Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operational Security Awareness

Published byAmos Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "Operational Security Awareness"— Presentation transcript:

1 Operational Security Awareness
OPSEC OFFICERS SSG Wilson SGT Fox There are two title slides. Hide the one you don’t want to use. In the lower left corner, select the icon that looks like four small boxes. Click on the title slide you don’t want to use, and in the Slide Show menu select “Hide Slide”. Go back to the notes view or the presentation view. Operational Security Awareness ARMY Regulation 530-1

2 OPSEC Process Identify Critical Information Apply Countermeasures
Analyze the Threat Identify Critical Information: What, if disclosed to an adversary, could cause damage to your mission/operation/project, etc. This can be brainstormed in a ‘roundtable’ discussion with those from each section of your organization. Assess the Threat: Know who you are vulnerable to, who the threat is. If you don’t know, develop a relationship with those who do, and stay current. Know what, who, and from where, the threat is, as best you can. Analyze Vulnerabilities: Related to the threat, know your vulnerabilities. This is not only your physical vulnerabilities, but networks, to include data and voice (phones and ), radio communications, logistics, personnel, policy, operations, intelligence, etc. Where are the vulnerabilities that could be exploited by the ‘threat’. Assess the Risk: If you have assessed the threat, know your vulnerabilities. If the risk to that is low, then maybe it’s an acceptable risk. If it’s a medium or high risk, then maybe it’s an unacceptable risk. Develop Countermeasures: Having assessed the Risk, developing a countermeasure that would be appropriate. Realizing a countermeasure is anything that lowers the risk to an acceptable level. Assess Risk Analyze Vulnerabilities 4/26/2017 UNCLASSIFIED

3 Critical Information Information the Adversary needs to prevent our success. Is it: Technical specifications on a project, some equipment, a process. The way you ship or receive supplies, or specimens for analysis. How you develop travel arrangements, itineraries, where and why your traveling. How security is provided. Budget information. And the list goes on. The people who own the process, who work the process can best identify what the Critical Information is. Information WE must protect to ensure success. 4/26/2017 UNCLASSIFIED

4 Critical Information Our adversaries may want to harm personnel and/or damage property and resources Critical Information could relate to: Employees’ Safety (911) Fleet of ships and aircraft (USS Cole) Facilities Design (Oklahoma City) Security Vulnerabilities (Anthrax Mailings) Satellite Data (Weather, Environmental) Law Enforcement Activities Management Decisions (All levels) 4/26/2017 UNCLASSIFIED

5 Indicators Information may be collected by monitoring telephone and public conversations, analyzing telephone directories, financial or purchasing documents, position or "job" announcements, travel documents, blueprints or drawings, distribution lists, shipping and receiving documents, even personal information or items found in the TRASH. SHRED any paperwork that is associated with our CIL!! 4/26/2017 UNCLASSIFIED

6 Threats Enemies Competitors Employees -Disgruntled Terrorists
Dishonest Terrorists Criminals Media Hackers Ask yourself, how could any one on this list be called an ‘adversary’? Do they have, intentional or unintentional, the capability to collect information on you/your organization, that you wouldn’t want them to know? Ask the audience what kinds of information some of these adversaries might want from them. 4/26/2017 UNCLASSIFIED

7 Elements of Threat Adversary Intent Capabilities
History, politics, doctrine Capabilities Collection Response 4/26/2017 UNCLASSIFIED

8 Collection Methods Open Source Collection (OSINT)
Human Intelligence (HUMINT) Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Trash Intelligence (TRASHINT) 4/26/2017 UNCLASSIFIED

9 Open Source Collection (OSINT)
Our publications Our Web sites and Blogs Statements to the press Newspapers Other publicly available information This is the preferred method of collection, greater than 80% of what the adversary needs is collected by this method. 4/26/2017 UNCLASSIFIED

10 Human Intelligence (HUMINT)
Asking questions Questions through Visiting our facility Social Engineering (posing as one of us) Other methods involving humans collecting information 4/26/2017 UNCLASSIFIED

11 Imagery Intelligence (IMINT)
Taking Pictures Cell phones with cameras Cameras with zoom lens Movie cameras / Camcorders Satellite Imagery Available on the Internet 4/26/2017 UNCLASSIFIED

12 TRASH INTELLIGENCE (TRASHINT)
Shred all paper that could be used by an adversary Shred all paperwork that is associated with the CIL Adversarys will go through your trash!!! 4/26/2017 UNCLASSIFIED

13 Vulnerability Ways we let the bad guys get our Critical Information
Web pages Unprotected communications Sharing too much with strangers Off duty social time Vulnerabilities are the ways we inadvertently give our adversaries access to the information we should be protecting. We post too much on web pages. We use unprotected communications, such as cell phones and radios. We send s with detailed attachments, such as maps or drawings or pictures. We innocently share too much information with people who don’t need to know. How often have you answered the phone, and given more information than the caller needed? “No, I’m sorry Joe isn’t here. He’s on a job in Bermuda for the next two weeks, and since the kids were out of school, he took his family for a vacation. Can I take a message?” 4/26/2017 UNCLASSIFIED

14 Risk and Countermeasures
Risk: What will it cost us? Countermeasures Protected communications Web page policies Awareness Once the threat and vulnerabilities are understood, we can estimate the risk. Ultimately, it is up to the (commander, boss, senior managers) to decide what level of risk is acceptable. For those vulnerabilities that represent unacceptable risks, we need to develop countermeasures. Countermeasures are anything that works. We can use protected communications, and implement policies that control what information can be posted on the web. Ultimately, the best countermeasure is an informed work force. We believe that you will all make sound judgments about how to protect information once you understand what information requires protection, and what the threats are. 4/26/2017 UNCLASSIFIED

15 Two Perspectives when Dealing with RISK
Adversary’s Ours When deciding on how to mitigate your RISK you MUST always look at the situation through the eyes of the ADVERSARY!! 4/26/2017 UNCLASSIFIED

16 Countermeasures Defined
Anything which effectively negates or reduces an adversary’s ability to exploit our vulnerabilities 4/26/2017 UNCLASSIFIED

17 Countermeasures Consider the threat when you: Practice good security
Use the phone Answer stranger’s questions Discuss work in public places Practice good security Shred all paper These are common countermeasures. You may need more than one slide. You may delete some of these and add some others. 4/26/2017 UNCLASSIFIED

18 Web Log Vulnerabilities
Photos (with captions!) Installation maps with highlights of designated points of interest (sleep/work, CDR, dining facility, etc) Security Operating Procedures Tactics, Techniques and Procedures Battle Damage Assessments (BDA) Capabilities and Intent Unit morale Undermining senior leadership 4/26/2017 UNCLASSIFIED

19 IED BDA Examples Thanks to the 10 panes of ballistic glass in each window, no one was hurt in this blast. This is a result of a medium sized-IED. HMMWV Driver of Alpha 41 (the luckiest STRYKER Driver in Mosul 4/26/2017 UNCLASSIFIED

20 Web Log Targeting COULD YOUR FAMILY BE A TARGET?
(JOURNAL OF A MILITARY HOUSEWIFE) INFORMATION WAS OBTAINED FROM A FAMILY WEBSITE: 1. HUSBAND’S NAME, HOMETOWN, UNIT, AND DATES OF DEPLOYMENT. 2. PICTURE OF SPOUSE 3. EXPECTING THEIR FIRST CHILD ON DECEMBER 8, 2005. 4. BABY SHOWER SCHEDULED FOR OCTOBER 22, 2005 5. DATE SPOUSE FAILED HER DRIVER’S TEST A GOOGLE SEARCH ON INFORMATION OBTAINED FROM WEBSITE REVEALED: 1. SPOUSE’S A.K.A. (Screen Name) 2. COUPLE’S HOME ADDRESS 3. SPOUSE’S DATE OF BIRTH 4. HUSBAND’S YEAR OF BIRTH 5. DATE SPOUSE OBTAINED HER DRIVER’S LICENSE. COULD YOUR FAMILY BE A TARGET? 4/26/2017 UNCLASSIFIED

21 Personal Web Page Vulnerabilities
Personal web pages can expose something the unit would like to protect A picture is worth a thousand words We enlisted – our families didn’t Individuals expose information because: They’re proud of their work They’re marketing the unit or they want public support They’re upset or frustrated 4/26/2017 UNCLASSIFIED

22 What YOU Can Do Ensure information posted has no significant value to the adversary Consider the audience when you’re posting to a blog, personal web page or Always assume the adversary is reading your material Believe the bad guys when they threaten you Work with your OPSEC Officer – follow policies and procedures! 4/26/2017 UNCLASSIFIED

23 Sometimes we can be our own worst enemies
The Challenge Think like the bad guy before you post your photographs and information in a blog, a personal web page, or in your !! Sometimes we can be our own worst enemies 4/26/2017 UNCLASSIFIED

24 The Adversary is watching! Are you?
Always Think OPSEC ! 4/26/2017 UNCLASSIFIED

25 QUESTIONS 4/26/2017 UNCLASSIFIED

Download ppt "Operational Security Awareness"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Fleet & Family Support Ombudsman Program & Operations Security

Fleet & Family Support Ombudsman Program & Operations Security
Open Source Intelligence (OSINT)

Open Source Intelligence (OSINT)
Naval OPSEC Support Team Navy Information Operations Command, Norfolk 757-417-7100 #Don’tDoThat: Social Media Trends.

Naval OPSEC Support Team Navy Information Operations Command, Norfolk #Don’tDoThat: Social Media Trends.
THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.

THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.
Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!

Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!
Understanding & Managing Risk

Understanding & Managing Risk
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
Open Source Intelligence (OSINT) OSINT and TRASHINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.

Open Source Intelligence (OSINT) OSINT and TRASHINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.
NEW YORK NATIONAL GUARD FAMILY PROGRAMS Offered & presented by CW2 Walker Family Programs OPSEC Program Manager.

NEW YORK NATIONAL GUARD FAMILY PROGRAMS Offered & presented by CW2 Walker Family Programs OPSEC Program Manager.
OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.

OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.
TLO 2: Action: Plan operational security. Intermediate-level training.

TLO 2: Action: Plan operational security. Intermediate-level training.
UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.

UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
iWATCH Army Training for Contractors “See Something -- Say Something”

iWATCH Army Training for Contractors “See Something -- Say Something”
One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.

One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
Operation Name SGT Artemis O’Conan Operations Center

Operation Name SGT Artemis O’Conan Operations Center
Stalking Stalking is a serious crime that occurs when one person engages in actions directed at another person (the target) which causes this person to.

Stalking Stalking is a serious crime that occurs when one person engages in actions directed at another person (the target) which causes this person to.

Similar presentations

Ads by Google