Operations Security, or OPSEC, is keeping potential adversaries from discovering our critical information. As the name suggests, it protects our operations – planned, in progress, and those completed. Success depends on secrecy and surprise, so the military can accomplish the mission faster and with less risk. Our adversaries want our information, and they don’t concentrate on only soldiers to get it.
They want you, the family member.
Social Networking Sites
OPSEC – SNSs promote “social behavior” and encourage users to share information and inherently trust the information from those they are connected to within the SNS. Once information is posted or uploaded onto an SNS, it should no longer be considered private. Even if the SNS has strong privacy settings, that privacy is completely dependent on the security of the web application. On some SNSs, third-party add-ons have elevated privileges, giving them access to additional private information such as home addresses or birthdays (Mary Landesman, “Cyber Thieves Target Social Sites,” BBC News Online). Savvy attackers may also aggregate information from multiple sites to gain access to private information (e.g., online banking records, email). For example, personal information posted to an SNS (e.g., birthday, pet’s name) could be used to compromise security credentials (e.g., password, pin, security questions) for that site or other sites, giving an attacker access to private information.
Protecting Critical Information
Even though information may not be secret, it can be what we call “critical information.” Critical information deals with specific facts about military intentions, capabilities, operations or activities. If an adversary knew
this detailed information, our mission accomplishment and personnel safety could be jeopardized. It must be protected to ensure an adversary doesn’t gain a significant advantage. By being a member of the military family, you will often know some bits of critical information. Do not discuss them outside of your immediate family and especially not over the telephone.
Behavioral Best Practices
• Perform a risk assessment before posting information about you or your organization. Never post any sensitive information, and post information as if privacy or filtering settings do not exist within the site’s functionality. Sensitive information (e.g., address, phone number) should be left off all social networking sites.
• Before accepting a friend/connection request, confirm with them either verbally or face-to-face. This ensures that the involved accounts are neither compromised nor impersonated.
• Be selective of which third-party applications to add to your profile. There is no guarantee that thirdparty applications have been reviewed or officially approved by the parent SNS. These applications could contain malicious code attempting to exploit your account and the site at large.
Examples Of Critical Information
• Detailed information about the mission of assigned units.
• Details on locations and times of unit deployments/field training.
• Personnel transactions that occur in large numbers (Example: pay information, powers of attorney, wills, deployment information).
• References to trends in unit morale or personnel problems.
• Details concerning security procedures
Puzzle Pieces
These bits of information may seem insignificant. However, to a trained adversary, they are small pieces of a puzzle that highlight whatwe’re doing and planning. Remember, the elements of security and surprise are vital to the accomplishment of our goals and our collective personnel protection. Where and how you discuss this information is just as important as with whom you discuss it. Adversary agents tasked with collecting information frequently visit some of the same stores, clubs, recreational areas, or places of worship as you do. Determined individuals can easily collect data from social media, cordless and cellular phones, and even baby monitors, using inexpensive receivers available from local electronics stores. If anyone, especially a foreign national, persistently seeks information, notify your military sponsor immediately. He or she will notify the unit OPSEC program manager.
They want you, the family member.
Social Networking Sites
OPSEC – SNSs promote “social behavior” and encourage users to share information and inherently trust the information from those they are connected to within the SNS. Once information is posted or uploaded onto an SNS, it should no longer be considered private. Even if the SNS has strong privacy settings, that privacy is completely dependent on the security of the web application. On some SNSs, third-party add-ons have elevated privileges, giving them access to additional private information such as home addresses or birthdays (Mary Landesman, “Cyber Thieves Target Social Sites,” BBC News Online). Savvy attackers may also aggregate information from multiple sites to gain access to private information (e.g., online banking records, email). For example, personal information posted to an SNS (e.g., birthday, pet’s name) could be used to compromise security credentials (e.g., password, pin, security questions) for that site or other sites, giving an attacker access to private information.
Protecting Critical Information
Even though information may not be secret, it can be what we call “critical information.” Critical information deals with specific facts about military intentions, capabilities, operations or activities. If an adversary knew
this detailed information, our mission accomplishment and personnel safety could be jeopardized. It must be protected to ensure an adversary doesn’t gain a significant advantage. By being a member of the military family, you will often know some bits of critical information. Do not discuss them outside of your immediate family and especially not over the telephone.
Behavioral Best Practices
• Perform a risk assessment before posting information about you or your organization. Never post any sensitive information, and post information as if privacy or filtering settings do not exist within the site’s functionality. Sensitive information (e.g., address, phone number) should be left off all social networking sites.
• Before accepting a friend/connection request, confirm with them either verbally or face-to-face. This ensures that the involved accounts are neither compromised nor impersonated.
• Be selective of which third-party applications to add to your profile. There is no guarantee that thirdparty applications have been reviewed or officially approved by the parent SNS. These applications could contain malicious code attempting to exploit your account and the site at large.
Examples Of Critical Information
• Detailed information about the mission of assigned units.
• Details on locations and times of unit deployments/field training.
• Personnel transactions that occur in large numbers (Example: pay information, powers of attorney, wills, deployment information).
• References to trends in unit morale or personnel problems.
• Details concerning security procedures
Puzzle Pieces
These bits of information may seem insignificant. However, to a trained adversary, they are small pieces of a puzzle that highlight whatwe’re doing and planning. Remember, the elements of security and surprise are vital to the accomplishment of our goals and our collective personnel protection. Where and how you discuss this information is just as important as with whom you discuss it. Adversary agents tasked with collecting information frequently visit some of the same stores, clubs, recreational areas, or places of worship as you do. Determined individuals can easily collect data from social media, cordless and cellular phones, and even baby monitors, using inexpensive receivers available from local electronics stores. If anyone, especially a foreign national, persistently seeks information, notify your military sponsor immediately. He or she will notify the unit OPSEC program manager.