Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overall Classification of this Briefing is UNCLASSIFIED//FOUO

Published byBrian Short Modified over 7 years ago

Similar presentations

Presentation on theme: "Overall Classification of this Briefing is UNCLASSIFIED//FOUO"— Presentation transcript:

1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO
Fleet & Family Support Ombudsman Program & Operations Security

2 Facebook.com/NavalOPSEC
Overview OPSEC Threat Critical Information Indicators Data Aggregation Vulnerabilities Risk Countermeasures Ombudsmen and OPSEC Social Media Facebook.com/NavalOPSEC @NavalOPSEC

3 OPSEC A 5 step process that …
Identifies, controls and protects sensitive, critical unclassified information about a mission, operation or activity Assesses potential threats, vulnerabilities, and risk Utilizes countermeasures to mitigate an adversary's effectiveness against a friendly operation Operations Security: 1. A systematic, proven process by which a government, organization, or individual can identify, control, and protect generally unclassified information about an operation/activity and, thus, deny or mitigate an adversary's/competitor's ability to compromise or interrupt said operation/activity (NSC 1988). 2. OPSEC is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to (a) identify those actions that can be observed by adversary intelligence systems, (b) determine indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries, and select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation (DOD JP 1994; JCS 1997). Operations Security process: An analytical process that involves five components: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures (NSC 1988). Source:

4 Threat Capabilities and intentions of an adversary to undertake any action detrimental to the success of friendly activities or operations. Conventional Threats Military opponents Unconventional Threats Terrorism (foreign and domestic) Hackers Insiders (Spies) Thieves, stalkers, pedophiles There are several factors that help you determine the treat to your command or unit’s mission. Geography plays a large role in threat identification. Example: If you are in the Arabian Gulf, then MS-13 will probably not make your threat list. The best source to request threat information will be the N2 shop if the command has one and if not, NCIS MTAC.

5 What are they looking for?
Names, photographs of important people Present/future operations Information about military facilities: Location Number of personnel Ammo depot locations Dates and times of operations Family details Spouse, children Location of work, school

6 Critical Information Information we must protect to ensure success
Information the adversary needs to prevent our success Capabilities Operations Personnel Security procedures

7 Family Critical Information
Some examples of critical information that apply to your family life: Names and photos of you and your children Usernames and passwords Length and location of spouse’s deployment Social Security Numbers Credit card/banking information Significant dates (birthdays, anniversaries) Addresses and phone numbers Everyday schedules Travel itineraries

8 Indicators Friendly, detectable actions that reveal critical information and vulnerabilities Longer working hours Rehearsals Sudden changes in procedures Onloads Large troop movements Not all indicators are bad Indicators are signatures of an event or action an adversary can observe via collection methods available to them. Indicators can point to vulnerabilities and possibly reveal Critical Information.

9 Avoid Indicators This slide depicts common indicators for families.

10 Data Aggregation Information collection from multiple sources
Open source collection provides enemy most of their intelligence Manchester Document: 80% of information collected is done so legally Internet Trash Media Small details put together give big picture Countermeasures are used to address vulnerabilities that an adversary may exploit to gain access to critical information. The objective is to lower the vulnerability rating which will in turn lower the risk level. The remaining risk is referred to as residual risk. The ultimate goal of countermeasures is to reduce Risk to the commanders acceptable level. Two things that must be considered when developing countermeasures are “Cost & benefit”.

11 Vulnerabilities Weakness the adversary can exploit to get critical information Some common vulnerabilities are: Lack of awareness Social networking Social engineering Data aggregation Technology Trash Poor policy enforcement Unsecure communications Like with anything, a vulnerability is something that can be exploited to cause damage or disruption. This slide is a list of the most common vulnerabilities a person or organization may experience.

12 Risk The probability an adversary will gain knowledge of your critical information and the impact if they are successful Impact: How much will it cost if your critical information is lost? Lives Mission Money Time How much are you willing to risk by displaying this indicator or not correcting that vulnerability? The Risk assessment step of the OPSEC process aids decision makers in understanding what aspects of an operation or mission could be compromised and how resources could be affected. The cost can be measured by what is shown on this slide. Always keep in mind that the “Commander” is the only only one who can accept risk, therefore will determine the acceptable level of risk.

13 Countermeasures Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information Hide/control indicators Vary routes Modify everyday schedules Influence or manipulate an adversary’s perception Take no action React too late Take the wrong action Countermeasures are used to address vulnerabilities that an adversary may exploit to gain access to critical information. The objective is to lower the vulnerability rating which will in turn lower the risk level. The remaining risk is referred to as residual risk. The ultimate goal of countermeasures is to reduce Risk to the commanders acceptable level. Two things that must be considered when developing countermeasures are “Cost & benefit”.

14 Ombudsmen and OPSEC Knowledge of command’s critical information
Families must understand OPSEC process Educate the family members whenever possible Newsletters Meetings - Sailors bring home their command’s Critical Information. Family members must know what information they receive is critical and what is not. The easiest way to do ensure that family members are not posting Critical Information is to educate them. There are several ways to spread the OPSEC message across the FRG. If you maintain a newsletter, you can push the OPSEC message that way. Always have some sort of OPSEC training at any and all FRG meetings that you have, whether you do it or you request outside assistance (NOST). Family members protecting information is just as important as the service member protecting the information. Educate the families, especially teenagers that are active on social media.

15 Social Media Highly recommended Open groups on Facebook
Monitor the site Never post PII Regularly check security settings Be careful using public wireless networks - Social media is the easiest way to communicate with large groups of people. It is highly recommended for ombudsmen to use Facebook and other social media sites to keep in touch the family members. Facebook is the easiest way to communicate with large groups of people at the same time. If an ombudsman is running a Facebook group, it is recommended to keep the group open. People think or assume that if a Facebook group is closed to the general public, it is unable to be seen by outsiders. This causes some people to think it is acceptable to post sensitive information. Adversaries could easily hack into the closed group to access the page. Also, anybody who shares a post from the closed group to their personal page has made it accessible to the general public. You should always know who is a member of your page. Block any suspicious followers to your pages. Obviously, never post PII on social media, whether it be a service member or family member. Also, never go into detail about your personal life on social media. The adversary could be watching your online activity. Don’t give him an opportunity to take advantage of you because of the information you provide on Facebook. Facebook changes or updates their security settings often. When an update occurs, it may change your security settings back to default, which isn’t very secure. Always keep an eye on this. Be very careful about your online activity when you are using a public wireless network (airport, hotel, coffee shop, etc), especially if you are overseas. Always assume the adversary is watching. Equipment can be easily obtained to monitor devices on public networks.

16 Summary OPSEC Threat Critical Information Indicators Data Aggregation
Vulnerabilities Risk Countermeasures Ombudsmen and OPSEC Social Media

17 Questions @NavalOPSEC Facebook.com/NavalOPSEC Youtube.com/USNOPSEC JEB – Little Creek (Bldg 1126) 2555 Amphibious Drive Virginia Beach, VA Naval OPSEC App Collaboration at Sea

Download ppt "Overall Classification of this Briefing is UNCLASSIFIED//FOUO"

Similar presentations

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Fleet & Family Support Ombudsman Program & Operations Security

Fleet & Family Support Ombudsman Program & Operations Security
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Naval OPSEC Support Team Navy Information Operations Command, Norfolk 757-417-7100 #Don’tDoThat: Social Media Trends.

Naval OPSEC Support Team Navy Information Operations Command, Norfolk #Don’tDoThat: Social Media Trends.
THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.

THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.
Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!

Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!
Introduction to Information Operations Attaché Corps- SEP 09

Introduction to Information Operations Attaché Corps- SEP 09
Open Source Intelligence (OSINT) OSINT and TRASHINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.

Open Source Intelligence (OSINT) OSINT and TRASHINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
NEW YORK NATIONAL GUARD FAMILY PROGRAMS Offered & presented by CW2 Walker Family Programs OPSEC Program Manager.

NEW YORK NATIONAL GUARD FAMILY PROGRAMS Offered & presented by CW2 Walker Family Programs OPSEC Program Manager.
OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.

OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.
TLO 2: Action: Plan operational security. Intermediate-level training.

TLO 2: Action: Plan operational security. Intermediate-level training.
UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.

UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Randy Marchany VA Tech Computing Center

Randy Marchany VA Tech Computing Center
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.

One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.

Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.

Similar presentations

Ads by Google