| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Apr | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
- Analysis (2)
- Assessments/Surveys (1)
- Awareness (13)
- BS (19)
- Computer Intrusions (3)
- Conferences (8)
- Countermeasures (5)
- Critical Information (10)
- Critical Information Lists (2)
- Family OPSEC (9)
- General OPSEC (31)
- History (6)
- Indicators (4)
- Leadership Support (2)
- Media (7)
- Movies (4)
- OPSEC Plans (2)
- OSPA (9)
- Planning (3)
- Program Management (11)
- Risk (7)
- Threat (10)
- Uncategorized (9)
- Vulnerabilities (8)
- WWW (11)
- 20 April 2012: Vacation
- 18 April 2012: It's In The Way That You Use It
- 17 April 2012: Movin' Out (Anthony's Song)
- 10 April 2012: Dancing in the Dark
- 5 April 2012: Missing You
- 21 December 2010: I Am OPSEC
- 15 October 2010: Idiot Wind
- 4 October 2010: National OPSEC Day
- 13 August 2010: Smells Like Teen Spirit
- 9 August 2010: The Sky Is Crying
- April 2012
- December 2010
- October 2010
- August 2010
- July 2010
- May 2010
- April 2010
- February 2010
- December 2009
- October 2009
- September 2009
- August 2009
- July 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
Vacation
20 April 2012 by Revelator.
Pop Quiz time fellow OPSECers:
Q: Which of the following is the BEST example of an out-of-office statement for your work email?
A: I’m not in. Don’t know where I’m going. Don’t know how long I’ll be gone. Don’t know when I’m coming back - and neither do you. OPSEC Baby! I will be checking email daily.
B: I am currently out of the office for 14 glorious days. I finally got my vacation approved and I’m taking the little woman, Junior and baby girl to the Atlantis Resort (and casino!!). For any security issues don’t even think about contacting me! Instead, please contact Regional Security Manager Susie Smith at (555)-555-1234. BTW: she is also the SAP coordinator. Assuming I actually come back to work (ha-ha) all emails will be addressed on my return.
C: I am currently out of the office. If you need immediate assistance please contact Joe Smith at (555)-555-1234.
D: I am on travel until the first of next month. I’m attending a classified conference which means I won’t have my laptop during the conference (8am - 5pm each day). I can’t even check during lunch so I’ll be leaving my laptop in my hotel room but I promise to get back to you after 5pm. If you really need to contact me call the Springfield Marriott and ask for me (room 209), Steve Jones (room 426) or Joey Smith (room 427) and they’ll put you through. For those of you working on Project Nighttrain - I won’t have access to JWICS or SIPR until I get back so don’t bother sending anything to those accounts. Have a great day.
Assuming I don’t have to actually give you the correct answer I surely hope you get the point. What you put in your out-of-office statement - or your voicemail message - must be free of sensitive information. This also speaks to need-to-know. There are a multitude of reasons why this is important and a multitude of ways an adversary could exploit your information - suffice to say that you need to heed this advice. Keep your out-of-office email statements and your voicemail recordings short and to the point. Don’t include any information that doesn’t absolutely need to be there.
Keep the Faith!
Revelator
Vacation - The Go-Go’s
Posted in Critical Information, Awareness, Countermeasures, Vulnerabilities, Conferences, General OPSEC | Print | 2 Comments »
It’s In The Way That You Use It
18 April 2012 by Revelator.
Tending on MSN today was the following story:
“PRANK PAINTING HUNG IN PENTAGON FOR NEARLY A YEAR”
For nearly a year, a commemorative portrait of Ensign Chuck Hord, “lost at sea” in 1908, hung on a Pentagon wall. Amazingly, no one noticed that the painting was actually a stylized photograph and that the man in it looked like he had stepped out of GQ magazine, complete with blow-dried hair. Turns out that the portrait, which belongs to 53-year-old military retiree Capt. Eldridge Hord III, was smuggled in by one of Hord’s buddies in July 2011. The unusual hairstyle tipped off the Wall Street Journal, which alerted Pentagon staff, who have taken it down. What party poopers.”
How cool is that? Indicators people! In OPSEC, you’ve got to see the indicators. Sometimes, like the item above, not noticing indicators is simply embarrassing. At other times though, not noticing an indicator could cost lives. Ambushes, IED’s, surprise attacks: each of these typically will give off indicators. If you see one of those indicators it could give you a tactical advantage or help you reassess your current plan of action. It really doesn’t get much simpler or stronger than that.
Yes, OPSEC is a formal program with Program Managers, Program Coordinators, official guidance, and a defined 5-step process. But in the big picture - the one where the people we support live - it must be a way of life, a mind-set, a way to view the world. Some of you know this as situational awareness. Call it what you want but if you are not actively looking for, recognizing and reacting to the indicators around you then you are not doing all you can for yourself or your unit/organization.
On the way into work today (speeding as usual) I noticed multiple cars about 1/2 mile ahead of me were applying their brakes. To me that means one of two things: an accident or a cop on the side of the road. Either one dictated early braking which I did. It was a cop. The indicator was the brake lights. I looked for it, recognized it and reacted to it and will keep my driver’s license another day.
Keep the Faith!
Revelator
It’s In The Way That You Use It - Eric Clapton
Posted in Indicators, Analysis | Print | No Comments »
Movin’ Out (Anthony’s Song)
17 April 2012 by Revelator.
So you’ve noticed lately (or someone not so kindly pointed out to you) that you need to do a bit of spring cleaning in your office or cubicle. Or perhaps you are moving into a new office or cubicle. Either way you are going to have to deal with the question of what to do with all the junk you’ve acquired over lo these many years.
Some of it is quite easy to deal with. That birthday card (with those stupid cats on it) the office gave you three years ago can probably just go into the recycle bin now. I know you don’t want anyone to see you throw it away lest you hurt their feelings but come on, it’s been three years now; it’s time to let it go. Likewise that drawer full of soy sauce, ketchup and salsa packets along with the individual salt and pepper packages. Go ahead and keep a couple of those pre-packed spork and napkin sets – they will come in handy later - but that other stuff can go right into the trash. But there are also some items that you will be getting rid of that are not so easy to deal with. What do you do with those 10 compact discs that you have no use for any longer? And what about all those floppy discs you’re hanging on to? Floppy discs? Seriously? I know some of you still have them in a drawer or cabinet somewhere and I’m here to tell you that it is way past time for you to come on into the new millennium with the rest of us.
When you are moving or simply cleaning out your space we all need to remember there are security concerns that need to be considered. If your organization has a “shred all” policy when it comes to paper products then you know you have to personally shred, or place into a burn bag, any paper products you will be disposing. But what if you don’t have a “shred all” policy? How do you determine what goes into the burn bag, your shred box, your recycle bin or your trash can? It’s quite simple really; if that paper is marked “For Official Use Only”, “Privacy Act”, “Company Proprietary”, or any of the other markings we place on unclassified documents then it must be destroyed. But just one second, we’re not quite done here. We haven’t dealt with unmarked papers that may contain critical or sensitive information. What’s that you say? How are you supposed to know the difference between critical or sensitive information and just plain old unclassified information? This too is quite simple if you know where to look. Your organization has what is called a “Critical Information List.” This list details what unclassified information is considered “critical” and should be destroyed accordingly. You simply check out the information contained in your document and then check to see if that information is shown on the Critical Information List. If it is there then shred or otherwise destroy the material. If it is not on the Critical Information List (or otherwise classified) you have my blessing to toss that right into the recycle bin or trash can. Hell, you can put it right back into that bottom desk drawer to let the next guy deal with it for all I care. And finally, if you still have questions or are just unsure if that paper you are about to throw away should be shredded or put into the burn bag then simply call your local OPSEC or security personnel and he or she will provide the proper guidance.
While paper products are fairly easy to deal with what about all that multi-media you’ve got laying around that needs to get tossed. Well, you can’t just “toss” it can you? No; you need to determine how to correctly dispose of these materials. If you have an approved electronic media destruction machine in your area then please feel free to destroy with extreme prejudice. If you don’t have one then contact your local Information Assurance office and ask for direction. When in doubt always ask those who are getting paid to know.
One last thought here; over a 34 year career I have unfortunately seen a number of good people get in hot water for simple mistakes and that just sucks. One mistake they made was not looking under, around or in back of every piece of furniture in the outgoing office. Papers, discs, thumb drives and other material can easily get stuck in these places and you won’t know about it until the new person in your office (or a member of the cleaning crew!) finds it and reports it. Another mistake is to not thoroughly clean out every drawer, nook and cranny of every desk, filing cabinet or piece of furniture in your office. Many is the time that people have inadvertently left sensitive or even classified information in these places only to be called into an office some time later to be “questioned” about the incident.
For those of you getting promoted and moving into a better office; congratulations. For those of you just getting shuffled to a new cubicle for the umpteenth time and those who are stuck spring cleaning; I’m sorry. But for each and every one of you moving or cleaning please use this guidance or that provided by your local security personnel.
BTW: In case you were wondering that ridiculous cat birthday card you got three years ago was the only card left at the 7-11 when your coworker Eddie ran there at 3:30 because they forgot your birthday. Why do you think all you got was a Ding Dong with a single candle in it instead of that ice cream cake you had been hinting at all week?
Keep the Faith!
Revelator
Movin’ Out (Anthony’s Song) - Billy Joel
Posted in General OPSEC | Print | No Comments »
Dancing in the Dark
10 April 2012 by Revelator.
Ah yes, the Insider Threat rears it’s ugly head again. I just read that a Task Force is about to release a draft insider threat policy. The article goes on to talk about the WikiLeaks breach and protecting us from the myriad of hostile insiders who can, thanks to the technology boom, be very successful at causing us great harm. If further says: “…the insider threat is different today because people can more rapidly access and exploit large amounts of secret information.” I have no arguement with that statement and I have no argument that a Task Force has been convened to draft a far reaching policy to deal with these miscreants.
No; my problem deals with ignoring the unintentional theat. In my experience the insider threat is the greatest challenge we face when talking about the security of an organization. If we create a policy that only speaks to the malicious insider threat we are doing ourselves a great disservice by ignoring the unintentional insider. Clearly, I haven’t read the draft policy and I sincerly hope that there is verbiage dealing with the unintentional insider but I certainly didn’t hear it in the article and I suspect, unfortunately, that this threat will be ignored in the new policy.
To get my complete thoughts on the insider threat please see “Welcome to the Jungle” - 30May08, “Insider” - 09Oct08 and “Chain of Fools - 05Dec08.
The referenced article can be read at http://www.federaltimes.com/article/20120405/AGENCY03/204050304/1004/AGENCY03.
Keep the Faith!
Revelator
Dancing in the Dark - Bruce Springsteen and the E Street Band
Posted in Vulnerabilities, Threat | Print | No Comments »
Missing You
5 April 2012 by Revelator.
Ladies and Gentlemen and the Disciples of OPSEC,
My, my it has been a long time hasn’t it? For reasons I’m certainly not gonna go into in this forum I have been away for quite some time and I know now that it is time to get back to educating, entertaining and ruminating on all things OPSEC. I hope I haven’t lost those three dedicated readers during my absence. I am recharged and will speak about OPSEC because I am The Revelator and OPSEC is the way, the light and the glory (for protecting information and saving lives). Stay tuned…
Keep the Faith!
Revelator
Missing You - John Waite
Posted in Uncategorized | Print | No Comments »
I Am OPSEC
21 December 2010 by Revelator.
I’ve existed forever
Yet born in recent times
I am nameless throughout history
Though you know who I am
I rose from bloodshed
Yet exist for peace
When used we are strong
When ignored we are weak
Alone I am nothing
With you we endure
I exist to save life
I exist to save you
I am OPSEC
by layne marino
Keep the Faith!
Posted in General OPSEC | Print | 2 Comments »
Idiot Wind
15 October 2010 by Revelator.
I tried to hold off.
I swear I did.
As the author of a blog that I’ve clearly stated is about OPSEC, the whole OPSEC and nothing but the OPSEC I really do try to write about OPSEC related stuff. My long-time readers know though that sometimes I fall off the wagon. And usually when I do fall off the wagon I find myself writing about Fortune Cookies. Not cuz I love them…I mean they’re not bad but I could live without them. No; it’s because I have a small pet peeve (one of many I assure you). This particular one exists because I believe that when one opens a fortune cookie it had damn well better have a fortune in it. I’m not saying it has to be a good fortune - hell; it can say “You will die a horrible wood chipper related death tomorrow at 4pm.” It’s not about the fortune - it’s about not finding a fortune.
For reasons I’ve yet to be able to fathom fortune cookie producers have apparently run out of fortunes. I mean, they must have or they wouldn’t be stuffing my fortune cookies with inane faux wisdom and senseless inspirational messages. If I’ve said it once I’ve said it a thousand times: It’s a fortune cookie damn it and it should have a fortune in it!”
Fortunes: Things that happen or are to happen to a person in his or her life.
That is what it says in the dictionary. And that is all I want from my fortune cookie - a prediction of things that are to happen to a person in his or her life. Instead here is a sample of a “fortune” I got out a fortune cookie recently - “You must be the change you wish to see in the world”. Clearly not a fortune. But if not a fortune then what is it? An order? A direction for my life? I’m gonna call it advice. The only problem is that if I wanted advice I would have opened an advice cookie which to my understanding doesn’t exist so why then am I getting advice from a freaking fortune cookie? If the world wanted advice there would be advice cookies but clearly the world has spoken and said “No advice cookies! Give us fortune cookies.” And yet, advice is what we get.
Sometimes…
Others times we don’t even get advice. Sometimes we get crap like this: “Love is like paint…it makes things beautiful when you spread it, but it will dry up if you don’t use it.”
What the hell?
Oh, that is just soooooooo weak. Seriously? Love is like paint…? What kind of crap is that? Not a fortune to be sure but not advice either so now we have a new category of stuff coming out of my “fortune” cookie. But what is it? Wait. I don’t care what it actually is I just know it isn’t a fortune so I’m just gonna classify it as disappointing. Oh but there’s more…
“The weekend ahead predicts enjoyment.” Really? Exactly how does the weekend do that? I can see how the weekend might promise enjoyment but I can’t grasp how it can predict enjoyment. So while I was almost fooled into thinking this was a fortune I had to rule it out based on the impossibility of the statement. Next!
“Some people dream of worthy accomplishments while others stay awake and do them.” Well thank you fortune cookie for pointing out what a worthless human I am cuz I’m not out accomplishing anything worthy. I just wanted a freaking fortune that would make me, even for the slightest moment, think of the future possibilities. Instead, I get told I’m a dreamer…a lazy, shiftless, worthless dreamer who will never accomplish anything. Just what I needed to top off the meal.
And finally, the best of them all. I’m not sure what to say about this so I think I’ll just type it here and leave it for you to ponder…
“Writing is thinking on paper.”
Keep the Faith!
Revelator
Idiot Wind - Bob Dylan
Posted in BS | Print | 1 Comment »
National OPSEC Day
4 October 2010 by Revelator.
January 22nd - that’s the day folks.
As the anniversary of the day President Reagan (Saint Ron) signed National Security Decision Directive Number 298 into being I can’t wait to celebrate National OPSEC Day…is what I would be saying if, in fact, there were such an anniversary. Well ok, for arguments sake I guess any day that something happened would be followed annually by an anniversary but I’m not talking about just any day. No sir and no ma’am. I’m talking about a commemorative anniversary. One that celebrates all that is encompassed by the signing of this important document.
Those of you who have read one or two of my missives in this blog may be wondering just what type of tomfoolery I’m up to now but let me assure you that I am rather serious about this.
And so I ask you; why not a National OPSEC Day?
Aside from our formal holidays most “National Days” are there to commemorate but also - and perhaps more significantly - to raise awareness about a specific subject. Here are but a few examples: Family Literacy Day - America Recycles Day - World Aids Day - Human Rights Day.
And that’s a very, very, very small sample of “National Days”.
Also understand that many things are so important they merit a whole month: National Colorectal Cancer Awareness Month - National Autism Awareness Month - National Child Abuse Prevention Month - Sexual Assault Awareness and Prevention Month. All very good months to be sure and again, a very, very small sampling.
On the other end of the scale we have literally hundreds of other “National Days” that are just plain ridiculous: Run It Up the Flagpole and See if Anybody Salutes It Day - Old Rock Day - National Step in a Puddle and Splash Your Friend Day - Blame Someone Else Day - National Answer Your Cat’s Question Day. And those are all contained in January - and that ain’t all of them.
With this in mind how hard could it be to create a National OPSEC Day? Actually, quite hard indeed. A truly “National” day is literally an act of Congress and takes a lot of work. The first step is to contact your local congress person. Once you have their attention, you have to create the proposal and hopefully get it on the congressional agenda before too many years have passed. If you are intent on doing it and have the patience, it can be done. I’m afraid I don’t have the time or resources to mount such an effort.
We, as a group though, just might. And quit waiting for a punch line - there isn’t one coming.
I do OPSEC for a living. I think it’s important enough to dedicate my golden years doing OPSEC and hopefully (on some level) making OPSEC something better today than it was yesterday. And I know for a fact that there are hundreds (thousands?) of you out there doing the same as I am. I would name names of those I think are really contributing to the OPSEC profession but that would appear that I am calling them out as opposed to proving to you that I’m not the only one out here that respects OPSEC and works hard at it.
So what is next? I have no idea. I didn’t write this as someone trying to rally the troops around me and this idea. No - I just wanted to plant the seed and tell you that I think a National OPSEC Day would actually be a good idea.
The question now is - who will step up and try to make OPSEC a little better today than it was yesterday?
Keep the Faith
Revelator
Posted in Awareness, History, General OPSEC | Print | No Comments »
Smells Like Teen Spirit
13 August 2010 by Revelator.
More bad news fellow OPSECers…It’s time to face facts here and realize that we are not cool. Not even a little bit. Us OPSECers are just not as cool as the other groups. The Jocks give us wedgies. The Preps shun us the way they shun beggars. The Hipsters don’t even know we exist and The Stoners really just couldn’t care. The Goths distain us much like they distain well…everything else. We actually depress The Emo’s - and that’s saying a lot. Band geeks look down their horns at us and somehow even the poor kids feel pity for us. I haven’t completed my research on this but I’m pretty sure The Skaters, The Gangsters, The Plastics, The Burnouts, The Scenesters, The Drifters, hell - even The Wannabe’s all hate us. I suspect even the Chess Club geeks and the math dweebs would not let us hang out with them at lunch.
So where does that leave us? Where it always has…filling the role of outcast. If you have been in OPSEC for more than three months then you should have at least some inkling about how people have treated us as a group lo these many years.
“Hi folks, I’m your OPSEC Manager and I’m here to give you your annual OPSEC briefing” is generally not followed by cheers, clapping or the wave. Nope; generally it’s rolled eyes and low (mostly) groans. It’s always fun too when being introduced to someone and they casually ask what you do for a living and you say quite proudly - “I’m an OPSEC Manager.” Don’t you hate that glazed look on their face as they try to think of something kind to say instead of what they are thinking which is most likely something like - “What the &%#$ is an opeck manager?” And if you are foolish enough to try to explain exactly what an OPSEC Manager does you can look forward to a simple - “That sounds interesting. Excuse me, I have to uh, you know, uh…go…over, uh there, for a moment.”
Every time MSN pumps out another “Top Ten Jobs” list I eagerly look to see if OPSEC is there and for some unknown reason it never is. I wonder if the fact that hardly anyone in the world knows that we exist is one of the reasons. Or maybe it’s that OPSEC jobs are roughly 0.000000000000000000000000000000000000000013% of the total job market - and I ain’t kidding. Cool huh?
Actually not so cool. We’re not gonna get rich doing this and we’re not gonna get much publicity or notoriety as OPSECers which begs the question: Just why the hell are we doing this? I can’t speak for every OPSECer out there but I do it cuz I believe in this thing we call OPSEC. I truly believe that OPSEC can make a difference - that OPSEC can and does save lives. If I didn’t believe that then I couldn’t keep doing it.
It ain’t about being cool or being in the right clique - for me it’s about going home at the end of the day and being proud of what I do and what I’ve done.
To continue the high school theme; 12 years ago OPSEC asked me to the Sadie Hawkins Dance and while we broke up once or twice we’re still going steady. Matter of fact we’re planning a little getaway to DC in September…
Keep the Faith!
Revelator
Smells Like Teen Spirit - Nirvana
Posted in BS | Print | 1 Comment »
The Sky Is Crying
9 August 2010 by Revelator.
The International Space Station. Hubble. The space shuttle. Astronauts, taikonauts, and cosmonauts. They fly overhead more often than you think. All you need to know is when to look. “Satellite Flybys” turns your Android phone into an indispensable, field-tested satellite watching tool. It tells you when spacecraft are about to appear (with a countdown clock!) and which direction you should face. It also cuts through much confusion. There are tens of thousands of spacecraft and pieces of debris in Earth orbit. “Satellite flybys” tells you only about the most interesting and newsworthy objects. Satellite selections are made by Dr. Tony Phillips of spaceweather.com and the list of tracked objects is updated and changed as things happen in the night sky.
1. A one week look-ahead schedule of flybys.
2. Uses GPS to find your location. Or you can enter it manually.
3. Flyby alarms. You can set an alarm to let you know when a flyby is about to happen.
4. A flyby countdown clock. This really fun feature helps you know *exactly* when to look.
5. Pictures and detailed information on each tracked object.
6. Satellite list updated and maintained by experts.
Note: requires Android 1.6 or higher.
Note: For some reason AndroidZoom keeps reporting that the app is free. The price is $2.99.
Ain’t technology great? Actually this might be one of those times when technology is actually great. Can you see any uses for this handy, dandy app? I took my cool phone swimming with me at my birthday party so I can’t download this app to see which satalittes it may be tracking but I think that might be some pretty interesting information.
I’m not gonna get deep into the implications of such a device - I just wanted to put it out there for you just so you know.
Keep the Faith!
Revelator
The Sky Is Crying - Stevie Ray Vaughn
Posted in Awareness, Threat, WWW, General OPSEC | Print | No Comments »
Memory Motel
19 July 2010 by Revelator.
Unfortunately in my 51 years many things that I have enjoyed over the years are gone. Many memories I have of life simply do not occur any more. It’s rather sad to come to the realization that so many things just simply do not exist or just don’t happen anymore.
For example:
I can’t remember the last time I was carded at the liquor store.
I don’t remember the last time I used a pay phone on the side of the street.
I can’t remember the last mailbox I saw on the corner.
I can’t remember the last 33 1/3 album I peeled the plastic off of and sat on my record player.
On the plus side I also can’t remember the last time I had to lick a stamp.
Fortunately I live in Las Vegas so I can remember the last time I fired up a cigarette in a bar (last night) though I suspect a great many of you have forgotten those days.
I threw out over 100 hundred cassette tapes this past weekend - I don’t remember the last one I bought.
I can’t remember the last time I used a phone book - and I’m not sure why I get 20 of them left on my doorstep every year.
I miss watching the Christmas parade in my hometown. Where did those go?
I can’t remember the last school I saw that wasn’t locked down as tight at the State Pen. Where do kids go to play these days? Do kids go out to play these days?
I barely remember a time when I didn’t know who was calling me before I picked up.
I can’t remember the last time the doughnut truck came up my street. What a heavenly scent.
I can’t remember the last time I saw an ice cream man driving something that didn’t disgust me.
I know they still make PF Flyers but I damn sure can’t remember the last pair I saw.
Creating this list is hard because remembering what you don’t remember is complicated. As things fade away it’s only natural that we tend to forget what they were and how much we might miss them. Some things that have gone away I certainly don’t miss (another list for another time) but other things I miss a great deal. Strolling down memory lane is always a mixed blessing.
And finally…one more lost memory - do any of you remember the last time you saw someone ignore sound security practices?
I do. It was five minutes ago.
While most everything changes or disappears or is replaced with something newer and better ignoring security doesn’t seem to one of these things. History is replete with people taking advantage of another’s poor security and I’m sad to report that it will stay like that long after you and I are gone.
I won’t go on yet another awareness rant but we all need to spread the gospel of sound OPSEC practices whenever we can. Like I hear all the time on ESPN: “You can’t stop him - you can only hope to contain him.”
Keep the Faith!
Revelator
Memory Motel - The Rolling Stones
Posted in Awareness, General OPSEC | Print | 1 Comment »
Memorial Day
25 May 2010 by Revelator.
MEMORIAL DAY
by c.w. johnson
We walked among the crosses
Where our fallen soldiers lay.
And listened to the bugle
As TAPS began to play.
The Chaplin led a prayer
We stood with heads bowed low.
And I thought of fallen comrades
I had known so long ago.
They came from every city
Across this fertile land.
That we might live in freedom.
They lie here ‘neath the sand.
I felt a little guilty
My sacrifice was small.
I only lost a little time
But these men lost their all.
Now the services are over
For this Memorial Day.
To the names upon these crosses
I just want to say,
Thanks for what you’ve given
No one could ask for more.
May you rest with God in heaven
From now through evermore.
On Memorial Day I urge you to reach out and personally thank a veteran or a surviving family member for their sacrifice. A handshake will do - as will a simple “thank you”.
“A veteran - whether active duty, retired, or national guard or reserve - is someone who, at one point in his/her life, wrote a blank check made payable to “The United States of America,” for an amount of “up to and including my life.”
God Bless America
Keep the Faith
Revelator - AKA: Layne Marino, MSgt, USAF (Ret)
Posted in Awareness, History | Print | 1 Comment »
Wheelbarrow Blues
16 April 2010 by Revelator.
It is time, once again, for a guest blogger. Today it is OSPA Pres/Founder Chris Cox. Thanks for this simple, yet effective OPSEC parable.
There was a man who had worked at a factory for twenty years. Every night when he left the plant, he would push a wheelbarrow full of straw to the guard at the gate. The guard would look through the straw, and find nothing and pass the man through. On the day of his retirement the man came to the guard as usual but without the wheelbarrow. Having become friends over the years, the guard asked him, “Charlie, I’ve seen you walk out of here every night for twenty years. I know you’ve been stealing something. Now that you’re retired, tell me what it is. It’s driving me crazy.” Charlie simply smiled and replied, “Okay, wheelbarrows!”
While wheelbarrow theft may not (or may, who are we to judge?) be your biggest concern, the message certainly is. Sometimes, the biggest threats are hiding in plain sight. Sometimes, what we assume is our biggest concern… is actually a distraction.
Keep the Faith!
Revelator
Wheelbarrow Blues - Emil McGloin
Posted in Awareness, General OPSEC | Print | No Comments »
A Change Is Gonna Come
14 April 2010 by Revelator.
I sure wish the title were true. Unfortunately, I have evidence to the contrary - read on…
BASED ON A TRUE STORY - THE DETAILS HAVE BEEN ALTERED SO AS TO PROTECT MY SOURCE
Date: Sometime in the very near past that isn’t right now and not yesterday - but still very, very, very recently
Time: After the sun came up but before the second smoke break
Where: At the food court in a big military building with five sides somewhere in the northeast that will remain nameless
This is a faithful account of an event as reported by a friend of mine…
“I’m ordering coffee this morning because I stayed up too late watching an NBA game (Phoenix beat Denver). I look over to my left and an Army COL (O-6) is also ordering coffee. He puts down the paper in his hands to pay the cashier and to my surprise the hardcopy email is SECRET. Yes, SECRET!!!!! I’m dumbfounded so after I wait for the COL to complete his transaction and he goes to a table to sit down. He is sipping his coffee and reading the SECRET email like he is in his office. I couldn’t take it any longer and asked the COL could I sit down. Without covering the document, he allowed me to sit. I pointed out to him he should not be reading a SECRET document outside of his work area. He said he was on his way to an 0800 meeting and he didn’t have the time to go to his office (which brings up more questions. I identified myself as //IDENTIFYING DATA DELETED// and he said he “appreciated” my “OPSEC vigilance” but he has a “real job to do.” I politely pull a blank sheet of paper from my book bag and asked the COL to cover the document or I would have to notify security. He asked where I worked and who I worked for. I replied that didn’t matter so please cover the document. The COL then got up and walked out.”
No time to stop by the office but plenty of time to grab a cup of Joe and sit down to enjoy it? In the middle of the food court? With an uncovered SECRET document? Well kiss my ass in the middle of the town square and call me Sparky but the sad, sad, sad truth is that unfortunately this happens all too often.
How many times do I have to shout out from the mountain top that WE are our own biggest threat? How many times will security be sacrificed for convenience? How many times will high rank not equal good judgment? How many times will security consciousness be overruled by ignorance and hubris? How many times will ignorance rule over damn near everything else? How many times damn it!
The simple answer is that in the time it’s taken me to write this all the above has happened numerous times in numerous places. When will it end? Never. It really is that simple. Stuff like this will never stop - not as long as humans are involved.
So, what do we do about it? Well, I reckon we keep shouting from the mountain top - we keep writing OPSEC articles - we keep giving awareness briefings - we keep putting posters up - we don’t ignore bad security practices when we see them - and most importantly, we keep the faith and spread the good word of OPSEC.
Keep the Faith!
Revelator
A Change Is Gonna Come - Sam Cooke
Posted in BS, General OPSEC | Print | No Comments »
Who Wrote The Book Of Love
5 February 2010 by Revelator.
While reading “Hour Game” by David Baldacci I came upon a narrative that screemed OPSEC better than anything I’ve read or seen on TV lately. Never under estimate the threat - in any situation…
He watched the old couple totter out of the supermarket and ease into their Mercedes station wagon. He wrote down the license plate number. He would run it later on the Internet and get their home address. They were doing their own shopping, so they probably had no live-in help or grown children nearby. The make of the care was relatively new, so they weren’t surviving solely on Social Security. The man wore a cap with the logo of the local country club. That was another potential gold mine of information he might later tap.
He sat back and waited patiently. More prospects were sure to come in the busy shopping center. He could consume all he wanted without ever once taking out his wallet.
A few minutes later an attractive woman in her thirties came out of a pharmacy carrying a large bag. His gaze swung to her, his homicidal antennae twitching with interest. The woman stopped at the ATM next to the pharmacy, withdrew some cash and then committed what should have been classified as a mortal sin for the new century: she tossed the receipt into the trash before climbing into a bright red Chrysler Sebring convertible. Her vanity plate read “DEH JD.”
He quickly translated that to be her initials and the fact that she was a lawyer, the “JD” standing for Juris Doctor. Her clothes told him she was fastidious about her appearance. The tan on her arms, face and legs was deep. If she was a practicing lawyer, she probably had just come back from vacation or else had visited the tanning booth over the winter. She was very fit-looking, her calves particularly well developed. His gaze had fixed on the gold anklet she wore on her left leg as she climbed in her car. That was intriguing, he thought.
She had a current-year American Bar Association bumper sticker, so the odds were she was still practicing law. And she was also single - there was no wedding ring on her finger. And right next to the ABA bumper sticker was a parking permit for a very expensive gated residential development about two miles from here. He nodded appreciatively. These stickers were very informative.
He parked, got out of the Bug, walked over to the trash can, made a show of throwing something away and in the same motion plucked out the ATM receipt. The woman really should have known better. She might as well have tossed her personal tax return in the trash. She was now naked, completely open to any probing he wanted to do.
When he got back to his car, he looked a the name on the account: D. Hinson. He’d look her up in the phone book later. And she’d also be in the business listings, so he’d know which law firm in town she worked at. That would him two potential targets. Banks had started leaving off some of the numbers of the account because they knew their customers stupidly disposed of their receipts where they were easy picking for people like him.
He kept trolling under the warming sun. What a nice day it was shaping up to be. He reclined slightly in his seat only to perk up when off to his right a soccer mom started loading groceries in her van. He wasn’t guessing there: she wore a T-shirt that announced her status. An infant rode in the car seat in the rear. A green bumper sticker announced that the woman was the mom of an honor roll student at Wrightsburg Middle School for the current school year.
Good to know, he thought: seventh or eighth grader and an infant. He pulled into the space next to the van and waited. The woman took the cart back to the front of the store, leaving the baby completely unguarded.
He got out of the Bug, leaned into the van’s open driver’s side window and smiled at the baby, who grinned back, chortling. The interior of the van was messy. Probably so was the woman’s house. If they had an alarm system, they probably never turned it on. Probably forgot to lock all the doors and windows too. It was a wonder to him that the crime rate in the country wasn’t far higher what with millions of idiots like here staggering blindly through life.
An algebra book was in the backseat; the middle school child’s, no doubt. Next to it was a children’s picture book, so there was at least a third child. This deduction was confirmed by the presence of a pair of grass-stained tennis shoes in the rear floorboard; they looked to be those of a five- or six-year-old boy.
He glanced in the passenger seat. There is was: a People magazine. He looked up. The woman had just slammed the cart back into the rack and had now paused to talk to someone coming out of the store. He reached in and drew the magazine toward him. Name and home address were on the mailing label. He already had her home phone number. She’d helpfully put it on the For Sale sign on the window of her van.
Another bingo. Her keys were in the ignition. He placed a piece of soft putty over the ones that looked like house keys, taking quick impressions. It made the breaking in and entering part a lot easier when you didn’t have to “break” when you “entered.”
A final home run. Her cell phone was in its holder. He looked up. She was still gabbing away. Had he been so inclined he could have killed the kid, stolen all her groceries and torched the car, and the woman would never even know it until someone started screaming at the flames shooting into the sky. He glanced around. People were far too busy with their lives to notice him.
He snatched the phone, hit the main screen button and got her cell phone number. The he accessed her phone book, took a digital camera the size of his middle finger from his pocket and snapped pictures of screen after screen until he had all the names and phone numbers in her directory. He returned the phone, waved bye-bye to baby and slipped back into his car.
He went over his list. He had her name, home address and the fact that she had a least three kids and was married. The mailing block had been addressed to both Jean and Harold Robinson. He also had her home phone number, cell phone number and the names and numbers of a host of others important to her as well as impressions of her house keys.
She and her lovely family belong to me now.
Keep the Faith
Revelator
Who Wrote The Book Of Love - The Monotones
Posted in Risk, Critical Information, Awareness, Vulnerabilities, Threat, Family OPSEC, Analysis, General OPSEC | Print | No Comments »
Heartbeat (It’s A Love Beat)
3 February 2010 by Revelator.
And here it comes once again…Valentine’s Day. That one day a year we must visibly show our undying devotion to and appreciation for the one we love. So, off we go to the corner gas station/convenience store on February 13 looking for the card we almost forgot to purchase to show exactly how much we love our one true love. Finding only a card from a dog to its owner we rush off to Wal-Mart where the selection is only slightly better. But you find a card that sort of fits your current relationship and then you head over to the candy aisle to find that all that is left are $50 boxes of “Anatomically Correct Heart Shaped” Chocolate covered Canteloupe. Sure you love canteloupe - who doesn’t? But you’re put off by its anatomically correct shape so you are off to Target where, much to your chagrin all they have left is a 25 pound Hershey Kiss®. Now what?
Sure, I could go on but most of us guys have been there - done that, so I’ll leave the rest to your unfortunate memories of Valentine’s past. I’ll assume you’ve learned your lessons and now start planning your Valentine’s Day accordingly. Two weeks out you started searching and found the perfect Valentine’s gift for your lady. You were smart and passed on the “Jillian Michaels Biggest Loser Workout” for the Wii and instead opted for the Mani-Pedi-Spa-Massage package. Sure it ran you just over $400 bucks but come on, she’s worth it.
But the question remains - how do you pull this off without her finding out about this great gift ahead of time? You know she loves surprises so you want to make this all happen without her knowing…but how?
How can you make a major purchase ahead of time without her knowing?
How can you make sure she is available on Daytona 500 Sunday..I mean, Valentine’s Day for her appointment at the spa?
How can you make sure she doesn’t just go and waste money on a manicure or a pedicure (or both) on Friday in anticipation of you taking her out to dinner for Valentine’s Day?
And won’t she be suspicious if you haven’t made some sort of plans for Valentine’s Day?
Is some sort of deception plan required?
How can you pull this off and still watch the Great American Race?
All these questions and more can be answered by utilizing OPSEC in your planning. Just common sense and perhaps some deception and you can actually pull off a great Valentine’s Day surprise that will really show the one you love just how much you love them…until next Valentine’s Day when you will have to top this one. Good luck with that.
Keep the Faith!
Revelator
HeartBeat (It’s A Love Beat) - The DeFranco Family
Posted in BS, Planning, Family OPSEC | Print | No Comments »
Lies
29 December 2009 by Revelator.
As 2009 draws to a close I thought I might ponder, muse if you will, about the state of OPSEC and all that has happened in OPSEC during the year…or I could do the third installment of my running discourse about fortune cookies.
I’ve decided on the fortune cookies…
The day was March 17, 2008 (it’s still there - check it out) - I could no longer hold back and had to do that fateful first Fortune Cookie entry. And it felt good. My basic premise was that Fortune Cookies rarely had fortunes in them. Instead they had statements about living and other such crap. Nine months later (December 5, 2008) I was fed up again and wrote the second in the series about Fortune Cookies. And now, after a stop at Panda Express the other day I am compelled to write the third in my continuing Fortune Cookie Saga…
Look, I’m a basic guy. Keep it simple. When I open a Fortune Cookie I want to see a fortune damn it! I don’t care what it says and I don’t believe a word I read but if you are going to call it a Fortune Cookie then I believe I deserve a fortune - even a weak one. Come on, I know that the McRib isn’t really rib meat - it’s just a great sauce so I’m Ok with almost right but I can’t stand by and be lied to by the Fortune Cookie wrapper itself. If they were called Words of Wisdom and Other Such Crap Cookies then I’m good with them but they are not - they are called Fortune Cookies and (I say again) I want to see a fortune damn it!
Waiting till the end of the meal (as I believe tradition requires) I opened my latest Fortune Cookie and here is what the tiny white paper had printed upon it; “Treat yourself to something of quality.” Now I’m not sure by what standards you may define “fortune” but I’m pretty sure this statement would not qualify. And just so you won’t think this was a one off aberration allow me to share a couple of more “fortunes” with you:
A smile is your personal welcome mat. Not mine - have you seen my teeth lately? A statement - and not true.
A truly rich life contains love and art in abundance. Says who? By the way - I have much love but little to no art in my life so I guess, by definition, I’m screwed out of a truly rich life. Another statement - and false.
Competence like yours is underrated. Know what they call underrated competence? Incompetence - that’s what it’s called when its underrated. Under appreciated is quite another thing. I could live with that. It’s still not a fortune though. Nope, another statement that is not only false but misleading.
Have a beautiful day. Bite me. Not even a true statement but an order. I do not take orders from cookies.
There’s no such thing as an ordinary cat. Logically, it would seem to me that at any given time there is one cat in the world who is smack dab in the middle of cat extremes. This cat then, would have to be the one who is ordinary - until he or she dies leaving the next one who is, again, the one who is in the middle of the extremes and by definition; ordinary.
You are working hard. Not a fortune and certainly not true.
You have a shrewd knack for spotting insincerity. Found it. So I guess that one is true - but still not a fortune, merely a lucky guess.
Truth be told I have received a number of “fortunes” in my Fortune Cookies over the years. Here are what I consider decent fortunes:
Now is a good time to buy stock.
Now is the time to go ahead and pursue that love interest!
You are in good hands this evening.
You will inherit a large sum of money.
See what I’m saying? To my knowledge only one of those came true but again, this is not my point. Truth in advertising - that’s all I’m looking for. When I crack it open I want a fortune damn it!
Happy New Year’s y’all.
Keep the Faith
Revelator
Lies - The Rolling Stones
Posted in BS | Print | No Comments »
Merry Christmas, Baby
24 December 2009 by Revelator.
Every year there are a number of Christmas movies I have to watch; “Scrooged”, “Elf”, “It’s A Wonderful Life” and the original “How The Grinch Stole Christmas”. And in each of these movies/30 minute specials I have some favorites lines and moments but every year there is one quote that stands out for me. It’s from Scrooged - Bill Murrey as Frank Cross: “It’s Christmas Eve. It’s the one night of the year when we all act a little nicer, we smile a little easier, we cheer a little more. For a couple of hours out of the whole year we are the people that we always hoped we would be.”
On this Christmas Eve (and for as long as you can hold on to it) we should all try to be the people that we always hoped we would be.
Merry Christmas everyone.
Keep the Faith!
Revelator
Merry Christmas, Baby - Written by Lou Baxter & Johnny Moore; sung by many
Posted in Movies | Print | No Comments »
‘Zat You, Santa Claus?
24 December 2009 by Revelator.
Alright now settle down, settle down. Everyone take your seats and let’s get this thing started. Plenty of room up front folks…come on down - don’t be shy. That’s right - fill in all the seats. And you guys leaving the extra seat open like you do in the theater…that’s not gonna fly in here; move it on over. Doesn’t mean your dating just cuz your elbows touch. Oh come on! Who’s cell was that? You? Well ain’t you special… Everyone, I would like you to meet that one special person to whom the rules don’t apply. Could a couple of you gentlemen who abided by the rules please escort this gentleman to the door, take his badge and fling him into the new falling snow? Thank you very much. Dutch? Could you make sure to terminate his security clearance please? Thanks.
Boys, this is serious business and you will either follow my rules or….well, you’ve seen what happens when you don’t follow the rules.
Where’s my clicker? Thanks. Slide, the first - here’s your target. Surprised? Wondering just what the hell is going on here? Well, wipe those stunned looks off your faces cuz this is indeed your target and we have a very small window of opportunity to grab this guy and that time is fast approaching.
So your saying to yourself; “I’ve seen this guy a thousand times - I could walk half a block from here and just grab him.” Yes, you could grab him…but it wouldn’t be him. Remember when we found out that Saddam had look-a-likes attending meetings and such in his stead? Well, this guy has taken this strategy to insane new levels. In our estimation he has over 27,000 doubles working all over the world and trust me when I tell you we don’t have the budget to round them all up and run DNA tests on each one so we need to figure out just how to get the real one; something people have been trying to do for long about two hundred years now. Oh, he’s crafty this one - don’t ever underestimate this man.
And here’s the worst thing about this guy - he understands our intelligence systems and how to manipulate those. Wait there is one more thing - he see’s what you are doing. Some how he has each and everyone of you under surveillance 24 hours a day. For example, he knows that you are here now and later he’ll know what you are doing too. It is very hard to track a target like that let me tell you.
Back to the intel systems - he’s on to us. How do we know? Here’s how:
1. We know exactly what he looks like and we can’t find him.
2. We know exactly what he wears and we can’t find him.
3. We know exactly who his wife is but no one has ever actually seen her.
4. We know where he lives but we can’t actually find it.
5. We know exactly what he drives but we can’t find that either.
6. We know exactly when he will be out among us yet we can’t find him.
7. We know his flight routes but still can’t shoot him down.
8. We know who works for him but no one has ever seen one of his employees.
So, we know everything about this guy and yet for all our efforts no one can find him and bring him in. That is why your were brought here. You are the best of the best in your fields and we think if anyone can find this guy it will be someone in this room. Let me add that I think the one mil we’re offering as a reward just might incentivize each of you a bit.
Fellow OPSECers, I was thinking about Santa this morning and I’ve come to the conclusion that Santa must have the best OPSEC program EVER! How else can you explain items 1-8 above? Seriously. Dude has it mastered. Sure, NORAD follows him every year but still no one has been able to shoot him down. I’m just saying…
You find another program that protects info better than this and I’ll put you right at the top of my Christmas List.
Keep the Faith!
Revelator
‘Zat You, Santa Claus? - Louis Armstrong (and many others)
Posted in BS | Print | No Comments »
Tell It Like It Is
18 December 2009 by Revelator.
This is just unfreakingbelievable!
Hackers steal SKorean-US military secrets By KWANG-TAE KIM, Associated Press Writer Kwang-tae Kim, Associated Press Writer Fri Dec 18, 7:19 am ET
SEOUL, South Korea – South Korea’s military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea.
The suspected hacking occurred late last month when a South Korean officer failed to remove a USB device when he switched a military computer from a restricted-access intranet to the Internet, Defense Ministry spokesman Won Tae-jae said.
The USB device contained a summary of plans for military operations by South Korean and U.S. troops in case of war on the Korean peninsula. Won said the stolen document was not a full text of the operational plans, but an 11-page file used to brief military officials. He said it did not contain critical information.
Pardon? Did I read that wrong? Let me check…”He said it did not contain critical information.” Nope - I read it right. Still can’t believe it. I mean, are you kidding me? An 11 page Executive Summary of our South Korean defense plans (OPLAN 5027) contains no sensitive information? Am I dead? Did I go to OPSEC hell and not get greeted by the demon of OPSEC? I’ve met this demon before - his name is Ignorance - so I’m pretty sure I would know him if he was greeting me at the gates of OPSEC hell. Perhaps this is a dream? Damn it people - just saying something isn’t so does not make it not so. Sure that’s a horrible sentence but let me show one that is far worse: “He said it did not contain critical information.” See? Much worse.
And don’t give me that nonsense that denying it had critical information is our way of not confirming to the North Koreans that it did indeed contain sensitive information. You know who says stuff like that? People who don’t understand the adversary. To be so blind as to think that North Korea doesn’t have a damn good idea of what is essentially contained in OPLAN 5027 is the height of ignorance. Especially since you can find older versions of OPLAN 5027 in all it’s classified glory on the internet.
I’ll grant that the 11 page summary may have been unclassified but there is no way I’m going to grant it didn’t contain critical information. Unless the only definition you have of critical information is anything that’s classified - and we know that’s just not true. Too bad not everybody understands that these days.
Thanks to my good friend Kirk for letting me know about this.
Keep the Faith!
Revelator
Tell It Like It Is - Aaron Neville
Posted in Risk, Critical Information, BS, Vulnerabilities, Threat, Media, WWW, Computer Intrusions | Print | No Comments »