Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operation Name SGT Artemis O’Conan Operations Center

Published byBethanie Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "Operation Name SGT Artemis O’Conan Operations Center"— Presentation transcript:

1 Operation Name SGT Artemis O’Conan Operations Center
OPSEC Operation Name SGT Artemis O’Conan Operations Center

2 Information and Value 80%+ of all intelligence is from unclassified sources Tidbits of information are pieces of a puzzle Even your tidbits help complete the picture Objective: make yourself & your mission the hard target. Let the bad guys find a softer target somewhere else! The point is to get across to the audience that all critical information is important to protect, even if it is unclassified. Intelligence communities wouldn’t be investing in collecting unclassified information if it wasn’t yielding useful intelligence. The bad guys don’t act on one piece of information. They must collect multiple pieces, and then verify them. We don’t just protect information we think is valuable. We protect the information that is valuable to the bad guy. Makes sense when you think about it. We protect what they bad guy wants. Even though it may seem insignificant for you, it may be just the piece the terrorist needs to finish his surveillance or his attack plan. Make yourself the hardest target; let them “get” someone else! When they have to work harder for the information, they take bigger risks, and it is easier for us to catch them. Terrorists have shown us that if we can throw them a curve ball, be unpredictable and mess up their plan, they’ll abandon the target.

3 The Adversaries Foreign Nationals Drug Cartel Terrorists Hackers
Criminals Who’s the bad guy? Each of these groups of people might be an adversary, and the list that applies to our mission might change over time. Ask the audience if they can connect any of these bad guys with any of your missions. Don’t forget, you have left family members behind and the neighbor, the places they go to school, go shopping, etc. Ask them if they can think of some information each of these groups of people would like to know about your unit.

4 Consider YOURSELF a Target
You and Your Family Your Friends & Neighbors Your fellow soldiers Your Job Your Mission Your Unit Your Country This is a “terrorist handbook” captured in Manchester, England in February of 2000. If you are not familiar with the Manchester Document it can be found on the Internet at What information is the bad guy after? Not every adversary will want all this information, but we know for certain that this is what terrorists want to know. Each in its own has a piece of the puzzle. Your friends and family know when you are departing for the most part or at least an assumption, and the general location of where and for how long. Your soldiers in arms have another piece of information to add, and the adversary knows of what you do and the mission of your unit and most of all he knows all about your discipline and upbringing and to God and your country… Also, don’t forget, the adversary isn’t always on foreign soil, he could also be right in your own neighborhood too. “The Manchester Document” A Terrorist Handbook

5 So What Is OPSEC? “Operations Security”
OPSEC deals primarily with protecting sensitive but unclassified information that can serve as indicators about our mission, operations and capabilities A Five Step Process 1. Identify Critical Information (CI) 2. Analyze the threat to the CI 3. Determine OPSEC vulnerabilities 4. Determine the acceptable level of risk 5. Implement appropriate countermeasures

6 The OPSEC Process CRITICAL INFORMATION COUNTERMEASURE APPLICATION
THREAT ANALYSIS VULNERABILITY ANALYSIS RISK ASSESSMENT PROGRAM REVIEW

7 You already practice OPSEC at home
When most of us leave home for vacation, we take actions to protect our homes while we’re away. We may: Stop newspaper deliveries Have the yard mowed Buy light timers Have a neighbor get the mail In short, we want our houses to look like someone is home

8 What is Critical Information?
Critical Information (CI) is information which can potentially provide an adversary with knowledge of our intentions, capabilities or limitations. It can also cost us our technological edge or jeopardize our people, resources, reputation and credibility. Controlled unclassified information, is often identified as Critical Information.

9 Information Designations
For Official Use Only (FOUO) Sensitive But Unclassified (SBU) Law Enforcement Sensitive (LES) Trusted Agent – Eyes Only, etc.

10 Control of Critical Information
Regardless of the designation, the loss or compromise of sensitive information could pose a threat to the operations or missions of the agency designating the information to be sensitive. Sensitive information may not be released to anyone who does not have a valid “need to know”.

11 Examples of Critical Information
Where are the TXSG Soldiers living during the deployment What is the make and model of the soldiers vehicles What is the capabilities of the Operation What type of technology does the Operation have Who are participations Location of law enforcement Locations of Resources

12 The Threat Others constantly study us to determine our weaknesses
Their Tools: HUMINT Human Intelligence SIGINT Signals Intelligence COMMINT Communications Intelligence ELINT Electronic Intelligence Many more “INTs”

13 HUMINT – You could be a target!
Watch what you say to: The public/media Friends Professional Colleagues in and outside of TXSG Places to be especially wary At school Bars and restaurants Conventions/symposiums Don’t try to impress people with your knowledge Loose Lips Sink Ships!

14 SIGINT, COMMINT, ELINT TXSG is perform a non-combat military mission and is operating on state communications systems TXSG is being entrusted with more sensitive information than you may think Don’t assume we’re immune because we’re out of the mainstream presence For that reason we can actually be MORE vulnerable Watch what you transmit on: Radios, phones, Fax, and

15 Marking Documents Documents containing FOUO info should be marked
UNCLASSIFIED//FOR OFFICIAL USE ONLY Information contained in this document is designated by the State of Texas as For Official Use Only (FOUO) and may not be released to anyone without the prior permission of the and/or the Documents containing LES info should be marked UNCLASSIFIED//LAW ENFORCEMENT SENSITIVE Information contained in this document is designated by the State of Texas as Law Enforcement Sensitive (LES) and may not be released to anyone without the prior permission of the and/or the

16 Marking Documents Material other than paper documents (for example, slides, computer media, films, etc.) shall bear markings that alert the holder or viewer that the material contains FOUO or LES information. Each part of electrically transmitted messages containing FOUO of LES information shall be marked appropriately.

17 Protection of FOUO & LES Information
FOUO & LES information should be stored in locked desks, file cabinets, bookcases, locked rooms, or similar items, unless Government or Government-contract building security is provided. FOUO & LES documents and material may be transmitted via first-class mail, parcel post or -- for bulk shipments -- fourth-class mail. Electronic transmission of FOUO & LES information (voice, data or facsimile) should be by approved secure communications systems whenever practical.

18 It’s Everyone’s Responsibility
The purpose of the security program is to protect against unauthorized disclosure of official information. Keep your information secure at all times. OPSEC is mostly common sense. If we all take the time to learn what information needs protecting, and how we can protect it, we can continue to execute our mission effectively.

19 Disclosure of Information
Disclosure of information, quite simply is when information passes from one party to another. When dealing with sensitive information, it is the responsibility of the party possessing the information to ensure it is not disclosed to parties who do not have a need for or a right to the information.

20 Authorized Disclosure
Disclosure of sensitive information is authorized only when the party receiving the information can be properly identified and has a “need to know.” “Need to Know” does not mean, because a person holds a high management position, he or she automatically needs access to the information.

21 Unauthorized Disclosure
Unauthorized disclosure of sensitive information is when the party receiving the information does not have a “Need to Know.” In most cases, unauthorized disclosures are unintentional and due to poor planning or a failure to think by the possessing party.

22 Unaware of Surroundings
One of the leading causes of unintentional disclosures is simply people not being aware of what is happening around them. Discussing sensitive information when you are unsure or unaware of your surroundings can quickly lead to this information being disclosed to the wrong people.

23 Awe Of Position We all want to please our commanders, and work very hard each day to do so. However, even if a superior officer requests something that is sensitive in nature, we must still make sure they meet all the requirements for access to this information just like everyone else.

24 OPSEC and the Web Unclassified

25 Web Log Vulnerabilities
Photos (with captions!) Installation maps with highlights of designated points of interest (sleep/work, CDR, chow hall, etc) Security Operating Procedures Tactics, Techniques and Procedures Our capabilities The morale of you and the soldiers in your unit Undermining your senior leadership We tend to publish more than is needed to meet the objective. We add information to “spice it up” or make it more interesting, but in the process we compromise critical information. It’s the same principle as answering the phone in your office when a coworker is absent. We don’t give the caller a simple “no” – we volunteer that he/she is TDY, where they’ve gone, how long they’ll be gone, and so on. A simple “no”, with maybe “can I help you instead” would have been sufficient. When we post on the web, we should remember who the targeted audience is. Anything that is operational explicit that reveals our TTPs, photographs of damaged equipment, weakness, specifications of equipment capabilities, intent and other military related operational information will not be posted in the public domain Sensitive Information?

26 Web Log Vulnerabilities
A US soldier stands guard as a suspected looter begs to be released after they were caught while fleeing a building on fire in Baghdad, Iraq (news - web sites) Saturday June 28, The suspects were allegedly looting gasoline from the building. 12-year old Mudhr Abdul Muhsin, bottom, was released later This photo can be used against us both from the adversary and our own people. Perceptions can be your WORST enemy. If you were a bad guy, could you use this?

27 (JOURNAL OF A MILITARY HOUSEWIFE)
Web Log Targeting (JOURNAL OF A MILITARY HOUSEWIFE) INFORMATION WAS OBTAINED FROM A FAMILY WEBSITE: 1. HUSBAND’S NAME, HOMETOWN, UNIT, AND DATES OF DEPLOYMENT. 2. PICTURE OF SPOUSE 3. EXPECTING THEIR FIRST CHILD ON DECEMBER 8, 2005. 4. BABY SHOWER SCHEDULED FOR OCTOBER 22, 2005 5. DATE SPOUSE FAILED HER DRIVER’S TEST A GOOGLE SEARCH ON INFORMATION OBTAINED FROM WEBSITE REVEALED: 1. SPOUSE’S A.K.A. (Screen Name) 2. COUPLE’S HOME ADDRESS 3. SPOUSE’S DATE OF BIRTH 4. HUSBAND’S YEAR OF BIRTH 5. DATE SPOUSE OBTAINED HER DRIVER’S LICENSE. COULD YOUR FAMILY BE A A TARGET?

28 Personal Web Page Vulnerabilities
Personal web pages can expose something the unit would like to protect A picture is worth a thousand words We enlisted – our families didn’t Individuals expose information because: They’re proud of their work They’re marketing the unit or they want public support They’re miffed or frustrated

29 Lets go Googling Time: No more than 10 min Info: First and Last Name’s
Info: Rank Now let see what we can see

30 Rank Name Who: Home: Hometown: Children:

31 Interests Favorite Music: Favorite Books: Favorite Movies:
Favorite TV Shows, Actors: ‘ Interests and Activities:

32 Affiliations Political Affiliation: Religious Affiliation: Employers:
Colleges: Major: High Schools: Other Affiliations:

33 Countermeasures Anything that effectively negates or reduces an adversary’s ability to exploit our vulnerabilities. Would you want the enemy to read this? If the answer is NO, DON’T PUT IT ON THE WEB!

34 What YOU Can Do Post information that has no significant value to the adversary Consider the audience when you’re posting to a blog, personal web page or Always assume the adversary is reading your material Believe the bad guys when they threaten you Work with your OPSEC Officer – follow policies and procedures!

35 The Challenge Think like the bad guy before you post your photographs and information in a blog, a personal web page, or in your Sometimes we can be our own worst enemies

36 The “Message” Operations Security is everyone’s business
Good OPSEC saves lives and resources Always use common sense and stay alert Only release info to those with a valid need-to-know Identify vulnerabilities to your commander

37 The Bottom Line OPSEC is a time-tested process that analyzes threats, identifies Critical Information, and develops appropriate countermeasures OPSEC is used by all of us in everyday life OPSEC is not so much a bunch of security rules, but a common-sense approach to viewing your operations through the adversary’s eyes OPSEC increases opportunities for mission success by protecting Critical Information You are the key to making OPSEC work!

38 Are You the Weakest Link?
Vulnerabilities: Weaknesses the adversary can exploit to get to the critical information

39 QUESTIONS ?

Download ppt "Operation Name SGT Artemis O’Conan Operations Center"

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Security Awareness Training

Security Awareness Training
Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Cyber Safety Assessment Review

Cyber Safety Assessment Review
Internet Safety in Schools

Internet Safety in Schools
Naval OPSEC Support Team Navy Information Operations Command, Norfolk 757-417-7100 #Don’tDoThat: Social Media Trends.

Naval OPSEC Support Team Navy Information Operations Command, Norfolk #Don’tDoThat: Social Media Trends.
THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.

THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.
Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!

Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
Security Solutions Group

Security Solutions Group
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.

OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.
TLO 2: Action: Plan operational security. Intermediate-level training.

TLO 2: Action: Plan operational security. Intermediate-level training.
Digital Footprints Where have you been? Where are you going?

Digital Footprints Where have you been? Where are you going?
UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.

UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Similar presentations

Ads by Google