| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
- Analysis (1)
- Assessments/Surveys (1)
- Awareness (12)
- BS (19)
- Computer Intrusions (3)
- Conferences (7)
- Countermeasures (4)
- Critical Information (9)
- Critical Information Lists (2)
- Family OPSEC (9)
- General OPSEC (29)
- History (6)
- Indicators (3)
- Leadership Support (2)
- Media (7)
- Movies (4)
- OPSEC Plans (2)
- OSPA (9)
- Planning (3)
- Program Management (11)
- Risk (7)
- Threat (8)
- Uncategorized (8)
- Vulnerabilities (6)
- WWW (11)
- 21. December 2010: I Am OPSEC
- 15. October 2010: Idiot Wind
- 4. October 2010: National OPSEC Day
- 13. August 2010: Smells Like Teen Spirit
- 9. August 2010: The Sky Is Crying
- 19. July 2010: Memory Motel
- 25. May 2010: Memorial Day
- 16. April 2010: Wheelbarrow Blues
- 14. April 2010: A Change Is Gonna Come
- 5. February 2010: Who Wrote The Book Of Love
- December 2010
- October 2010
- August 2010
- July 2010
- May 2010
- April 2010
- February 2010
- December 2009
- October 2009
- September 2009
- August 2009
- July 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
I Am OPSEC
21. December 2010 by Revelator.
I’ve existed forever
Yet born in recent times
I am nameless throughout history
Though you know who I am
I rose from bloodshed
Yet exist for peace
When used we are strong
When ignored we are weak
Alone I am nothing
With you we endure
I exist to save life
I exist to save you
I am OPSEC
by layne marino
Keep the Faith!
Posted in General OPSEC | Print | 1 Comment »
Idiot Wind
15. October 2010 by Revelator.
I tried to hold off.
I swear I did.
As the author of a blog that I’ve clearly stated is about OPSEC, the whole OPSEC and nothing but the OPSEC I really do try to write about OPSEC related stuff. My long-time readers know though that sometimes I fall off the wagon. And usually when I do fall off the wagon I find myself writing about Fortune Cookies. Not cuz I love them…I mean they’re not bad but I could live without them. No; it’s because I have a small pet peeve (one of many I assure you). This particular one exists because I believe that when one opens a fortune cookie it had damn well better have a fortune in it. I’m not saying it has to be a good fortune - hell; it can say “You will die a horrible wood chipper related death tomorrow at 4pm.” It’s not about the fortune - it’s about not finding a fortune.
For reasons I’ve yet to be able to fathom fortune cookie producers have apparently run out of fortunes. I mean, they must have or they wouldn’t be stuffing my fortune cookies with inane faux wisdom and senseless inspirational messages. If I’ve said it once I’ve said it a thousand times: It’s a fortune cookie damn it and it should have a fortune in it!”
Fortunes: Things that happen or are to happen to a person in his or her life.
That is what it says in the dictionary. And that is all I want from my fortune cookie - a prediction of things that are to happen to a person in his or her life. Instead here is a sample of a “fortune” I got out a fortune cookie recently - “You must be the change you wish to see in the world”. Clearly not a fortune. But if not a fortune then what is it? An order? A direction for my life? I’m gonna call it advice. The only problem is that if I wanted advice I would have opened an advice cookie which to my understanding doesn’t exist so why then am I getting advice from a freaking fortune cookie? If the world wanted advice there would be advice cookies but clearly the world has spoken and said “No advice cookies! Give us fortune cookies.” And yet, advice is what we get.
Sometimes…
Others times we don’t even get advice. Sometimes we get crap like this: “Love is like paint…it makes things beautiful when you spread it, but it will dry up if you don’t use it.”
What the hell?
Oh, that is just soooooooo weak. Seriously? Love is like paint…? What kind of crap is that? Not a fortune to be sure but not advice either so now we have a new category of stuff coming out of my “fortune” cookie. But what is it? Wait. I don’t care what it actually is I just know it isn’t a fortune so I’m just gonna classify it as disappointing. Oh but there’s more…
“The weekend ahead predicts enjoyment.” Really? Exactly how does the weekend do that? I can see how the weekend might promise enjoyment but I can’t grasp how it can predict enjoyment. So while I was almost fooled into thinking this was a fortune I had to rule it out based on the impossibility of the statement. Next!
“Some people dream of worthy accomplishments while others stay awake and do them.” Well thank you fortune cookie for pointing out what a worthless human I am cuz I’m not out accomplishing anything worthy. I just wanted a freaking fortune that would make me, even for the slightest moment, think of the future possibilities. Instead, I get told I’m a dreamer…a lazy, shiftless, worthless dreamer who will never accomplish anything. Just what I needed to top off the meal.
And finally, the best of them all. I’m not sure what to say about this so I think I’ll just type it here and leave it for you to ponder…
“Writing is thinking on paper.”
Keep the Faith!
Revelator
Idiot Wind - Bob Dylan
Posted in BS | Print | 1 Comment »
National OPSEC Day
4. October 2010 by Revelator.
January 22nd - that’s the day folks.
As the anniversary of the day President Reagan (Saint Ron) signed National Security Decision Directive Number 298 into being I can’t wait to celebrate National OPSEC Day…is what I would be saying if, in fact, there were such an anniversary. Well ok, for arguments sake I guess any day that something happened would be followed annually by an anniversary but I’m not talking about just any day. No sir and no ma’am. I’m talking about a commemorative anniversary. One that celebrates all that is encompassed by the signing of this important document.
Those of you who have read one or two of my missives in this blog may be wondering just what type of tomfoolery I’m up to now but let me assure you that I am rather serious about this.
And so I ask you; why not a National OPSEC Day?
Aside from our formal holidays most “National Days” are there to commemorate but also - and perhaps more significantly - to raise awareness about a specific subject. Here are but a few examples: Family Literacy Day - America Recycles Day - World Aids Day - Human Rights Day.
And that’s a very, very, very small sample of “National Days”.
Also understand that many things are so important they merit a whole month: National Colorectal Cancer Awareness Month - National Autism Awareness Month - National Child Abuse Prevention Month - Sexual Assault Awareness and Prevention Month. All very good months to be sure and again, a very, very small sampling.
On the other end of the scale we have literally hundreds of other “National Days” that are just plain ridiculous: Run It Up the Flagpole and See if Anybody Salutes It Day - Old Rock Day - National Step in a Puddle and Splash Your Friend Day - Blame Someone Else Day - National Answer Your Cat’s Question Day. And those are all contained in January - and that ain’t all of them.
With this in mind how hard could it be to create a National OPSEC Day? Actually, quite hard indeed. A truly “National” day is literally an act of Congress and takes a lot of work. The first step is to contact your local congress person. Once you have their attention, you have to create the proposal and hopefully get it on the congressional agenda before too many years have passed. If you are intent on doing it and have the patience, it can be done. I’m afraid I don’t have the time or resources to mount such an effort.
We, as a group though, just might. And quit waiting for a punch line - there isn’t one coming.
I do OPSEC for a living. I think it’s important enough to dedicate my golden years doing OPSEC and hopefully (on some level) making OPSEC something better today than it was yesterday. And I know for a fact that there are hundreds (thousands?) of you out there doing the same as I am. I would name names of those I think are really contributing to the OPSEC profession but that would appear that I am calling them out as opposed to proving to you that I’m not the only one out here that respects OPSEC and works hard at it.
So what is next? I have no idea. I didn’t write this as someone trying to rally the troops around me and this idea. No - I just wanted to plant the seed and tell you that I think a National OPSEC Day would actually be a good idea.
The question now is - who will step up and try to make OPSEC a little better today than it was yesterday?
Keep the Faith
Revelator
Posted in Awareness, History, General OPSEC | Print | No Comments »
Smells Like Teen Spirit
13. August 2010 by Revelator.
More bad news fellow OPSECers…It’s time to face facts here and realize that we are not cool. Not even a little bit. Us OPSECers are just not as cool as the other groups. The Jocks give us wedgies. The Preps shun us the way they shun beggars. The Hipsters don’t even know we exist and The Stoners really just couldn’t care. The Goths distain us much like they distain well…everything else. We actually depress The Emo’s - and that’s saying a lot. Band geeks look down their horns at us and somehow even the poor kids feel pity for us. I haven’t completed my research on this but I’m pretty sure The Skaters, The Gangsters, The Plastics, The Burnouts, The Scenesters, The Drifters, hell - even The Wannabe’s all hate us. I suspect even the Chess Club geeks and the math dweebs would not let us hang out with them at lunch.
So where does that leave us? Where it always has…filling the role of outcast. If you have been in OPSEC for more than three months then you should have at least some inkling about how people have treated us as a group lo these many years.
“Hi folks, I’m your OPSEC Manager and I’m here to give you your annual OPSEC briefing” is generally not followed by cheers, clapping or the wave. Nope; generally it’s rolled eyes and low (mostly) groans. It’s always fun too when being introduced to someone and they casually ask what you do for a living and you say quite proudly - “I’m an OPSEC Manager.” Don’t you hate that glazed look on their face as they try to think of something kind to say instead of what they are thinking which is most likely something like - “What the &%#$ is an opeck manager?” And if you are foolish enough to try to explain exactly what an OPSEC Manager does you can look forward to a simple - “That sounds interesting. Excuse me, I have to uh, you know, uh…go…over, uh there, for a moment.”
Every time MSN pumps out another “Top Ten Jobs” list I eagerly look to see if OPSEC is there and for some unknown reason it never is. I wonder if the fact that hardly anyone in the world knows that we exist is one of the reasons. Or maybe it’s that OPSEC jobs are roughly 0.000000000000000000000000000000000000000013% of the total job market - and I ain’t kidding. Cool huh?
Actually not so cool. We’re not gonna get rich doing this and we’re not gonna get much publicity or notoriety as OPSECers which begs the question: Just why the hell are we doing this? I can’t speak for every OPSECer out there but I do it cuz I believe in this thing we call OPSEC. I truly believe that OPSEC can make a difference - that OPSEC can and does save lives. If I didn’t believe that then I couldn’t keep doing it.
It ain’t about being cool or being in the right clique - for me it’s about going home at the end of the day and being proud of what I do and what I’ve done.
To continue the high school theme; 12 years ago OPSEC asked me to the Sadie Hawkins Dance and while we broke up once or twice we’re still going steady. Matter of fact we’re planning a little getaway to DC in September…
Keep the Faith!
Revelator
Smells Like Teen Spirit - Nirvana
Posted in BS | Print | 1 Comment »
The Sky Is Crying
9. August 2010 by Revelator.
The International Space Station. Hubble. The space shuttle. Astronauts, taikonauts, and cosmonauts. They fly overhead more often than you think. All you need to know is when to look. “Satellite Flybys” turns your Android phone into an indispensable, field-tested satellite watching tool. It tells you when spacecraft are about to appear (with a countdown clock!) and which direction you should face. It also cuts through much confusion. There are tens of thousands of spacecraft and pieces of debris in Earth orbit. “Satellite flybys” tells you only about the most interesting and newsworthy objects. Satellite selections are made by Dr. Tony Phillips of spaceweather.com and the list of tracked objects is updated and changed as things happen in the night sky.
1. A one week look-ahead schedule of flybys.
2. Uses GPS to find your location. Or you can enter it manually.
3. Flyby alarms. You can set an alarm to let you know when a flyby is about to happen.
4. A flyby countdown clock. This really fun feature helps you know *exactly* when to look.
5. Pictures and detailed information on each tracked object.
6. Satellite list updated and maintained by experts.
Note: requires Android 1.6 or higher.
Note: For some reason AndroidZoom keeps reporting that the app is free. The price is $2.99.
Ain’t technology great? Actually this might be one of those times when technology is actually great. Can you see any uses for this handy, dandy app? I took my cool phone swimming with me at my birthday party so I can’t download this app to see which satalittes it may be tracking but I think that might be some pretty interesting information.
I’m not gonna get deep into the implications of such a device - I just wanted to put it out there for you just so you know.
Keep the Faith!
Revelator
The Sky Is Crying - Stevie Ray Vaughn
Posted in Awareness, Threat, WWW, General OPSEC | Print | No Comments »
Memory Motel
19. July 2010 by Revelator.
Unfortunately in my 51 years many things that I have enjoyed over the years are gone. Many memories I have of life simply do not occur any more. It’s rather sad to come to the realization that so many things just simply do not exist or just don’t happen anymore.
For example:
I can’t remember the last time I was carded at the liquor store.
I don’t remember the last time I used a pay phone on the side of the street.
I can’t remember the last mailbox I saw on the corner.
I can’t remember the last 33 1/3 album I peeled the plastic off of and sat on my record player.
On the plus side I also can’t remember the last time I had to lick a stamp.
Fortunately I live in Las Vegas so I can remember the last time I fired up a cigarette in a bar (last night) though I suspect a great many of you have forgotten those days.
I threw out over 100 hundred cassette tapes this past weekend - I don’t remember the last one I bought.
I can’t remember the last time I used a phone book - and I’m not sure why I get 20 of them left on my doorstep every year.
I miss watching the Christmas parade in my hometown. Where did those go?
I can’t remember the last school I saw that wasn’t locked down as tight at the State Pen. Where do kids go to play these days? Do kids go out to play these days?
I barely remember a time when I didn’t know who was calling me before I picked up.
I can’t remember the last time the doughnut truck came up my street. What a heavenly scent.
I can’t remember the last time I saw an ice cream man driving something that didn’t disgust me.
I know they still make PF Flyers but I damn sure can’t remember the last pair I saw.
Creating this list is hard because remembering what you don’t remember is complicated. As things fade away it’s only natural that we tend to forget what they were and how much we might miss them. Some things that have gone away I certainly don’t miss (another list for another time) but other things I miss a great deal. Strolling down memory lane is always a mixed blessing.
And finally…one more lost memory - do any of you remember the last time you saw someone ignore sound security practices?
I do. It was five minutes ago.
While most everything changes or disappears or is replaced with something newer and better ignoring security doesn’t seem to one of these things. History is replete with people taking advantage of another’s poor security and I’m sad to report that it will stay like that long after you and I are gone.
I won’t go on yet another awareness rant but we all need to spread the gospel of sound OPSEC practices whenever we can. Like I hear all the time on ESPN: “You can’t stop him - you can only hope to contain him.”
Keep the Faith!
Revelator
Memory Motel - The Rolling Stones
Posted in Awareness, General OPSEC | Print | 1 Comment »
Memorial Day
25. May 2010 by Revelator.
MEMORIAL DAY
by c.w. johnson
We walked among the crosses
Where our fallen soldiers lay.
And listened to the bugle
As TAPS began to play.
The Chaplin led a prayer
We stood with heads bowed low.
And I thought of fallen comrades
I had known so long ago.
They came from every city
Across this fertile land.
That we might live in freedom.
They lie here ‘neath the sand.
I felt a little guilty
My sacrifice was small.
I only lost a little time
But these men lost their all.
Now the services are over
For this Memorial Day.
To the names upon these crosses
I just want to say,
Thanks for what you’ve given
No one could ask for more.
May you rest with God in heaven
From now through evermore.
On Memorial Day I urge you to reach out and personally thank a veteran or a surviving family member for their sacrifice. A handshake will do - as will a simple “thank you”.
“A veteran - whether active duty, retired, or national guard or reserve - is someone who, at one point in his/her life, wrote a blank check made payable to “The United States of America,” for an amount of “up to and including my life.”
God Bless America
Keep the Faith
Revelator - AKA: Layne Marino, MSgt, USAF (Ret)
Posted in Awareness, History | Print | 1 Comment »
Wheelbarrow Blues
16. April 2010 by Revelator.
It is time, once again, for a guest blogger. Today it is OSPA Pres/Founder Chris Cox. Thanks for this simple, yet effective OPSEC parable.
There was a man who had worked at a factory for twenty years. Every night when he left the plant, he would push a wheelbarrow full of straw to the guard at the gate. The guard would look through the straw, and find nothing and pass the man through. On the day of his retirement the man came to the guard as usual but without the wheelbarrow. Having become friends over the years, the guard asked him, “Charlie, I’ve seen you walk out of here every night for twenty years. I know you’ve been stealing something. Now that you’re retired, tell me what it is. It’s driving me crazy.” Charlie simply smiled and replied, “Okay, wheelbarrows!”
While wheelbarrow theft may not (or may, who are we to judge?) be your biggest concern, the message certainly is. Sometimes, the biggest threats are hiding in plain sight. Sometimes, what we assume is our biggest concern… is actually a distraction.
Keep the Faith!
Revelator
Wheelbarrow Blues - Emil McGloin
Posted in Awareness, General OPSEC | Print | No Comments »
A Change Is Gonna Come
14. April 2010 by Revelator.
I sure wish the title were true. Unfortunately, I have evidence to the contrary - read on…
BASED ON A TRUE STORY - THE DETAILS HAVE BEEN ALTERED SO AS TO PROTECT MY SOURCE
Date: Sometime in the very near past that isn’t right now and not yesterday - but still very, very, very recently
Time: After the sun came up but before the second smoke break
Where: At the food court in a big military building with five sides somewhere in the northeast that will remain nameless
This is a faithful account of an event as reported by a friend of mine…
“I’m ordering coffee this morning because I stayed up too late watching an NBA game (Phoenix beat Denver). I look over to my left and an Army COL (O-6) is also ordering coffee. He puts down the paper in his hands to pay the cashier and to my surprise the hardcopy email is SECRET. Yes, SECRET!!!!! I’m dumbfounded so after I wait for the COL to complete his transaction and he goes to a table to sit down. He is sipping his coffee and reading the SECRET email like he is in his office. I couldn’t take it any longer and asked the COL could I sit down. Without covering the document, he allowed me to sit. I pointed out to him he should not be reading a SECRET document outside of his work area. He said he was on his way to an 0800 meeting and he didn’t have the time to go to his office (which brings up more questions. I identified myself as //IDENTIFYING DATA DELETED// and he said he “appreciated” my “OPSEC vigilance” but he has a “real job to do.” I politely pull a blank sheet of paper from my book bag and asked the COL to cover the document or I would have to notify security. He asked where I worked and who I worked for. I replied that didn’t matter so please cover the document. The COL then got up and walked out.”
No time to stop by the office but plenty of time to grab a cup of Joe and sit down to enjoy it? In the middle of the food court? With an uncovered SECRET document? Well kiss my ass in the middle of the town square and call me Sparky but the sad, sad, sad truth is that unfortunately this happens all too often.
How many times do I have to shout out from the mountain top that WE are our own biggest threat? How many times will security be sacrificed for convenience? How many times will high rank not equal good judgment? How many times will security consciousness be overruled by ignorance and hubris? How many times will ignorance rule over damn near everything else? How many times damn it!
The simple answer is that in the time it’s taken me to write this all the above has happened numerous times in numerous places. When will it end? Never. It really is that simple. Stuff like this will never stop - not as long as humans are involved.
So, what do we do about it? Well, I reckon we keep shouting from the mountain top - we keep writing OPSEC articles - we keep giving awareness briefings - we keep putting posters up - we don’t ignore bad security practices when we see the - and most importantly, we keep the faith and spread the good word of OPSEC.
Keep the Faith!
Revelator
A Change Is Gonna Come - Sam Cooke
Posted in BS, General OPSEC | Print | No Comments »
Who Wrote The Book Of Love
5. February 2010 by Revelator.
While reading “Hour Game” by David Baldacci I came upon a narrative that screemed OPSEC better than anything I’ve read or seen on TV lately. Never under estimate the threat - in any situation…
He watched the old couple totter out of the supermarket and ease into their Mercedes station wagon. He wrote down the license plate number. He would run it later on the Internet and get their home address. They were doing their own shopping, so they probably had no live-in help or grown children nearby. The make of the care was relatively new, so they weren’t surviving solely on Social Security. The man wore a cap with the logo of the local country club. That was another potential gold mine of information he might later tap.
He sat back and waited patiently. More prospects were sure to come in the busy shopping center. He could consume all he wanted without ever once taking out his wallet.
A few minutes later an attractive woman in her thirties came out of a pharmacy carrying a large bag. His gaze swung to her, his homicidal antennae twitching with interest. The woman stopped at the ATM next to the pharmacy, withdrew some cash and then committed what should have been classified as a mortal sin for the new century: she tossed the receipt into the trash before climbing into a bright red Chrysler Sebring convertible. Her vanity plate read “DEH JD.”
He quickly translated that to be her initials and the fact that she was a lawyer, the “JD” standing for Juris Doctor. Her clothes told him she was fastidious about her appearance. The tan on her arms, face and legs was deep. If she was a practicing lawyer, she probably had just come back from vacation or else had visited the tanning booth over the winter. She was very fit-looking, her calves particularly well developed. His gaze had fixed on the gold anklet she wore on her left leg as she climbed in her car. That was intriguing, he thought.
She had a current-year American Bar Association bumper sticker, so the odds were she was still practicing law. And she was also single - there was no wedding ring on her finger. And right next to the ABA bumper sticker was a parking permit for a very expensive gated residential development about two miles from here. He nodded appreciatively. These stickers were very informative.
He parked, got out of the Bug, walked over to the trash can, made a show of throwing something away and in the same motion plucked out the ATM receipt. The woman really should have known better. She might as well have tossed her personal tax return in the trash. She was now naked, completely open to any probing he wanted to do.
When he got back to his car, he looked a the name on the account: D. Hinson. He’d look her up in the phone book later. And she’d also be in the business listings, so he’d know which law firm in town she worked at. That would him two potential targets. Banks had started leaving off some of the numbers of the account because they knew their customers stupidly disposed of their receipts where they were easy picking for people like him.
He kept trolling under the warming sun. What a nice day it was shaping up to be. He reclined slightly in his seat only to perk up when off to his right a soccer mom started loading groceries in her van. He wasn’t guessing there: she wore a T-shirt that announced her status. An infant rode in the car seat in the rear. A green bumper sticker announced that the woman was the mom of an honor roll student at Wrightsburg Middle School for the current school year.
Good to know, he thought: seventh or eighth grader and an infant. He pulled into the space next to the van and waited. The woman took the cart back to the front of the store, leaving the baby completely unguarded.
He got out of the Bug, leaned into the van’s open driver’s side window and smiled at the baby, who grinned back, chortling. The interior of the van was messy. Probably so was the woman’s house. If they had an alarm system, they probably never turned it on. Probably forgot to lock all the doors and windows too. It was a wonder to him that the crime rate in the country wasn’t far higher what with millions of idiots like here staggering blindly through life.
An algebra book was in the backseat; the middle school child’s, no doubt. Next to it was a children’s picture book, so there was at least a third child. This deduction was confirmed by the presence of a pair of grass-stained tennis shoes in the rear floorboard; they looked to be those of a five- or six-year-old boy.
He glanced in the passenger seat. There is was: a People magazine. He looked up. The woman had just slammed the cart back into the rack and had now paused to talk to someone coming out of the store. He reached in and drew the magazine toward him. Name and home address were on the mailing label. He already had her home phone number. She’d helpfully put it on the For Sale sign on the window of her van.
Another bingo. Her keys were in the ignition. He placed a piece of soft putty over the ones that looked like house keys, taking quick impressions. It made the breaking in and entering part a lot easier when you didn’t have to “break” when you “entered.”
A final home run. Her cell phone was in its holder. He looked up. She was still gabbing away. Had he been so inclined he could have killed the kid, stolen all her groceries and torched the car, and the woman would never even know it until someone started screaming at the flames shooting into the sky. He glanced around. People were far too busy with their lives to notice him.
He snatched the phone, hit the main screen button and got her cell phone number. The he accessed her phone book, took a digital camera the size of his middle finger from his pocket and snapped pictures of screen after screen until he had all the names and phone numbers in her directory. He returned the phone, waved bye-bye to baby and slipped back into his car.
He went over his list. He had her name, home address and the fact that she had a least three kids and was married. The mailing block had been addressed to both Jean and Harold Robinson. He also had her home phone number, cell phone number and the names and numbers of a host of others important to her as well as impressions of her house keys.
She and her lovely family belong to me now.
Keep the Faith
Revelator
Who Wrote The Book Of Love - The Monotones
Posted in Risk, Critical Information, Awareness, Vulnerabilities, Threat, Family OPSEC, Analysis, General OPSEC | Print | No Comments »
Heartbeat (It’s A Love Beat)
3. February 2010 by Revelator.
And here it comes once again…Valentine’s Day. That one day a year we must visibly show our undying devotion to and appreciation for the one we love. So, off we go to the corner gas station/convenience store on February 13 looking for the card we almost forgot to purchase to show exactly how much we love our one true love. Finding only a card from a dog to its owner we rush off to Wal-Mart where the selection is only slightly better. But you find a card that sort of fits your current relationship and then you head over to the candy aisle to find that all that is left are $50 boxes of “Anatomically Correct Heart Shaped” Chocolate covered Canteloupe. Sure you love canteloupe - who doesn’t? But you’re put off by its anatomically correct shape so you are off to Target where, much to your chagrin all they have left is a 25 pound Hershey Kiss®. Now what?
Sure, I could go on but most of us guys have been there - done that, so I’ll leave the rest to your unfortunate memories of Valentine’s past. I’ll assume you’ve learned your lessons and now start planning your Valentine’s Day accordingly. Two weeks out you started searching and found the perfect Valentine’s gift for your lady. You were smart and passed on the “Jillian Michaels Biggest Loser Workout” for the Wii and instead opted for the Mani-Pedi-Spa-Massage package. Sure it ran you just over $400 bucks but come on, she’s worth it.
But the question remains - how do you pull this off without her finding out about this great gift ahead of time? You know she loves surprises so you want to make this all happen without her knowing…but how?
How can you make a major purchase ahead of time without her knowing?
How can you make sure she is available on Daytona 500 Sunday..I mean, Valentine’s Day for her appointment at the spa?
How can you make sure she doesn’t just go and waste money on a manicure or a pedicure (or both) on Friday in anticipation of you taking her out to dinner for Valentine’s Day?
And won’t she be suspicious if you haven’t made some sort of plans for Valentine’s Day?
Is some sort of deception plan required?
How can you pull this off and still watch the Great American Race?
All these questions and more can be answered by utilizing OPSEC in your planning. Just common sense and perhaps some deception and you can actually pull off a great Valentine’s Day surprise that will really show the one you love just how much you love them…until next Valentine’s Day when you will have to top this one. Good luck with that.
Keep the Faith!
Revelator
HeartBeat (It’s A Love Beat) - The DeFranco Family
Posted in BS, Planning, Family OPSEC | Print | No Comments »
Lies
29. December 2009 by Revelator.
As 2009 draws to a close I thought I might ponder, muse if you will, about the state of OPSEC and all that has happened in OPSEC during the year…or I could do the third installment of my running discourse about fortune cookies.
I’ve decided on the fortune cookies…
The day was March 17, 2008 (it’s still there - check it out) - I could no longer hold back and had to do that fateful first Fortune Cookie entry. And it felt good. My basic premise was that Fortune Cookies rarely had fortunes in them. Instead they had statements about living and other such crap. Nine months later (December 5, 2008) I was fed up again and wrote the second in the series about Fortune Cookies. And now, after a stop at Panda Express the other day I am compelled to write the third in my continuing Fortune Cookie Saga…
Look, I’m a basic guy. Keep it simple. When I open a Fortune Cookie I want to see a fortune damn it! I don’t care what it says and I don’t believe a word I read but if you are going to call it a Fortune Cookie then I believe I deserve a fortune - even a weak one. Come on, I know that the McRib isn’t really rib meat - it’s just a great sauce so I’m Ok with almost right but I can’t stand by and be lied to by the Fortune Cookie wrapper itself. If they were called Words of Wisdom and Other Such Crap Cookies then I’m good with them but they are not - they are called Fortune Cookies and (I say again) I want to see a fortune damn it!
Waiting till the end of the meal (as I believe tradition requires) I opened my latest Fortune Cookie and here is what the tiny white paper had printed upon it; “Treat yourself to something of quality.” Now I’m not sure by what standards you may define “fortune” but I’m pretty sure this statement would not qualify. And just so you won’t think this was a one off aberration allow me to share a couple of more “fortunes” with you:
A smile is your personal welcome mat. Not mine - have you seen my teeth lately? A statement - and not true.
A truly rich life contains love and art in abundance. Says who? By the way - I have much love but little to no art in my life so I guess, by definition, I’m screwed out of a truly rich life. Another statement - and false.
Competence like yours is underrated. Know what they call underrated competence? Incompetence - that’s what it’s called when its underrated. Under appreciated is quite another thing. I could live with that. It’s still not a fortune though. Nope, another statement that is not only false but misleading.
Have a beautiful day. Bite me. Not even a true statement but an order. I do not take orders from cookies.
There’s no such thing as an ordinary cat. Logically, it would seem to me that at any given time there is one cat in the world who is smack dab in the middle of cat extremes. This cat then, would have to be the one who is ordinary - until he or she dies leaving the next one who is, again, the one who is in the middle of the extremes and by definition; ordinary.
You are working hard. Not a fortune and certainly not true.
You have a shrewd knack for spotting insincerity. Found it. So I guess that one is true - but still not a fortune, merely a lucky guess.
Truth be told I have received a number of “fortunes” in my Fortune Cookies over the years. Here are what I consider decent fortunes:
Now is a good time to buy stock.
Now is the time to go ahead and pursue that love interest!
You are in good hands this evening.
You will inherit a large sum of money.
See what I’m saying? To my knowledge only one of those came true but again, this is not my point. Truth in advertising - that’s all I’m looking for. When I crack it open I want a fortune damn it!
Happy New Year’s y’all.
Keep the Faith
Revelator
Lies - The Rolling Stones
Posted in BS | Print | No Comments »
Merry Christmas, Baby
24. December 2009 by Revelator.
Every year there are a number of Christmas movies I have to watch; “Scrooged”, “Elf”, “It’s A Wonderful Life” and the original “How The Grinch Stole Christmas”. And in each of these movies I have some favorites lines and moments but every year there is one quote that stands out for me. It’s from Scrooged - Bill Murrey as Frank Cross: “It’s Christmas Eve. It’s the one night of the year when we all act a little nicer, we smile a little easier, we cheer a little more. For a couple of hours out of the whole year we are the people that we always hoped we would be.”
On this Christmas Eve (and for as long as you can hold on to it) we should all try to be the people that we always hoped we would be.
Merry Christmas everyone.
Keep the Faith!
Revelator
Merry Christmas, Baby - Written by Lou Baxter & Johnny Moore; sung by many
Posted in Movies | Print | No Comments »
‘Zat You, Santa Claus?
24. December 2009 by Revelator.
Alright now settle down, settle down. Everyone take your seats and let’s get this thing started. Plenty of room up front folks…come on down - don’t be shy. That’s right - fill in all the seats. And you guys leaving the extra seat open like you do in the theater…that’s not gonna fly in here; move it on over. Doesn’t mean your dating just cuz your elbows touch. Oh come on! Who’s cell was that? You? Well ain’t you special… Everyone, I would like you to meet that one special person to whom the rules don’t apply. Could a couple of you gentlemen who abided by the rules please escort this gentleman to the door, take his badge and fling him into the new falling snow? Thank you very much. Dutch? Could you make sure to terminate his security clearance please? Thanks.
Boys, this is serious business and you will either follow my rules or….well, you’ve seen what happens when you don’t follow the rules.
Where’s my clicker? Thanks. Slide, the first - here’s your target. Surprised? Wondering just what the hell is going on here? Well, wipe those stunned looks off your faces cuz this is indeed your target and we have a very small window of opportunity to grab this guy and that time is fast approaching.
So your saying to yourself; “I’ve seen this guy a thousand times - I could walk half a block from here and just grab him.” Yes, you could grab him…but it wouldn’t be him. Remember when we found out that Saddam had look-a-likes attending meetings and such in his stead? Well, this guy has taken this strategy to insane new levels. In our estimation he has over 27,000 doubles working all over the world and trust me when I tell you we don’t have the budget to round them all up and run DNA tests on each one so we need to figure out just how to get the real one; something people have been trying to do for long about two hundred years now. Oh, he’s crafty this one - don’t ever underestimate this man.
And here’s the worst thing about this guy - he understands our intelligence systems and how to manipulate those. Wait there is one more thing - he see’s what you are doing. Some how he has each and everyone of you under surveillance 24 hours a day. For example, he knows that you are here now and later he’ll know what you are doing too. It is very hard to track a target like that let me tell you.
Back to the intel systems - he’s on to us. How do we know? Here’s how:
1. We know exactly what he looks like and we can’t find him.
2. We know exactly what he wears and we can’t find him.
3. We know exactly who his wife is but no one has ever actually seen her.
4. We know where he lives but we can’t actually find it.
5. We know exactly what he drives but we can’t find that either.
6. We know exactly when he will be out among us yet we can’t find him.
7. We know is flight routes but still can’t shoot him down.
8. We know who works for him but no one has ever seen one of his employees.
So, we know everything about this guy and yet for all our efforts no one can find him and bring him in. That is why your were brought here. You are the best of the best in your fields and we think if anyone can find this guy it will be someone in this room. Let me add that I think the one mil we’re offering as a reward just might incentivize each of you a bit.
Fellow OPSECers, I was thinking about Santa this morning and I’ve come to the conclusion that Santa must have the best OPSEC program EVER! How else can you explain items 1-8 above? Seriously. Dude has it mastered. Sure, NORAD follows him every year but still no one has been able to shoot him down. I’m just saying…
You find another program that protects info better than this and I’ll put you right at the top of my Christmas List.
Keep the Faith!
Revelator
‘Zat You, Santa Claus? - Louis Armstrong (and many others)
Posted in BS | Print | No Comments »
Tell It Like It Is
18. December 2009 by Revelator.
This is just unfreakingbelievable!
Hackers steal SKorean-US military secrets By KWANG-TAE KIM, Associated Press Writer Kwang-tae Kim, Associated Press Writer Fri Dec 18, 7:19 am ET
SEOUL, South Korea – South Korea’s military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea.
The suspected hacking occurred late last month when a South Korean officer failed to remove a USB device when he switched a military computer from a restricted-access intranet to the Internet, Defense Ministry spokesman Won Tae-jae said.
The USB device contained a summary of plans for military operations by South Korean and U.S. troops in case of war on the Korean peninsula. Won said the stolen document was not a full text of the operational plans, but an 11-page file used to brief military officials. He said it did not contain critical information.
Pardon? Did I read that wrong? Let me check…”He said it did not contain critical information.” Nope - I read it right. Still can’t believe it. I mean, are you kidding me? An 11 page Executive Summary of our South Korean defense plans (OPLAN 5027) contains no sensitive information? Am I dead? Did I go to OPSEC hell and not get greeted by the demon of OPSEC? I’ve met this demon before - his name is Ignorance - so I’m pretty sure I would know him if he was greeting me at the gates of OPSEC hell. Perhaps this is a dream? Damn it people - just saying something isn’t so does not make it not so. Sure that’s a horrible sentence but let me show one that is far worse: “He said it did not contain critical information.” See? Much worse.
And don’t give me that nonsense that denying it had critical information is our way of not confirming to the North Koreans that it did indeed contain sensitive information. You know who says stuff like that? People who don’t understand the adversary. To be so blind as to think that North Korea doesn’t have a damn good idea of what is essentially contained in OPLAN 5027 is the height of ignorance. Especially since you can find older versions of OPLAN 5027 in all it’s classified glory on the internet.
I’ll grant that the 11 page summary may have been unclassified but there is no way I’m going to grant it didn’t contain critical information. Unless the only definition you have of critical information is anything that’s classified - and we know that’s just not true. Too bad not everybody understands that these days.
Thanks to my good friend Kirk for letting me know about this.
Keep the Faith!
Revelator
Tell It Like It Is - Aaron Neville
Posted in Risk, Critical Information, BS, Vulnerabilities, Threat, Media, WWW, Computer Intrusions | Print | No Comments »
The Inteview - Part I
18. December 2009 by Revelator.
Today I want to share an interview I conducted with an OPSEC grey beard (GB) who insisted he remain nameless. Originally, I refused to do the interview with this particular stipulation but as you read on I think you’ll agree that even without identification the information shared is valuable enough to overlook the anonymity clause. We sat down in a small bar in a busy city near our nations capital. After ordering, I hit record and began the interview.
Rev: How long have you been in OPSEC?
GB: Since before they called it OPSEC.
Rev: What did they call it before they coined the term OPSEC?
GB: They didn’t call it anything - that’s the point isn’t it? It didn’t have a name. But we knew it as using your common sense - doing the right thing - being smart - protecting your ass from the guy trying to shoot it off.
Rev: Do you see OPSEC as primarily a wartime program?
GB: First, I don’t see it as a program - I see it as a way of life. But to answer your question up until very recently yes, it’s application was mainly in support of military operations - specifically wartime operations. But in the past ten years I think we have come to realize that every day is a wartime situation. Every conversation, every text, every tweet, every email could harm not only our all-volunteer military but also innocent civilians.
Rev: So would you say that in these times spreading the gospel is critical.
GB: Spreading the gospel, as you say, has always been critical. OPSEC can truly be a life saving art but if no one understands it and therefore no one uses it then its no more useful than the warnings on a pack of cigarettes. The most important step in the OPSEC process, as we know it now, isn’t even one of the five steps because it is a concept followed - if we’re lucky - by an action.
Rev: And what is that?
GB: Awareness! The most important OPSEC concept is awareness. If the people in your military unit or even your corporation don’t understand the “why” of OPSEC then you guys can take the OPSEC process and work it into the ground and it won’t be worth a damn because no one understands why you are doing it. And more importantly why they should use it. Listen; I’ve known guys who knew OPSEC cold…knew how to work each of the five steps, and could write an OPSEC plan so beautiful you would marvel at its magnificence. But some of these guys couldn’t sell the concept - they couldn’t show people how or why they should care about, much less use, OPSEC in their daily operations.
Rev: Is it true that the OPSEC process was at one time 12 steps and then 9 steps before we arrived at the five steps we have now?
GB: Absolutely. And it was 15 steps and 10 steps and one pretty highly placed, but ignorant, guy wanted it to be three steps.
Rev: Well, how many steps do you think it should be?
GB: To be honest, I wasn’t happy with the five steps when it first came out. I thought they left out two steps that I thought we’re pretty important.
Rev: Which were…?
GB: Not important now. People seem to be doing them just as a matter of course so I don’t want to upset those that are responsible for this process. But let me make another point before we move on; the average person in your organization doesn’t care how many steps it is. They don’t care about what you have to do to accomplish the five steps of the OPSEC process. You know what they care about if they care at all?
Rev: Tell me, please.
GB: Two things - what do I need to protect and how do I protect it. And that is all they should care about. The OPSEC Manager needs to do all the work and be able to answer those questions for the warfighter. If you can’t tell them what needs to be protected and how to protect it then what are you there for? To give the annual training? To fill the square? Bullshit. You are there to protect the mission and to protect life so if you can’t tell the trigger pullers what to protect and how to protect it then crawl back into your cubicle and work on your next PowerPoint presentation cuz brother they don’t need you.
Rev: Strong words sir.
GB: Yes they are. Look, I’ve worked at this too long and too hard to try to soften the blow of what I’ve learned over the years. You asked me so I’m telling you. I believe I’ve saved lives using OPSEC and if I couldn’t say that then why would I have stayed in OPSEC? For the glamour? For the glory? For the money? No, no and hell no! (long pause) In my military service I took lives… Since I laid down my weapon I have been trying to save lives and as I said I believe I have. (pause) OPSEC is important. It’s more than going to the conference once a year. It’s more than giving your annual briefing. It’s more than putting up a poster or two. Actually, it is all of that but so much more.
This is the end of part one of the interview. I’ll have part two for you soon.
Keep the Faith!
Revelator
Posted in History, General OPSEC | Print | No Comments »
All Shook Up
17. December 2009 by Revelator.
OPERATIONS SECURITY - OPERATIONS SECURITY - OPERATIONS SECURITY - OPERATIONS SECURITY. Everyone - say it with me now: OPERATIONS SECURITY!
If I read one more article, speech or blog entry that defines OPSEC as Operational Security I’m gonna go Elvis on my computer monitor. People, this isn’t difficult. Operations Security is a different concept than operational security. I’m not gonna go into a long dissertation about the difference because you should know what the difference is. But even as I write those words I realize I’m wrong. Generals, Lt Col’s, Master Sergeants, CIO’s even OPSEC Managers have written, or spoken operational security when speaking of OPSEC. And not just in general but typically something like this: “OPSEC, or Operational Security, is a 5-step…”
I honestly don’t know why this happens or what to do about it - I just know that every time it happens it sets us back just a little bit. OPSEC has a hard enough time getting accepted without people who should know better defining it incorrectly. In the world of OPSEC there is much room for disagreement on a number of topics but this isn’t one of them.
Which comes first; Threat or Critical Information development? Argue that all you want.
How should you define risk? Take sides and come out swinging.
What is the best way to prioritize vulnerabilities? Jump into the octagon and figure it out.
But - “Is it Operations Security or operational security?” is not open to debate.
So, to all of you getting it wrong I say: STOP THAT!
Keep the Faith!
Revelator
All Shook Up - Elvis
Posted in BS, General OPSEC | Print | 1 Comment »
For What Its Worth
30. October 2009 by Revelator.
At my current job as OPSEC Manager I have somehow become the go-to-guy when an employee feels they are being scammed in one way or another. About once a week an employee will forward me a suspected scam email or bring in a letter they received at their home. Having become quite familiar with this stuff over the past year or two I do the research, confirm it is a scam and then write up an email that goes to all employees alerting them to the latest scam.
I’m not complaining - this is a good thing; but it got me to thinking. Most of us work in environments that place a high importance on security. Also, many of us work in positions that require a security clearance. Because of this we are particularly security conscious. But what about the vast majority of people out there? What about those who aren’t, for whatever reason, as security conscious as we are? Might they be much more susceptible to scams than we are?
I think of my parents, I think of my housewife sister, I think of my many friends who work at what we might call regular jobs in any number of fields that don’t come in almost daily contact with the many threats facing us day in and day out.
I think we have a responsibility to these people. We are in the know - we know of Nigerian bank scams, charity scams, mystery shopper scams, phishing scams, missing child email hoaxes, email lottery scams, internet dating scams, inheritance scams, and a host of others. Sure, we’re (relatively) safe from these nefarious hoaxes and scams but what about your family and friends?
My recommendation to you is that you make this your personal responsibility. Let your friends and family know that if they receive a “too good to be true” email or letter to contact you and you’ll research it to verify it’s legitimacy or (as will be the case 99.9% of the time) determine that it is a scam. We are paranoid by definition but the vast majority of our friends a family aren’t and I think you owe it to them to be the go-to person if they have any security questions of concerns. Just a thought.
Keep the Faith!
Revelator
For What It’s Worth - Buffalo Springfield
Posted in Awareness, Family OPSEC | Print | No Comments »
Puff The Magic Dragon
16. October 2009 by Revelator.
As we are all aware by now Operations Security, or OPSEC, has been around for ages. We first see it referred to directly in early Greek texts like this “ασφάλεια διαδικασιών.” Granted most of us don’t read Greek but perhaps this will aid in your understanding: OPSEC has it’s own Greek God - his name is Opus.
Opus was the brother of Calisto. After the overthrow of their Father Vasilios he drew lots with Calisto and four other brothers, for shares of the security world. Opus had the worst draw and was made lord of OPSEC. His wife was Iossa whom Opus abducted from the God Enesay. Opus may be the God of OPSEC but, security itself is another god, Seeiya.
This legend was first spoke of in Greek Mythology as dictated by Ospa; a Greek pre-classical poet and contemporary of Homer. His preliminary epic poems spoke through symbolism with a heavy dose of romanticism though some of his later works dealt directly with mysticism and the duality of God and man. In an early Ospa epic Opus was shown as both God and man as he does battle with the mythical 5-headed purple dragon, Tarasthretenstien. Opus, though expressly told not to seek out and attack Tarasthretenstein, set out one day with the express purpose of doing battle with, and ultimately defeating the dreaded purple dragon. It is written that he ignored the warnings of his father Vasilios as he suited up for battle knowing that as the God of OPSEC his failure would mean the loss of OPSEC to the world. As soon as he was suited up, the sky turned black and the purple dragon descended with each of its five mouths spewing fire.
As Tarasthretenstien drew closer Opus bent on his knees in a gesture of surrender. Tarasthretenstien thought Opus was begging for his life, so she did not attack immediately. Seeing his deception working Opus struck the dragon with his magic Sword of OPSEC cleanly severing one of her five heads.
Fearing defeat Tarasthretenstein begged for her life explaining that she had hatchlings all over the world that would die if she did not feed them. Opus, realizing that leaving Tarasthretenstien alive would result in unacceptable risk cut off her four remaining heads.
As we all know today, Tarasthretenstien’s hatchlings survived leaving us with a world of threats and adversaries to this day.
When times get tough, remember the OPSEC God Opus and attack those threats in any way you can.
Keep the Faith!
Revelator
Puff The Magic Dragon by Peter, Paul and Mary
Posted in BS, History | Print | No Comments »
Shameless Promotion Alert
8. October 2009 by Revelator.
So I’m searching “OPSEC” on YouTube yesterday, as I am wont to do from time to time, and I ran across a new video titled “Atomic OPSEC Part 1.” I noticed that it was from the Department of Energy’s Nevada Site Office and I took this as a good sign. I liked what they did with their “OPSEC Hunters” video so I thought I would check it out.
Well, I gotta tell you this new video is even…
Ok, I can’t do this anymore. Let the BS end right here…
We made the video. That’s right; I wrote it and acted in it - my fellow DOG of OPSEC directed it and the new guy plays the scientist. We think it’s pretty good and think y’all might like it also so go to YouTube and search “Atomic OPSEC” and watch parts 1 and 2. Total time is around 13 minutes. We hope you like it.
Keep the Faith!
Revelator
Posted in BS, Awareness, WWW, Media, Movies | Print | 2 Comments »