Operations Security is not a lone wolf enterprise.
It takes all government military, civilian and contractor employees to ensure Operations Security is a top priority during everyday office activities, said George Huley, the program manager for the Army's OPSEC program.
"We all have roles in OPSEC," Huley said. "It doesn't belong to any one organization or to the Army's new Cyber Directorate or Army OPSEC. It's a responsibility we all have to shoulder."
Huley spoke July 19 at the Team Redstone OPSEC Day at Bob Jones Auditorium. He led a list of presenters who provided information on such topics as Cyber Security, Social Engineering Defense, Insider Threat and Data Left Behind.
Huley reviewed the Army Regulation 530-1 that provides guidelines and standards for Operations Security throughout the Army.
"We are working on consolidating cyber security inspections across the Army and on mission assurance assessments. We want to make sure assessments are all the same and the benchmarks are all the same across the Army," Huley said. "We need to know what you are doing and where you need help."
Training events such as Team Redstone OPSEC Day help to ensure employees are vigilant in ensuring Operations Security, said Redstone Garrison commander Col. Tom Holliday during his welcoming comments. "It keeps us going so we don't create problems we have the ability to prevent," he said of AR 530-1 guidelines and Army Operations Security practices.
Army employees should view Operations Security as a community-wide concern, reaching out beyond the Redstone gates and into both their professional and personal networks.
"My mom, who lives in California, is just as vital to Operations Security as anyone in this room," Holliday said. "Say I go on TDY to a foreign country. I tell my mom where I'm going and my mom, who is very proud of her son, passes on this information to a few of her friends. I have now jeopardized whatever mission I am going on. You never want to be part of the 1 percent of employees who provide information that can jeopardize a mission."
In 2002, Holliday, who is a Military Intelligence officer, deployed to Afghanistan. But he didn't tell his family the specifics of the deployment.
"I did that for two reasons," he said. "One, I wanted to protect myself and my mission. Two, I wanted to protect my family and I wanted to especially protect my wife who might watch the evening news and hear something about the unit I was with. She was taking care of three kids at the time and she didn't need to worry about what was going on with me.
"When you figure out how to handle those types of small details -- the personal details of OPSEC -- then working the big details of OPSEC will take care of themselves. Think about OPSEC in your daily life. We need to apply it to everything we do with our families and in our communities. Everyone needs to be involved when we consider OPSEC."
Even information that seems harmless to release, can be detrimental to the mission when combined with other obtained information, he said.
"Some of our worst spies truly believed the information they were giving away wasn't classified. And, by itself, it wasn't. But when you put two or three pieces of information together, it can become classified," he said.
John Moons, who works in Operations Security for the Space and Missile Defense Command in Colorado Springs, Colo., said one of the most threatening OPSEC situation in organizations, units, companies and commands is the insider threat. In the five step OPSEC process -- which includes analyze the threat, identify critical information, analyze vulnerabilities, assess risks and apply countermeasures -- the threat is identified as employees within the organization.
"If you have authorized access to critical, sensitive, unclassified and classified information, then you have the potential to be an insider threat," Moons said.
He reviewed the backgrounds of several seemingly unthreatening employees who turned out to be spies, including Navy Lt. Commander Edward Lin, who was accused of giving secrets to China; Department of Energy/Nuclear Regulatory Commission employee Charles Eccleston, who was found guilty of plotting to help foreign governments hack into computers of American agencies; and Mostafa Ahmed Awwad, a Navy civil engineer, who was found guilty of providing schematics of the nuclear aircraft carrier USS Gerald R. Ford to Egypt.
Personal factors such as greed, financial need, anger and revenge can all be signs that government employees, contractors and even military personnel may also be a spy. Behavioral indicators, including mishandling of information, deterioration of work performance and attitude, purchasing high value items or taking several expensive trips, and being secretive about travels, can also indicate spying activity.
"You can make a difference in terms of OPSEC by being trained and educated about the concerns and by being aware of what fellow employees are doing," Moons said. "Be aware of what is going on around you. Be aware of potential issues."
Moons suggested that government employees should visit local spy shops (Metro Spy Supply in Huntsville and Alabama Spy Shop in Madison) to see what kinds of capabilities are out there for spies to use. They also should be aware of the ISalute website, https://www.inscom.army.mil/isalute/, where they can report suspicious activity anonymously. There is also an iWatch Army smartphone app that Redstone employees can also use.
Social Sharing