Army Operations Security (OPSEC)

05/10/2022

Operation Mincemeat explores Cold War espionage with British restraint

Based on a True Story during WWII, OPERATION MINCEMEAT was an elaborate and successful deception plan wrapped in a blanket of meticulous Operations Security.

Colin Firth and Matthew Macfadyen star in John Madden's engaging spy drama, based on improbable real-life events

05/08/2022

SCAM OF THE WEEK: The Keep-It-Simple Scam

05/04/2022

May The 4th Be With You!

05/01/2022

SCAM OF THE WEEK: Supply Chain Scams

04/30/2022

Journalists allowed to show military sites struck by enemy with 12-hour delay

According to Ukrinform, the parties agreed that in order to comply with security regulations, journalists shall be allowed to gather information on the ground immediately after the strike, but publish photos and videos of damaged military facilities in 12 hours and civilian targets – in three hours, says a statement published by Media Detector

The Ministry of Culture and Information Policy of Ukraine, the Ministry of Defense, and the Mediarukh community have issued a joint statement on the journalists’ work in a warzone. — Ukrinform.

04/27/2022

😂 That’s funny right there Air Force OPSEC Support Team! 😂

Good reminder to talk to your team about OPSEC.
Do not “assume” everyone knows your unit’s critical information is and how to protect it.

A little Monday morning humor. Don't let your work partners ruin your effective OPSEC countermeasures!

#OPSEC #protectingthemission

04/26/2022

No military leader will directly ask you for money to fund a top secret government mission as they also confess their eternal love for you.
💕 💵 💕 💵

How an Army colonel became the face of romance scams around the world bit.ly/3k7kwOP

04/24/2022

SCAM OF THE WEEK: Free Gift Text Message

04/22/2022

Needs tips on protecting your Social Media accounts, download the DoD IDENTITY AWARENESS, PROTECTION, AND MANAGEMENT GUIDE below.

https://www.odni.gov/files/NCSC/documents/campaign/DoD_IAPM_Guide_March_2021.pdf

04/19/2022

Remain vigilant when browsing your emails.

04/17/2022

SCAM OF THE WEEK:
Europol Vishing Scam

04/16/2022

9 tips for ensuring operations security in your organization

☞ 9 tips for ensuring operations security in your organization

Operations security protects individual pieces of data that could be grouped together to give a more detailed risk picture

Operations security protects individual pieces of data that could be grouped together to give a more detailed risk picture

04/13/2022

OPSEC isn’t just for the office – Fort Carson Mountaineer

OPSEC isn’t just for the Office

Creating cyber OPSEC Programs: Overall support from management to users is critical for prevention and protection of any cyber security program.

This doesn’t mean a cyber-program can only be implemented at work; remember OPSEC is everyone’s responsibility, such as “user accountability.” This is where a user can be held individually accountable for their actions. If accountable, a user is less likely to make mistakes or take other actions that might disrupt or compromise operations. Familiarization of cyber OPSEC programs can assist in the protection of cyber vulnerabilities at home.

At work, there are many cyber security consequences that an organization with an IT enterprise system and automated control network needs to consider, including disclosure of data, corruption of control data, interruption of services, etc. Recently there’s been extensive literature released pertaining to potential cyber-attacks on control networks by terrorists, nation-states, hackers, and insider threats. In addition, we continuously hear about the do’s and don’ts of social media and how those same threats are willing to take your information.

Let’s look at the resources available to mitigate these attacks at work and home; there is a considerable amount of training available for the “user” to enhance their knowledge, such as free tutorials on cyber security, technology/software, or just simply applying applicable measures when creating an at-work cyber program or home plan that can protect and counter cyber vulnerabilities and safeguard any critical or personally identifiable information. Help your workplace — help your family.

From some management perspectives, certain nuances and cultural differences can make the management of the cyber security program challenging. Some nuance examples may include rules governing the use of personal devices (employees’ use of their own devices for company business opens the door to a variety of online risk), complex policies (may drive people to shortcuts), and finally culture difference: placing security culture into a corporate environment with proactive steps that include processes and education.

Thus, the challenge becomes how to reuse appropriate OPSEC fundamentals from the IT domain in the control systems environment.

To mitigate these issues, managers must be able to instill a program that accounts for the unique needs, capabilities, and operational requirements of those users. Such programs often have the following key components:

☞ Generate a cyber OPSEC program for users

☞ Define management responsibilities

☞ Define OPSEC management boundaries for control systems

☞ Write a cyber-security OPSEC policy for control systems

☞ Ensure control system operator/user input on development of the security culture

☞ Implement and monitor a control system OPSEC program

Moreover, an effective cyber OPSEC program or plan that includes training, response and management practices as applied can reduce system downtime and increase overall security posture in the workplace and at home.

OPSEC elements can be unique; observing standards and practicing OPSEC is an excellent start to promoting vigilance required to establish and maintain this culture.

By Cynthia Flores-Wilkin
Installation #OPSEC Program manager, DPTMS @U.S. Army Fort Carson

Creating cyber OPSEC Programs: Overall support from management to users is critical for prevention and protection of any cyber security program.

04/12/2022

More organizations are paying the ransom. Why? - Help Net Security

RANSOMWARE VICTIMS ARE INCREASINGLY PAY RANSOM DEMANDS

U.S. law enforcement agencies have consistently messaged the recommendation that companies that are hit by ransomware actors should not pay the ransom. However, a new cybersecurity report revealed that in 2021, nearly 63% of victims did pay the demanded ransom. That percentage is up from 72% of victims paying up in 2017. Reasons for the payment varied, but primary ones included companies not wanting sensitive stolen information to be posted online and potential lawsuits from clientele.

Most organizations (71%) have been hit by ransomware in 2022, and most of those (63%) opted for paying the requested ransom.

04/10/2022

SCAM OF THE WEEK:
Watch Out for Apple and Meta EDR Scams

04/09/2022

Russian soldiers have been stealing cell phones from Ukrainians after the failure of their own communication systems.

Ukrainians are locating their devices on the territory of the Homiel region, Belarus, where part of the Russian army retreated. #OPSEC Fail.

https://wbznewsradio.iheart.com/content/2022-04-06-ukrainians-using-find-my-iphone-to-locate-apple-devices-stolen-by-russia/

04/05/2022

Russian troops’ tendency to talk on unsecured lines is proving costly

Russian troops in Ukraine have relied, with surprising frequency, on unsecured communication devices such as smartphones and push-to-talk radios, leaving units vulnerable to targeting, and further underscoring the command-and-control deficiencies that have come to define Moscow’s month-long invasion, observers say.

Russian troops in Ukraine have relied, with surprising frequency, on unsecured communications devices such as smartphones and push-to-talk radios, leaving units vulnerable to targeting, and further exposing the command and control deficiencies that have come to define Moscow’s monthlong invasion.

04/03/2022

SCAM OF THE WEEK:
You've Got Malware: New QakBot Email

04/01/2022

New! FM 1-02.5, The Army TikTok Handbook (APR22). FM 1-02.5 constitutes approved Army doctrine for creating hard-hitting, impactful TikTok videos you can share across your command. Read this book and you'll be the hit of the battalion. CSM's love it. If you've made it this far, check your calendar - it's April Fool's Day.

03/31/2022

Great reminder from our friends at Joint Base Lewis-McChord that the flying of personal drones on DoD installations is not permitted.

Since 2018, recreational drones and radio-controlled aircraft are not allowed to fly on or over DOD installations. Our JBLM OPSEC office asks everyone to be on the lookout for drones over by the base.

If you’re on the base and come across an operator of a recreational drone, they may not be aware of the restriction – a friendly reminder would be in order. In any other case or you see a drone coming over from off base, call 911 to report the activity.

For more information, contact your unit's OPSEC manager or call the JBLM OPSEC office at 253-966-7317.

03/29/2022

#OPSEC Tip: Always protect critical information! That is info that deals with specific facts about military intentions, capabilities, operations, or activities. If an adversary knew this detailed information, U.S. mission accomplishment and personnel safety could be jeopardized. It must be protected to ensure an adversary does not gain a significant advantage. Do not discuss critical information over the phone or through e-mails. Be careful of the information shared on social media. OPSEC is everyone's responsibility! 🤫

03/27/2022

SCAM OF THE WEEK: Malicious MFA Bypassing Method

03/26/2022

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners.

Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents.

As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.

Organizations should report anomalous cyber activity and/or cyber incidents 24/7 to [email protected] or (888) 282-0870.

https://www.cisa.gov/shields-up

03/25/2022

Great #OPSEC tips from the CDSE - Center for Development of Security Excellence!
You can find additional awareness products, tips, and training at https://www.cdse.edu/.

03/23/2022

A good message for all!

*OPSEC REMINDER*

With the #BroncoBrigade and 25th Infantry Division sending Soldiers throughout the Pacific in support of annual Pacific Pathways exercises we feel this is a good time to remind you that #OPSEC is a key factor in ensuring the safety of our Soldiers as they are traveling. #NoneBetter

03/21/2022

The results of Annual US Army OPSEC Awards are below. Congratulations to all!

• The following Individuals are the OPSEC 2021 Award Winners:
1. MAJ James Letterman – JBLM, WA
2. Mr. Kevin Larson – Ft. Stewart, GA
3. Mr. Mark Grasty – Ft. Lee, VA

• The following Organizations are the OPSEC 2021 Award Winners:
1. U.S. Army Garrison, Ft. Riley, KS
2. Letterkenny Army Depot, Chambersburg, PA
3. 59th Ordnance BDE, Ft. Lee, VA

• The following Multi-media submissions are the OPSEC 2021 Award Winners:
1. U.S. Army Garrison, Ft. Hood, TX
2. 59th Ordnance BDE, Ft. Lee, VA
3. MAJ James Letterman – JBLM, WA

03/20/2022

SCAM OF THE WEEK: Banks and Credit Unions Phishing Texts
#OPSEC

03/17/2022

Think • Protect • OPSEC

03/15/2022

Great video on #OPSEC

03/13/2022

SCAM OF THE WEEK: Microsoft 365 Users Targeted w/ Fake Voicemails

03/12/2022

A great reference for Soldiers and Leaders!

OUT NOW! The new #TRADOC Social Media Guide is up and running! 👉 http://spr.ly/6186KjSJ8

This tool provides TRADOC with easy access to DoD and Army level social media guidance, including the latest policy and regulations, social media “Dos and Don'ts,” and how to create your own social media strategy!

#VictoryStartsHere

03/10/2022

Report, block, and ignore these scam artists. Awareness is best tool to combating these scams and understanding that a General Officer will not contact you via social media for a recruitment fee into the Army, money for surgery of a loved one, money to get out of a combat zone, or need money from you for any other reason.

******Impostor ALERT******

Please be aware of any Facebook accounts pretending to be Gen. Paul E. Funk II, commanding general, TRADOC. Funk is NOT on Facebook, Skype, Google Hang Out, dating sites, chat rooms, etc.

The accounts listed below are the ONLY official accounts for Gen. Funk:

Twitter: http://spr.ly/6180Kducs
Instagram: http://spr.ly/6181Kduct
LinkedIn: http://spr.ly/6182KducQ

Impostors often use publicly available photos to convince others that they are communicating with Gen. Funk and other senior military leaders. Some of these impostor accounts attempt to harass and even scam individuals often for monetary gain.

Please report any impostors to the appropriate social media platform.

03/09/2022

Great advice!

With the current world events, DOD Operation Security managers are reporting increases in hostile hacking attempts across DOD platforms. Our JBLM OPSEC office asks everyone to be on guard when it comes to unsolicited phone calls and emails requesting information on training activities on base.

Follow your instincts -- if you feel you have a questionable OPSEC issue, contact your unit's OPSEC manager or call the JBLM OPSEC office at 253-966-7317.

03/06/2022

SCAM OF THE WEEK: Watch Out for Scams Related to Ukraine
#OPSEC

03/05/2022

Elon Musk warns over Starlink risk in Ukraine as experts say that without good OPSEC users could be hacked, or bombed
https://thestack.technology/elon-musk-warns-starlink-terminals-in-ukraine/