Download - Opsec & sns for distro (no vid)
OPSEC & Social Media
dd mmm yy
Overall Classification of this Briefing is UNCLASSIFIED//FOUO
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Naval OPSEC Support Team (NOST)
Naval Information Operations Command (NIOC)
(757) 417-7100
www.facebook.com/NavalOPSEC
www.twitter.com/NavalOPSEC
www.slideshare.net/NavalOPSEC
www.youtube.com/USNOPSEC
OPSEC
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
OPSEC is a process that identifies critical information,
outlines potential threats and risks and develops
counter measures to safeguard critical information
Operations Security
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Critical Information
Names and photos of you, your
family and co-workers
Usernames, passwords, network
details
Job title, location, salary
Home security systems, internet
service provider
What kind of pets and how many
Position at work, certifications,
physical limitations
Family routines
Vacation and travel itineraries
Social security number, credit
cards, banking information
Hobbies, likes, dislikes, etc.
Information we must protect
Information an adversary would need to do you harm
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Threat
Threat: The capability of an adversary coupled with their
intention to undertake actions against you or your family.
Conventional Threats
• Military opponents
• Foreign adversaries/countries
Unconventional Threats
• Organized crime
• Foreign terrorists
• Home grown terrorism
• Insiders (espionage)
• Hackers, phishing scams
• Thieves, stalkers, pedophiles
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
ISIS Threat
Army warns US military personnel on ISIS
threat to family members
By Catherine Herridge
Published October 02, 2014
Real or Perceived….or does it matter?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Weakness the adversary/enemy can exploit to get critical
information
Vulnerabilities make you susceptible to intelligence/data collection.
Poor security and sharing too much information are common, easily
exploited vulnerabilities.
Blogs, posts, emails, phone calls and conversations in restaurants,
airports and other public places expose important information to
potential adversaries and are a very common vulnerability.
Vulnerability
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Lack of Awareness
Data aggregation
Unsecure communications
Social engineering
Trash
Technology
Internet/social networking
Blogs
Predictable actions & patterns
Common Vulnerabilities
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Risk scenario:
You are proud of your family.
Risk
So you prominently display
personal information about
them on the back of your car
for everyone to see. What is
the possible risk associated
with displaying these
indicators??
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Countermeasures
Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information
Hide/control indicators Protect personal information Change routines & routes Differ times you do activities
Countermeasures are intended to influence or manipulate an adversaries perception
Take no action React too late Take the wrong action
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Social Networking
Social Networking Sites (SNS) allow people to network, interact
and collaborate to share information, data and ideas without
geographic boundaries.
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Pro’s
For the Individual
Entertaining Maintain Relationships Network Centralized Information Collaborate
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Pro’s
For the military
Recruiting Public Relations Connect with AD, family
members & the public
Solicit ideas and feedback
Information Warfare
• “Counter Taliban tactics with speed, accuracy & transparency in our reporting.” USFOR-A
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Con’s
Unsecure, unencrypted communications
Unrestricted access
No user/identity authentication
Easy source of PII & CI
Malicious code/virus’
Prime target for data aggregation
Cybercriminals
Potential to compromise certificates
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
SNS and Your Clearance
The following is a security awareness statement signed by the Chief
of Security, Pentagon Chief Information Officer, OSD Network
Directorate:
“Social sites risk security clearance. If you hold a security clearance
or if you ever want to apply for one, be mindful of your postings and
contacts online, particularly on social networking sites such as
Facebook and Twitter. These sites pose risks to gaining and
keeping a security clearance. Question 14 of the National Agency
Questionnaire (SF-86) asks for names of your relatives and
associates. The term associate is defined as any foreign national
that you or your spouse are bound by affection, obligation, or close
and continuing contact.
Question 14 of the National Agency Questionnaire
(SF-86) asks for names of your relatives and
associates. The term associate is defined as any
foreign national that you or your spouse are
bound by affection, obligation, or close and
continuing contact.
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
DO’S & DON’TS of
SOCIAL NETWORKING
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Remember Computer Security
Do not be an easy target for computer crimes
Hacking
Theft
Planted code
vs.
Antivirus software
Firewalls
Strong Passwords
Permission Settings
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Verify All Friend Requests
Social engineering starts with a friend request
Bad people can get data from:
Free people search engines
Other SNS’s
Your posts/profile
Your friends posts/profile
Do Not Trust Who You Cannot See
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Utilize All Available Privacy Settings
Customize available settings to
be as secure as possible
“Everyone” may be accessed by
anyone with access to the
internet
How many security settings are
available on Facebook?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Watch Your Friends Settings
Sure your profile is secure, but what about
your 115 friends profile settings?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Be Discrete
Consider the information you make available
What is your digital foot print?
What are your friends & family putting out?
“Do’s”
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Closely Monitor Your Children’s Web Use
Cyber-bulling
Kidnapping
“Sexting”
“Sextortion”
Stalking
Pedophiles
500,000+ registered sex Offenders in the USA
95,000 registered sex offenders profiles on Social Media
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Verify Links & Files Before Executing
Links and Downloads and Spam Oh My!
Phishing scams
Malicious coding
Viruses
Scareware
Spam
Verify before executing!
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Be an Informed User of a SNS
How much personal information do you broadcast?
Are you very careful about what details you post?
Do you understand data aggregation issues?
Are you willing to find and learn all the security settings and
keep up with them as they change?
Are you willing to accept the risk?
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Do’s”
Do: Assume the Internet is FOREVER
There is no true delete on the internet
WWW means World Wide Web
Every Picture
Every Post
Every Detail
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Geotagging: Location/GPS
data embedded in photos
Feature in Smartphone's
and digital cameras
Lat/Long
Device details
“Check-in” feature
Google Latitude
Foursquare
Gowalla
Facebook Places
Don’t: Check-In
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Don’ts”
Don’t: Depend on SNS’s Security Settings
But it’s set to private … right?
Hackers
Incorrect or incomplete settings
Sale of data
Upgrades / site changes
“Risks inherent in sharing information”
“USE AT YOUR OWN RISK. We do not guarantee that only
authorized persons will view your information.”
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
“Don’ts”
Don’t: Discuss Details
Never post anything you
would not tell directly to a bad guy
Never post private or personal
information
Assume the information you share
will be made public
If It Has To Be Protected, Protect It
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Questions?
Contact the NOST for assistance or any of the following:
Computer-based training
FRG/Ombudsman support
OPSEC & other tailored briefs
Videos , posters, brochures & fliers
OPSEC Reminder Cards
Two-day Navy OPSEC Officer course
General OPSEC support
Other Resources Naval OPSEC Support Team
757-417-7100
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Naval OPSEC Support Team (NOST)
Naval Information Operations Command (NIOC)
(757) 417-7100
www.facebook.com/NavalOPSEC
www.twitter.com/NavalOPSEC
www.slideshare.net/NavalOPSEC
www.youtube.com/USNOPSEC
OPSEC
FLTCYBERCOM / C10F U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET
Back-ups
31