Provided by OSPA (www.opsecprofessionals.org) Vulnerabilities and Indicators The OPSEC Process
Definitions <ul><li>Indicator </li></ul><ul><ul><li>Points to vulnerability or critical information􀂄 </li></ul></ul><ul><l...
Indicators <ul><li>Pathways or detectable activities that lead to specific information that, when looked at by itself or i...
Profiles and Signatures <ul><li>Adversaries look for Patterns and Signatures to establish a Profile </li></ul><ul><ul><li>...
Vulnerability Areas <ul><li>Operations </li></ul><ul><li>Physical Environment </li></ul><ul><li>Personnel </li></ul><ul><l...
Common Vulnerabilities <ul><li>Discussion of sensitive information in unsecured areas. </li></ul><ul><li>Lack of policy/en...
Stereotyped Operations <ul><li>Same Time </li></ul><ul><li>Same Place </li></ul><ul><li>Same People </li></ul><ul><li>Same...
Examples of Vulnerabilities <ul><li>Publications </li></ul><ul><li>Press Releases </li></ul><ul><li>Unencrypted Email </li...
Examples of Vulnerabilities  <ul><li>Trash </li></ul><ul><li>Employee Turnover </li></ul><ul><li>Employee Mistakes </li></...
Communication Vulnerabilities <ul><li>Radios </li></ul><ul><li>Cell Phones </li></ul><ul><li>Telephones </li></ul><ul><li>...
Common Vulnerabilities <ul><li>Government Reliance on Commnercial Backbone </li></ul><ul><ul><li>Domestic </li></ul></ul><...
Cell Phones <ul><li>Incorporate a wide-spectrum of technologies </li></ul><ul><ul><li>Analog/ Digital Wireless </li></ul><...
Cell Phones <ul><li>Asset vs Vulnerability </li></ul><ul><ul><li>The Good: </li></ul></ul><ul><ul><ul><li>Convenience </li...
Common Vulnerabilities <ul><li>Computers </li></ul><ul><ul><li>Access Control </li></ul></ul><ul><ul><li>Auditing </li></u...
Common Vulnerabilities <ul><li>Associated Computer Concerns </li></ul><ul><ul><li>Email </li></ul></ul><ul><ul><li>Sniffer...
Areas of Vulnerability <ul><li>Administration </li></ul><ul><li>Financial </li></ul><ul><li>Logistics </li></ul><ul><li>Op...
Administrative <ul><li>Memos </li></ul><ul><li>Schedules </li></ul><ul><li>Travel Orders </li></ul><ul><li>Advance Plans <...
Financial <ul><li>Projections </li></ul><ul><li>Justifications </li></ul><ul><li>Financial Plans </li></ul><ul><li>Special...
Logistics <ul><li>Unusual Equipment </li></ul><ul><li>Volume or Priority Requisitions </li></ul><ul><li>Boxes Labeled With...
Operations <ul><li>VIP Visits </li></ul><ul><li>Schedules </li></ul><ul><li>Stereotyped Activities </li></ul><ul><li>Incre...
EVEN MORE Indicators and Vulnerabilities <ul><li>Family </li></ul><ul><li>Personnel </li></ul><ul><li>Public Affairs </li>...
Where Are the Indicators?
Indicators <ul><li>Presence of specialized Equipment </li></ul><ul><li>Increase (or Decrease) in activity </li></ul><ul><l...
Information of Intelligence Value Collectible Observable
Collectible <ul><li>Can be physically collected or intercepted </li></ul>Examples: Dumpster diving, cordless/cell phone in...
Observable What you can see What you can smell What you can hear
Why train for OPSEC? ( A real Exercise)
What is our greatest Weakness? OURSELVES!
Questions? <ul><li>“ In wartime, the truth is so precious that it must be protected by a bodyguard of lies.” </li></ul><ul...
Upcoming SlideShare
Loading in...5
×

OPSEC Vulnerabilities And Indicators

18,764

Published on

OPSEC Vulnerabilities and Indicators training presentation.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
18,764
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
253
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

OPSEC Vulnerabilities And Indicators

  1. 1. Provided by OSPA (www.opsecprofessionals.org) Vulnerabilities and Indicators The OPSEC Process
  2. 2. Definitions <ul><li>Indicator </li></ul><ul><ul><li>Points to vulnerability or critical information􀂄 </li></ul></ul><ul><li>Vulnerability </li></ul><ul><ul><li>Weakness the adversary can exploit to get to critical information </li></ul></ul>
  3. 3. Indicators <ul><li>Pathways or detectable activities that lead to specific information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain sensitive information or identify a vulnerability </li></ul>
  4. 4. Profiles and Signatures <ul><li>Adversaries look for Patterns and Signatures to establish a Profile </li></ul><ul><ul><li>Patterns are the way things are done, arranged, or have occurred </li></ul></ul><ul><ul><li>Signatures are the emissions that are the result of, or caused by, what is or was done </li></ul></ul><ul><ul><li>Profiles are collected on all our activities, procedures and methodologies </li></ul></ul>
  5. 5. Vulnerability Areas <ul><li>Operations </li></ul><ul><li>Physical Environment </li></ul><ul><li>Personnel </li></ul><ul><li>Finance </li></ul><ul><li>Administrative </li></ul><ul><li>Logistics </li></ul><ul><li>Public Affairs </li></ul><ul><li>Family </li></ul>
  6. 6. Common Vulnerabilities <ul><li>Discussion of sensitive information in unsecured areas. </li></ul><ul><li>Lack of policy/enforcement </li></ul><ul><ul><li>Cameras </li></ul></ul><ul><ul><li>Cell Phones </li></ul></ul><ul><ul><li>Internet Usage </li></ul></ul><ul><ul><li>Shredding </li></ul></ul><ul><li>Training/Awareness </li></ul>
  7. 7. Stereotyped Operations <ul><li>Same Time </li></ul><ul><li>Same Place </li></ul><ul><li>Same People </li></ul><ul><li>Same Route </li></ul><ul><li>Same Way </li></ul><ul><li>PREDICTIBILITY </li></ul>
  8. 8. Examples of Vulnerabilities <ul><li>Publications </li></ul><ul><li>Press Releases </li></ul><ul><li>Unencrypted Email </li></ul><ul><li>Organization Website </li></ul><ul><li>Non-Secure Telephone </li></ul>
  9. 9. Examples of Vulnerabilities <ul><li>Trash </li></ul><ul><li>Employee Turnover </li></ul><ul><li>Employee Mistakes </li></ul><ul><li>Lack of Good Passwords </li></ul><ul><li>Exhibits and Conventions </li></ul>
  10. 10. Communication Vulnerabilities <ul><li>Radios </li></ul><ul><li>Cell Phones </li></ul><ul><li>Telephones </li></ul><ul><li>Facsimiles (Fax) </li></ul><ul><li>Computers </li></ul>
  11. 11. Common Vulnerabilities <ul><li>Government Reliance on Commnercial Backbone </li></ul><ul><ul><li>Domestic </li></ul></ul><ul><ul><li>Overseas </li></ul></ul>Few Government-Owned Systems
  12. 12. Cell Phones <ul><li>Incorporate a wide-spectrum of technologies </li></ul><ul><ul><li>Analog/ Digital Wireless </li></ul></ul><ul><ul><li>Sound Recording </li></ul></ul><ul><ul><li>PDA </li></ul></ul><ul><ul><li>Camera </li></ul></ul><ul><ul><li>Streaming video </li></ul></ul><ul><ul><li>Computing/ Internet </li></ul></ul><ul><ul><li>And more </li></ul></ul>
  13. 13. Cell Phones <ul><li>Asset vs Vulnerability </li></ul><ul><ul><li>The Good: </li></ul></ul><ul><ul><ul><li>Convenience </li></ul></ul></ul><ul><ul><ul><li>“ Reach out and touch someone” </li></ul></ul></ul><ul><ul><ul><li>Access to Commercial Numbers </li></ul></ul></ul><ul><ul><ul><li>Coordination Outside radio Range/ Frequency </li></ul></ul></ul><ul><ul><li>The Bad and the Ugly </li></ul></ul><ul><ul><ul><li>Multiple Technical Vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>Typically Unsecure </li></ul></ul></ul>
  14. 14. Common Vulnerabilities <ul><li>Computers </li></ul><ul><ul><li>Access Control </li></ul></ul><ul><ul><li>Auditing </li></ul></ul><ul><ul><li>Regulations/ Policy </li></ul></ul><ul><ul><li>User Training </li></ul></ul><ul><ul><li>Passwords </li></ul></ul><ul><ul><li>Systems Accreditation </li></ul></ul>
  15. 15. Common Vulnerabilities <ul><li>Associated Computer Concerns </li></ul><ul><ul><li>Email </li></ul></ul><ul><ul><li>Sniffer </li></ul></ul><ul><ul><li>Cookies </li></ul></ul><ul><ul><li>Virus/ Spyware </li></ul></ul><ul><ul><li>Web Logs (“Blogs”) </li></ul></ul><ul><ul><li>Instant Messaging (“IM”) </li></ul></ul><ul><ul><li>Personal Data Assistants (“PDAs”) </li></ul></ul>
  16. 16. Areas of Vulnerability <ul><li>Administration </li></ul><ul><li>Financial </li></ul><ul><li>Logistics </li></ul><ul><li>Operations </li></ul>
  17. 17. Administrative <ul><li>Memos </li></ul><ul><li>Schedules </li></ul><ul><li>Travel Orders </li></ul><ul><li>Advance Plans </li></ul><ul><li>Annual Reviews </li></ul><ul><li>Org Charts </li></ul><ul><li>Job Announcements </li></ul><ul><li>Management Reports </li></ul>
  18. 18. Financial <ul><li>Projections </li></ul><ul><li>Justifications </li></ul><ul><li>Financial Plans </li></ul><ul><li>Special Purchases </li></ul><ul><li>Budget and Contracts </li></ul><ul><li>Supplemental Requests </li></ul>
  19. 19. Logistics <ul><li>Unusual Equipment </li></ul><ul><li>Volume or Priority Requisitions </li></ul><ul><li>Boxes Labeled With the Name of an Operation or Mission </li></ul><ul><li>etc </li></ul>
  20. 20. Operations <ul><li>VIP Visits </li></ul><ul><li>Schedules </li></ul><ul><li>Stereotyped Activities </li></ul><ul><li>Increased Mission-Related Training </li></ul><ul><li>Abrupt Changes in Normal Operation </li></ul>
  21. 21. EVEN MORE Indicators and Vulnerabilities <ul><li>Family </li></ul><ul><li>Personnel </li></ul><ul><li>Public Affairs </li></ul><ul><li>Physical Environment </li></ul><ul><li>Procedures and Reports </li></ul>
  22. 22. Where Are the Indicators?
  23. 23. Indicators <ul><li>Presence of specialized Equipment </li></ul><ul><li>Increase (or Decrease) in activity </li></ul><ul><li>Sudden Changes in Procedure </li></ul><ul><li>Unique Convoy Configuration </li></ul><ul><li>Staging of Cargo or </li></ul><ul><li>Vehicles </li></ul>
  24. 24. Information of Intelligence Value Collectible Observable
  25. 25. Collectible <ul><li>Can be physically collected or intercepted </li></ul>Examples: Dumpster diving, cordless/cell phone interception, email, open source
  26. 26. Observable What you can see What you can smell What you can hear
  27. 27. Why train for OPSEC? ( A real Exercise)
  28. 28. What is our greatest Weakness? OURSELVES!
  29. 29. Questions? <ul><li>“ In wartime, the truth is so precious that it must be protected by a bodyguard of lies.” </li></ul><ul><ul><li>Winston Churchill </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×