Upload
gordon-baldwin
View
220
Download
0
Embed Size (px)
DESCRIPTION
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET OPSEC is a process that identifies critical information, outlines potential threats, vulnerabilities, and risks and develops counter measures to safeguard critical information Operations Security
Citation preview
OPSEC & Social Mediadd mmm yy
Overall Classification of this Briefing is UNCLASSIFIED//FOUO
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Naval OPSEC Support Team (NOST)Navy Information Operations Command (NIOC)
(757) 417-7100 [email protected]
www.facebook.com/NavalOPSECwww.twitter.com/NavalOPSEC
www.slideshare.net/NavalOPSECwww.youtube.com/USNOPSEC
OPSEC
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
OPSEC is a process that identifies critical information, outlines potential threats, vulnerabilities, and risks and
develops counter measures to safeguard critical information
Operations Security
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Critical Information
Names and photos of you, your family and co-workers
Usernames, passwords, network details
Job title, location, salary Home security systems, internet
service provider What kind of pets and how many
Position at work, certifications, physical limitations
Family routines Vacation and travel itineraries Social security number, credit
cards, banking information Hobbies, likes, dislikes, etc.
Information we must protect Information an adversary would need to do you harm
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Threat
Threat: The capability of an adversary coupled with their intention to undertake actions against you or your family. Conventional Threats
• Military opponents • Foreign adversaries/countries
Unconventional Threats• Organized crime• Foreign terrorists• Home grown terrorism• Insiders (espionage)• Hackers, phishing scams• Thieves, stalkers, pedophiles
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
ISIS Threat
Army warns US military personnel on ISIS threat to family members
Real or Perceived….or does it matter?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Weakness the adversary/enemy can exploit to get critical information Vulnerabilities make you susceptible to intelligence/data collection. Poor security and sharing too much information are common, easily
exploited vulnerabilities. Blogs, posts, emails, phone calls and conversations in restaurants,
airports and other public places expose important information to potential adversaries and are a very common vulnerability.
Vulnerability
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Lack of Awareness Data aggregation Unsecure communications Social engineering Trash Technology Internet/social networking Blogs Predictable actions & patterns
Common Vulnerabilities
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Risk scenario:You are proud of your family.
Risk
So you prominently display personal information about
them on the back of your car for everyone to see. What is the possible risk associated
with displaying these indicators??
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Countermeasures
Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information Hide/control indicators Protect personal information Change routines & routes Differ times you do activities
Countermeasures are intended to influence or manipulate an adversaries perception Take no action React too late Take the wrong action
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Social Networking
Social Networking Sites (SNS) allow people to network, interact and collaborate to share information, data and ideas without
geographic boundaries.
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Pro’s
For the Individual Entertaining Maintain Relationships Network Centralized Information Collaborate
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Pro’s
For the military
Recruiting Public Relations Connect with AD, family
members & the public
Solicit ideas and feedback
Information Warfare
• “Counter Taliban tactics with speed, accuracy & transparency in our reporting.” USFOR-A
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Con’s
Unsecure, unencrypted communications Unrestricted access No user/identity authentication Easy source of PII & CI Malicious code/virus’ Prime target for data aggregation Cybercriminals Potential to compromise certificates
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
SNS and Your Clearance
The following is a security awareness statement signed by the Chief of Security, Pentagon Chief Information Officer, OSD Network
Directorate:
“Social sites risk security clearance. If you hold a security clearance or if you ever want to apply for one, be mindful of your postings and contacts online, particularly on social networking sites such as Facebook and Twitter. These sites pose risks to gaining and keeping a security clearance. Question 14 of the National Agency Questionnaire (SF-86) asks for names of your relatives and associates. The term associate is defined as any foreign national that you or your spouse are bound by affection, obligation, or close and continuing contact.
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Do’s and Don’ts of Social Networking
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Remember Computer SecurityDo not be an easy target for computer crimes
Hacking Theft Planted code vs. Antivirus software Firewalls Strong Passwords Permission Settings
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Verify All Friend RequestsSocial engineering starts with a friend request
Bad people can get data from:Free people search enginesOther SNS’sYour posts/profileYour friends posts/profile
Do Not Trust Who You Cannot See
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Utilize All Available Privacy Settings
Customize available settings to be as secure as possible
“Everyone” may be accessed by anyone with access to the internet
How many security settings are available on Facebook?
Over 120
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Watch Your Friends SettingsSure your profile is secure, but what about
your 115 friends profile settings?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Be Discrete
Consider the information you make available What is your digital foot print? What are your friends & family putting out?
“Do’s”
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Closely Monitor Your Children’s Web Use
Cyber-bullying Kidnapping “Sexting” “Sextortion” Stalking Pedophiles
500,000+ registered sex Offenders in the USA 95,000 registered sex offenders profiles on Social Media
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Verify Links & Files Before ExecutingLinks and Downloads and Spam Oh My!
Phishing scams Malicious coding Viruses Scareware Spam
Verify before executing!
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Be an Informed User of a SNS
How much personal information do you broadcast? Are you very careful about what details you post? Do you understand data aggregation issues? Are you willing to find and learn all the security settings and
keep up with them as they change?
Are you willing to accept the risk?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Assume the Internet is FOREVER
There is no true delete on the internet WWW means World Wide Web Every Picture Every Post Every Detail
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Don’ts”
Don’t: Depend on SNS’s Security SettingsBut it’s set to private … right?
Hackers Incorrect or incomplete settings Sale of data Upgrades / site changes “Risks inherent in sharing information” “USE AT YOUR OWN RISK. We do not guarantee that only
authorized persons will view your information.”
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Don’ts”
Don’t: Discuss Details
Never post anything you would not tell directly to a bad guy
Never post private or personal information
Assume the information you sharewill be made public
If It Has To Be Protected, Protect It
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Questions?
Contact the NOST for assistance or any of the following: Computer-based training FRG/Ombudsman support OPSEC & other tailored briefs Videos , posters, brochures & fliers OPSEC Reminder Cards Two-day Navy OPSEC Officer course General OPSEC support Other Resources Naval OPSEC Support Team
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Naval OPSEC Support Team (NOST)Naval Information Operations Command (NIOC)
(757) 417-7100 [email protected]
www.facebook.com/NavalOPSECwww.twitter.com/NavalOPSEC
www.slideshare.net/NavalOPSECwww.youtube.com/USNOPSEC
OPSEC