1. Provided by OSPA (www.opsecprofessionals.org) Vulnerabilities and Indicators The OPSEC Process, step 3 Presented by: (Presenter’s Name)

2. Definitions Indicator –Points to vulnerability or critical information Vulnerability –Weakness the adversary can exploit to get to critical information

3. Indicators Pathways or detectable activities that lead to specific information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain sensitive information or identify a vulnerability

4. Profiles and Signatures Adversaries look for Patterns and Signatures to establish a Profile –Patterns are the way things are done, arranged, or have occurred –Signatures are the emissions that are the result of, or caused by, what is or was done –Profiles are collected on all our activities, procedures and methodologies

5. Vulnerability Areas Operations Physical Environment Personnel Finance Administrative Logistics Public Affairs Family

6. Common Vulnerabilities Discussion of sensitive information in unsecured areas. Lack of policy/enforcement –Cameras –Cell Phones –Internet Usage –Shredding Training/Awareness

7. Stereotyped Operations Same Time Same Place Same People Same Route Same Way PREDICTIBILITY

8. Examples of Vulnerabilities Publications Press Releases Unencrypted Email Organization Website Non-Secure Telephone

9. Examples of Vulnerabilities Trash Employee Turnover Employee Mistakes Lack of Good Passwords Exhibits and Conventions

10. Communication Vulnerabilities Radios Cell Phones Telephones Facsimiles (Fax) Computers

11. Common Vulnerabilities Government Reliance on Commnercial Backbone –Domestic –Overseas Few Government-Owned Systems

12. Cell Phones Incorporate a wide-spectrum of technologies –Analog/ Digital Wireless –Sound Recording –PDA –Camera –Streaming video –Computing/ Internet –And more

13. Cell Phones Asset vs Vulnerability –The Good: Convenience “Reach out and touch someone” Access to Commercial Numbers Coordination Outside radio Range/ Frequency –The Bad and the Ugly Multiple Technical Vulnerabilities Typically Unsecure

14. Common Vulnerabilities Computers –Access Control –Auditing –Regulations/ Policy –User Training –Passwords –Systems Accreditation

15. Common Vulnerabilities Associated Computer Concerns –Email –Sniffer –Cookies –Virus/ Spyware –Web Logs (“Blogs”) –Instant Messaging (“IM”) –Personal Data Assistants (“PDAs”)

16. Areas of Vulnerability Administration Financial Logistics Operations

17. Administrative Memos Schedules Travel Orders Advance Plans Annual Reviews Org Charts Job Announcements Management Reports

18. Financial Projections Justifications Financial Plans Special Purchases Budget and Contracts Supplemental Requests

19. Logistics Unusual Equipment Volume or Priority Requisitions Boxes Labeled With the Name of an Operation or Mission etc

20. Operations VIP Visits Schedules Stereotyped Activities Increased Mission-Related Training Abrupt Changes in Normal Operation

21. EVEN MORE Indicators and Vulnerabilities Family Personnel Public Affairs Physical Environment Procedures and Reports

22. Where Are the Indicators?

23. Indicators Presence of specialized Equipment Increase (or Decrease) in activity Sudden Changes in Procedure Unique Convoy Configuration Staging of Cargo or Vehicles

24. Information of Intelligence Value Collectible Observable

25. Collectible Can be physically collected or intercepted Examples: Dumpster diving, cordless/cell phone interception, email, open source

26. Observable What you can see What you can smell What you can hear

27. Why train for OPSEC? ( A real Exercise)

28. What is our greatest Weakness? OURSELVES!

29. Questions? “In wartime, the truth is so precious that it must be protected by a bodyguard of lies.” –Winston Churchill