Operations Security on Internet is vital for everyone
January 24, 2013
In today's world of Facebook, Twitter and other social media sites it is vital that Soldiers, Family members and government employees are aware of the personal and professional information they put on these sites.
Information about upcoming missions, training exercises and even personal information like when a Family will be on vacation should be left off social media sites.
"Operations Security protects the mission and saves lives," said Nick Vazquez, Army Cyber Command Operations Security program manager and anti-terrorism officer. "It protects essential secrecy for the mission, too."
OPSEC is an analytic process used to deny an adversary sensitive information -- generally unclassified -- concerning friendly intentions and capabilities by identifying, controlling, and protecting indicators associated with planning processes or operations. OPSEC does not replace other security disciplines, it supplements them.
Servicemembers, government employees and their Families should use an alias for their social media and web-presence profiles and not put personal information like their birthdays, telephone numbers and home address on the site to prevent identity theft.
"Keep the information you put on a social media site generic," said Vazquez. "Adversaries are looking for those vulnerabilities to gain access to personal information."
Hackers also attempt to gain personal information by attempting what are called "phishing attacks." Hackers send emails embedded with links to fake websites in order to gain a target's personal information.
"If the person responds to it and clicks on a link, they can be drawn to the fake website the hacker set up," said Vazquez. "That person may enter personal information the hacker can use against them. This could lead to identify theft or loss of funds from an individual's personal bank account."
Family members also need to be aware of what they post on Facebook -- from pictures to daily Facebook status updates about how their vacation is going.
Operations and personal security can be jeopardized by this information.
"Don't share pictures that give away vulnerabilities to your home, especially when you go on vacation" said Vazquez. "People outside your circle of close friends could have bad intentions and may be interested in your information. It is up to the individual user to protect your personal identifying information and physical valuables."
Additional social media security includes being careful about who you accept as a friend on Facebook or other social media sites, according to Vazquez.
Hackers will sometimes use a fake alias to gain access to a person's profile so they can steal personal information. So, unless you know the person, don't accept their friend request, he warned.
"You know all of your friends," said Vazquez. "So, if someone is trying to friend you, you should know who that person is."
It is OK to accept a friend request from a name you don't recognize; but only after having properly researched the person sending the request, said Vazquez. Search the person on the social media site, and ask friends if they recognize the name before accepting it. It is better to be overcautious in this instance instead of the risk of letting a hacker or thief gain access to your personal information or household goods.
"If your friends don't know the person, don't accept the friend request," said Vazquez. "If the person knows you, they should have other means of contacting you besides social media."
In addition to cyberspace, unsavory people can collect information about you in the physical world, so people should also be aware of physical security.
Using proper OPSEC as part of your daily routine can help to ensure your individual protection concerning anti-terrorism physical security. OPSEC includes avoiding the same routine. By using predictive analysis the adversary could use this information to plan actions against you or your Family. If possible, avoid taking the same route to work every day and alternate shopping at the same stores at the same time every weekend, according to Vazquez. If a person has a predictable routine, adversaries can figure out when they have the best access to someone's home.
"What we are trying to do is throw off the adversary," said Vazquez. "Is it likely we will become a target? No. But, is it a possibility? Yes. So, we can't discount the fact we can become the target of an adversary. The important thing to remember here is to be aware of your surroundings, whether in the physical realm or in cyberspace."
Soldiers and government workers also need to be aware of what they discuss in public places. Sensitive information on an upcoming mission or what happened at work that day should not be discussed in public. The type of unclassified information that is deemed sensitive in nature is integrated into a command Critical Information List. A CIL includes information deemed too important to discuss or disseminate openly without stringent protection measures.
"Don't talk about operational information outside of the work environment," said Vazquez. "So, when you are in public places, don't talk about things going on at work."
For more information on OPSEC, contact your unit's OPSEC office.