Why do I care about your mail?

  • Published
  • By Information Protection Office
  • 95th Air Base Wing
EDWARDS AIR FORCE BASE, Calif. --  Our capability to protect information is a key enabler to sustain air, space and cyberspace dominance. This capability is essential to the success of the Air Force mission and warrants special attention by every echelon of command.

- U.S.A.F. Chief of Staff, Gen. Norton Schwartz

This was quoted from an article titled Air Force Officials Focus on Information Protection, and was geared specifically towards the new focus on addressing the need to protect information in the era of cyber attacks. The idea this quote supports goes beyond just cyber attacks and includes all aspects of information protection.

Information protection refers to the collective policies, processes, risk management and mitigation actions instituted to prevent the compromise and loss of unauthorized access of information over its life cycle, regardless of physical form or characters. The goal of information protection is not only to protect sensitive information, but unclassified and classified information to ensure that the total force understands and can perform information protection responsibilities. These are some of the recent mandates from senior Air Force officials highlighting the importance of protecting information.

This means all Edwards Air Force Base employees, collectively and individually have a certain level of responsibility to protect information daily, no matter the form that information takes. This includes reports, programs, documents, systems and, the main reason for this article, protecting the mail.

Some may wonder, "Why do I have to protect the mail? We're already on a secured installation or I don't work with classified information; what does mail have to do with protecting classified information?"

The reason is, Department of Defense Regulation 5200.1-R Information Security Program, allows for secret and confidential information to be mailed overnight through Base Information Transfer Service or the United States Postal Service or a delivery company such as Federal Express and United Postal Service.

Recently, there has been a spike in the number of incidents where mail has been left unsecured and later verified to be classified information.

A typical scenario would be where someone signs for a registered package that could be from BITS, USPS, or a commercial carrier. That person would then leave it on their desk. The individual would return, open the mail and discover there was classified information inside, resulting in a security incident.

For those who like statistics to support a premise, in 2009 there were a total of 16 security incidents. Three were directly related to unsecured registered mail. That means 18 percent of the incidents in 2009 were mail related. In 2010, which is barely half over, there are nine security incidents with five directly from unsecured registered mail. This means 56 percent of the 2010 incidents were due to unsecured mail.

This is a 32 percent increase in just registered mail incidents over the past year. Therefore, the emphasis is to get the word out around base to take the extra time to secure registered mail.

The U.S. State Department sums up the reason why information protection is important. According to them, regardless of the means by which such information is disseminated, it is essential that it be limited to authorized personnel with appropriate security clearances who have been adequately briefed on protecting such information. Compromising classified information, inadvertently or intentional, represents a threat to national security.

The relevance to security is that deliberate or negligent failure to comply with rules and regulations for protecting classified information, or for protecting other sensitive information such as For Office Use Only, Propriety, Export-controlled or Privacy Information, raises doubt about an individual's trustworthiness and is a serious security concern.

The Information Protection office asks for increased awareness to help reduce the number of incidents and to protect mail. The fix is simple; if one signs for any registered mail, personally deliver it to the recipient. If the recipient is not available for any reason, secure it until it can be determined if it contains classified information. Do not leave it unattended until the contents have been verified, and this may include opening the package. It is better to open and verify the content than explain to the person why it was opened rather than have to explain to a supervisor, security manager and commander why the security incident occurred.