Presentation is loading. Please wait.

Presentation is loading. Please wait.

OPSEC and Social Media DD MMM YY

Published byKory Cox Modified over 5 years ago

Similar presentations

Presentation on theme: "OPSEC and Social Media DD MMM YY"— Presentation transcript:

1 OPSEC and Social Media DD MMM YY

2 Outline OPSEC Overview OPSEC on social media
Sphere of trust Threats on Social Media Sites Terrorism Cybercriminals Phishing Identity Theft Privacy & Terms and Conditions Who controls your information in social networks Social Networking Best Practices

3 Operations Security OPSEC is a process that identifies critical information, outlines potential threats and vulnerabilities, assesses risk, and develops countermeasures to safeguard critical information Operations Security: 1. A systematic, proven process by which a government, organization, or individual can identify, control, and protect generally unclassified information about an operation/activity and, thus, deny or mitigate an adversary's/competitor's ability to compromise or interrupt said operation/activity (NSC 1988). 2. OPSEC is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to (a) identify those actions that can be observed by adversary intelligence systems, (b) determine indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries, and select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation (DOD JP 1994; JCS 1997). Operations Security process: An analytical process that involves five components: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures (NSC 1988). Completing this process will allow commanders to make informed risk based decisions on what information they need to protect and how they are going to protect it. Source:

4 Critical Information Information an adversary would need to do you harm that must be protected Names and photos of you, your family and co-workers Usernames, passwords, network details Job title, location, salary Home security systems, internet service provider What kind of pets and how many Position at work, certifications Physical limitations, medical information Family routines Vacation and travel itineraries Social security number, credit cards, banking information Hobbies, likes, dislikes, etc. Critical Information (CI) as it pertains to OPSEC is detail specific, unclassified information that an adversary needs to obtain to act against an individual or unit. For example, the watch rotation of a unit, while not classified information, is vital to the security posture and is a detail that should be protected. Though it is unclassified, it is still information that you would not want to give to an adversary. critical information: Specific facts about friendly (e.g., U.S.) intentions, capabilities, or activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for accomplishment of friendly objectives. Related to Essential Elements of Friendly Information; CI is the answers to questions that make up EEFI. Source:

5 Threat Capability of an adversary coupled with their intention to undertake actions against you or your family Conventional Threats Military opponents Foreign adversaries/countries Unconventional Threats Organized crime Cybercriminals Foreign terrorists Home grown terrorism Insiders (espionage) Hackers, phishing scams Thieves, stalkers, pedophiles Ask yourself, how could any one on this list be called an ‘adversary’? Do they have, intentional or unintentional, the capability to collect information on you/your organization, that you wouldn’t want them to know? Ask the audience what kinds of information some of these adversaries might want from them. These potential adversaries have both the motive and the means to steal from, bring harm or discredit, or disrupt the lives and mission of you, your family, and your command. Don’t give them the opportunity by providing them with critical information.

6 Real or perceived...or does it matter?
Threat Real or perceived...or does it matter? Army warns US military personnel on ISIS threat to family members The Islamic State of Iraq and Syria (ISIL) (AKA: Islam State of Iraq and the Levant – ISIL) is the latest terrorist threat to come out of the Middle East. They have called for targeted attacks on military members and their families in the United States. However, the actual threat from terrorist groups like ISIS is very small to people living in the United States.

7 Vulnerability Weakness the adversary can exploit to gain critical information Vulnerabilities make you susceptible to intelligence/data collection Poor security and sharing too much information are common, easily exploited vulnerabilities Posts, tweets, snapchats, s, phone calls, and conversations in restaurants, airports, and other public places expose important information to potential adversaries and are a very common vulnerability Vulnerability: A weakness the adversary can exploit to get critical information. A vulnerability is anything that makes your critical information susceptible to intelligence collection. Your EEFI/CI list, threat analysis, and considering the adversaries perspective will point to the vulnerabilities in the planning process. A vulnerability is any instance in which you expose your critical information to consumption by the general, unfiltered public. You must assume that your adversaries are apart of the public.

8 OPSEC in Social Media What do you display in your social media profiles? Where you work Where you are Where you have been What you are doing right now Everything that you have done What you like and don’t like Your birthday Your favorite pet Your relationships Your loved ones The people you trust

9 OPSEC in Social Media Do you want people to know this much about you?
Do you want your network to know this much about you? Do you want foreign governments to know this much about you? Hector Monsegur AKA: Sabu Ryan Ackroyd AKA: Kayla Jake Davis AKA: Topiary All of the data that is added to social network profiles is easily available for the public to see. However, social media sites also store all of the information that is added to the site. This information is vulnerable to theft. Some social media sites freely sell this information to any buyer and in some cases give this information to foreign governments. Anonymous hackers – released information about DoN, CIA, senate, hacked Tunisian government.

10 Social Networks Spheres of trust where information is freely shared
This is social networking analysis diagram. This depicts all of the social connections between members of trusted network and their interconnections. This diagram depicts how every member of the social network is either directly or indirectly connected with every other member of the network. This connection is a trust relationship established through shared membership in the social media network.

11 Trust First steps of social media sites:
Create a personal profile Create a personal identity Create social connections “The underlying assumption behind this concept is that the relation “friendship” is transitive. The foundation of every friendship is trust. However trust is propagative, not transitive. We might trust someone, but may not be sure about his or her friends. Therefore, there is an inherent risk to the private data of the members in such social networks due to the underlying assumption of implicit trust in the relationship” (IBM & CSIRO Research, 2013) Joining a social network establishes inherent trusts with all other members of the social network. This trusts are further enhanced through the established social connections made via the social media site. Reference: Sherchan, W., Nepal, S., & Paris, C. (2013, August). A survey of trust in social networks. ACM Computing Surveys, 45 (4), Retrieved from

12 Facebook Terms of Service Agreement
We use the data we have - for example, about the connections you make, the choices and settings you select, and what you share and do on and off our Products - to personalize your experience. We collect the content, communications and other information you provide when you use our Products, including when you sign up for an account, create or share content, and message or communicate with others. This can include information in or about the content you provide (like metadata), such as the location of a photo or the date a file was created. We collect information about the people, Pages, accounts, hashtags and groups you are connected to and how you interact with them across our Products, such as people you communicate with the most or groups you are part of. We also collect contact information if you choose to upload, sync or import it from a device (such as an address book or call log or SMS log history).

13 Facebook Terms of Service Agreement
We collect information about how you use our Products, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities. For example, we log when you're using and have last used our Products, and what posts, videos and other content you view on our Products. If you use our Products for purchases or other financial transactions (such as when you make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details. And the list continues on!

14 Geotagging GPS data embedded into photos
Default feature in most smart phones and digital cameras Latitude/longitude Device information Information can potentially be retrieved from any photo posted on the Internet Though this technology is relatively “old” it is still a major vulnerability. Many people still do not know about geotagging and the risks they take when they post digital images online.

15 Geotagging An example of geotagging.

16 Common Vulnerabilities
Lack of Awareness Data aggregation Unsecure communications Social engineering Trash Technology Internet/social networking Predictable actions & patterns These common vulnerabilities are all ways in which we intentionally or unintentionally expose our critical information to the public. By not understanding the true extent to which the general public can consume information that we generate, post, or advertise, we are unknowingly accepting a high level of risk. If we do not know our vulnerabilities, how can we understand the risk we are taking with our information, and the lives of our family and friends?

17 Risk Risk scenario: You are proud of your service and loved ones:
This is another way in which we advertise information to the public about our personal and family lives. Are you able to control who see and consumes this information? Every time you drive down the road with this information displayed on the back of your vehicle, you are a taking a risk. So you prominently display personal information for everyone to see. What is the possible risk associated with displaying these indicators??

18 This Sailor’s Facebook Likes
Bumper stickers on cars have their equivalent in the digital world. This sailor’s open Facebook page revealed a lot of information about his habits and actions that could potential be useful to an adversary.

19 Countermeasures Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information Hide/control indicators Protect personal information Change routines & routes Differ times you do activities Countermeasures are intended to influence or manipulate an adversaries perception Take no action React too late Take the wrong action You may require multiple countermeasures to reduce risk to an acceptable level. One countermeasure may work for more than one vulnerability. Countermeasures are not always required. The use of countermeasures are determined by the decision maker after an assessment has been completed. Good countermeasures may include: Hide/control indicators: don’t give away clues Reduce signatures: change things that stand out- don’t let the adversary interpret your indicators Procedural changes: Reduce your predictability by changing the process Planning options: OPSEC is applicable all of the time, but is most effective when implemented in the planning phase.

20 Social Media Social Media Sites allow people to network, interact and collaborate to share information, data and ideas without geographic boundaries There is an ever growing list of SNS that connect users in ways they would have never imagined. Because of SNS we are able to communicate with friend and family that would have otherwise been more distant. SNS provide a great benefit that can enhance our lives. However, we have to be aware of the dangers of SNS.

21 Pro’s For the Individual Entertaining Maintain Relationships Network
Centralized Information Collaborate Individual social networking is a great tool to network and collaborate. Social networking sites are entertaining and engaging for users.

22 Pro’s For the military Recruitment Public Relations
Connect AD, family members & public Solicit ideas and feedback Information Warfare “Counter Taliban tactics with speed, accuracy & transparency in our reporting.” USFOR-A The military is utilizing social networking to facilitate recruiting pushes for younger, computer savvy individuals and to reach out to the public and share the accomplishments of the military. The Navy’s slogan- America’s Navy. What better place to push the message than online. Reference the rescue mission in Haiti for the best example of social networking and the use by the military. Near real-time updates were pushed via blogs, videos and posts/tweets sharing the mission and rescue details were praised by many. A new twist on information warfare, social networking is now being used to break news before the adversary can release their own version. Success with new tactics of broadcasting body counts and military operations remains to be seen, however the intention is to win the support of the populous back in the states and to counter the adversaries misinformation campaign. This slide is a good source of discussion for the class. Do the students agree or disagree with this new tactic? What are the possible benefits of this brand of information warfare? What are the possible drawbacks? Source:

23 Con’s Unsecure, unencrypted communications Unrestricted access
No user/identity authentication Easy source of PII & CI Malicious code/virus’ Prime target for data aggregation Cybercriminals Potential to compromise certificates The dangers of social networking is in the availability and ease of access to information. People tend to offer too many details online and are often easy targets to a range of threats from a simple home robbery to a prime target of a radical terrorist organization. Online the possibilities are endless. Image: Anonymous is a hacktivist/cyber-terrorist organization that has conducted many high-profile advanced hacks. They have targeted state governments like Egypt, Iran, and even the United States. They have also targeted individuals.

24 SNS and Your Clearance The following is a security awareness statement signed by the Chief of Security, Pentagon Chief Information Officer, OSD Network Directorate: Social sites risk security clearance. If you hold a security clearance or if you ever want to apply for one, be mindful of your postings and contacts online, particularly on social networking sites such as Facebook and Twitter. These sites pose risks to gaining and keeping a security clearance. Question 14 of the National Agency Questionnaire (SF-86) asks for names of your relatives and associates. The term associate is defined as any foreign national that you or your spouse are bound by affection, obligation, or close and continuing contact SF-86– required to be granted a security clearance. Associate is anyone that you or your spouse have close or continuing contact with. This includes “friends” on SNS’. Who is in your friends? Do you know who ALL of your SNS friends are? Before you click “accept” ensure you know the risk you are taking.

25 Social Media Best Practices
Do’s and Don’ts of Social Networking An outline of some basic points that a user should follow to make their use of the internet safer.

26 Computer Settings Use reputable anti-virus software Strong Passwords
Firewall management Virus scanning Strong Passwords Use different passwords for different accounts Permission Settings Do not use your computer’s administrator account to visit web pages Computer Security is the most important point. Antivirus software is critical. Norton, Mcafee, AVG and others are all vital programs that every computer should run to protect from virus’ and other malicious attacks. Virus scans, virus definition updates and spy ware scans should be done daily to insure a computer, both at work and at home, are as secure as possible. Firewalls and routers should be configured correctly and with strong passwords to help guard against unauthorized access. File permissions should be set to restrict access to unauthorized users. A wireless router is often the single point of both access and failure in any given home. Those with weak passwords and easily accessed routers are easy targets.

27 Privacy & Security Settings
Keep up-to-date the latest security and privacy settings for all social media sites Protect your profile Only allow trusted people to view your profile Limit people’s ability to search of your profile Protect your posts Only allow trusted people to view your posts Know who can see what you post and when Understand what friends of your friends can see Change your password frequently and make in complex Privacy settings are available on most sites and vary depending on the specific sites privacy policy. Facebook’s current privacy settings are now included in the rights that you grant Facebook in regards to what they are able to do with your information, as well as what applications linked to the site are able to obtain. There are over 120 different security settings on Facebook.

28 Social Engineering Do not give away critical information to anyone on social media sites Trust by exception Be suspicious of ALL online contacts Verify the authenticity of a friend request If unsure, do not trust If it appears too good to be true, it is Be aware of the different ways in which adversaries will use social engineering techniques Do not trust who you cannot see and verify. It is not hard to establish accounts and to fake information to target people. There are adversaries out there who are targeting you with social engineering. It is easy, it’s cheap, and it is an effective tool for gathering information and exploiting vulnerabilities in both the cyber, and real world.

29 Children’s Social Media Use
Cyber-bullying Kidnapping Sexting Sextortion Stalking Pedophiles 500,000+ registered sex offenders in the USA 95,000 registered sex offenders profiles on Social Media Children are especially vulnerable on the internet and make easy targets. Monitor closely children's use the internet to insure they are not posting critical and personal information. Sextortion can start with a simple friend request.

30 Questions? Contact the NOST for any of the following:
Computer-based training FRG/Ombudsman support OPSEC & other tailored briefs Videos , posters, brochures & flyers OPSEC Reminder Cards Two-day Navy OPSEC Officer course General OPSEC support Other Resources

31 Your Command OPSEC Program Manager information here.
Contact Information Your Logo here Your Command OPSEC Program Manager information here. NAVAL INFORMATION FORCES ATTN: NAVAL OPSEC SUPPORT TEAM 115 LAKE VIEW PARKWAY SUFFOLK, VIRGINIA 23435

Download ppt "OPSEC and Social Media DD MMM YY"

Similar presentations

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Fleet & Family Support Ombudsman Program & Operations Security

Fleet & Family Support Ombudsman Program & Operations Security
Part I: Making Good Online Choices

Part I: Making Good Online Choices
Naval OPSEC Support Team Navy Information Operations Command, Norfolk 757-417-7100 #Don’tDoThat: Social Media Trends.

Naval OPSEC Support Team Navy Information Operations Command, Norfolk #Don’tDoThat: Social Media Trends.
OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.

OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Copyright ©: 1995-2011 SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
UNCLASSIFIED VP-4 Skinny Dragons Operations Security (OPSEC) and Social Networking.

UNCLASSIFIED VP-4 Skinny Dragons Operations Security (OPSEC) and Social Networking.
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
OPSEC & Social Media dd mmm yy Overall Classification of this Briefing is UNCLASSIFIED//FOUO FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH.

OPSEC & Social Media dd mmm yy Overall Classification of this Briefing is UNCLASSIFIED//FOUO FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH.
Https://www.youtube.com/watch?v=1hpU_Neg1KA. INTRODUCTION & QUESTIONS.

INTRODUCTION & QUESTIONS.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.

FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
Overall Classification of this Briefing is UNCLASSIFIED//FOUO

Overall Classification of this Briefing is UNCLASSIFIED//FOUO
Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.

Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.

Similar presentations

Ads by Google