You are currently browsing the The Revelator weblog archives for June, 2008.
20. June 2008 by Revelator.
Dear OSPA Forum,
I’m just an average guy who hasn’t ever really had much luck with OPSEC. I’ve tried everything but nothing seems to work. I’ve bought OPSEC drinks, I’ve sent presents, I’ve sweet talked and cajoled but no luck. My friends are constantly busting on me cuz I can’t keep an OPSEC program for more than one date. Trust me, I know what it feels like when doves cry. Well, imagine my total surprise when just last week I met the OPSEC program of my dreams! There she was sitting across the room all by herself. I stole furtive glances in her direction but always turned away when she looked my way. My track record was so bad that I didn’t dare approach her. But then here she came - she was coming over to me. Oh my God! My mouth dried up and my tongue tied itself into knots. Butterfly’s were conducting strafing runs on my stomach and my palms began to sweat. Is she really coming over to me? What will I say? What will I do? She was so hot! Her dress left nothing to the imagination (and my imagination was screaming) and her eyes were boring through me right into my soul.
And then she sat down! I stared at her like a paralyzed deaf mute unable to do or say anything. I was sure she would realize her obvious mistake and leave - but she didn’t. And then she said something to me that I’d only heard in my fantasies; “Take me now or lose me forever.” Well, somehow I managed to get to my feet and get her back to my place without crashing my car - and that’s when it got real interesting…
Now you just know I’m not going to finish that story. Nope - I’ll leave that to your sordid imagination. All I wanted to do was give me a reason to mention the OSPA Forum. The OSPA Forum is a place where any OPSECer worldwide can come to catch up, ask a question or just see what’s been going on.
There are currently 20 members registered. Of the 20 registered there are a good couple of bonafide subject matter experts who can help you with any OPSEC question you might have. Currently there are 6 categories, 22 topic areas, 73 individual posts and well over 2000 views. These numbers may not seem overwhelming to you but OPSEC is a relatively small community and we’re doing everything we can to support you, the practicing OPSECer.
So take a moment and check it out. Like the commercial jingle says… “And like a good neighbor, OSPA is there.” http://www.opsecprofessionals.org/forum
Keep the Faith!
Revelator
“When Doves Cry” - Prince
Posted in Program Management, OSPA, General OPSEC | Print | 2 Comments »
18. June 2008 by Revelator.
Fellow OPSECers, I want to share with you an email the President of OSPA, Chris Cox, sent to his Board of Directors. I found it inspirational and educational. I hope you will also.
“I believe in OSPA. I have the passion of a madman, which is only possible due to a wife that has the patience of a saint. I believe because I know that I’m not the only one that understands that OPSEC saves lives and livelihoods. I believe because I know that each of you understands that, and that our members have picked up on that belief and that passion.
From the end user perspective, our message is out there. It is making an impact and that is what saves lives. Last estimate was that the semi-daily messages go to distribution lists totalling somewhere in the four figures, including almost 200 subscribers. Layne’s blog is getting thousands of hits each week, and the OSPA OPSEC Academy is going to be a true sign of our impact. It WILL be big - I guarantee it.
Don’t forget that we’re doing what we set out to do - to raise awareness of OPSEC and to increase the capabilites of the OPSEC Community and to give people the tools that they need to save those lives and livelihoods. And I’m proud to say we are doing that today. We are making those impacts. Of course, sometimes it is hard to see that direct impact from the Board of Director level but that doesn’t change the fact that every day, more and more people look to us and our site(s) for help and advice. We’ve changed the world a little…we CAN AND WILL do more.
We’ve received requests for assistance from three allied countries so far. We’re working with groups of Domestic Violence centers and schools. The Vanished Children’s Alliance (VCA) has asked for advice and guidance…the list goes on.
As for me, I just have to keep going back to what Layne said in the beginning: “We’re not here to speak for the Government or to represent the desires of the grey beards - we’re here for that poor SOB that’s in the trenches and needs effective OPSEC right freaking now! We don’t offer high-level policy or theory. OSPA will offer practical tools and experienced based guidance and advice that is designed to save lives.’
If we forget that, then we really are obsolete. That’s why I believe.”
Chris Cox, OSPA Prez
Keep the Faith!
Revelator
“What’d I Say” by Ray Charles
Posted in OSPA | Print | 2 Comments »
13. June 2008 by Revelator.
A number of you have emailed me asking what is up with the entry titles so I figured I would explain. For no real reason what-so-ever I began using song titles as titles for my entries. The problem (apparently) is that not all readers know who performed the songs and I keep getting emails asking about the artist so I decided I would take some time and fill you in on the past artists starting with the title on this entry and working backward. In the future I will include the artists name at the end of the entry for you curious few out there.
What’s Going On - Marvin Gaye
The Message - Grandmaster Flash and The Furious Five
Hot For Teacher - Van Halen
Welcome To The Jungle - Guns and Roses
You Can’t Always Get What You Want - Rolling Stones
Friends In Low Places - Garth Brooks
Purple Rain - Prince
Tumbling Dice - Rolling Stones
Thunder Road - Bruce Springsteen and The E Street Band
Reveloution #9 - Beatles
Here Comes The Sun - Beatles
Keep the Faith!
Revelator
Posted in BS | Print | 5 Comments »
13. June 2008 by Revelator.
Hear ye! Hear ye! Hear ye! I’ve got a message for you. It’s not the most important one I’ll ever give or the best written one I’ve ever given but it does go to the heart of an argument that has been raging since the early ’70’s. And the question is this: How long should a Critical Information List (CIL) be?
The best CIL I’ve ever seen was in an organization that required all personnel to wear badges within the confines of the building. The organization took their 12-item CIL - I say again their 12-item CIL - put it on a card and laminated it for all personnel to wear with their identification badge. Each person in the organization had access to the CIL at all times. This is about as good as it gets folks.
On the other hand, a good number of seasoned OPSEC professionals disagree with me on this subject. They’ll tell you that a “comprehensive” CIL is the only way to ensure that all of your critical information will be protected. Sound logic to be sure. Unless you take into account the human factor. I don’t know how many of you have photographic memories and can remember a 73, or 103 or 276 item CIL, but I sure can’t. 276 items! Are you freaking kidding me? How is this usable? My personal experience is that when I’m shown a CIL with more items than my wife’s grocery list I tend to ignore it. I know I can’t memorize it and if I’m on the phone or typing an email I most likely won’t consult the “Big Book of CILs” to see if I should be communicating the information. But if you show me a list that I can wrap my brain around, say about 20 items, then I’ll study that sucker and be able to commit most of it to memory. And even if I can’t memorize it I can pin it up somewhere in my cubicle where I can actually consult it quickly if need be.
There are too many things in our complicated lives to remember already. I’m forever writing things on sticky’s so I don’t forget them. Then I’ve got the task list in my Microsoft Outlook so I don’t forget anything. I’ve also got a long to-do list in my 7-Habits Daily Planner which is also loaded onto my Blackberry and then as a fail safe, I’ve got my wife around who is constantly reminding me of things I’ve already forgotten. And when I do make it to the grocery store my wife will make a list for me because she just knows I’ll forget something.
And finally on the subject of short CIL’s - remember the KISS Principle - Keep It Simple Stupid. The shortest Critical Information List I ever saw had only one item. “We are a military organization charged with protecting the freedom of the American peoples and their allies - keep your damn mouth shut!” I could argue that there should probably me a couple of more items but damn it - I like their attitude.
Keep the Faith!
Revelator
Posted in Program Management, General OPSEC | Print | 2 Comments »
6. June 2008 by Revelator.
Congratulations! You finally finished. Six months ago you made it through the OPSEC course. Sure, you had an unrequited love for your instructor but so did the other 17 dudes in your class - get over it. Back in the real world you found that you had purple blood flowing through your veins and you headed back to work ready to kick some OPSEC ass. The spirit of the legendary Purple Dragon burned in your heart and soul and you began grinding your way through the five-step process. You were a BEAST! A big, fire breathing beast on an OPSEC bender.
You developed your new and improved Critical Information List like a crazed maniac who just discovered that mixing Monster Energy with a Red Bull and two diet pills will keep you rocking and/or rolling all night long…and then all day…and then all night long again. Your threat research was focused and spot on and you knew exactly what threats were targeting your sensitive information.
Vulnerabilities? Indicators? They didn’t stand a chance against a highly motivated OPSEC professional such as yourself. No freaking way! So you rolled on like the man-beast you are - ready for anything and everything.
Risk? You don’t need no stinking risk! You’re prioritizing risk better than David Lee Roth’s groupie-hunting roadie and you started to think someday you could actually get that OPSEC Certified Professional certification bestowed upon you as your beautiful wife looks on with love in her eyes. Finally, you developed and institutionalized your countermeasures and you just knew the effectiveness of your new OPSEC program would certainly earn you the Individual Achievement Award at next years National OPSEC Conference. You even searched on-line for hotels and flights to San Antonio. Ahhhhhhh, the warm feeling of a job well done. Sit back my friend - it’s Miller time.
On the other hand (typically a backhand with a big ring on it) there is one thing you’ve missed. One thing that is so critical to an OPSEC program that if left undone will render all your hard work worthless and you can kiss your coveted award goodbye. Brothers and sisters I’m talking about feedback. Think about it - without feedback how will you ever know if your carefully crafted countermeasures are working? How will you ever know if your education and training is having any effect? How will you know if your new visitor controls are working?
A lack of feedback, in any endeavor, equals a lack of success. Let’s take dating for example. If you’re not paying attention to feedback on a first date, chances are you’ll never see a second date. Whether you notice or not you’ll be receiving feedback all night long. Some positive and some negative. But even the negative feedback helps, doesn’t it? If you’re paying attention you will learn real quick what dating measures and countermeasures are or aren’t working and you’ll be able to adjust accordingly. Ignoring, or not seeking out, feedback can kill your program.
Have you seen people who ignore feedback? I know you have. Ever worked for that one guy or gal who just won’t shut the hell up? You know the kind - the one that’s still yammering on even after you’ve wandered away and are strolling down the hall? And ladies, I know you’ve been out in the social environment and there’s always that one guy who just won’t give up. He’s trying to chat you up, or buy you a drink, or get you to dance and instead of getting your subtle hints he just thinks your playing hard to get and doesn’t realize that you don’t think his never-say-die attitude is all that charming and as a matter of fact if he says one more annoying word to you he’s gonna end up wearing that Appletini you’ve been nursing.
All I’m trying to say is that you need to establish some feedback mechanisms for your OPSEC program. You simply cannot succeed working in the blind. You need to find out how, or even if, your OPSEC message is getting across. You need to check to see if your countermeasures are working as designed. Is the information you determined sensitive or critical being protected in the manner you desire?
Be the beast! One of the best feedback mechanisms you can employ is to get out there in the gen-pop and talk to people in your organization. Get the feedback you need and adjust your program accordingly so that your program at least has an outside chance to succeed. And guys, next time you’re out there searching for Mrs. Right or Ms. Right Now - keep your eyes and ears open. You just might learn something.
Keep the Faith!
Revelator
Posted in Program Management | Print | No Comments »