5 June 1997
See STU-III and EKMS bibliography.
by Wayne Lund
Instructor, Department of Defense Security Institute
I was sitting in a meeting yesterday, when one of the senior members of our staff (I call him "Sir") turned to me and said, "With all the STU- III classes that you have given, I'll bet you have heard some funny stories about the STU-III. You ought to write an article for the Security Awareness Bulletin and include all the funny STU-III stories that you have heard."
"No, Sir," I responded. "I have not heard any funny STU-III stories. I have only heard of a lot of offices that have STU-III's that never get used."
I thought to myself, I could write funny stories about my two puppies, Freckles and Chelsea, but not about a telephone. (The puppies really belong to my wife and kids. I just pay the vet bills and fill in the holes that they dig in my back yard.)
It's just a telephone:
In all fairness to Sir, I have heard some stories of the sort that I think he was talking about. I just don't think they are very funny. You see, to me a STU-III is just a telephone. It is a special telephone that allows us to have classified conversations without fear of interception, but it's still just a telephone. I have never been particularly interested in gadgets (to include fancy telephones). I am only interested in what a gadget can do to make my life simpler or more enjoyable. I think Sir is more technically oriented than I am. Since I'm not particularly interested in gadgets, stories about people's problems with these devices don't strike me as funny.
I'm really more interested in planting azaleas than I am in hearing about the problems that people are having with their telephones. I could tell you a funny story about the time I planted a beautiful purple- blossoming azalea bush next to my garden shed. When I came home from work the next day I found a hole where the bush had been. Freckles came running out to greet me and Chelsea came running up behind her with what was left of my new azalea bush in her mouth!
No funny stories about the regulations:
Sir probably assumed that I have heard stories about people who are confused about the rules and regulations related to use of the STU-III. He's right. I have heard of some confusion. I just don't think that confusion about regulations is funny. Here, too, Sir and I each have a different frame of reference. Sir is a retired Army Colonel. He takes rules and regulations very seriously. I, on the other hand, was an unemployed social worker who got into the security business 15 years ago because I needed a job.
Don't get me wrong. I realize that rules are necessary. They establish order and create a system with which we can accomplish our goals. I'm just not fascinated by rules. I think of them the same way that I think of gadgets. I only like rules for what they can do for me (or for us as a society). Rules should serve a purpose; e.g., We have a rule that Freckles and Chelsea must stay inside my fenced backyard so they will not dig up my neighbor's bushes.
Much of the confusion about STU-III rules comes from the fact that they are based on the rules that were established for traditional secure communications (COMSEC) systems; but the STU-III rules are in many ways much less restrictive and cumbersome than the rules governing the older systems.
The old COMSEC rules were very restrictive and cumbersome for good reason. If an adversary somehow obtained the code (or key) that we were using to encrypt our secure message traffic, an intercepted message could be deciphered. With the older systems the key was usually loaded into the secure communications device in some physical form such as a punch card, or paper tape with a pattern of holes punched in it . (It was this type of key material that the Walker spy ring specialized in selling to the Soviet Union.) Any key material that is in a physical form is very susceptible to compromise.
It is unfortunate that some people who are somewhat familiar with the strict regulations associated with traditional COMSEC systems avoid using STU-III equipment because they want to avoid cumbersome regulations. The rules related to the STU-III program are really quite simple.
Why STU-III regulations are simpler:
Advancements in technology have allowed us to develop the STU-III products, which actually generate a traffic encryption key at the time that a secure call is made. Since the traffic encryption key did not exist prior to the call, it only exists in electronic form, and disappears when the call is terminated, it is extremely unlikely that an adversary will be able to obtain the key. Even if that did happen, the key could only be used to decipher that one message, since a new traffic encryption key (code) is generated for each call.
There is more to the protection of STU-III key than that. The STU-III system is set up with a multi-tiered system of key protection including Seed Key, which is used to initially set up your STU-III phone; and Operational Key, which remains resident in the memory of your STU-III phone and serves to protect the initial portion of the call during which time the Traffic Encryption Key is generated. Seed Key and Operational Key also contain your local office's identification information which can be viewed by the other party when you make a secure call.
We have already bought them, now let's use the darn things!
Chelsea looks like a half-sized English Sheep Dog. Her sister, Freckles is almost bald, like me. Last spring we went out and bought electric dog grooming sheers with all the fancy attachments so I could give Chelsea a haircut. There is no way that this poor dog could survive the infamous heat and humidity of the Richmond summer without a haircut! The sheers are very well designed, and I'm sure they are worth every penny of the $49.98 that we paid for them. The sheers could be used hundreds of times, and with doggie haircuts going for $15 - $20 at the pet store, the sheers would soon pay for themselves.
The problem is this. The first time I used the sheers I scalped Chelsea so drastically that she made Freckles look like a fluffball. I accidentally pinched her ear in the clipper, and for weeks after that haircut Chelsea would run and hide under the deck whenever she saw me coming her way. She looked so bad that my family would not speak to me until November when her fur started growing back. I thought I would never give that dog a haircut again!
When the weather started getting hot last spring my wife reminded me it was once again time for Chelsea to have a haircut. I considered the trauma of my first attempt and was tempted to just take her to the pet shop and pay for her haircut. Then I started reading the instructions that had come in the package with the clippers. They explained how to use the attachments to avoid clipping the hair too short, and how to avoid pinching the dog's ears. I decided to try it again. Chelsea's haircut this year looked great! The $49.98 that we spent for the sheers would have been money wasted if I had decided not to use them again. Once I read the directions and gave myself a second chance I found the job to be quite simple.
A STU-III phone is a bit more expensive than a pair of dog-grooming sheers. Each unit costs about $2000. These are a good investment if they are used as intended. What troubles me about this investment is that there are many STU-III units that are never used in the secure mode. Some are only used as plain old telephones. Others remain packed in the box that they came in and are not used at all. The U.S. Government and government contractors have purchased about 263,000 STU-III units. At $2000 each, we have an investment of over $500 million just in the phones. We also have a substantial investment in the key management system and administrative systems that support the STU-III program. If the phones are used this is money well spent. If they are not used it is money wasted. I hope the STU-III phones in your office are being used.
How does using the STU-III save money?
Without secure communications, the only appropriate way to have a secure conversation with someone about matters that are classified or sensitive is to have a meeting. If the other person is in the same city as you, it may take you an hour's driving time, find a parking place, and go in for your meeting. After the meeting it will take you another hour to get back to your office and back to work. If the other person is in another city, the travel time could amount to a day or two, plus you have the added expense of travel costs. If your time is worth anything to your organization, saving time is saving money. With the availability of the STU-III you may have your conversation with none of the associated travel costs of time or money. You may be able to avoid taking unnecessary business trips by accomplishing your business over the phone. From a personal standpoint this means you will not have to spend so much time away from your home and family.
The cost of lost information:
People talk on the phone. People have discussions about sensitive information on the phone. Even if they are not supposed to, some people discuss classified information on the phone. What these people apparently don't realize is that when they have these discussions the chances are great that someone is listening in.
Everyone in our organization must be aware of just how easy it is to listen in on a telephone conversation. They should know that specific phones such as those at a cleared facility are often targeted, and that modern eavesdropping equipment allows the adversary to queue in on specific types of information.
We must convince people that the information they discuss over the phone is indeed vulnerable.
Losing control of sensitive or classified information is significant. We often speak in general terms about protecting National Security. This general term includes protecting our country's military, economic, and diplomatic interests.
To be meaningful to most employees it may help to personalize the concept. Think of the military threat in terms of human life. Lost information could cost the lives of U.S. servicemen and women as well as the lives of civilians.
The economic threat of losing our technological edge is quite apparent. As foreign firms acquire our technology, they attempt to take over the market -- costing many Americans their jobs. The jobs of your company's employees may also be dependent upon protecting information about corporate financial matters, pricing strategies, and marketing plans.
The disclosure of classified information may also have an impact on the diplomatic stance of the United States. This is sometimes less obvious to those of us who handle classified information.
Cost of not communicating:
In contrast to the problem of not protecting information, we also experience problems when those of us who are working together fail to communicate. This can result in missed deadlines, lost sales, duplicated efforts, wasted money, time, and resources.
One of the lessons learned from our involvement in Operation Desert Storm was that we need to streamline our security procedures in such a way that we can adequately protect valuable information while still making that information available to those people on our side who can use it.
We have lots of good reasons to use the STU-III. Why do some people still avoid using it?
People avoid doing things that subject them to additional administrative requirements. We must get the word out that using the STU-III is simple, and we must do everything we can to make it convenient.
Once people realize the risks of making non-secure phone calls and realize how simple it is to use the STU-III, they will not only be willing to use it, they will insist that they have a STU-III available for their daily use.
No funny stories about the KSD-64A:
The KSD-64A is the little black plastic thing that is shaped like the key to your car. When you put the KSD-64A into a hole in your STU-III it can change the STU-III from a plain old telephone into a secure telephone. There is some confusion about the KSD-64A because it is used for several different purposes.
The KSD-64A contains an electronically-erasable-programmable-read-only- memory chip (EEPROM). This device is used to store Seed Key. It can be used as a "Crypto Ignition Key" (CIK) in which case it stores an electronic password which allows you to use the secure features of a particular STU-III. The KSD-64A can also be used as a "Master CIK", which means it contains a special password that not only allows you to use the secure features of your STU-III, but also allows you to change some of the optional settings on your phone. (In some unusual circumstances the KSD-64A is also used to store operational key.)
Since the KSD-64A is reusable, the same device (the same piece of plastic) may be treated differently depending on what information is stored on it at the time. There are different rules concerning the protection of the KSD-64A depending on what it is being used for.
When I am not planting azaleas or filling in holes in my yard, I like to brew my own beer. I reuse old soft-drink bottles by filling them with my latest batch of home-brew. A couple of times I have attempted to make root beer. (I have some funny stories about bottles exploding and scaring the wits out of Freckles and Chelsea.) As with the KSD-64A, I have different rules concerning the protection and storage of the bottles, depending on what they contain.
Secure data devices:
As I mentioned earlier, I am not particularly interested in gadgets. I'm only interested in what they can do for me. All that I know about computers is that my P.C. makes it much easier for me to write about my dogs and to check my spelling. I know that computers can talk to each other over telephone lines and that with a STU-III at each end they may do so in a secure mode. Most STU-IIIs allow secure transmission of voice or data.
The first STU-IIIs on the market in about 1987 transmitted at a rate of 2400 bits per second (2.4 baud). By 1990 most STU-IIIs on the market transmitted at the rate of 4.8 baud. The newest STU-III units transmit at the 9.6 baud rate. This higher transmission rate gives much better voice quality, and allows the STU-III to support the use of FAX machines and even Video Docking Units in the secure mode. The higher transmission rate is also significant to computer users because it allows computers to exchange information more quickly. There are some STU-III products available called Secure Data Devices that do not have voice transmission capability, but can support data transmission at the 9.6 or even the 14.4 baud rate.
No funny stories about technical problems:
I have heard stories about people having problems with their equipment, uh-h-h ... telephone equipment. (Not funny stories, just stories.)
All three STU-III manufacturers have help lines to respond to technical problems. The numbers are as follows:
AT&T 1-800-243-7883, (919) 279-3411
Motorola 1-800-922-7883, (602) 437-2822
GE / RCA 1-800-521-9689, (609) 727-5282
(Martin-Marietta Corporation provides service for GE / RCA STU-III products.)
Three common technical problems related to the STU-III are:
1. Accidental zeroizing
When the zeroize button on your STU-III is pushed, all of the key information and local identifying information which is stored in the memory of that phone is erased. Sometimes a loss of electrical power may also cause the phone to zeroize. (There is a battery in each STU-III to supply backup power.) Don't panic. You can load new seed key into the STU-III in just a few minutes. The trick here is to have a small inventory of seed key on hand to use when a phone is accidentally zeroized.
2. Compatibility with digital telephone equipment
STU-III units are designed to be compatible with analog telephone systems. Much of the newer telephone equipment is digitally based, rather than analog based. You may have digital switching equipment in your office building. To make the STU-III compatible with the digital equipment you may need to have an analog card installed in the switching equipment, or you may have to use a device which converts the analog signal from the STU-III to a digital signal. Since digital switching equipment is so commonly used, the manufacturers of STU-III products have developed several solutions to this problem of compatibility.
3. CIKs not being recognized
Sometimes a STU-III does not recognize a CIK even though the CIK is associated with that STU-III. Often this is the result of the CIK being dirty. As a first step, you may try cleaning the contact points of the CIK with your fingernail or some similar item. If after cleaning the CIK it still doesn't work, you may need to zeroize it and make a new CIK. (In most cases you can reuse the same KSD-64A.) If you cannot get a CIK to work in the phone that it is associated with, you should use the Master CIK to delete the malfunctioning one from the keyset.
Unclassified, but sensitive, discussions:
If you have a STU-III, you and the people in your organization should get in the habit of using its secure features not only for classified conversations and transmissions, but also for unclassified conversations or transmissions of a sensitive nature. Information about your company's new products, marketing plans, pricing strategies, executive travel plans, corporate financing, etc., is worth protecting. Protecting unclassified, but sensitive, information is a good habit for all of us to develop. For some organizations this concept is more formalized in the form of an OPSEC plan.
You may also have a legal or moral responsibility to protect personal information about your employees. Think of what your competitor could do with the information that passes between your corporate headquarters and your divisions or field offices.
Why am I interested?
Since I have told you that I am not interested in gadgets like fancy telephones, or in the fine points of rules and regulations, you may wonder why I spend my time writing articles like this or teaching a class about the Secure Telephone. The reason is two-fold.
First, I like to see efficiency in government and in industry. Use of the STU-III can yield great savings by providing a low cost system of secure communications.
Second, I am a strong believer in the axiom that knowledge is power. Because of this fundamental principle, I respect the value of sound information security. Protection of information can give us a significant advantage in military, law enforcement, economic, and diplomatic scenarios.
Military analysts agree that it was the technological superiority of the United States and the coalition forces that led to a quick and decisive victory in Operation Desert Storm. Part of that technological superiority was the secure communications capability which we had by using STU-IIIs. Use of the STU-III before, during, and after that conflict allowed us to protect our technological edge.
Sources of information about the STU-III:
One of the best ways to get clear guidance on policy is to read the policy yourself. Here's where to look.
Anyone who is involved in ordering STU-III key should be familiar with the following National Security Agency (NSA) publications.
1. Electronic Key Management System Services (EKMS-702.03)
2. Electronic Key Management System Registration Manual (EKMS-702.04)
3. Electronic Key Management Key Ordering Manual (EKMS-702.05)
4. Electronic Key Management System Accounting Manual (EKMS-702.06)
You may obtain these publications from:
EKMS Central Facility, P.O. Box 718, Finksburg, MD 21048-0718.
If you work for a cleared contractor you should be familiar with Chapter 13, Section 9 of the Industrial Security Manual for Safeguarding Classified Information (DoD 5220.22-M), and the COMSEC Supplement to the Industrial Security Manual (DoD 5220.22-S). You may obtain these documents from your DIS office.
DoDSI's STU-III Handbook for Industry was written to assist cleared defense contractors by summarizing STU-III concepts and policy. Although it is based on policy as it relates to contractors, it has been found to be helpful to other STU-III users. If you would like a copy of this handbook, call me (Wayne Lund) at (804) 279-3939.
Army STU-III policy is published in Security Procedures for the STU-III (Department of the Army Pamphlet 25-16) You may obtain this publication from US Army Communications Electronics Command, Communications Security Logistics Activity, CDR USACCSLA, Attn: SELCL-KPD-OR, Fort Huachuca, AZ 85612-7090.
U.S. Air Force COMSEC Custodians may find STU-III accounting policy in the AF COMSEC Accounting Manual (Regulation: AFKAG-2). For information contact U.S. Air Force Cryptologic Support Center, Electronic Security Command, Attn: MMIA, San Antonio, TX 78243-5000, phone (210) 977-2325.
Navy, Marine, and Coast Guard STU-III policy is published in the STU-III COMSEC Material Management Manual (CMS 6) which is available from: Director, COMSEC Material System (DCMS), 3801 Nebraska Avenue, N.W., Washington D.C. 20393-5252, phone (202) 282-0311.
Hands-on STU-III training is available from the GSA INFOSEC Training Center in Kansas City, Missouri. Courses are offered in Kansas City, Washington DC, and San Francisco and may be presented at your location on a case-by-case basis.
For information contact: GSA INFOSEC Training Center, Registrar's Office, 1500 East Bannister Road, Kansas City, MO 64131-3087, phone (816) 926-7682.
"Introduction to the STU-III" is a one-day course which is held at DoDSI in Richmond, Virginia, on the following dates.
This course is also presented at locations around the United States when it is hosted by an organization such as an Industrial Security Awareness Council (ISAC) or by a military or DoD office. Call Mike Black at (804) 279-4187 or Wayne Lund at (804) 279-3939 for more information. If you would like to enroll in one of the classes listed below, please fill out and mail in the Registration form on the opposite page. The DoDSI Registrar phone number is (804) 279-4891 if you have a question about registering.