OPSEC & Social Media

dd mmm yy

Overall Classification of this Briefing is UNCLASSIFIED//FOUO

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Naval OPSEC Support Team (NOST)

Naval Information Operations Command (NIOC)

(757) 417-7100

OPSEC@navy.mil

www.facebook.com/NavalOPSEC

www.twitter.com/NavalOPSEC

www.slideshare.net/NavalOPSEC

www.youtube.com/USNOPSEC

OPSEC

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

OPSEC is a process that identifies critical information,

outlines potential threats and risks and develops

counter measures to safeguard critical information

Operations Security

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Critical Information

Names and photos of you, your

family and co-workers

Usernames, passwords, network

details

Job title, location, salary

Home security systems, internet

service provider

What kind of pets and how many

Position at work, certifications,

physical limitations

Family routines

Vacation and travel itineraries

Social security number, credit

cards, banking information

Hobbies, likes, dislikes, etc.

Information we must protect

Information an adversary would need to do you harm

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Threat

Threat: The capability of an adversary coupled with their

intention to undertake actions against you or your family.

Conventional Threats

• Military opponents

• Foreign adversaries/countries

Unconventional Threats

• Organized crime

• Foreign terrorists

• Home grown terrorism

• Insiders (espionage)

• Hackers, phishing scams

• Thieves, stalkers, pedophiles

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

ISIS Threat

Army warns US military personnel on ISIS

threat to family members

By Catherine Herridge

Published October 02, 2014

Real or Perceived….or does it matter?

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Weakness the adversary/enemy can exploit to get critical

information

Vulnerabilities make you susceptible to intelligence/data collection.

Poor security and sharing too much information are common, easily

exploited vulnerabilities.

Blogs, posts, emails, phone calls and conversations in restaurants,

airports and other public places expose important information to

potential adversaries and are a very common vulnerability.

Vulnerability

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Lack of Awareness

Data aggregation

Unsecure communications

Social engineering

Trash

Technology

Internet/social networking

Blogs

Predictable actions & patterns

Common Vulnerabilities

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Risk scenario:

You are proud of your family.

Risk

So you prominently display

personal information about

them on the back of your car

for everyone to see. What is

the possible risk associated

with displaying these

indicators??

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Countermeasures

Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information

Hide/control indicators Protect personal information Change routines & routes Differ times you do activities

Countermeasures are intended to influence or manipulate an adversaries perception

Take no action React too late Take the wrong action

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Social Networking

Social Networking Sites (SNS) allow people to network, interact

and collaborate to share information, data and ideas without

geographic boundaries.

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Pro’s

For the Individual

Entertaining Maintain Relationships Network Centralized Information Collaborate

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Pro’s

For the military

Recruiting Public Relations Connect with AD, family

members & the public

Solicit ideas and feedback

Information Warfare

• “Counter Taliban tactics with speed, accuracy & transparency in our reporting.” USFOR-A

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Con’s

Unsecure, unencrypted communications

Unrestricted access

No user/identity authentication

Easy source of PII & CI

Malicious code/virus’

Prime target for data aggregation

Cybercriminals

Potential to compromise certificates

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

SNS and Your Clearance

The following is a security awareness statement signed by the Chief

of Security, Pentagon Chief Information Officer, OSD Network

Directorate:

“Social sites risk security clearance. If you hold a security clearance

or if you ever want to apply for one, be mindful of your postings and

contacts online, particularly on social networking sites such as

Facebook and Twitter. These sites pose risks to gaining and

keeping a security clearance. Question 14 of the National Agency

Questionnaire (SF-86) asks for names of your relatives and

associates. The term associate is defined as any foreign national

that you or your spouse are bound by affection, obligation, or close

and continuing contact.

Question 14 of the National Agency Questionnaire

(SF-86) asks for names of your relatives and

associates. The term associate is defined as any

foreign national that you or your spouse are

bound by affection, obligation, or close and

continuing contact.

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

DO’S & DON’TS of

SOCIAL NETWORKING

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Remember Computer Security

Do not be an easy target for computer crimes

Hacking

Theft

Planted code

vs.

Antivirus software

Firewalls

Strong Passwords

Permission Settings

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Verify All Friend Requests

Social engineering starts with a friend request

Bad people can get data from:

Free people search engines

Other SNS’s

Your posts/profile

Your friends posts/profile

Do Not Trust Who You Cannot See

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Utilize All Available Privacy Settings

Customize available settings to

be as secure as possible

“Everyone” may be accessed by

anyone with access to the

internet

How many security settings are

available on Facebook?

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Watch Your Friends Settings

Sure your profile is secure, but what about

your 115 friends profile settings?

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Be Discrete

Consider the information you make available

What is your digital foot print?

What are your friends & family putting out?

“Do’s”

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Closely Monitor Your Children’s Web Use

Cyber-bulling

Kidnapping

“Sexting”

“Sextortion”

Stalking

Pedophiles

500,000+ registered sex Offenders in the USA

95,000 registered sex offenders profiles on Social Media

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Verify Links & Files Before Executing

Links and Downloads and Spam Oh My!

Phishing scams

Malicious coding

Viruses

Scareware

Spam

Verify before executing!

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Be an Informed User of a SNS

How much personal information do you broadcast?

Are you very careful about what details you post?

Do you understand data aggregation issues?

Are you willing to find and learn all the security settings and

keep up with them as they change?

Are you willing to accept the risk?

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Do’s”

Do: Assume the Internet is FOREVER

There is no true delete on the internet

WWW means World Wide Web

Every Picture

Every Post

Every Detail

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Geotagging: Location/GPS

data embedded in photos

Feature in Smartphone's

and digital cameras

Lat/Long

Device details

“Check-in” feature

Google Latitude

Foursquare

Gowalla

Facebook Places

Don’t: Check-In

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Don’ts”

Don’t: Depend on SNS’s Security Settings

But it’s set to private … right?

Hackers

Incorrect or incomplete settings

Sale of data

Upgrades / site changes

“Risks inherent in sharing information”

“USE AT YOUR OWN RISK. We do not guarantee that only

authorized persons will view your information.”

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

“Don’ts”

Don’t: Discuss Details

Never post anything you

would not tell directly to a bad guy

Never post private or personal

information

Assume the information you share

will be made public

If It Has To Be Protected, Protect It

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Questions?

Contact the NOST for assistance or any of the following:

Computer-based training

FRG/Ombudsman support

OPSEC & other tailored briefs

Videos , posters, brochures & fliers

OPSEC Reminder Cards

Two-day Navy OPSEC Officer course

General OPSEC support

Other Resources Naval OPSEC Support Team

opsec@navy.mil

757-417-7100

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Naval OPSEC Support Team (NOST)

Naval Information Operations Command (NIOC)

(757) 417-7100

OPSEC@navy.mil

www.facebook.com/NavalOPSEC

www.twitter.com/NavalOPSEC

www.slideshare.net/NavalOPSEC

www.youtube.com/USNOPSEC

OPSEC

FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET

Back-ups

31