Clicky

Army Operations Security (OPSEC)

Army Operations Security (OPSEC) This is the official OPSEC page for The Army Cyber Directorate at the Pentagon. OPSEC is a function of protecting information and indicators involved with our our critical operations, from falling into the hands of our adversaries.

We will post tips and stories that assist all in protecting information in the workplace and in general.

Operating as usual

SCAM OF THE WEEK: The Keep-It-Simple Scam
05/08/2022

SCAM OF THE WEEK: The Keep-It-Simple Scam

May The 4th Be With You!
05/04/2022

May The 4th Be With You!

SCAM OF THE WEEK: Supply Chain Scams
05/01/2022

SCAM OF THE WEEK: Supply Chain Scams

According to Ukrinform, the parties agreed that in order to comply with security regulations, journalists shall be allow...
04/30/2022
Journalists allowed to show military sites struck by enemy with 12-hour delay

According to Ukrinform, the parties agreed that in order to comply with security regulations, journalists shall be allowed to gather information on the ground immediately after the strike, but publish photos and videos of damaged military facilities in 12 hours and civilian targets – in three hours, says a statement published by Media Detector

The Ministry of Culture and Information Policy of Ukraine, the Ministry of Defense, and the Mediarukh community have issued a joint statement on the journalists’ work in a warzone. — Ukrinform.

😂 That’s funny right there Air Force OPSEC Support Team! 😂 Good reminder to talk to your team about OPSEC. Do not “assum...
04/27/2022

😂 That’s funny right there Air Force OPSEC Support Team! 😂

Good reminder to talk to your team about OPSEC.
Do not “assume” everyone knows your unit’s critical information is and how to protect it.

A little Monday morning humor. Don't let your work partners ruin your effective OPSEC countermeasures!

#OPSEC #protectingthemission

No military leader will directly ask you for money to fund a top secret government mission as they also confess their et...
04/26/2022

No military leader will directly ask you for money to fund a top secret government mission as they also confess their eternal love for you.
💕 💵 💕 💵

How an Army colonel became the face of romance scams around the world bit.ly/3k7kwOP

SCAM OF THE WEEK: Free Gift Text Message
04/24/2022

SCAM OF THE WEEK: Free Gift Text Message

Needs tips on protecting your Social Media accounts, download the DoD IDENTITY AWARENESS, PROTECTION, AND MANAGEMENT GUI...
04/22/2022

Needs tips on protecting your Social Media accounts, download the DoD IDENTITY AWARENESS, PROTECTION, AND MANAGEMENT GUIDE below.

https://www.odni.gov/files/NCSC/documents/campaign/DoD_IAPM_Guide_March_2021.pdf

Remain vigilant when browsing your emails.
04/19/2022

Remain vigilant when browsing your emails.

SCAM OF THE WEEK:Europol Vishing Scam
04/17/2022

SCAM OF THE WEEK:
Europol Vishing Scam

☞ 9 tips for ensuring operations security in your organizationOperations security protects individual pieces of data tha...
04/16/2022
9 tips for ensuring operations security in your organization

☞ 9 tips for ensuring operations security in your organization

Operations security protects individual pieces of data that could be grouped together to give a more detailed risk picture

Operations security protects individual pieces of data that could be grouped together to give a more detailed risk picture

OPSEC isn’t just for the OfficeCreating cyber OPSEC Programs: Overall support from management to users is critical for p...
04/13/2022
OPSEC isn’t just for the office – Fort Carson Mountaineer

OPSEC isn’t just for the Office

Creating cyber OPSEC Programs: Overall support from management to users is critical for prevention and protection of any cyber security program.

This doesn’t mean a cyber-program can only be implemented at work; remember OPSEC is everyone’s responsibility, such as “user accountability.” This is where a user can be held individually accountable for their actions. If accountable, a user is less likely to make mistakes or take other actions that might disrupt or compromise operations. Familiarization of cyber OPSEC programs can assist in the protection of cyber vulnerabilities at home.

At work, there are many cyber security consequences that an organization with an IT enterprise system and automated control network needs to consider, including disclosure of data, corruption of control data, interruption of services, etc. Recently there’s been extensive literature released pertaining to potential cyber-attacks on control networks by terrorists, nation-states, hackers, and insider threats. In addition, we continuously hear about the do’s and don’ts of social media and how those same threats are willing to take your information.

Let’s look at the resources available to mitigate these attacks at work and home; there is a considerable amount of training available for the “user” to enhance their knowledge, such as free tutorials on cyber security, technology/software, or just simply applying applicable measures when creating an at-work cyber program or home plan that can protect and counter cyber vulnerabilities and safeguard any critical or personally identifiable information. Help your workplace — help your family.

From some management perspectives, certain nuances and cultural differences can make the management of the cyber security program challenging. Some nuance examples may include rules governing the use of personal devices (employees’ use of their own devices for company business opens the door to a variety of online risk), complex policies (may drive people to shortcuts), and finally culture difference: placing security culture into a corporate environment with proactive steps that include processes and education.

Thus, the challenge becomes how to reuse appropriate OPSEC fundamentals from the IT domain in the control systems environment.

To mitigate these issues, managers must be able to instill a program that accounts for the unique needs, capabilities, and operational requirements of those users. Such programs often have the following key components:

☞ Generate a cyber OPSEC program for users

☞ Define management responsibilities

☞ Define OPSEC management boundaries for control systems

☞ Write a cyber-security OPSEC policy for control systems

☞ Ensure control system operator/user input on development of the security culture

☞ Implement and monitor a control system OPSEC program

Moreover, an effective cyber OPSEC program or plan that includes training, response and management practices as applied can reduce system downtime and increase overall security posture in the workplace and at home.

OPSEC elements can be unique; observing standards and practicing OPSEC is an excellent start to promoting vigilance required to establish and maintain this culture.

By Cynthia Flores-Wilkin
Installation #OPSEC Program manager, DPTMS @U.S. Army Fort Carson

Creating cyber OPSEC Programs: Overall support from management to users is critical for prevention and protection of any cyber security program.

RANSOMWARE VICTIMS ARE INCREASINGLY PAY RANSOM DEMANDSU.S. law enforcement agencies have consistently messaged the recom...
04/12/2022
More organizations are paying the ransom. Why? - Help Net Security

RANSOMWARE VICTIMS ARE INCREASINGLY PAY RANSOM DEMANDS

U.S. law enforcement agencies have consistently messaged the recommendation that companies that are hit by ransomware actors should not pay the ransom. However, a new cybersecurity report revealed that in 2021, nearly 63% of victims did pay the demanded ransom. That percentage is up from 72% of victims paying up in 2017. Reasons for the payment varied, but primary ones included companies not wanting sensitive stolen information to be posted online and potential lawsuits from clientele.

Most organizations (71%) have been hit by ransomware in 2022, and most of those (63%) opted for paying the requested ransom.

SCAM OF THE WEEK:Watch Out for Apple and Meta EDR Scams
04/10/2022

SCAM OF THE WEEK:
Watch Out for Apple and Meta EDR Scams

Russian troops in Ukraine have relied, with surprising frequency, on unsecured communication devices such as smartphones...
04/05/2022
Russian troops’ tendency to talk on unsecured lines is proving costly

Russian troops in Ukraine have relied, with surprising frequency, on unsecured communication devices such as smartphones and push-to-talk radios, leaving units vulnerable to targeting, and further underscoring the command-and-control deficiencies that have come to define Moscow’s month-long invasion, observers say.

Russian troops in Ukraine have relied, with surprising frequency, on unsecured communications devices such as smartphones and push-to-talk radios, leaving units vulnerable to targeting, and further exposing the command and control deficiencies that have come to define Moscow’s monthlong invasion.

SCAM OF THE WEEK:You've Got Malware: New QakBot Email
04/03/2022

SCAM OF THE WEEK:
You've Got Malware: New QakBot Email

04/01/2022

New! FM 1-02.5, The Army TikTok Handbook (APR22). FM 1-02.5 constitutes approved Army doctrine for creating hard-hitting, impactful TikTok videos you can share across your command. Read this book and you'll be the hit of the battalion. CSM's love it. If you've made it this far, check your calendar - it's April Fool's Day.

Great reminder from our friends at Joint Base Lewis-McChord that the flying of personal drones on DoD installations is n...
03/31/2022

Great reminder from our friends at Joint Base Lewis-McChord that the flying of personal drones on DoD installations is not permitted.

Since 2018, recreational drones and radio-controlled aircraft are not allowed to fly on or over DOD installations. Our JBLM OPSEC office asks everyone to be on the lookout for drones over by the base.

If you’re on the base and come across an operator of a recreational drone, they may not be aware of the restriction – a friendly reminder would be in order. In any other case or you see a drone coming over from off base, call 911 to report the activity.

For more information, contact your unit's OPSEC manager or call the JBLM OPSEC office at 253-966-7317.

03/29/2022

#OPSEC Tip: Always protect critical information! That is info that deals with specific facts about military intentions, capabilities, operations, or activities. If an adversary knew this detailed information, U.S. mission accomplishment and personnel safety could be jeopardized. It must be protected to ensure an adversary does not gain a significant advantage. Do not discuss critical information over the phone or through e-mails. Be careful of the information shared on social media. OPSEC is everyone's responsibility! 🤫

SCAM OF THE WEEK: Malicious MFA Bypassing Method
03/27/2022

SCAM OF THE WEEK: Malicious MFA Bypassing Method

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber ac...
03/26/2022

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners.

Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents.

As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.

Organizations should report anomalous cyber activity and/or cyber incidents 24/7 to [email protected] or (888) 282-0870.

https://www.cisa.gov/shields-up

Great #OPSEC  tips from the CDSE - Center for Development of Security Excellence! You can find additional awareness prod...
03/25/2022

Great #OPSEC tips from the CDSE - Center for Development of Security Excellence!
You can find additional awareness products, tips, and training at https://www.cdse.edu/.

A good message for all!
03/23/2022

A good message for all!

*OPSEC REMINDER*

With the #BroncoBrigade and 25th Infantry Division sending Soldiers throughout the Pacific in support of annual Pacific Pathways exercises we feel this is a good time to remind you that #OPSEC is a key factor in ensuring the safety of our Soldiers as they are traveling. #NoneBetter

03/21/2022

The results of Annual US Army OPSEC Awards are below. Congratulations to all!

• The following Individuals are the OPSEC 2021 Award Winners:
1. MAJ James Letterman – JBLM, WA
2. Mr. Kevin Larson – Ft. Stewart, GA
3. Mr. Mark Grasty – Ft. Lee, VA

• The following Organizations are the OPSEC 2021 Award Winners:
1. U.S. Army Garrison, Ft. Riley, KS
2. Letterkenny Army Depot, Chambersburg, PA
3. 59th Ordnance BDE, Ft. Lee, VA

• The following Multi-media submissions are the OPSEC 2021 Award Winners:
1. U.S. Army Garrison, Ft. Hood, TX
2. 59th Ordnance BDE, Ft. Lee, VA
3. MAJ James Letterman – JBLM, WA

SCAM OF THE WEEK: Banks and Credit Unions Phishing Texts#OPSEC
03/20/2022

SCAM OF THE WEEK: Banks and Credit Unions Phishing Texts
#OPSEC

Think • Protect • OPSEC
03/17/2022

Think • Protect • OPSEC

03/15/2022

Great video on #OPSEC

SCAM OF THE WEEK: Microsoft 365 Users Targeted w/ Fake Voicemails
03/13/2022

SCAM OF THE WEEK: Microsoft 365 Users Targeted w/ Fake Voicemails

A great reference for Soldiers and Leaders!
03/12/2022

A great reference for Soldiers and Leaders!

OUT NOW! The new #TRADOC Social Media Guide is up and running! 👉 http://spr.ly/6186KjSJ8

This tool provides TRADOC with easy access to DoD and Army level social media guidance, including the latest policy and regulations, social media “Dos and Don'ts,” and how to create your own social media strategy!

#VictoryStartsHere

Report, block, and ignore these scam artists. Awareness is best tool to combating these scams and understanding that a G...
03/10/2022

Report, block, and ignore these scam artists. Awareness is best tool to combating these scams and understanding that a General Officer will not contact you via social media for a recruitment fee into the Army, money for surgery of a loved one, money to get out of a combat zone, or need money from you for any other reason.

******Impostor ALERT******

Please be aware of any Facebook accounts pretending to be Gen. Paul E. Funk II, commanding general, TRADOC. Funk is NOT on Facebook, Skype, Google Hang Out, dating sites, chat rooms, etc.

The accounts listed below are the ONLY official accounts for Gen. Funk:

Twitter: http://spr.ly/6180Kducs
Instagram: http://spr.ly/6181Kduct
LinkedIn: http://spr.ly/6182KducQ

Impostors often use publicly available photos to convince others that they are communicating with Gen. Funk and other senior military leaders. Some of these impostor accounts attempt to harass and even scam individuals often for monetary gain.

Please report any impostors to the appropriate social media platform.

Great advice!
03/09/2022

Great advice!

With the current world events, DOD Operation Security managers are reporting increases in hostile hacking attempts across DOD platforms. Our JBLM OPSEC office asks everyone to be on guard when it comes to unsolicited phone calls and emails requesting information on training activities on base.

Follow your instincts -- if you feel you have a questionable OPSEC issue, contact your unit's OPSEC manager or call the JBLM OPSEC office at 253-966-7317.

SCAM OF THE WEEK: Watch Out for Scams Related to Ukraine#OPSEC
03/06/2022

SCAM OF THE WEEK: Watch Out for Scams Related to Ukraine
#OPSEC

Address

3200 Army Pentagon
Washington D.C., DC
20310

Opening Hours

Monday 7am - 6pm
Tuesday 7am - 6pm
Wednesday 7am - 6pm
Thursday 7am - 6pm
Friday 7am - 6pm

Telephone

+17036146558

Alerts

Be the first to know and let us send you an email when Army Operations Security (OPSEC) posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Army Operations Security (OPSEC):

Videos

Nearby government services


Other Government Organizations in Washington D.C.

Show All

Comments

OPSEC professionals, did you know you can go to https://www.iad.gov/ioss/ to get OPSEC Products, Classes, and Services for free? #OPSEC
National Counterintelligence and Security Center (NCSC) Enterprise Threat Mitigation Directorate (ETD) January 2022 Newsletter. Lots of good national-level OPSEC program information inside. #OPSEC https://www.dni.gov/files/NCSC/documents/campaign/ETD_Newsletter_Jan%202022_FINAL_01132022.pdf
The National OPSEC Program Office, the NCSC Enterprise Threat Mitigation Directorate seeks to promote OPSEC Awareness among our stakeholders. While OPSEC Awareness is important year round, we have found success with other awareness campaigns in designating an awareness month. The National OPSEC Program Office is therefore designating January as National OPSEC Awareness Month. #OPSEC
Avoid smishing scams. That text message isn’t from the IRS. https://youtu.be/6JAKqrUNf-0
Courtesy of US Army CID, please review the flyer to learn about "Smishing: Short Message Service Phishing", trending scams, and how to prevent and report criminals attempting to scam you. • Use the link below to access the flyer: https://www.cid.army.mil/assets/docs/2can/Smishing.pdf
6 Ways to Delete Yourself From the Internet • Reducing your digital footprint reduces the risk of compromising your critical information. https://www.wired.com/story/delete-yourself-from-internet/
SCAM OF THE WEEK: A New Spam Scam #OPSEC
→ 5 Ways to Combat Fraud During the Holidays ← • Revisit Your Password Habits • Take Advantage of Authentication Features • Use Trusted Payment Methods • Be Skeptical • Monitor Your Credit Report https://www.fico.com/blogs/holiday-fraud
Go to the Security Awareness Hub for training created and hosted by the CDSE. https://securityawareness.usalearning.gov/index.html
“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” NordPass CEO Jonas Karklys stated. Top Five Worst Passwords 1. 123456 • 2. 123456789 • 3. 12345 • 4. qwerty • 5. password https://www.hackread.com/most-used-worst-passwords-of-2021/
#ProtectTheForce #OPSEC