Presentation is loading. Please wait.

Presentation is loading. Please wait.

OPSEC & Social Media DD MMM YY

Published byしまな さかわ Modified over 5 years ago

Similar presentations

Presentation on theme: "OPSEC & Social Media DD MMM YY"— Presentation transcript:

1 OPSEC & Social Media DD MMM YY

2 Overview OPSEC Overview OPSEC & Social Media
Privacy Terms and Conditions Who controls your information on social media sites Social Media Best Practices

3 Operations Security OPSEC is a process that identifies critical information, outlines potential threats and vulnerabilities, assesses risk, and develops countermeasures to safeguard critical information Operations Security: 1. A systematic, proven process by which a government, organization, or individual can identify, control, and protect generally unclassified information about an operation/activity and, thus, deny or mitigate an adversary's/competitor's ability to compromise or interrupt said operation/activity (NSC 1988). 2. OPSEC is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to (a) identify those actions that can be observed by adversary intelligence systems, (b) determine indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries, and select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation (DOD JP 1994; JCS 1997). Operations Security process: An analytical process that involves five components: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures (NSC 1988). Completing this process will allow commanders to make informed risk based decisions on what information they need to protect and how they are going to protect it. Source:

4 Critical Information Information an adversary would need to do you harm that must be protected Names and photos of you, your family and co-workers Unit capabilities and limitations Unit security posture Schedules Position at work, certifications Physical limitations, medical information Family routines What kind of pets and how many Vacation and travel itineraries Hobbies, likes, dislikes, etc. Critical Information (CI) as it pertains to OPSEC is detail specific, unclassified information that an adversary needs to obtain to act against an individual or unit. For example, the watch rotation of a unit, while not classified information, is vital to the security posture and is a detail that should be protected. Though it is unclassified, it is still information that you would not want to give to an adversary. critical information: Specific facts about friendly (e.g., U.S.) intentions, capabilities, or activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for accomplishment of friendly objectives. Related to Essential Elements of Friendly Information; CI is the answers to questions that make up EEFI. Source:

5 Indicators Friendly actions and open sources of information that adversary intelligence systems can potentially detect or obtain and then interpret to derive friendly critical information. Longer working hours Rehearsals Sudden changes in procedures/security Purchases/special equipment On-loads Routine predictable procedures News releases Emblems, logos, distinctive markings Over grown lawn Social media posts Vanity plates Mailbox overflow No lights on in the house for extended period of time

6 Threat Capability of an adversary coupled with their intention to undertake actions against you or your family Conventional Threats Military opponents Foreign adversaries/countries Unconventional Threats Organized crime Cybercriminals Foreign terrorists Home grown terrorism Insiders (espionage) Hackers, phishing scams Thieves, stalkers, pedophiles Ask yourself, how could any one on this list be called an ‘adversary’? Do they have, intentional or unintentional, the capability to collect information on you/your organization, that you wouldn’t want them to know? Ask the audience what kinds of information some of these adversaries might want from them. These potential adversaries have both the motive and the means to steal from, bring harm or discredit, or disrupt the lives and mission of you, your family, and your command. Don’t give them the opportunity by providing them with critical information.

7 Vulnerability Weakness an adversary can exploit to gain your information Vulnerabilities make you susceptible to intelligence / data collection Poor security and sharing too much information are common, easily exploited vulnerabilities Posts, tweets, snapchats, s, phone calls, and open conversations in public places can expose important information to potential adversaries and remains a very common vulnerability Vulnerability: A weakness the adversary can exploit to get critical information. A vulnerability is anything that makes your critical information susceptible to intelligence collection. Your EEFI/CI list, threat analysis, and considering the adversaries perspective will point to the vulnerabilities in the planning process. A vulnerability is any instance in which you expose your critical information to consumption by the general, unfiltered public. You must assume that your adversaries are apart of the public.

8 Common Vulnerabilities
Lack of awareness / apathy Data aggregation Unsecure communications Social engineering Trash Technology Internet/social media posts Predictable actions & patterns These common vulnerabilities are all ways in which we intentionally or unintentionally expose our critical information to the public. By not understanding the true extent to which the general public can consume information that we generate, post, or advertise, we are unknowingly accepting a high level of risk. If we do not know our vulnerabilities, how can we understand the risk we are taking with our information, and the lives of our family and friends?

9 Risk Risk scenario: You are proud of your service and loved ones
This is another way in which we advertise information to the public about our personal and family lives. Are you able to control who sees and consumes this information? Every time you drive down the road with this information displayed on the back of your vehicle, you are a taking a risk. Displaying personal information for everyone to see. What are the potential risks associated with displaying these indicators?

10 Countermeasures Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information Hide/control indicators Protect personal information Change routines & routes Differ times you do activities Countermeasures are intended to influence or manipulate an adversaries perception Take no action React too late Take the wrong action You may require multiple countermeasures to reduce risk to an acceptable level. One countermeasure may work for more than one vulnerability. Countermeasures are not always required. The use of countermeasures are determined by the decision maker after an assessment has been completed. Good countermeasures may include: Hide/control indicators: don’t give away clues Reduce signatures: change things that stand out- don’t let the adversary interpret your indicators Procedural changes: Reduce your predictability by changing the process Planning options: OPSEC is applicable all of the time, but is most effective when implemented in the planning phase.

11 Social Media Social Media allows people to network, interact and collaborate to share information, data and ideas without geographic boundaries Ask.fm

12 Users Information sharing is a growing trend.

13 Sharing Social media has been the number one activity on the web since 2013 95% of teens use the internet  93 % of teen Facebook users share their real name 92% of teen Facebook users share pictures of themselves 25% of teen Facebook users share videos of themselves  21% of teen Facebook users share their personal cell phone numbers PEW Reseach Center

14 Impact Infographic from Digital Guardian Statistics from 2013 &14
Trends continue to rise

15 OPSEC in Social Media What do you display in your social media profiles? Your work Past, present or future location Current or past activities Associations What have you done Likes and dislikes Birthday Favorite pet Relationships Loved ones People you trust Any answers to the above information related to account security questions or passwords?

16 Surprise! An advertisement was sent to Peter Smith, from Lynchburg, Virginia, while he was browsing Facebook. It read: "Hey Peter. Hot singles are waiting for you!!" alongside a picture of a woman who looked strangely familiar. A brief investigation established that a Facebook advertiser had lifted the photo of his wife, Cheryl, a 44-year-old business consultant, from her profile on the site without her permission. "Fortunately he has a sense of humor. Otherwise it could have played out very differently," said Mrs Smith on her blog. - By Tom Leonard in New York 30 Jul 2009

17 FaceApp - A Decade Later
Has been downloaded from Google Play by more than 100 million people It’s the top-ranked app on the iOS App Store in 121 countries. There are 195 recognized countries in the world. The following excerpts come from the FaceApp user terms: “You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you…. “By accessing or using our services, you consent to the processing, transfer and storage of information about you in and to the United States and other countries, where you may not have the same rights and protections as you do under local law.” FaceApp

18 Facebook Terms of Service
We use the data we have - for example, about the connections you make, the choices and settings you select, and what you share and do on and off our products - to personalize your experience. We collect the content, communications and other information you provide when you use our products, including when you sign up for an account, create or share content, and message or communicate with others. This can include information in or about the content you provide (like metadata), such as the location of a photo or the date a file was created. We collect information about the people, pages, accounts, hashtags and groups you are connected to and how you interact with them across our products, such as people you communicate with the most or groups you are part of. We also collect contact information if you choose to upload, sync or import it from a device (such as an address book or call log or SMS log history).

19 Facebook Terms of Service
We collect information about how you use our products, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities. For example, we log when you're using and have last used our products, and what posts, videos and other content you view on our products. If you use our products for purchases or other financial transactions (such as when you make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details. And the list continues on!

20 Government vs. Corporate
NSA mines Facebook for connections, including American’s profiles – CNN Public outrage More than 540 million records about Facebook users were publicly exposed on Amazon's cloud computing service, according to a cybersecurity research firm. - CBS News 60% of people surveyed said the breach has not caused them to stop using Facebook, or delete their accounts. – HubSot - December

21 Approach to Use Ignorance (noun) – Definition: Lack of knowledge or information. or Apathy (noun) – Definition: Lack of interest, enthusiasm, or concern. “You can see this is a sea of Facebook blue, so this shows that despite the negative media hype about Facebook it is going to remain a major audience channel for some time.” Smartinsights.com – 2018 statistics

22 Headlines Air Force Technical Sergeant Loses Rank over Racially Charged Video First Marines punished for online conduct following nude-photo scandal How 4 U.S. Attack Helicopters Were Destroyed Because of Geotagged Pictures Israeli Raid Canceled After Facebook Leak Why social media posts could invalidate your home insurance Social Media Controversies That Landed Students in Trouble This School Year Posting to a Nazi Chat Group 'Let’s Shoot Up the School at Homecoming‘ Sharing an Image of a Teacher Photoshopped to Look Like Porn 'Liking' a Post Referencing a School Shooting (Instagram) Harvard University rescinds admissions offers to 10 students after offensive memes were posted

23 Geotagging GPS data embedded into photos
Default feature in most smart phones and digital cameras Latitude/longitude Device information Information can potentially be retrieved from any photo posted on the Internet In 2007, new AH-64 Apache helicopters arrived at a base in Iraq. Some Soldiers took pictures on the flight line. From the photos that were uploaded to the Internet, the enemy was able to determine the exact location of the helicopters inside the compound. A mortar attack was conducted, destroying four of the Apaches. Though this technology is relatively “old” it is still a major vulnerability. Many people still do not know about geotagging and the risks they take when they post digital images online.

24 Consequences Using Social Media with the approach of ignorance or apathy is like playing with a grenade. The major difference; damage caused by a grenade is immediately felt or recognized where as the damages caused by social media my not be apparent until later. Could =

25 Your Clearance The following is a security awareness statement signed by the Chief of Security, Pentagon Chief Information Officer, OSD Network Directorate: Social sites risk security clearance. If you hold a security clearance or if you ever want to apply for one, be mindful of your postings and contacts online, particularly on social networking sites such as Facebook and Twitter. These sites pose risks to gaining and keeping a security clearance. Question 14 of the National Agency Questionnaire (SF-86) asks for names of your relatives and associates. The term associate is defined as any foreign national that you or your spouse are bound by affection, obligation, or close and continuing contact SF-86– required to be granted a security clearance. Associate is anyone that you or your spouse have close or continuing contact with. This includes “friends” on SNS’. Who is in your friends? Do you know who ALL of your SNS friends are? Before you click “accept” ensure you know the risk you are taking.

26 One Navy Team Leaders Sailors, Civilians, Families
Communicate expectations Outline policy, making sure teams know what they can and cannot do online Sailors, Civilians, Families Consider what messages are being communicated, and how they may be received Do not create or share content that is inconsistent with Navy values or standards of conduct Only post if information demonstrates dignity and respect for self and others Operations Security (OPSEC) Ensure everyone upholds OPSEC online just as much as you do offline Identity Management (IdM) Did you know that by posting any personal information online, you are creating an electronic footprint that may be accessed for years to come? There is a thin line between a personal and a professional online persona Ask yourself what could someone do with my information and would it compromise the safety or integrity of myself, my family, my shipmates or the Navy?

27 Social Media Is not a Threat
Is not a Vulnerability when used by an informed user Is a great venue to reach the masses and communicate the right message if used properly The ignorant or apathetic user is the Threat and Vulnerability! Like the Navy slogan for responsible drinking says, “Keep what you’ve earned” - use Social Media properly and responsibly.

28 Pro’s & Con’s of Social Media
For the Individual Entertaining Maintain Relationships Network Centralized Information Collaborate For the military Recruitment Public Relations Connect service member, family members & the public Solicit ideas and feedback Information Warfare Con’s Unsecure, unencrypted communications Unrestricted access No user/identity authentication Easy source of PII & CI Malicious code/virus’ Prime target for data aggregation Cybercriminals Potential to compromise certificates Individual social networking is a great tool to network and collaborate. Social networking sites are entertaining and engaging for users.

29 Best Practices Do’s and Don’ts of Social Networking
An outline of some basic points that a user should follow to make their use of the internet safer.

30 Privacy & Security Keep up with the latest security and privacy settings for your social media sites and applications (Apps) Protect your profile Only allow trusted people to view your profile Limit others to search your profile Protect your posts Only allow trusted people to view your posts Know who can see what you post and when Understand what friends of your friends can see Change your password frequently and make it complex Always log out of your account when not using it Privacy settings are available on most sites and vary depending on the specific sites privacy policy. Facebook’s current privacy settings are now included in the rights that you grant Facebook in regards to what they are able to do with your information, as well as what applications linked to the site are able to obtain. There are over 120 different security settings on Facebook.

31 Social Engineering Do not give away critical information to anyone on social media sites Trust by exception Be suspicious of ALL online contacts Verify the authenticity of a friend request If unsure, do not trust If it appears too good to be true, it is Be aware of the different ways in which adversaries will use social engineering techniques Do not trust who you cannot see and verify. It is not hard to establish accounts and to fake information to target people. There are adversaries out there who are targeting you with social engineering. It is easy, it’s cheap, and it is an effective tool for gathering information and exploiting vulnerabilities in both the cyber, and real world.

32 Safety When posting, post in PAST tense Be mindful of timelines
Timelines can quickly reveal patterns and routines when aggregated Whatever you post, if you wouldn’t reveal it to a complete stranger, then DON’T post it on the World Wide Web (WWW), regardless of your privacy settings! Always remember to protect other’s information as if it were your own. Never post someone else’s picture, itinerary, location and so on (unless given permission). If they wanted that information posted on the internet, they will do it themselves.

33 Monitor Your Children Talk to your children about the Do’s and Don’t of social media Monitor their accounts Be aware of: Cyber-bullying Kidnapping Sexting Sextortion Stalking Pedophiles Children are especially vulnerable on the internet and make easy targets. Monitor closely children's use the internet to insure they are not posting critical and personal information. Sextortion can start with a simple friend request.

34 Online Conduct Adhere to standards of conduct and uphold honor, courage and commitment! Remember, once you have logged onto a social media platform, you still represent the U.S. Navy – on or off duty!

35 Your Command OPSEC Program Manager information here.
Contact Information Your Logo here Your Command OPSEC Program Manager information here. NAVAL INFORMATION FORCES ATTN: NAVAL OPSEC SUPPORT TEAM 115 LAKE VIEW PARKWAY SUFFOLK, VIRGINIA 23435

Download ppt "OPSEC & Social Media DD MMM YY"

Similar presentations

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Fleet & Family Support Ombudsman Program & Operations Security

Fleet & Family Support Ombudsman Program & Operations Security
Naval OPSEC Support Team Navy Information Operations Command, Norfolk 757-417-7100 #Don’tDoThat: Social Media Trends.

Naval OPSEC Support Team Navy Information Operations Command, Norfolk #Don’tDoThat: Social Media Trends.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
Social effect: Facebook is a site available to anyone. Many people use it in order to contact friends and relatives from all around the world, and to meet.

Social effect: Facebook is a site available to anyone. Many people use it in order to contact friends and relatives from all around the world, and to meet.
Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.

Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.
UNCLASSIFIED VP-4 Skinny Dragons Operations Security (OPSEC) and Social Networking.

UNCLASSIFIED VP-4 Skinny Dragons Operations Security (OPSEC) and Social Networking.
Presented by the 1st Information Operations Command.

Presented by the 1st Information Operations Command.
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Safe Use of Social Media Cadets – Air Force’s Future.

Safe Use of Social Media Cadets – Air Force’s Future.
Pitfalls and Mistakes. Agenda Who We Are Social Media Today Pitfalls and Mistakes –Policies –Poor Decisions Online Reputation Accepting Random People.

Pitfalls and Mistakes. Agenda Who We Are Social Media Today Pitfalls and Mistakes –Policies –Poor Decisions Online Reputation Accepting Random People.
MY ONLINE CODE In the last 2 years of digital literacy I have learned the proper ways to act and why to act that way online, I have also learned other.

MY ONLINE CODE In the last 2 years of digital literacy I have learned the proper ways to act and why to act that way online, I have also learned other.
OPSEC & Social Media dd mmm yy Overall Classification of this Briefing is UNCLASSIFIED//FOUO FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH.

OPSEC & Social Media dd mmm yy Overall Classification of this Briefing is UNCLASSIFIED//FOUO FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH.
Https://www.youtube.com/watch?v=1hpU_Neg1KA. INTRODUCTION & QUESTIONS.

INTRODUCTION & QUESTIONS.
Overall Classification of this Briefing is UNCLASSIFIED//FOUO

Overall Classification of this Briefing is UNCLASSIFIED//FOUO
Digital Citizenship How to use the internet to learn and have fun How to stay in control How to report Karen Bentall, LibrarianAnne Terwilliger, Counselor.

Digital Citizenship How to use the internet to learn and have fun How to stay in control How to report Karen Bentall, LibrarianAnne Terwilliger, Counselor.
Online Reputation A guide for children aged 7+

Online Reputation A guide for children aged 7+
Safety.

Safety.
Facebook privacy policy

Facebook privacy policy
Welcome to our E – Safety Open Evening.

Welcome to our E – Safety Open Evening.

Similar presentations

Ads by Google