Army Operations Security (OPSEC)

Army Operations Security (OPSEC) This is the official OPSEC page for The Army Cyber Directorate at the Pentagon. Participants are asked to follow the posting guidelines.

Army Operations Security (OPSEC) reserves the right to remove any posts in violation of the guidelines. OPSEC is a function of protecting information and indicators involved with our our critical operations, from falling into the hands of our adversaries. We will post tips and stories that assist all in protecting information in the workplace and in general.

Operating as usual

Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-po...
08/22/2021

Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

Operations Security, or OPSEC, is a proven risk-analysis process that helps protect critical information and determine t...
08/21/2021
Be OPSEC aware before you share

Operations Security, or OPSEC, is a proven risk-analysis process that helps protect critical information and determine the value of unclassified information, but awareness is key.

Using the OPSEC process, we can deny the adversary information they need to compromise our operations.

https://www.army.mil/article/249435/be_opsec_aware_before_you_share

FORT LEONARD WOOD, Mo. — Many people use social media, but not everyone understands the impact of what they are sharing and who can see their posts, pic...

T-Mobile Customers beware.T-Mobile confirms unauthorized access to some data occurred, says it has not determined whethe...
08/16/2021

T-Mobile Customers beware.

T-Mobile confirms unauthorized access to some data occurred, says it has not determined whether "personal customer data involved": Tonya Riley, Reporter via Twitter.

T-Mobile Customers beware.

T-Mobile confirms unauthorized access to some data occurred, says it has not determined whether "personal customer data involved": Tonya Riley, Reporter via Twitter.

Do you know your Commander's Critical Information List? Be mindful of where you are and what you are discussing outside ...
08/15/2021

Do you know your Commander's Critical Information List?
Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

Do you know your Commander's Critical Information List?
Be mindful of where you are and what you are discussing outside of the work environment. Leave on-post activities "on-post".

WHAT IS OPSEC? This brief video provides the fundamentals and examples of Operations Security that can be applied at wor...
08/14/2021
What is OPSEC? - Operations Security

WHAT IS OPSEC?
This brief video provides the fundamentals and examples of Operations Security that can be applied at work and home.
https://youtu.be/dbiEJp38EWY

Operations Security or OPSEC is the essential process of protecting your “critical information” from adversary observation, collection & exploitation.Let’s d...

08/13/2021

The #USArmy protects its people, facilities and information from acts of terrorism through constant vigilance and key leadership emphasis.

Attacks against our military and civilians dictate the need for heightened awareness and suspicious activity reporting.
https://www.army.mil/article/249320

An oldie but goodie.  No info lost in the cone of silence.
08/10/2021

An oldie but goodie. No info lost in the cone of silence.

Should be a great debate, what are you drinking this evening?

LinkedIn OPSEC, Targeting Analysis and CountermeasuresBSidesNoVA 2021 | Rich WickershamThis 30-minute video will review ...
08/08/2021
BSidesNoVA 2021 | Rich Wickersham | LinkedIn OPSEC, Targeting Analysis and Countermeasures

LinkedIn OPSEC, Targeting Analysis and Countermeasures
BSidesNoVA 2021 | Rich Wickersham

This 30-minute video will review the continuing need for employee and corporate Operations Security (OPSEC) in social media platforms with a focus on LinkedIn.

https://www.youtube.com/watch?v=0YYR4Uh8f_A&t=67s

Presented at BSidesNoVA 2021 on June 5th, 2021This talk will review the continuing need for employee and corporate Operations Security (OPSEC) in social medi...

TA456, an Iranian-state aligned actor, spent years masquerading as the persona “Marcella Flores” in an attempt to infect...
08/07/2021
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona | Proofpoint US

TA456, an Iranian-state aligned actor, spent years masquerading as the persona “Marcella Flores” in an attempt to infect the machine of an employee of an aerospace defense contractor with malware (using macro-laden documents).

ttps://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media

Key Takeaways TA456, an Iranian-state aligned actor, spent years masquerading as the persona “Marcella Flores” in an attempt to infect the machine of an employee of an aerospace defense contractor with malware. The malware, dubbed by Proofpoint as LEMPO, was designed to establish persistence, pe...

Be cautious of phone scammers pretending to be your utility company. They will attempt to put you in a sense of urgency,...
08/01/2021

Be cautious of phone scammers pretending to be your utility company. They will attempt to put you in a sense of urgency, such as calling right before the weekend, and have you make the mistake of paying them.

In my situation, I told the scammer I would hang up, verify through my phone app and if needed, pay through the phone app. This is where he broke his composure and got angry.

Additionally, do not provide additional information about yourself as that may be used against you in future scams.

Be cautious of phone scammers pretending to be your utility company. They will attempt to put you in a sense of urgency, such as calling right before the weekend, and have you make the mistake of paying them.

In my situation, I told the scammer I would hang up, verify through my phone app and if needed, pay through the phone app. This is where he broke his composure and got angry.

Additionally, do not provide additional information about yourself as that may be used against you in future scams.

Are you a Soldier or Army Civilian in charge of managing the organization’s or leader’s official social media presences,...
07/31/2021

Are you a Soldier or Army Civilian in charge of managing the organization’s or leader’s official social media presences, such as accounts on Facebook, YouTube, Twitter, and Instagram?

Ensure you are trained and meet regulatory guidance. The Social Media Managers site has step-by-step instructions to protect you and your command.

Link: https://www.army.mil/socialmedia/managers/

Are you a Soldier or Army Civilian in charge of managing the organization’s or leader’s official social media presences, such as accounts on Facebook, YouTube, Twitter, and Instagram?

Ensure you are trained and meet regulatory guidance. The Social Media Managers site has step-by-step instructions to protect you and your command.

Link: https://www.army.mil/socialmedia/managers/

Why you need to update all your iPhones, iPads, and Macs right now.While this update contains bug fixes, the main part o...
07/29/2021
Urgent: Why you need to update all your iPhones, iPads, and Macs right now | ZDNet

Why you need to update all your iPhones, iPads, and Macs right now.

While this update contains bug fixes, the main part of this update is a security fix for a vulnerability that Apple says "may have been actively exploited."

In other words, the bad guys are already using it.

To update your iPhone and iPad, go to Settings > General > Software Update and download and install any available updates.

https://www.zdnet.com/article/why-you-need-to-urgently-update-all-your-iphones-ipads-and-macs-now/

This is a big one. You need to update them all, and update them all now.

Do any of you Military, DACs or CTRs leave your SIPR Tokens at work?  Give us one good reason why you would do that?  We...
07/26/2021

Do any of you Military, DACs or CTRs leave your SIPR Tokens at work? Give us one good reason why you would do that? We have the most important reason of all why you shouldn't.

Do any of you Military, DACs or CTRs leave your SIPR Tokens at work? Give us one good reason why you would do that? We have the most important reason of all why you shouldn't.

Exercise caution prior to answering online questionnaires asking for seemingly harmless, but potentially, critical infor...
07/26/2021

Exercise caution prior to answering online questionnaires asking for seemingly harmless, but potentially, critical information about you and your family. Any information provided can be used to craft a social engineering attack. With enough information, an attacker is well-equipped to customize a message for you that looks legitimate.

Exercise caution prior to answering online questionnaires asking for seemingly harmless, but potentially, critical information about you and your family. Any information provided can be used to craft a social engineering attack. With enough information, an attacker is well-equipped to customize a message for you that looks legitimate.

Recognizing one of our OPSEC warriors! For the second time in six years, Paul Quintel, the Aviation and Missile Command ...
07/24/2021

Recognizing one of our OPSEC warriors! For the second time in six years, Paul Quintel, the Aviation and Missile Command operations security program manager, has received the first place Army-wide OPSEC individual award.

“Just because we had a pandemic doesn’t mean we quit doing OPSEC,” he said. “We were coordinating training, conducting OPSEC reviews and collaborating on the destruction program – so I was staying busy in 2020. We had challenges, but we adjusted to them.”

-- Keep up the amazing work!

https://www.theredstonerocket.com/military_scene/article_f311bcec-d430-11eb-aa09-ffea245d73f5.html

Recognizing one of our OPSEC warriors! For the second time in six years, Paul Quintel, the Aviation and Missile Command operations security program manager, has received the first place Army-wide OPSEC individual award.

“Just because we had a pandemic doesn’t mean we quit doing OPSEC,” he said. “We were coordinating training, conducting OPSEC reviews and collaborating on the destruction program – so I was staying busy in 2020. We had challenges, but we adjusted to them.”

-- Keep up the amazing work!

https://www.theredstonerocket.com/military_scene/article_f311bcec-d430-11eb-aa09-ffea245d73f5.html

Before rushing out that door to enjoy the weekend, ensure you retrieve your Common Access Card (CAC) when leaving the of...
07/23/2021

Before rushing out that door to enjoy the weekend, ensure you retrieve your Common Access Card (CAC) when leaving the office. At these times, don't let it out of your line of sight. Always keep the card with you at all times.

Before rushing out that door to enjoy the weekend, ensure you retrieve your Common Access Card (CAC) when leaving the office. At these times, don't let it out of your line of sight. Always keep the card with you at all times.

OPSEC/INFOSEC FAIL! A British gamer (and Soldier) leaked classified tank specs online to win an argument over a military...
07/22/2021

OPSEC/INFOSEC FAIL!
A British gamer (and Soldier) leaked classified tank specs online to win an argument over a military video game! 🤦‍♂️

Have you ever wanted to win an argument so bad you leaked classified info? This "War Thunder" gamer did.

The whole story > https://bit.ly/3BtrgxJ

"Be skeptical of that admiral who just asked you out on Twitter."Like Whack-a-Mole, fake social media profiles pop up fa...
07/19/2021
Impersonations of Military Members on Social Media On the Rise, New Report Says

"Be skeptical of that admiral who just asked you out on Twitter."

Like Whack-a-Mole, fake social media profiles pop up faster than we can knock them down. Exercise caution before sending money over the internet to any individual you do not know.

https://www.defenseone.com/technology/2021/07/impersonations-military-members-social-media-rise-new-report/183704/

Be skeptical of that admiral who just asked you out on Twitter.

Take additional caution prior enabling programs to run on your computer. A Microsoft Excel file might seem harmless, but...
07/18/2021

Take additional caution prior enabling programs to run on your computer. A Microsoft Excel file might seem harmless, but Macros are programs that can execute commands outside of Excel, or other Microsoft office programs.

Before enabling Macros, verify who created the file, what the file contains, and why Macros are necessary.

Take additional caution prior enabling programs to run on your computer. A Microsoft Excel file might seem harmless, but Macros are programs that can execute commands outside of Excel, or other Microsoft office programs.

Before enabling Macros, verify who created the file, what the file contains, and why Macros are necessary.

07/16/2021

Woohoo!

Companies including Facebook, Microsoft, Google, and Twitter took action against Iranian hacking group using platforms to distribute malware, conduct espionage, and target US military personnel: Blog via Dev Discourse.

SCAM OF THE WEEK:Kaseya Security Crisis ScamsEarlier this month, information technology provider Kaseya was the target o...
07/14/2021

SCAM OF THE WEEK:

Kaseya Security Crisis Scams
Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware.
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns.
Here are some tips to stay safe:
• Watch out for Kaseya-related emails—especially those that claim your organization has been affected.
• Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations.
• Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.

SCAM OF THE WEEK:

Kaseya Security Crisis Scams
Earlier this month, information technology provider Kaseya was the target of a massive cybersecurity attack. Many IT companies use Kaseya’s software to manage and monitor their clients’ computers remotely. The cyberattack resulted in over 1,500 organizations becoming victims of ransomware.
Cybercriminals are now using the Kaseya incident as bait to catch your attention and manipulate your emotions. You can expect to see scammers referencing this event in phishing emails, vishing attacks, and social media disinformation campaigns.
Here are some tips to stay safe:
• Watch out for Kaseya-related emails—especially those that claim your organization has been affected.
• Do not respond to any phone calls claiming to be from a “Kaseya Partner”. Kaseya released a statement that they are not asking partners to reach out to organizations.
• Be suspicious of social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you—a tactic known as disinformation.

Do you all know what CUI is?  Why do you need to know?Controlled Unclassified Information (CUI) is information that requ...
07/13/2021

Do you all know what CUI is? Why do you need to know?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended.Feb 23, 2021

Do you all know what CUI is? Why do you need to know?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 “Classified National Security Information” or the Atomic Energy Act, as amended.Feb 23, 2021

A good design for briefing OPSEC.
07/10/2021

A good design for briefing OPSEC.

A good design for briefing OPSEC.

A great visual brought to us by our newest volunteer, a diligent PM.Thank you to him.
06/30/2021

A great visual brought to us by our newest volunteer, a diligent PM.

Thank you to him.

A great visual brought to us by our newest volunteer, a diligent PM.

Thank you to him.

There are big bucks just waiting for you to claim.  Oh yes!"US-Unclaimed-Assets"Robert, Learn how to find your missing s...
06/25/2021

There are big bucks just waiting for you to claim. Oh yes!

"US-Unclaimed-Assets"

Robert, Learn how to find your missing security deposits!

Landlords are sometimes unable able to return all or part of your security deposit after you have vacated an apartment. In these cases, the government may classify the leftover funds as unclaimed. Find out how to search for unclaimed security deposits and other ways to stay financially stable as a renter!

There are big bucks just waiting for you to claim. Oh yes!

"US-Unclaimed-Assets"

Robert, Learn how to find your missing security deposits!

Landlords are sometimes unable able to return all or part of your security deposit after you have vacated an apartment. In these cases, the government may classify the leftover funds as unclaimed. Find out how to search for unclaimed security deposits and other ways to stay financially stable as a renter!

Address

3200 Army Pentagon
Washington D.C., DC
20310

General information

While this is an open forum, it's also a family friendly one, so please keep your comments and wall posts clean. In addition to keeping it family friendly, we ask that you follow our posting guidelines here. Posts will be removed if they violate the guidelines listed below. You participate at your own risk, taking personal responsibility for your comments, your username and any information provided. Comments and posts that violate any of the guidelines listed below may be removed: • Do not post graphic, obscene, explicit or racial comments . We also do not allow comments that are abusive, hateful, vindictive or intended to defame anyone or any organization. • Do not post any solicitations (i.e.: asking users to "like" your page, visit your website, sign a petition, contribute to a fundraiser). • Do not post advertisements, prize contests or giveaways. This includes promotion or endorsement of any financial, commercial or non-governmental agency. Similarly, we do not allow attempts to defame or defraud any financial, commercial or non-governmental agency. • Do not post details about an ongoing investigation or legal or administrative proceeding that could prejudice the processes or could interfere with an individual's rights will be deleted from this page. • Apparent spamming or trolling will be removed and may cause the author(s) to be blocked from the page without notice. • Do not post copyrighted or trademarked images or graphics. Imagery posted on the Facebook wall should be owned by the user. • Do not post comments, photos or videos that suggest or encourage illegal activity. • Do not post political propaganda. • Do not post documents of any kind. • All information posted to social media sites will be unclassified. No FOUO (for official use only), classified, pre-decisional, proprietary or business-sensitive information should ever be posted or discussed on this page. Don’t post personnel lists, rosters, organization charts or directories. This is a violation of privacy. The appearance of external links or the use of third-party applications on this site does not constitute official endorsement on behalf of the U.S. Army or Department of Defense. For more information, visit the DoD Social Media user agreement at: http://www.defense.gov/socialmedia/user-agreement.aspx. You are encouraged to quote, republish or share any content on this site on your own blog, Web site or other communication/publication. If you do so, please credit the Army organization, unit or the person who authored the content as a courtesy.

Opening Hours

Monday 7am - 6pm
Tuesday 7am - 6pm
Wednesday 7am - 6pm
Thursday 7am - 6pm
Friday 7am - 6pm

Telephone

(703) 614-6558

Website

Alerts

Be the first to know and let us send you an email when Army Operations Security (OPSEC) posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Army Operations Security (OPSEC):

Videos

Safeguarding critical information.

OPSEC is a function of protecting information and indicators involved with our critical operations from falling into the hands of our adversaries. We will post tips and stories that assist all in protecting information in the workplace and in general.

Nearby government services


Other Government Organizations in Washington D.C.

Show All