December 24, 2013

The British classification marking STRAP

(Updated: November 26, 2014)

Most of the documents leaked by Edward Snowden are from the American signals intelligence agency NSA, but there are also quite a number from their British counterpart GCHQ. Documents from both countries are classified as TOP SECRET and often have additional markings to further restrict their dissemination.

Where on American documents we see markings like COMINT (Communications Intelligence) and NOFORN (No Foreign Nationals), the British have the mysterious term STRAP followed by a number.

Information about American classification and dissemination markings can rather easily be found on the internet (see also The US classification system on this weblog), but there are hardly any details about the British classification system.

But luckily, there's one source available which describes STRAP and other British classification practices in detail: the extensive Defence Manual of Security from 2001. Chapter 17 (page 1131-1135) of Volume 1 gives an overview of the STRAP Security Guidelines.



Compartmentalization

In the manual, STRAP is described as a set of nationally agreed principles and procedures to enhance the "need-to-know" protection of sensitive intelligence (and related operational information) produced by the British intelligence agencies, including military sources.

It adds additional procedures to the standard security measures employed for intelligence matters. STRAP is therefore comparable with the American system of protecting the most sensitive information by control systems with separate compartments, which are generally designated by codewords.

Although on some websites it's suggested that STRAP might stand for "STRategic Action Plan", the Defence Manual clearly states that STRAP is a codeword, not an acronym. The STRAP codeword itself is not classified.

Some intelligence information, handled within the STRAP System, require more stringent protection than others. To assure this, there are three levels of STRAP protection. These levels are designated, in ascending order of sensitivity and, hence, access control: STRAP 1, STRAP 2 and STRAP 3.



Examples of STRAP documents

An example of a document from the least sensitive category, marked STRAP 1, is a slide from a powerpoint presentation about the BULLRUN program aimed at breaking encryption methods used on the internet:




Information that is somewhat more sensitive is marked STRAP 2, like this presentation slide about operation SOCIALIST, which infiltrated the network of the Belgian telecommunications provider Belgacom:




From the category of most sensitive documents, marked STRAP 3, there are no actual examples available. STRAP 3 for example protects the precise locations where these interceptions takes place. The real names of the telecommunication companies that cooperate with GCHQ are classified one level below this, at STRAP 2.

As several of these real names have been published, Snowden must somehow got access even to STRAP 3 documents. Probably because they are so sensitive, Greenwald and the papers may have decided not to publish them, but only use some of the information they contain.



STRAP protection measures

The STRAP system is designed to protect information against threats that are specific for sensitive intelligence. A principal threat is when a target becomes aware of an intelligence attack against him, so he can initiate countermeasures. Therefore, the STRAP system aims to minimise the risk of leakage of sensitive intelligence operations and products into the public domain - whether by accidental exposure or deliberate intent. This is done through the following measures:

- Restricting access to sensitive intelligence material on a strict "need-to-know" basis;
- Agreeing the appropriate facilities for its protection in transit ("STRAP Channels") use, storage and disposal;
- Providing explicit briefings and guidance for individuals who handle this type of material.

Information that requires protection under the STRAP system has to be clearly defined and labelled with the appropriate STRAP level marking. It has to be carried by authorized couriers during transit, and signed receipts have to be obtained at all stages of handover.

Within the British Ministry of Defence, the implementation of the approved STRAP security measures is overseen by individually appointed STRAP Security Officers (STRAPSOs). The overall responsibility for the review and formulation of STRAP policy and guidelines is with the STRAP Management Board.



8 comments:

Anonymous said...

So strap1 and strap2 are ok to share across FVEY? As FVEY stuff comes in from NSA, does GCHQ classify some of it internally as Strap? Did not some employee leave strap2 docs on the train recently, turned to bbc?

Anonymous said...

http://www.bbc.co.uk/blogs/theeditors/2008/06/topsecret_files.html

Bbc strap1 docs from 2008 - odd thing was only strap1 despite AQ intel - how do we actually know that strap3 is highest, not lowest?

P/K said...

At the moment, it's not clear what the rules are for sharing STRAP information among partner agencies. However, it's interesting that on some documents we see TOP SECRET STRAP combined with the American marking COMINT or with "[country code] Eyes Only". In those cases it's quite clear that the information can be shared with partners. But if that means that STRAP documents without any further markings are restricted to UK nationals, it's strange indeed that Snowden had access to them.

The fact that STRAP 1 is the lowest and STRAP 3 the highest level, is said in the Defence Security Manual from 2001.

amanfromMars said...

Goedenavond, P/K, en gelukkig nieuwjaar,

[blockquote]The STRAP system is designed to protect information against threats that are specific for sensitive intelligence. A principal threat is when a target becomes aware of an intelligence attack against him, so he can initiate countermeasures. Therefore, the STRAP system aims to minimise the risk of leakage of sensitive intelligence operations and products into the public domain - whether by accidental exposure or deliberate intent. This is done through the following measures:

- Restricting access to sensitive intelligence material on a strict "need-to-know" basis;
- Agreeing the appropriate facilities for its protection in transit ("STRAP Channels") use, storage and disposal;
- Providing explicit briefings and guidance for individuals who handle this type of material.
[/blockquote]

There is a enigmatic problem, which in some cases can be easily immediately resolved and solved by the ignorant transfer of fantastic paper wealth to the prime subject and object of interest …. and a seriously heavy lottery win is a great cover story for such an unexpected windfall and radical change of circumstance …. and that is whenever the sensitive intelligence being shared is not the intellectual property or coveted secret of any existing authority and/or intelligence service and/or associate body.

And there is no good reason at all to not suppose that such largesse would result in a novel working, mutually beneficial arrangement between the subject/object of interest and the parties who would have concerns which they be unwilling or unable to resolve themselves.

It be in the fields being discussed here akin to the smart poacher turned great gamekeeper play.:-) …. and oh so simple to try.

After all, it is only worthless fiat being exchanged for sublime treasure, is it not, and that makes virtually everything a real basement bargain.

Data Leakage said...

Great post! Been reading a lot about data leak situations like this. Thanks for the info here!

o.thrax said...

http://o-thrax.blogspot.gr/2014/12/top-secret-srap.html

Anonymous said...

Bit late to the game but here are some answers for you (source: Working for the MOD): The fact that a document is 'STRAPped' doesn't automatically mean it cannot be shared with other nations. Just as you can have a document marked SECRET UK/US EYES ONLY, you can have a TOP SECRET STRAP2 UK/US EYES ONLY. Yes, you're more likely to come across UK EYES ONLY when you have a STRAP document, but it's not exclusively like that. And to confirm, STRAP3 is the most sensitive... It's actually split into STRAP3a and STRAP3b too...

Anonymous said...

There is an example of STRAP3 out there. A project FULSOME GCHQ memo has TS STRAP3 markings. https://noagendasocial.com/@RexRedbone/110411697636513278

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties