherment; Information Assurance defense of US. Government National Security Systems; and, Computer Network Attack mission capabilities. (U) JUSTIFICATION FOR SENTRY EAGLE PROTECTION: Unauthorized disclosure of relationships with industry (U .S. and foreign) and the U.S. Information Operations/CNO community; ability to exploit enciphered communications; ability to conduct ability to conduct and, relationships with Human Intelligence (HUMIN T) Agencies will cause exceptionally grave damage to US. national security. The loss of this information could critically compromise highly sensitive US and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S cyberspace. TOP APT

TOP 10524 DRAFT (U) LINKAGE TO OTHER and JFCC-NW PROGRAMS (ECI or SAP): (C) This overarching compartmented program is related to the following ECIs (list all the ECls SPARECHANGE, WHIPGENIE, AUNTIE, AMBULANT, OPALESCE, REVELRY, REFRACTOR) and SAPS (list all the SAPS by name only). (C) SENTRY EAGLE is an umbrella ECI program that includes facts currently contained in other 505 and separate SENTRY EAGLE ECI facts. (C) SENTRY EAGLE contains sub-compartments: SENTRY HAWK, SENTRY FALCON, SENTRY OSPREY, SENTRY RAVEN, SENTRY CONDOR, AND SENTRY OWL. (U) SENTRY EAGLE BE SHARED WITH FOREIGN The entirety of SENTRY EAGLE will not be shared with any foreign parties. However, subcomponents of SENTRY EAGLE, constituting various facts already shared with or 3rd parties, may be shared, but only within existing ECIs. Sec speci?c ECI Security Of?cers for more information on sharing with foreign partners. TOP 10524 DRAFT

TOP 10524 DRAFT What follows is a listing of and JFCC-NW generalized facts related to sensitive intelligence and defense or network warfare methods, relationships and activities that are currently protected as noted. Many of these facts, to include detailed information, are contained in separate special access programs under auspices many under Exceptionally Controlled Information (ECIs) or Special Access Programs (SAPS). (S) The protection of Intelligence sources, methods and activities relate to the following: Source Person, place or thing from which intelligence is gathered; Method means by which collection, processing, and dissemination takes place; Activity intelligence operation that may employ one or more source or method and the degree of success for said operation. Depending upon your mission need-to-know, you will be read on for one or more of these generalized fact sets. Speci?c detailed facts for a generalized fact will remain within one or more ECIs as noted. (U) Facts, as color coded, are as follows: a. (U) Green color: Unclassi?ed facts that may be released to the public at the unclassified level. Only or JFCC-NW Public Affairs of?cers may release this information. b. Blue color: Unclassi?ed but for Of?cial Use Only (F OUO) facts that may be released by any or JFCC-NW government of?cial to another US. Government, US. Industry, U.S. Academic or selected foreign governments, as authorized. c. Red color: Con?dential, Secret or Top Secret, to include Special Compartmented Information (SCI), that may be released by any SS and JF CC -NW government o?'rcial to another properly cleared and indoctrinated US. Government official or as authorized to a foreign government on need to know basis. d. Black color: Top Secret, NATIONAL EAGLE program information that MAY NOT BE RELEASED OUTSIDE OF except to a limited number of selected U.S. Govenunent officials and ONLY WITH THE APPROVAL OF JFCC-NW OR THE NATIONAL INITIATIVE PROGRAM SECURITY OFFICER These facts, in part or as a whole, constitute many of and most highly sensitive or network warfare facts related to intelligence sources, methods, and activities and relationships; or CNA operational capabilities, thus necessitating extraordinary protection. TOP 10524 DRAFT

TOP 10524 DRAFT (U) NSAICSS and its Relationships with Industry within the National Imitative - Sentry Owl - SOL (U) Fact that must keep abreast of current trends and technology related to communications and information technology. (U) Fact that NSAECSS works with foreign partners as a part of its missions. Fact that works with US. industry in the conduct of its missions. Fact the works with US. industry as technical advisors regarding products. Fact that SS conducts SIGINT enabling programs and related operations with US. industry. Fact that SS conducts SIGINT enabling programs and related operations with US. HUMINT Agencies and other LIS. government elements. Fact that NSAECSS has Foreign Intelligence Surveillance Act (FISA) operations with US. commercial industry elements. (Tst'Sl) Fact that SS conducts SIGINT enabling programs and related operations with foreign partners. SOL) Fact that works with and has contractual relationships with speci?c named U.S. commercial entities to conduct SIGINT enabling programs and operations. ECI SOL) Fact that works with speci?c named U.S. commercial entities and operational details (devices/products) to make them exploitable for SIGINT. ECI SOL) Fact that works with speci?c foreign partners and foreign commercial industry entities and operational details (devices/products) to make them exploitable for SOL) Facts related to NSA personnel (under cover), operational meetings, speci?c operations, speci?c technology, speci?c locations and covert communications related to SIGINT enabling with speci?c commercial entities SOL) Facts related to working with US. commercial entities on the acquisition of communications (content and metadata) provided by the US. service provider to worldwide customers; communications transiting the or access to international communications (cable, satellite, etc.) mediums provided by the US. entity. ECI SOL) Facts that identify a US or foreign commercial platform conducting SIGINT operations, or human asset cooperating with TOP 10524 DRAFT

TOP 10524 DRAFT (U) and its Relationship: to Information Operations/Computer Network Operations with the National Initiative ECI Sentry Condor - SCR. (U) Fact that provides support to Information Operations (10). (U) Fact that provides SIGINT and Computer Network Defense (CND) information in support of Computer Network Attack (CNA). Fact that provides technical SIGINT and Information Assurance datafrnformation in support of CNO Fact that provides SIGINT that supports the planning, and employment of CNA combat capabilities Fact that hosts (speci?c DOD named units and organizations) CNA activities within its SIGINT CN structure. SCR) Fact that provides speci?c target related technical and operational material tools and techniques that allows the employment of US. national and tactical speci?c computer network attack mechanisms. TOP 10524 DRAFT

TOP 10524 DRAFT (U) and Exploitation of Eneiplrered Communications with the National Imitative - ECI Sentry Raven - SRN (U) Fact that exploits foreign ciphers. Fact that NSNC SS works with the in the exploitation of foreign ciphers. Intelligence derived from the exploitation of foreign ciphers without revealing the underlying foreign cipher (manual or machine) or techniques used to exploit. SRN) Facts that reveal speci?c weakness or methodshneansfteehniques used to achieve success against a foreign cipher. SRN) Facts related to Super Computers/Special Purpose hardware, software and specific programmatic funding resources used to achieve success against foreign ciphers. ECI SRN) Fact that works with speci?c U.S. commercial entities to modify U.S. manufactured systems to make them exploitable for SRN) Fact that is investing hundreds of millions of dollars in high-powered and special purpose computer systems to attack (speci?cally commercial TOP 10524 DRAFT

TOP 10524 DRAFT (U) and Computer Network Exploitation with the National Initiative - ECI Sentry Hawk - SHK (U) Fact the conducts Computer Network Exploitation (CNE) (U) Fact that works with the CIA and FBI. Fact that works with CIA and FBI on SIGINT related missions. (SKISI) Fact that works with CIA and FBI related to ?close access or remote access" CNE operations. Fact that conducts SIGINT operations against computers, computer peripherals, computer-controlled devices, computer networks or facilities that house them, using publicly available access Public Switched Networks, Internet, etc.). (TSESSI) Facts related to adversary vulnerabilities to CNA. Facts related to adversary planning or operations.? SHK) Fact that is attempting to exploit or has succeeded in exploiting a speci?c vulnerability ?rewall, operating system, software application etc.), a speci?c entity or facility within a target?s IT/eomputer structure. (TS/[Sill ECI SHK) Facts related to the exact timing, location, participants, off-net or on-net operations (including cover/covert presence on the internet), CNE command, control and data ex?ltration tools/capabilities and locations, used to exploit or maintain intrusive access to a target?s IT/computer structure. SHK) Fact that works with US. and foreign commercial entities in the conduct of CNE. SI-IK) Facts relatcd to the description of US. hardware or software implant and location (speci?c organization and Internet Protocol Device/Address) of such on a target?s IT/communieations system. SHK) Facts related to access to non-U.S. worldwide cable/?ber optic structures regardless of platform access or agreements with foreign entities. (Note: All attempts will be made to protect the ?source? of the information lest an adversary determine how NSA acquired the planning and operations. In all cases, maximum protection will be granted to the ?method? and ?activity? used to acquire the information). TOP 10524 DRAFT

TOP 10524 DRAFT (U) NSAICSS and Computer Network Defense with the National Imitative - ECI Sentry Falcon - SFN (U) The fact that conducts Computer Network Defense (CND) (U) Facts related to general, open source reporting on types of generic vulnerabilities (viruses, trojan horses, etc.) Facts related to deployment of CND structures to detect and report on anomalous activities. General facts related to Joint COMSEC Monitoring Activities (JCMA), Red Team and Blue Team. Facts related to US. victim vulnerabilities and victim exploitation when uncovered via Bluesash. (CJNF) Facts related to JCMA results as provided to a supported command?. (S) Facts related to adversary CNE and CNA capabilities. intentions and activities (without attribution to intelligence sources or methods") (S) Facts related to deployment of CND structures Bluesash) to detect hostile (state or non-state sponsored) CN activities at US. NIPRNET gateways. (S) CND response action operations. (S) Facts related to NSAICSS's Joint COMSEC Monitoring Activities (JCMA). Red Team. Blue Team results*?*. (SUSI) Facts related to adversary CNE and CNA activity attribution. (SUSI) Facts related to US. victim vulnerabilities and victim exploitation when uncovered via SIGINT sources and methods. Facts related to 15.8. victim vulnerabilities and victim exploitation. ECI SFN) Facts related to activities to determine intruder attribution including sensitive counter-intelligence investigations and sensitive honey- pot, watermarking, data-tagging activities. SFN) Facts related to speci?c operations to deceive network users. SFN) Facts related to speci?c activities to redirect network data. Classi?ed at a minimum May be classi?ed higher based upon results. Note: The only way to accomplish this outside of SCI. but still classi?ed. channels may necessitate the use of a US. Department of Homeland Security) ?cut-out" to transmit such information to US. Government. State. Local and Tribal entities. as well as foreign govemments. The preference will be to use a non-US. Intelligence Community entity. (S) Results may be Secret NOFORN. TOP 10524 DRAFT


TOP 10524 DRAFT (U) NSAICSS and its Relationship with Human Intelligence Agencies with the National Initiative Sentry Osprey - SOY (U) Fact that works with the Central Intelligence Agency (CIA) and the Defense Human Intelligence via the National Clandestine Service (NCS). Fact the works with the NCS to conduct SIGINT operations. Fact that NSAECSS works with the NCS for the collection of high priority target internal foreign communications. Fact that employs its own HUMINT assets (Target Exploitation TAREX) to support SIGINT operations. SOY) Facts related to targets/target countries that employ NCS capabilities. SOY) Facts related to the identity of NCS human assets/agents (covert or under cover), speci?c targets/target countries, specific locations/sites (cities/IT site) and specific operations and techniques (equipments/supply chain or other) used to exploit targets. TOP 10524 DRAFT

Fetching more

Filters SVG