ombudsman/frg training

Download Ombudsman/FRG Training

Post on 22-Apr-2015




0 download

Embed Size (px)


Basic OPSEC training for family members of active duty members.


  • 1. Fleet & Family Support Ombudsman Program & Operations Security Naval OPSEC Support Team (NOST) Naval Information Operations Command (NIOC) (757) 417-7100 [email_address]
  • 2. Operations Security Operations Security, OPSEC, is a process that identifies unclassified critical information (CI), outlines potential threats and the risks associated and develops counter measures to safeguard critical information. OSPEC protects our operations- planned, in progress, and future. Success of these operations depends on secrecy. Military members can more safely carry out missions if the element of surprise and secrecy is preserved. As family members of active duty members you have a unique responsibility to practice good OPSEC measures, and protect not only mission critical information, but your personal and family critical information as well.
  • 3. Operations Security
    • The OPSEC process teaches you to:
    • Look at your daily activities from the enemies point of view.
    • Understand what an enemy might learn about you and your family from the information and details that you make available.
    • Assess the level of risk that this places on you and your family.
    • Develop and apply counter measures, which help to prevent the enemy from obtaining your critical information and using it against you.
  • 4. OPSEC Best Practices
    • Be aware of your surroundings
    • Be aware of the information that you are putting out in emails, online, phone conversations, photos and open unsecure conversations in public.
    • Safeguard all sensitive, unclassified information.
    • Think like the wolf. How can this information be used against me?
    • Dont discuss details
      • Time lines, detailed locations or movements
      • Limitations/capabilities
      • Specific names, ranks, job titles, budgets
      • Future or current operations
      • Security procedures
    • Dont spread rumors
  • 5.
    • OPSEC Terms & Concepts
    • Critical Information (CI)
    • Data Aggregation
    • Threat
    • Indicators
    • Vulnerability
    • Risk
    • Counter Measures
  • 6.
    • Information the adversary needs to prevent our success.
    Critical Information
    • Information we must protect to ensure success.
    • Position
    • Capabilities
    • Operations
    • Personnel
    • Family
  • 7. Family Critical Information Information to safe guard
    • Names and photos of you, your children and co-workers
    • Usernames, passwords, network details
    • Job title, location, salary, clearances held
    • Physical security and logistics
    • Addresses, phone numbers, significant dates
    • Mission capabilities and limitations
    • Length and location of spouses deployment
    • Status of equipment and personnel
    • Schedules and travel itineraries
    • Social security number, credit cards, banking information
    • Hobbies, likes, dislikes, etc.
  • 8. Data Aggregation
    • Data/information collection from multiple sources
    • Open source intelligence collection is a huge source of collection
      • Internet
      • Trash
      • Media
    • Open and legal public sources accounts for about 80% of all information collected
    • There are many different legal and illegal collection methods
    • Small details pieced together for a big picture
  • 9. Threat
    • Threat: The capability of an adversary coupled with their intention to undertake any actions detrimental to the success of program activities, operations or individuals.
    • Conventional Threats
      • Military opponents
      • Foreign adversaries/countries
    • Unconventional Threats
      • Organized crime
      • Foreign terrorists
      • Home grown terrorism
      • Insiders (espionage)
      • Hackers, phishing scams
      • Thieves, stalkers, pedophiles
  • 10. Terrorist Threat What are they looking for?
    • Names/photographs of important people
    • Present and future operations & capabilities
    • Information about military facilities:
      • - Location & Units
      • - Weapons used
      • - Exterior size and shape
      • - Number of sailors & officers
      • - Ammunition depot locations
      • - Leave policies
      • - Dates & times of operations
    • Family details
    • Marital status
      • - Children & extended family members
      • - Location of work, school, home etc
    • Details details details
  • 11. Indicators
    • Friendly detectable actions that reveal critical information & vulnerabilities:
    • Longer working hours
    • Flight plans, schedules, itineraries
    • Rehearsals
    • Sudden changes in procedures
    • Purchases/on-loads
    • Blogs/posts
    • Routine predictable procedures
    • Large troop movements
    • Emblems, logos, distinctive markings
  • 12. Avoid Indicators: Dont advertise!
  • 13. Vulnerability
      • Weakness the adversary can exploit to get critical information
      • Vulnerabilities make you susceptible to intelligence/data collection.
      • Poor security and sharing too much information are common, easily exploited vulnerabilities.
      • Blogs, posts, emails, phone calls and conversations in restaurants, airports and other public places expose important information to potential adversaries and are a very common vulnerability.
  • 14. Common Vulnerabilities
    • Lack of Awareness
    • Data aggregation
    • Unsecure communications
    • Social engineering
    • Trash
    • Technology
    • Internet/social networking
    • Blogs
    • Predictable actions & patterns
  • 15. Lack of Awareness Frequently Asked Questions
    • But its secure! Right?
    • How much is too much?
    What do I do if a family member is violating OPSEC procedures? Details are dangerous. The less information you provide the safer you are. As a rule only discuss events well after they have occurred. When in doubt dont say anything at all. Address the issue with the person- ask them to remove the information and tell them why its important to think OPSEC. If issues persist contact the command CMC for further clarification and resolution.
  • 16. Unsecure Communications
    • Unencrypted, unsecure communications are a common vulne