NETWORK ENCRYTION SYSTEM

OPERATING PROCEDURE

FEBRUARY 1999

VERSION 1.0

Reviewed and approved for use by

Richard Chesmore, DSS Northeast Regional Specialist


PURPOSE:

The Network Encryption System (NES) device is used to encrypt classified data for transmission to other cleared and approved facilities. The purpose of this procedure is to document the process for reviewing the NES audit records, and reporting alarm messages on the liquid crystal display (LCD), and monthly audit records of the NES.

SCOPE:

This procedure will be read by all persons who are tasked to operate the NES, or review the audit logs. This procedure implements the requirements of the NSA security doctrine. Additional security requirements for reviewing audit records may be imposed by individual customers. Prior to operating the NES, or conducting reviews, the NES custodian should verify that there are no additional requirements imposed on the contract prior to implementing this procedure.

DETAILS:

When there is an alarm condition on the NES, the blinking green luminous electric display (LED) will turn red, and an error message will display on the liquid crystal display (LCD). When an alarm condition exists, the custodian or designee should be notified. The system should not be rebooted by anyone unless they have been designated and educated to the proper procedures. By rebooting the system, the error message on the LCD is cleared, along with the reason for the alarm. The LCD on the NES device shows error codes which help the custodian determine if there is a network problem, or a problem with the NES device.

Most of the messages are related to communications errors that are occurring with the network and have no security relevance. There are however two messages which may be displayed on the LCD that require immediate notification of the COMSEC Custodian. If the LCD displays either of the following messages,

the NES must be considered to be tampered with, and must be taken out of service immediately. The custodian is responsible for notifying the COMSEC Custodian and/or the Security Manager immediately. The COMSEC Custodian will be responsible for submitting an insecurity report to the NSA.

At least once a month, the NES custodian is required to download the audit information from the NES configuration disk, to the dedicated PC in the COMSEC room that is used for the review and storage of NES audit information. The review will be conducted by two program briefed individuals. The Audit Review Log will be completed by both individuals completing the review. Any anomalies will be annotated on the log. If any alarm message appears that is not a “normal” audit event, it will be reported immediately to the COMSEC custodian. If required by NSA doctrine, a report will be filed with the program customer and the NSA. The Audit Review Log will also be used to annotate any change to the NES device (i.e., updated configuration disks, upgrade of NES software, maintenance performed on the NES device, etc.).

Attached to this procedure is the detailed description of alarm messages which could appear on the NES device during an “alarm condition”. Also attached is a step by step procedure on how to perform monthly audit record reviews.

ADMINISTRATOR RESPONSIBILITIES:

The NES Administrator is responsible for the following:

(1) installing configuration disk,

(2) in conjunction with a second individual, review and archive audit trail records;

(3) maintaining the NES System Log;

(4) monitor the operation of the NES and reporting COMSEC incidents to the COMSEC Custodian and/or Security Manager, and,

(5) assist EIS personnel to identify and resolve technical issues.

The NES Administrator is responsible for conducting audit reviews at least on a monthly basis. These reviews will be documented in the NES Log which is maintained next to each NES device. The NES Log will also be used to track configuration disk changes, changes to the operating system software and any system anomalies.


Error Codes

The following error codes may appear on the liquid electronic display of the NES device, and may appear during the monthly review of the NES audit trail records. The table below explains what the codes mean, probable cause and corrective action.

ERROR CODE / DESCRIPTION OF ERROR / PROBABLE CAUSE AND
CORRECTIVE ACTION
23 / Audit Retry Fail
(kf_flush) / Probable Cause: The NES can not write to the AUDIT.DAT file.
Corrective Action: Do not set the write-protect tab on the 3 1/2” floppy config disk.
36 / Crypto Seal Fail
(kd_crypto_seal_seal) / Probable Cause: Bad VERIFY.REC file or config disk.
Corrective Action: Contact the system administrator.
7C
7D / VME Initialization
(kb_bpp_vme_init)
(kb_mpp_vme_init) / Probable Cause: The VME board will not initialize due to bad executables, disk not formatted, or corrupted NVRAM (374A boards).
Corrective Action: Contact the system administrator.
7E
7F / VME Comm Load
(kb_bpp_load)
(kb_mpp_load) / Probable Cause: The communications executables will not load. could be new executable (Application Software), corrupted files, or 4Mbyte software loaded on 1Mbyte platform.
Corrective Action: If new Application Software has been loaded a new key is required. If existing configuration, format and rebuild the configuration disk using the back-up verify.rec.
8A / Buffer Failure
(kb_ret_mpb) / Probable Cause: This is an anomaly that may occur with Application Software before release Ver.4 Rev.-
Corrective Cause: Reboot NES. IF problem is persistent, upgrade the application software.
D2 / ASCII ID Mismatch / Probable Cause: The ASCII ID on the OP key does not match the one on the config disk.
(3.3 ROMS Only)
Corrective Action: Get correct Op key or change the config disk.
D4 / Disk Integrity Check Failed
(km_integrity_chk) / Probable Cause: This may be caused by a disk with the wrong NES or, it initial/new key load, the NES has not been properly zeroized before installing key material or the VERIFY.REC files corrupted or missing.
Corrective Action: Install the correct disk. If an initial/new key load, remove the battery and power the NES off. Attempt to load the new key. If updating config disk or using a backup, ensure presence of a VERIFY.REC file.
D5 / Unit Zeroized
(km_ksd_read) / Probable Cause: The NES has been zeroized. The battery may be low or system may not be properly grounded.
Corrective Action: Zeroize the unit and perform the initial/new key material installation procedures.
D7 / CIK Load Fail
(km_cik_load) / Probable Cause: If this audit event is preceded by a “Bad Keying Material” audit event, the KSD-64A device is bad.
Corrective Action: Report to the EKMS. Keep trying. Otherwise, load new Op key.
D9 / Comm Load Failure
(km_comm_load) / Probable Cause: New executables (Application Software) have been installed or 4Mbyte software has been installed on 1Mbyte platform.
Corrective Action: If new Application Software has been loaded a new key is required. If existing configuration, format and rebuild the configuration disk using the back-up verify.rec.
DC / Audit Write Failure
(km_audit_seal) / Probable Cause: The configuration disk is full of audit events. this may also be caused if the disk is removed while the LED is green to archive audit events. Or a pre-formatted floppy was used.
Corrective Action: Format and rebuild the configuration disk using the back-up verify.rec. May require new key material. Re-format floppies that are pre-formatted out of the box.
DE / CIK Read Error
(km_cik_load_rsp) / Probable Cause: The NES cannot read the CIK. This can be caused by a damaged CIK (ESD), or inserting the wrong CIK.
Corrective Action: Clean the CIK electrical contracts, inspect the CIK for damage, and reboot the NES. If error persists, it will require new key material.
DF / Key Material Load Failure
(km_key_load_rsp) / Probable Cause: The KSD-64A may not be compatible with the NES or may be damaged (ESD).
Corrective Action: Zeroize the NES and attempt to reload the key material. If the key material will not load, try a back-up key. Report the failure to the EKMS.
E1 / CIK Read Failure
(km_read_cik_ik) / Probable Cause: The CIK is the wrong CIK or may be damaged (ESD).
Corrective Action: Clean the CIK electrical Contacts, inspect the CIK for damage, and reboot the NES. If error persists, it will require new key material.
MESSAGE / OPERATOR ACTION /
AUDIT ERROR / Reboot NES
AUDIT RETRY FAIL / Reboot NES
Audit Seal Fail / Return disk to Network Administrator
BAD Key Material / Notify COMSEC Custodian
BATTERY LOW / Replace/Install Battery
BATTERY OK / Battery is good
CANNO BOOT DISK / Insert configuration disk or reformat disk
DATA KEY REMOVED / Data key removed from key receptacle
(DATE) / Read day of year
FAIL AUDIT WRITE / Reboot NES
FF Mat Expired / Key material has expired, notify COMSEC Custodian
INSERT DATA KEY / Insert key in keyceptical
INSERT KEY / Insert key in keyceptical
Invalid Data Key / Notify COMSEC Custodian
K: (Key ID) / Key Management Identification number
KEY CIK RSP=XX / Notify COMSEC Custodian
KEY ELEC RSP=XX / Notify COMSEC Custodian
KSD64 PARSE FAIL / Notify COMSEC Custodian
N: (NES TITLE) / Name of device from floppy disk
NES ON CRL / Notify COMSEC Custodian
Not CIK State / NES is expecting operational seed key
Not OPK State / NES is keyed and will not accept new KSD-64A
Not SDK State / NES is keyed and will not accept new KSD-64A
PLEASE SHUT DOOR / Close front panel door (firmware version 3.2 or lower)
REMOVE DATA KEY / Remove key from keyceptacle
(Security level) / UNCLASSIFIED, CONFIDENTIAL, SECRET, TOP SECRET, or UNKNOWN
T: (Key title) / Name of keying material
TAG CREATE FAIL / Memory error in Security Management Unit
(TIME) / Read time of day
TURN KEY / Turn key clockwise to stop point


The following messages may appear on the PC during the review of audit messages:

MESSAGE / MEANING /
Unit recovering from Tamper / The NES device logs this event every time the device creates a new tamper key. This audit event number is always #1, and the time stamp defaults to January 1, 1988.
Rewrite Current Time of Day / Changing the time of day setting in the NES device generates an audit event. The data is new time of day setting. This should be the second audit after a tamper key is created.
Seed Key Loaded / Seed key has been inserted in the NES device.
Physically Delivered Key / Physical key has been inserted in the NES device.
Electronically delivered key / Operational key has been received from the KMS.
Unit key has been renewed / The completion of a Update Key.
New CRL has been loaded / A CRL has been received.
KERNAL error reported / Contact the system administrator.
Configuration file changed / Modification of the configuration files on the configuration disk. The message lists the new file size.
Audit record has been corrupted / Contact the system administrator.
Executable file changed / Modification of the load files on the configuration disk. This event causes the NES device to shutdown until the device performs an SDNS Update Key, or Convert Seed Key function.
CIK has been validated / This is a normal message requiring no action on the part of the system user.
CIK has been removed / Records removal of the CIK.
KMUA state machine failed / Contact the system administrator.
KMP state machine failed / Contact the system administrator.
KERNAL selftest crypto period expired / Normally indicates the crypto self-test period has elapsed and the self-test begun. This event may also be recorded as an error condition when the self-test exceeds its maximum execution time. The message will indicate if this is a normal or error event.
SP protocol encrypt failed / Contact the system administrator.
SP protocol decrypt failed / Contact the system administrator.
SP protocol security label failed / Contact the system administrator.
SP protocol invalid TEK / Unknown external key ID.
Power-up tests failed / KERNAL power-up self test failed.
Remote self-test request / Remote self test was started.
Data key parse error / Contact the system administrator.
Sent ASCE abort request / Contact the system administrator.
Received ACSE abort indicated / Contact the system administrator.
KMUA received status message / KMUA received error message from remote NES device.
Received ESTAT KPDU / Contact the system administrator.
Received spurious interrupt / Contact the system administrator.
Bad CRL data read from floppy / CRL data corrupted on floppy.
Time-of-day logic error / Time of day status test failed.


NES MONTHLY AUDITING PROCEDURES

1.) Go to NES device and turn the key to the left (the red light should now be on)

2.) Turn on the computer

3.) Remove disk from NES device and place in the PC drive

4.) Type the following at the C: “cd prodsrvr” (return)

5.) Type “NPs” (return)

6.) Press any key to continue

7.) Arrow over to “Audit” on the PC and hit return

8.) Choose “Display Audit Events” from the Audit Menu

9.) A new screen appears showing all audit event search parameters: select “setup” (return), then “select configuration disk” (return), “select all” (return), at the “choose one” box (return), at the “output device” box (return)