Published in D.R. number 68 (Series I-B) of 22 March 1994

Presidência do Conselho de Ministros (Council of Ministers' Presidency)

Resolution of the Council of Ministers

Under the terms of sections d) and g) of article no. 202 0f the Constitution, the Cabinet has decided:

To approve, under the stipulation of section d) of no. 2 of article no. 8 of Law no. 20/87 of June 12, the telecommunications security instructions, henceforth briefly designated as SEGNAC 3, appended to and forming an integral part of this document.

CHAPTER 1

1- Generalities:
1.1 - Object:

1.1.1 - The present instructions should define the basic principles, norms and principles that should guarantee the protective security of the classified matters within the State organisations scope when transmitted via electrical or electronic means.

1.1.2 - Outside of these instructions scope are the following matters:

The security of the classified matters within the Armed Forces scope;
The security of the classified matters which were object of special stipulations settled by international agreements underwritten by our country.

1.1.3 - The revision and modification proposals to the present norms should be committed to the Technical Commission of the Portuguese Republic Intelligence Services in co-ordination with the National Security Authority.

1.2 - Basic principles:

The users of telecommunications means, in their working places, in their own homes or in any public or private places should comply with the preconised measures in the present instructions which should be a permanent security concern arising from the large analysis experience of the several telecommunications means vulnerability.

1.2.1 - Purposes:

Determine for each party involved in the communication of classified matters the necessity to use telecommunications means with, at least, the same security classification level;
Determine for each party involved in the communication of classified matters the necessity to use telecommunications means with, at least, the same security classification level;

CHAPTER 2

2.- Unsafe telecommunications means:
The present instructions should be referred to the following main unsafe telecommunications means:

I. Intercommunicator;
II. Telephone;
III. Radiotelephone - mobile;
IV. Facsimile - fax;
V. Telex;
VI. Teleconference;
VII. Electronic mail.

2.1 - Intercommunicator:

The intercommunicator is a voice communication mean limited to a restricted number of users and confined to a department or building, being its use in decay. Due to its vulnerability, its use should be forbidden for the discussion and communication of classified matters and each apparatus must have the indication of «Unsafe mean».

Notwithstanding, the intercommunicators installed in class 1 or 2 security areas (SEGNAC 1, chapter 5), should have, clearly visible, the indication of such a situation. Hence, it is intended to avoid the unduly outside hearing of the conversations that take place within those areas.

2.2 - Telephone:

2.2.1 - Utilisation scope:

A telephone could have the following accesses:

1. Public switched telephone network;

2. Private telephone network (PABX), with or without access to the public switched telephone network;

3. Point-to-point connection.

a. Access to the public switched telephone network:
Normally named as «network lines», the telephones connected to the public switched telephone network enable, by dialling a telephone number, the access to all subscribers' universe.
b. Access to a private telephone network:
Normally named as «extensions», the telephones connected to private telephone exchanges enable, by dialling an extension number, the connection to any extension belonging to that exchange.
c. Point-to-point connections:
This connection type only enables the direct communication between two parties.

2.2.2 - Telephone equipment types:

The telephones could have various types:

Telephones with special features;
Boss/secretary telephones and key systems telephones.

a. Basic telephone:
a
This telephone has only a dial or a keypad and no devices or features that enable it to do other operations beyond the call setting up and reception.

b. Telephone with special features:

This telephone, beyond the basic functions described in the preceding number, incorporates other special devices or enables other functions, such as:
Loudspeaker - that enables a call without off hooking the handset, allowing the participation of people in the same room in the current telephone conversation.
Memory/programming - that enables the storage of the most used telephone numbers and the programming of other facilities;
Cordless telephone - telephone with a radio wireless connection between its base and handset that enables by this way the call setting up and reception far away from the apparatus base.

c. Boss/secretary telephone and key system telephone:

Through a switch these telephones allow the sharing of one or more network lines between two or more different locations having also, as a facility, the intercommunication possibility amongst all telephones.

2.2.3 - Vulnerabilities:

The telephone connections to the public or private exchanges go through mean successions, either inside or outside the premises, with easy access that can allow the communications interception at any circuit point without the need of sophisticated equipment.
The very telephone line is an undeniable vehicle of permanent energy supply to the several hearing equipment that can be connected in any path part.
There are private telephone exchanges where it is possible to program the facilities that allow the call hearing and cut off without intrusion signal.
The telephone equipment by itself is susceptible to easy changes that can be a permanent hearing vehicle in a certain area and that it is not detectable by the user.

2.2.4 - Conclusions:

Face to the mentioned in the preceding number, the following should be considered:

a. The use of unsafe telephones for the discussion and communication of classified matters should be forbidden. The same is applied to conversations that, although not involving classified matters, in conjunction with others should jeopardise classified information;

b. In exceptional circumstances and when the communication urgency is absolutely essential and or the information cannot be exploited in useful time and there are not available safer means, the user assumes the entire responsibility for the discusssion and communication of classified matters as well as of sensible but not classified matters through telephone means. In these circumstances, the communication of classified matters, by order of priority that should be complied either by the calling and called parties, should use the under mentioned telephone means:

I. Public telephones;
II. Private telephone exchangeextension with access to the public network;
III. Public switched telephone network line;
IV. Point-to-point connection.
Under no circumstance the matters classified as Top secret should be transmitted in clear through the telephone means;

c. The private telephone exchanges must be rigorously programmed and frequently controlled by specialised personnel in order to avoid the utilisation of features that can enable the hearing and cut off of communications;

d. In what concerns the use of cordless telephones, to their vulnerabilities are added the ones mentioned in nr. 2.3.2, for the radiotelephones, and so the recommendations of nr. 2.3.3 should be complied whenever they are used;

e. The telephones equipped with loudspeaker should not be installed in class 1 or 2 security areas (SEGNAC 1, chapter 5). But, if this happens, when they are activated, they should have a well visible indication of such situation. Hence, it is intended to avoid the unduly outside hearing of the conversations that take place within those areas.

f. Each telephone should have the indication «Unsafe mean» to warn the users about the telephone connections vulnerabilities.

2.3 - Radiotelephone - mobile:
2.3.1 - Utilisation scope:

A radiotelephone is a wireless communication mean, integrated in a private radio network, that can be fixed, portable or vehicle mounted enabling or not the access to telephone networks.

2.3.2 - Vulnerabilities:

All radio networks can be easily heard without any possibility to detect this fact. Any ordinary receiver can, inadvertently or on purpose, receive the signals of those networks since are met certain technical conditions, such as: physical proximity, special transmission conditions, etc..
This vulnerability is aggravated when the radio networks share the telecommunications means with other entities that have access to the same channels and, inevitably hear all communications that are taking place.

2.3.3 - Conclusions:

By this way, the following should be considered:

a. It should be forbidden the use of radiotelephones for the processing and communication of classified matters. The same is applied to conversations that, although not discussing classified matters, should in conjunction with others jeopardise classified information;

b. In exceptional circumstances and when the communication urgency is absolutely essential and the information cannot be exploited in useful time and there are not available other safer means, the user assumes the entire responsibility for the discusssion and communication of classified matters as well as of sensible but not classified matters through radiotelephone means.
Under no circumstance the matters classified as Secret and Top secret should be transmitted in clear through the radiotelephone means;

c. Each radiotelephone, if not vehicle mounted, should have the indication «Unsafe mean» to warn the users about radio connections vulnerabilities.

2.4 - Facsimile - fax:
2.4.1 - Utilisation scope:

This is a communication mean that enables the transmission of documents through telephone networks using for the effect a fax machine connected to a telephone line.
Its access capability is the same as for the telephones as described in nr. 2.2.1.

2.4.2 - Vulnerabilities:

Beyond the telephone vulnerabilities described in 2.2.3, are added the ones arising from the possibility of document mystification.
The mystification consists in the corruption and modification of a document that can be made by using another equipment connected to the circuit with fraudulent purposes.

2.4.3 - Conclusions:

By this way, the following should be considered:

a. Similarly to other document circulation and distribution manners, a control system for all incoming and outgoing documents should exist in which is specified, namely, the sender, the addressee, and hour-date group.

b. In the communication of classified matters should be complied the relevant procedures relating to the distribution and transfer of classified documents mentioned in nr. 7.2 of SEGNAC 1;

c. The communication of classified matters is forbidden through the use of telefax.
In exceptional circumstances and when the communication speed is absolutely essential and or the information cannot be exploited in useful time and there are not other available safer means, the classified matters can be transmitted in clear. This procedure should only be adopted, in a case by case basis and after the express authorisation of the involved department head who shall be the entire responsible for that fact.

Under no circumstance the matters classified as Top secret should be transmitted in clear;

d. The telefax use vulnerabilities can be decreased if the sender and the addressee follow the established priorities for the fax machines connection to telephone means as mentioned in nr. 2.2.4, paragraph b);

e. Each equipment should have the indication «Unsafe mean» to warn the users about the telefax use vulnerabilities.

2.5 - Telex
2.5.1 - Utilisation scope:

This is a telecommunications means to transmit text though the national telex network or in a point-to-point connection, using normally a teleprinter for this purpose.

2.5.2 - Vulnerabilities:

As in the same way of the telephone, the teleprinter connection to the national telex network goes through a means succession, either inside or outside the premises, with easy access that can allow the communications interception at any circuit point by means of another equipment that is introduced with fraudulent purposes.

Beyond this and in the same way as in the telefax there are added vulnerabilities arising from the possibility of text mystification that can be corrupted or modified.

2.5.3 - Conclusions:

By this way, the following should be considered:

a. Similarly to other document circulation and distribution manners, a control system for all incoming and outgoing documents should exist in which is specified, namely, the sender, the addressee, and hour-date group.

b. In the communication of classified matters should be complied the relevant procedures relating to the distribution and transfer of classified documents mentioned in nr. 7.2 of SEGNAC 1;

c. The communication of classified matters is forbidden through the use of telex.
In exceptional circumstances and when the communication speed is absolutely essential and or the information cannot be exploited in useful time and there are not other available safer means, the classified matters can be transmitted in clear. This procedure should only be adopted, in a case by case basis and after the express authorisation of the involved department head who shall be the entire responsible for that fact.

Under no circumstance the matters classified as Top secret should be transmitted in clear;

d. Each equipment should have the indication «Unsafe mean» to warn the users about the telefax use vulnerabilities.

2.6 - Teleconference:
2.6.1 - Utilisation scope:

The teleconference or video conference is a voice and images communication mean through high capacity channels of cable links or broadcasting.

This transmission way enables the contact between a restricted number of participants confined to a special audience rooms equipped with microphones, video cameras and TV screens.

By this way all the participants can see and hear each other as well use all support tools to his presentation (tables, diagrams, charts, etc.).

2.6.2 - Vulnerabilities:

Notwithstanding, for the optimisation of transmission purposes, the video conference needs the quantizing and coding of the signals, but when the used mean is the broadcasting (by a satellite circuit or not), its vulnerabilities are much similar to the radiotelephone ones.

When the physical transmission mean is a coaxial cable or optical fibre, the vulnerabilities are lower, but even though, the audience rooms should have a good arrangement and electromagnetic and acoustic security.

2.6.3 - Conclusions:

a. Under no circumstance the matters classified as Secret and Top secret should be transmitted in clear through unsafe teleconference circuits. The same applies to conversations that, although not discussing classified matters, should in conjunction with others jeopardise classified information.

b. In exceptional circumstances and when the communication urgency is absolutely essential and the information cannot be exploited in useful time and there are not available other safer means, the user assumes the entire responsibility for the discusssion and communication of classified matters as well as of sensible but not classified matters through teleconference.

2.7 - Unsafe telecommunications means for class 1 and 2 security areas:
Any telecommunications equipment before its installation in a class 1 security zone (SEGNAC 1, chapter 5), should be rigorously verified. After its installation, it should be submitted to frequent and rigorous inspections, in order to ensure that strangers or non authorised people have no access to the classified information, through this same equipment, in the outside of these areas.

2.8 - Electronic mail
2.8.1 - Utilisation scope:

The electronic mail is an electronic transmission mean to send documentation in a similar way to the postal service.

2.8.2 - Vulnerabilities:

This communication mean presents the following main vulnerabilities:

a. To the data transmission lines, either public or private, can be connected equipment that enables telecommunications interceptions;

b. The points where the messages are temporarily stored - computer systems - before arriving to their destinations can be accessed by non accreditted personnel.
These vulnerability consequences can be breaches of confidentiality or classified matter integrity.

2.8.3 - Conclusions: a) To really protect the classified matters from the mentioned vulnerabilities, the documents must be kept ciphered since its transmission up to its reception;
c. The transmission of classified matters through electronic means should be made only in a ciphered way.
d. The classified documents can only exist in clear in the computer systems while in manipulation; after the conclusion of its production or enquiry, all documents in clear should be ciphered;
e. All remaining procedures relating to document preparation, transfer and enquiry stipulated in SEGNAC 1 should be complied;
f. During data transmission by computer means, the norms stipulated in SEGNAC 4 should be complied.

CHAPTER 3

3. Safe communication means:
3.1 - Communications through safe means:

Communications through electrical and electronic means should be considered safe, whenever:

a. The circuit, although not protected by cipher equipment, is specifically approved by the National Security Authority, up to a certain security classification level;
b. The circuit is protected by cipher equipment that has been specific and previously approved by the National Security Authority as well as its installation, up to a certain security classification level.

3.2 - Approved circuits:
A circuit is considered approved for communications in clear whenever all its path meets the security conditions which shall allow the transmission of classified information up to a certain security classification level.

The National Security Authority undertakes the obligation of its approval during the design phase and its inspection during the installation and utilisation phases.

The security classification levels to be assigned to the approved circuits are the same used for the classified matters according to nr. 3 of SEGNAC 1.

The terminals served by these circuits and made available to the users should have the indication of «Safe mean» for voice communications, text and documents transmission by telefax and for telex communications.

3.3 - Cipher security

3.3.1 - Cipher equipment:

The purpose of cipher equipment is to cipher or code the communications that should not be transmitted in clear, being necessary for this effect the use of ciphering keys.

For the telephone, radiotelephone, telefax and telex are used cipher equipment directly coupled to the transmission lines or equipment - on line.

The telex is also used to transmit already ciphered texts and that on contrary to the preceding system, is named as off-line.

The security classification levels to be assigned to the approved circuits are the same used for the classified matters according to nr. 3 of SEGNAC 1.

The terminals made available to the users that have coupled cipher equipment - on-line - should have the indication of «Safe mean».

3.3.2 - Ciphering keys

The cipher equipment should allow the utilisation of different ciphering keys which should be prepared by a Ministry of National Defence entity and changed in accordance with certain rules defined for each case.

The ciphering keys management rules for the cipher equipment are established by the National Security Authority.

The ciphering keys destruction should follow what is stipulated in nr. 7.4 of SEGNAC 1 or according to any rules to be established by the National Security Authority.

3.3.3 - Equipment location:

The physical safety of the locations where are placed the cipher equipment is established by rules issued by the National Security Authority based in what is stipulated in chapter 5 of SEGNAC 1.

3.3.4 - Ciphered publications:

«Ciphered publications» should be considered all the associated documentation to a cipher system such as: operation instructions, user manuals, installation and maintenance manuals, cipher security instructions and all the remaining printed cipher material, except for «ciphering keys».

3.3.5 - Cipher equipment approval:

Existing presently in the market a large number of cipher systems and equipment whose technical and security features should be analysed in order to guarantee its best utilisation, compatibility and respective security level, it should be mandatory that the:

a. National Security Authority should study and define the cipher networks and equipment to be installed in each State organisms in order to allow its compatibility and maximum performance, taking into consideration the several security levels in which they should operate;
b. National Security Authority should approve, specific and previously, each type of equipment as well as its installation up to a certain security level.

CHAPTER 4

4. Communications center:
4.1 - Purpose:

This is an area where is intended to concentrate all the telecommunications equipment and means for the service of a certain entity or organism, beyond the reception, transmission, registration and distribution of documents and texts, either classified or not.

4.2 - Means:

The communications center, whenever possible, should centralise all department telecommunications infrastructures (see nr. 5) or to whom it serves.

In the telephone equipment domain, the communications center should include the private telephone network exchanges (PABX) and their respective operators, radiotelephone exchanges and also the voice encryption equipment should these be shared by more than one extension.

In the telex and telefax domains, the respective terminals as well as the cipher equipment, if they exist, should be installed also in this same area.

4.3 - Communications center operation:

Whenever the dimension of the center justifies it, in terms of means and telecommunications traffic volume, it should have its own personnel duly accredited qualified with a «cipher security» course or training; the text or documents originators or the civil servants, in whom they delegate, should use the center available means whenever the circumstances justify it.

In the cases where it is not justified the existence of own personnel, the center utilisation should be submitted to the appropriate access rules of the class 1 security area (SEGNAC 1, chapter 5).

Records of all received and sent texts and documents should exist in accordance with the models stipulated by SEGNAC 1. When the texts and documents are classified, the applicable rules relating to classified matters and documents handling should be followed in accordance with nr. 7 of SEGNAC 1.

4.4 - Communications center security:
4.4.1 - Exploitation security:

The security teams and nucleus of the respective organisms (SEGNAC 1, chapter 2) should have the responsibility for the security of the communications center exploitation and they shall guarantee its operation within the communications security framework defined by the present instructions and from those issued by the National Security Authority.

4.4.2 - Physical security

The communications center area should be considered as a class 1 security area ( SEGNAC 1, chapter 5) and the security teams and nucleus of the respective organisms (SEGNAC 1, chapter 2) should have the responsibility for the security of the communications center exploitation and they shall guarantee its operation within the communications security framework defined by the present instructions and from those issued by the National Security Authority.

The National Security Authority should have the competence to define the equipment and ciphered documents layout areas as well of their respective ciphering keys location and security.

CHAPTER 5

5. Telecommunications infrastructures:
5.1 - Telecommunications installations:

The telecommunications infrastructures, whenever possible, should be centralised in the communications center (nr. 4.2).
However, should this be impossible due to its vulnerability, the following security measures should be taken into consideration:

a. The location of the telephone private exchanges and their respective operators should be considered as a class 1 security area (SEGNAC 1, chapter 5);
b. All intermediate frames and distribution boxes should be protected with locks or class B padlocks (SEGNAC 1, nr.5.7) or with inviolability seals.

Any telecommunications infrastructure of the class 1 and 2 security areas (SEGNAC 1, chapter 5) should always be approved by the National Security authority, during the design or tendering phase, and regularly examined after its commissioning.

5.2 - Classification of the telecommunications networks and means documentation:

5.2.1 - All telecommunications networks information that shows the telecommunications global capacity of an organism as well documents of those networks with important details, should be classified, as a minimum, as Secret.

5.2.2 - All telecommunications information and data whose divulgation could jeopardise in a certain manner the organism's interests, should be classified, as a minimum, as Confidential.

CHAPTER 6

6. Telecommunications security behaviour:
6.1 - Generalities:

Still to reinforce the aforementioned guarantee proceedings for telecommunications security, it should be added the use of authentication.

6.2 - Authentication:

Authentication is a security measure with the purpose to protect a telecommunications system against possible mystifications.
There are several authentication systems that could be used according to the circumstances.
National Security Authority shall give technical support in this matter.

6.3 - Breaches of security and compromise:

Whenever it is verified breaches of telecommunications security and or compromise, the procedures stipulated in chapter 9 of SEGNAC 1 should be undertaken.

When dealing with breaches of security or cipher equipment compromises and their respective ciphering keys, the National Security Authority must be immediately informed and it should actuate in accordance with what is specifically established for this material.

6.4 - Destruction of cipher equipment in emergency situations:

In what concerns the destruction of cipher equipment and its respective ciphering keys in emergency situations, it should be followed which is stipulated in nr. 7.4.6 of SEGNAC 1 and or according to any other norms issue for this fact by the National Security Authority.

Presidency of the Cabinet, February 24, 1994. - The Prime Minister, Aníbal António Cavaco Silva.