Monday, September 28, 2009

Communication Systems


In considering any suggestions relative to Communication Systems, it should be understood that any system can be compromised and therefore by definition is not completely secure. Unless you are an Intelligence Officer or member of a Special Forces team using micro-burst technology to transmit coded communications through secure government satellites, you should consider that your communications have already been compromised. The objective of this report is to offer suggestions that you can consider in reducing your risk.

Satellite ground stations, microwave parabolic reflectors, and communications towers and supports should be located on rooftops, with limited access to the public. Where this is not possible, the equipment should be installed with fences and alarms. Closed circuit television (CCTV) with video recording capability should be considered and included where justified.


Systems

Integration

Security systems in new buildings or buildings undergoing renovation should be installed with distributed wiring schemes that use local telecommunication closets as distribution points. This will provide expansion capability, future networking capability, ease of maintenance, and full function implementation of the security system. At a minimum, the communications link and interface between the sensor, output devices, and computers should include conduit, multi-conductor twisted shielded cable and terminal cabinets. However, recent technology such as fiber optic cables should be considered in planning the wiring distribution scheme.

Data distribution and gathering used for security wiring must be secure. Where possible, integrate security wiring with other systems such as telephone, paging, energy management, etc. In every case, the design of the communications link should allow ready installation and interconnection of cameras, sensors, and other input output devices. All life safety equipment and accessories should be Underwriters Laboratory (UL) approved.

Outlying facilities should link security systems to the nearest security control center. Systems should be compatible with existing systems or replace existing systems with the new systems.

Telecommunications

Because they are so easily accessed and intercepted, corporate telecommunications present a highly vulnerable and lucrative target for anyone interested in obtaining trade secrets and competitive information. Increased usage by businesses of these links for bulk computer data transmission and electronic mail including the internet makes telecommunications intercept efforts cost effective for intelligence collectors worldwide. As an example, prior to the internet, approximately half of all overseas telecommunications were facsimile transmissions which, because they are emanations, may be intercepted by foreign intelligence services since many of the foreign telephone companies are foreign owned. In the case of the internet, any number of unknown providers may have access to transmissions which could include anything from an e-mail to attached data files including audio and video. In addition, many American companies have begun using what is called electronic data interchange, a system of transferring corporate bidding, invoice and pricing data electronically overseas. This type of information is invaluable to many foreign intelligence services which support their national businesses.

Many corporations are falsely reassured in assuming that because access to their computers is controlled, specific files can be read only by authorized users. It has been demonstrated, however, that an innovative "hacker" connected to computers containing competitive information, can evade the controls and access that information. For example, in a widely publicized case, referred to as the "Hanover Hacker Case", a foreign intelligence service employed computer hackers to access U.S. restricted data bases, obtaining both software and defense related information. The service was able to do this because, although the computers themselves were secure, the telecommunications network that linked them was vulnerable by virtue of poorly implemented security mechanisms.

A typical economic espionage operation scenario might be as follows:

• A foreign intelligence service rents an office near the targeted U.S. firm or in another location strategically selected to provide easy access to telecommunications facilities or transmissions used by the U.S. firm.

• Sophisticated electronic listening posts are set up in the office and manned around the clock.

• The listening posts eavesdrop on telephone, fax, telex and computer communications.

• All intercepted communications are fed into computers, which sift through the material for valuable data.

• Reports and briefs are prepared and passed to the foreign rival of the U.S. firm.

Economic espionage is serious and will certainly continue to increase as international relations become more and more a matter of economic, rather than military competition.

This threat is exacerbated by the increased use of extremely vulnerable electronic communications. You must assume that all overseas telecommunications are intercepted, recorded, organized into reports and reviewed for economic intelligence by everyone interested in the information. To stay ahead of our foreign competitors, we must "button up" all competitive and proprietary communications.

Most foreign common carriers are government controlled or owned. Trade secrets/data, marketing strategies, and personnel information which are discussed or sent over host country telephone lines are easily obtained by foreign interests.

Electronic Media Path

Electronic data is recovered easiest when a signal is not multiplexed or mixed with other data signals, i.e. data transmitted from a telephone instrument to a telephone switch. Only a minimal investment is required to retrieve data not masked with other voice or data. For this reason, it is better to use standard dial up versus dedicated lines. Data/voice that is routed on major transmission paths (such as microwave, satellite transmission) have less likelihood of being monitored by hackers or low cost monitoring operations, because the cost of sifting through such a volume of information to access one target is often cost prohibitive. However, a well financed intelligence gathering operation may find satellite or microwave transmissions the best intercept opportunity, since they can be monitored at great distances with little or no threat of detection.

Electronic Transmission Threats and Vulnerabilities

A threat is a fact, idea, situation, person, or thing which is perceived to menace, exploit or attack any vulnerability in security safeguards. Anyone involved in international communications should be aware of the following threats and vulnerabilities.

Threats

Many foreign phone systems are either owned or controlled by the host government. This allows the government to easily monitor transmissions of selected U.S. corporations.

Intelligence agencies of third party nations, terrorists, and criminals also monitor electronic transmissions. While monitoring is more difficult for them, than for the host country, the equipment required for such surveillance can be easily obtained by almost anyone.

Business and technical data obtained from U.S. corporations may be, and often is, provided to foreign competitors and potential customers.

Personal information may be used to kidnap executives for financial gain or political purposes.

Electronic equipment, such as facsimile machines, telephones, and desktop computers, may be altered to make electronic monitoring easier. These alterations may be made either to the transmitting/receiving device itself or to the lines leading to and from the devices.

Vulnerabilities

Telecommunications monitoring may be done at a phone company's switching facilities; phone lines may be tapped or bugged; or microwave transmissions may be intercepted anywhere between the two microwave transmitters. In any event, telecommunications monitoring may be virtually undetectable.

Telephones do not necessarily cease transmitting once they are hung up. Conversations taking place near a phone may be transmitted to the foreign state's phone system switching facility and can be monitored anywhere between the phone and that facility.

Employees of U.S. corporations are often not aware of the threat to their transmissions.

Most international U.S. corporate telecommunications are not encrypted. Some countries do not allow encryption of telecommunications traffic within their borders, but it should be considered where feasible for any transmission of competitive information.

Sophisticated computers are often used to scan communications for “key words” and intercept Any communication containing these triggers. Many telecommunications transmissions will contain "key words", used to identify information of interest to a third party. A key word can be the name of a technology, product, project, or anything else which may identify the subject of the transmission.

Encryption should be the first line of defense since it is easier for foreign intelligence services to monitor lines than to place "bugs", however encryption will provide little if any security if a careful examination for audio "bugs" elsewhere in the room is not conducted.

Suggested Counter Measures

The following suggestions may be considered in order to improve the security of your telecommunications transmissions. These suggestions may be augmented by other measures which may be applicable to your specific situation.

• Computer links, facsimile transmissions, E mail, and voice transmissions can all be encrypted. Encrypt electronic transmissions whenever possible.

• Neutralize the vulnerability of telephones. A small, company controlled switch installed within the facility can help ensure that conversations are not continued to be transmitted through handsets which are "hung up", and therefore serve to decrease the threat of covert line access.

• Avoid "key words" or phrases which may be used by intelligence agencies and others to search recorded conversations for subjects of interest. Examples would be project names, product names, the names of persons of interest (e.g. heads of state, CEO's, etc.) and classification labels such as "sensitive" and "company confidential".

• Positively identify all parties participating in phone conversations or receiving the facsimile transmissions. Whenever possible, utilize your corporate transmission facilities instead of those of the host government.

• Corporate offices should be located in facilities totally controlled by the corporation.

• Always keep at least one phone and facsimile machine secured in a container equipped with a combination lock, and restrict access to the combination. This will help maintain the integrity of that equipment.

• Check connecting lines to telecommunication devices (telephones, computers, fax machines, etc.) monthly to ensure that the line has not been replaced or modified by unauthorized personnel.

• Placing stickers on phones warning of hostile monitoring will be helpful to maintain awareness.

Hacking into computers is now a standard tool for those involved in espionage and computer crime. Once an intruder has gained entry, he/she may be able to view, change, or destroy valuable company data and information. Electronic terrorism, placing a corporation's information assets at risk, is a reality.

Effects of Telecommunications on Computer Security

Telecommunications technology provides for electronic "highways" which now enable a person to directly access a computer system on another continent. Many U.S. corporations are dependent for their very survival on data being stored and processed on these computers. It is therefore mandatory that access control security.

The following suggestions should be considered in reducing the risk:

• Apply access control software and procedures to the corporation's networks; keep the intruder off the "highway". Also ensure that the corporation's computer systems are protected.

• Mandate that all users change passwords at least once every 60 days, allow no more than three consecutive invalid passwords before suspending a user ID, and insure that all passwords are at least six characters in length and contain a number and letter. Also, encourage employees to use passwords which do not relate to their lives (names of family, pets, sports teams, etc.). Hackers often gain entry by simply guessing passwords. These precautions will make their job harder.

• Control the phone numbers to the corporation's networks and computer systems as competitive information. Minimize their distribution and notify corporate employees that the numbers should be guarded.

• Test corporate networks for the existence of unauthorized modems which could provide access to eavesdroppers.

• Encrypt computer to computer sensitive transmissions, to include electronic mail.

• Require all personnel to agree in writing before they are granted access to corporate networks and computer systems that they will keep competitive information confidential and will abide by the corporation's information protection standards.

Video Conferencing

The threat to video conferencing is essentially the same as that to other types of telecommunications, in that adversaries can purchase or replicate specific equipment used by an American company and then either tap into the line or use other means to monitor both audio and video.

Although encryption is available for some video conferencing installations, many countries do not allow any type of encryption and others allow only that type which they can break.

Although video conferencing can be monitored, such monitoring requires a greater effort, however the capability is well within the means of a foreign intelligence agency.

Couriers

Because of the extreme vulnerabilities to telecommunications and the restrictions placed upon the use of data encryption in many foreign countries, it may be best to hand carry information to, from and within overseas areas. The same precautions should be taken for hand carried packages as was described earlier for hand carried personal computers. That is, the package should never be out of the courier's direct control. It should stay with the courier at all times and never be checked in one of the temporary storage lockers often found at airports and in train stations, even for a short time.

Foreign Customs Threats

Espionage, including Industrial Espionage and Identity Theft are serious threats associated with taking a computer into a foreign country. In addition to the obvious threat of having the computer stolen, a more difficult threat to identify is when someone takes information from your computer and uses it without you even knowing it is missing. One way this can happen is when you enter a foreign country and the customs and immigration officials want to examine your computer for “contraband”. A warning flag should go up if this is to be done out of your presence. Regardless of how safe you think your security is, it only takes a few minutes or even seconds for a professional to copy all of the data from your computer and return it to you. In general, none of your property should leave your site during any type of inspection. If this is attempted, you should request to speak with a supervisor or “other” official. If nothing else, you will raise a flag that you suspect what is going on and the possibility that it could be reported. Some countries I have been in may threaten arrest at your concerns so you have to be diplomatic but firm.

Computer Technology

Computers can pose enormous security problems. While they contain great volumes of information, they also concentrate it, and if not protected, they can make the task of the information thief much easier.

The emergence of low cost technologies, such as small computer systems including the Palm type computers with modems and cameras, can contain a huge amount of data and be carried in a coat pocket. These devices allow everyone to be more productive but this new level of technology comes with an increase in security risk. The radical increase in offices driven by the personal computer has taken computer security out of the hands of a small circle of experts who once focused on securing self contained computer rooms.

Computers were once stationary objects, secured by placing them behind locked doors. Today, many computers are carried in a briefcase or coat pocket and include a full range of wireless communication features including Global Positioning Systems.

It is now recognized that the information stored in and processed by a computer is often more valuable than the equipment itself. Assuring the confidentiality, integrity and availability of that information has become a common concern for an ever widening group of managers, information systems professionals and end users.

Travel with Computers

Business travelers who carry and use personal or laptop computers are at risk—particularly if they are unaware of common sense security measures which should be adopted to protect computers and their contents from theft and unauthorized data access.

Computer Theft

It is obvious to a knowledgeable observer by the distinctive shape of the carrying case and the special care taken by the owner, when a person is carrying a computer. Because of this, the personal computer is a clear target for its intrinsic value. A ready market for stolen equipment and the computer's compact size make the theft a very lucrative, low risk venture for the criminal.

A personal computer should never be checked with other luggage, but should always be part of your carry on baggage that will stay with you at all times. Likewise it should never be checked in a temporary airport or train station storage locker, even for a short time.

Greater risk is associated with the information stored on the hard disk of the personal computer. There has always been a degree of risk associated with carrying competitive information in a briefcase, although the bulk and weight of documents limit the number. However, it is possible to store thousands of notes, memos, and full documents on a personal computer hard disk drive. Therefore, the loss or theft of a PC poses a significantly greater risk of valuable information loss than ever experienced in the past.

Unauthorized Access

Unauthorized access occurs when someone accidentally or deliberately reads, modifies, or deletes computer files without your specific permission. Because personal computers do not typically impose data access controls, it is your responsibility to protect your data. While using your computer, protect the information from casual, "over the shoulder" viewing by others. Log on and data encryption software can provide additional protection. Obviously, as the size and clarity of portable computer screens continue to increase, so too does the vulnerability to unauthorized observation by people in airport waiting rooms, cafeterias or snack bars, as well as in your plane seat. Positioning oneself so that it is impossible for others to observe the screen can be achieved in a restaurant or snack bar, but is very difficult if not impossible in one's plane seat. One possible strategy is to work on more mundane, non¬-confidential, non sensitive work on the plane, and make the presumption that the screen will indeed be observed. Sometimes the aircraft crew will prohibit use of a portable on the aircraft.

Portable Computers & Foreign Customs

It is not necessary to steal your computer to steal the information. It is possible that while traveling in a foreign country, your computer could temporarily be out of your sight for what might appear to be an innocent “security” or “customs” inspection. In these instances, information could be stolen by a variety of methods, leaving your computer intact and you unaware that valuable information about you and or your company has been compromised. The international traveler must bear in mind that a portable computer and information it contains is a valuable asset and even in the United States, some “security” personnel are not U.S. citizens and may have criminal backgrounds. The national requirements for bringing in such a device vary from country to country, e.g., some countries absolutely forbid bringing in a personal computer except one manufactured in that particular country. Therefore, before even starting on the trip, it is important to check with your legal and security offices concerning customs requirements and necessary documentation. Otherwise, long delays, risk of confiscation, and possible frustrating experiences in attempting to communicate in another language may await the traveler at the airport.

Working With Computers From Hotels

Persons traveling in the U.S. expect high quality telephone service. It would not be appropriate to assume that the same will be the case when traveling overseas. In many countries, the telephone service is owned and operated by the national post, telephone and telegraph company. The quality of service, as well as the technical standards and conventions used, will vary dramatically from country to country. For example, in many countries, it is impossible to simply pull the removable jack from the telephone handset in the room, and plug it into the modem in the PC. Types of jacks and connections differ from country to country, and sometimes within the same country.

Your company may be targeted by a foreign intelligence service which is able to monitor your communications. In most foreign countries only a few central "switching points" serve to control all international telephone calls whether voice, fax or data stream. Intelligence agencies can tap into these sources without indicating to you that such activity is underway.

Special Risks When Using Cellular PCs

The cellular portable computer is technology having unique security considerations which one might easily overlook. The system is essentially a personal computer with an integrated modem, which is a device used to change signals understood by telephone technology into signals understood by computers, and vice versa.

There is also a built in cellular telephone which allows a person with a single action to place a call to a computer system, connect the personal computer to it, and interact with a host computer. Sometimes overlooked with this technology is the fact that cellular telephone communications transmit signals and are, therefore, vulnerable to unauthorized interception, recording, and subsequent analysis. The necessary monitoring equipment is readily available to foreign intelligence services and to the more sophisticated business espionage agent. Therefore, one should consider carefully whether such interception is acceptable.

Virus Contamination And Detection

Special care must always be taken when receiving a computer file or even an e-mail from a trusted source. Even a trusted source could unknowingly forward an infected file to you. Many viruses are intended to destroy files on a person's hard and/or floppy disks, which could have a catastrophic effect on the user of the PC. Some are designed to covertly enter your computer, search for key files and transmit them back without your knowledge. Since much has already been said about computer viruses, it is not necessary to review theory again here. Suffice it to say that whenever someone copies a program from a bulletin board, or receives a floppy disk from someone else, that program or floppy disk should be scanned to identify any known viruses present within the programs in question. Many such virus scanning programs are available at reasonable cost, and their use is highly recommended. In addition, there are some very effective “firewall” programs that should be utilized when available. Most vendors of virus scanning programs are constantly updating their virus libraries and make the new updates available for “automatic” download.

The Computer Systems Manager

There are many security considerations which anyone providing computing services to multiple users must provide, regardless of where the computing facility is located. They include physical access control, magnetic media control, the effective operation of access control sub systems, restricted utility program control, testing for system vulnerabilities, classification of competitive information in the system, printer controls, special controls of the enterprise's most important information, access from terminals not under the enterprise's control, use of supplemental, contractor or vendor personnel within the facility, and finally disaster backup and recovery.

Physical Access To Computing Facility

Because one cannot assume that employment practices are the same from country to country, it is not always possible to dictate what employees can do or where they can go. For example, in certain countries it is not permitted to log the fact that a specific person accessed a specific data set at a certain time on a certain date, because such a log could be misused to inappropriately monitor his/her work habits, speed, productivity, etc. Likewise, in some countries, there are resident fire marshals in the facility who do not work for the enterprise, but are authorized access to each and every part of the physical facility. Factors such as these must be understood and carefully planned for in the security plan.

Telecommunications Lines

U.S. telecommunications carriers are private corporations, subject to stringent government controls in the public interest. Often, in other countries, the public carrier is a governmental agency responsible for post, telephone and telegraph. In some, the distinctions between the interests of private industry and the national economy as a whole are blurred. In those, the telephone agency could monitor the telephone lines and provide the information gathered to its own private industry to the detriment of an American company. Because this possibility could be compounded by the activities of a foreign intelligence service, it would be prudent to carefully evaluate practices for the transmission of important competitive information.

Magnetic Media Control

For some of the same reasons pertaining to telecommunications, the manager must be sensitive to mailing or physically carrying magnetic media from one country to another. While the metal detection devices used at most airports no longer damage the information on magnetic media, other dangers, such as an interaction with the local customs authorities, could be far more damaging to a business. In either mailing or carrying, accountability is lost once the material is turned over to local customs personnel to be "cleared". Often, the time involved as well as the other details of what "cleared" means are not always spelled out to private industry.

Use of Encryption

One method of protecting the secrecy of competitive business information is through the use of encryption technology. Simply stated, encryption is the process whereby information which is normally readable is rendered incomprehensible by either physical devices or programs so that it can be transmitted over public telephone lines with no fear of it being compromised. Once received, the encrypted information is decrypted back to understandable language. Certain data encryption algorithms used to encrypt and decrypt data may not be exported from the United States without special licensing. Likewise, some countries do not permit the importation of such programs without special licensing agreements. Even if the most sophisticated data encryption program can’t be used, it would be good to consider using some method of data encryption to preserve the integrity of your data.

Distributed Printer Control

Generally, physical access to printers used within a computing center is well controlled. However, small, powerful, distributed printing facilities, which can be readily hooked up with printed output routed directly to such devices by any employee, are coming increasingly into use. It is strongly recommended that attention be given to ensuring that printed output may be picked up only by the information owner or his/her representatives. This can be accomplished by placing the printers in a room having a key, cipher lock, or other controlled access system.

International Travel & Computers

The following questions should be considered:

• Does the local power supply match your system's requirements? Are electrical power transformers, filters, surge protectors or uninterrupted power supply (UPS) units available to protect your equipment?

• Does the government impose restrictions on the import of computer hardware and software into the country?

Environment

• Will the computer be used in a low humidity area where damage from static electricity may be sustained? Are carpets treated? Are humidifiers available?

• Will the computer be used in a hot, dusty climate? Are office temperature controls sufficient? Are dust covers available?

Physical Security

• Is the work area kept clear of soft drinks, coffee and other liquids which, when accidentally spilled, may damage equipment?

• Are diskettes physically labeled and handled as directed by the manufacturer?

• Are sensitive diskettes sufficiently write protected to avoid accidental or malicious damage or destruction?

• Are backup copies stored off site?

• Is the computer sufficiently protected from acts of sabotage, tampering and theft?

• Are modems (particularly those with an automatic answer feature) disconnected or powered off when not in use?

• Are film printer ribbons, sensitive printouts and diskettes burned, shredded or degaussed as appropriate to prevent inadvertent information disclosure?

System Security

• Are spare, user serviceable parts available in the event of failure?

• Are backup copies of software and data produced periodically?

• Has a backup system (contingency) been identified to continue critical operations in the event of a failure/disaster? Has it been tested?

• Are system hardware and/or software controls present to authenticate individual system users? Are passwords changed frequently and are they easily guessed?

• Is a security erase or file scrub program present on the system that will over write sensitive data on the hard disk when a file is deleted? Is it used?

• Are sufficient controls in place to prevent violation of manufacturer's copyright and license agreements?

Virus Protection

• Are software and data diskettes received from reliable, trustworthy sources?

• Is software received from outside sources scanned for computer viruses with current virus detection software?
Posted by at

Professional Comments & Reviews

"I appreciate your thoughtfulness, and it will be an honor to add your book to my personal library. I have had the opportunity to peruse it, and I look forward to reading it at length in the very near future. Semper Fidelis"

James L. Jones
General, U.S. Marine Corps
Commandant of the Marine Corps
National Security Advisor


"Thank you for sending me a copy of the security manual The Corporate Executive Survival Guide - International Operations. Your thoughtfulness during this great transition in democracy is inspiring."

John Ashcroft
United States Attorney General


"One of my users has purchased a copy of your Terrorist Groups - Profiles and Tactics resource. He has requested that the library make this available on our agency intranet, which is accessible to all NSA / CSS personnel".

Sallie Becker, Agency Librarian
National Security Agency


"In my past work as an Intelligence Analyst, and journalist, I have found your products to be helpful and exciting."

Krysta Davies
Intelligence Analyst


"It is my sincere wish that you enjoyed viewing the amphibious assault and all other related activities. Enclosed is a video memento of your participation in Amphibious Orientation Training 1996."

J. E. Ward
Brigadier General
U.S. Marine Corps Reserve


"This etching of the Iwo Jima flag raising is presented with our sincere appreciation for your outstanding support. Your loyalty and dedication is living testimony that "Once a Marine, always a Marine, Semper Fidelis"

Major M.D. Becker, Commanding
United States Marine Corps


Mr. Doyle: "I have forwarded your martial arts training videos to our Marine Security Guard School in Quantico." "I want to thank you for being our guest speaker and the troops have been informed that you are a "Marines Marine".

Gilberto Tores, Master Sergeant
United States Marine Corps


"On more than one occasion, Mr. Doyle provided invaluable assistance to me in overcoming delays that would have seriously impaired my ability to respond to in-kingdom problems."

Mr. P. J. Hillestad, Contracting Officer, U.S. Air Force
Peace Shield Program, Saudi Arabia


"The class truly enjoyed meeting you and learning from your thorough presentation. A week later, everybody asked me for a copy of the outline of your book that you left behind. I sincerely thank you for coming to speak to my class."

Zlatica I. Kralijevic, Professor - International Business
University of Houston - Graduate School


"Subsequent to last year's traumatic events on September 11th, your book will indisputably serve as a resource guide to our entire staff of security professionals. Thank you for keeping our city in your thoughts; I will share your book with my staff"

Lee P. Brown
Mayor, City of Houston


"I have thoroughly enjoyed reading the materials you sent me; and expect to refer to them for some time to come."

Dr. Ian Q. R. Thomas, author of "The Promise of Alliance - NATO and the Political Imagination"


"Your remarks are most encouraging and we are grateful to you for recognizing our efforts as you did. Please convey our thanks to your family as well. It is a pleasure to enclose one of my photographs which I have autographed for you."

Clarence M. Kelley, Director
Federal Bureau of Investigation


"In honor of The Director, Federal Bureau of Investigation The Honorable Louis J. Freeh, The Assistant Commandant of the Marine Corps and Mrs. Neal request the pleasure of your company at an Evening Parade on Friday, the twenty-fifth of July, Marine Barracks, Washington, D.C."

General Richard I. Neal, USMC
Assistant Commandant of the Marine Corps


"Mr. Doyle has worked on the Peace Shield Program with the Kingdom of Saudi Arabia for many years. Mr. Doyle is known for his professionalism and integrity."

Fawaz A. Kayal, Consul General
Royal Kingdom of Saudi Arabia


"We are satisfied with the success of your meeting with His Royal Highness, the Prince." "We truely believe that Mr. James Doyle, President of INTERCORP, has done a wonderful job for all of us in bringing our mutual interest together".

Sheikh Abdul Karim Al Sadoun
Al Eirad Trading & Contracting Co.


Following is the text from an official Saudi Embassy Christmas Card: "Best Wishes for a happy Christmas and a prosperous New Year." "So peace is on me the day I was born, the day that I die and the day that I shall be brought forth alive again. Such was Jesus son of Mary...","Surat Maryam, Holy Quran"

Mohamed R.Abu Al-Hamayel
Head of Consular Section
Royal Embassy Of Saudi Arabia
Washington, D.C.


"Mr. Doyle has a clear understanding of international business operations and related security considerations in Latin America."

Sergio A. Lopez, Director
America Hispania Magazine


"Thank you very much for your comments in the article regarding the kidnapping of Mr. Konno of Sanyo Video Components (USA) Corp which was carried in The Nikkei Weekly's Aug. 19 edition." We are sending you a copy of the article containing your comments.

Joshua Ogawa, Staff Writer
The Nikkei Weekly, Tokyo, Japan


Dear Mr. Doyle: " I would like to thank you for your contributions to and participation in the F.B. I., A.N.S.I.R. program."

Ed Shaw, Special Agent
F.B.I., Houston Division


"Dear Mr. Doyle: On behalf of the Diplomatic Security Service, U.S. Department of State, I would like to welcome you to the Overseas Security Advisory Council."

Tim Haley
Special Agent in Charge
Diplomatic Security Service
U.S. Department Of State