26. August 2008 by Revelator.

An exerpt from SCIENTIFIC AMERICAN magazine, May 1908 (that’s right 1908 - 100 years ago…)

“Soon after the first reports were received regarding the flights being made by the Wright brothers in testing their aeroplane, a considerable number of newspaper correspondents visited the scene of the trials among the high and pointed sand dunes of the North Carolina coast south of Norfolk, Virginia. The brothers refused to make any flights, however, when the reporters were near at hand, and so the gentlemen of the press were obliged to keep in hiding nearly a mile away from the scene of operations, and to merely watch the machine from afar through spyglasses when it was flying.”

The term OPSEC may have been coined by the original Purple Dragon crew but many examples of OPSEC in action resound throughout history - this is but one more.

Keep the Faith!
Revelator

Enter Sandman - Metallica

Posted in History, Media, General OPSEC | Print | No Comments »

25. August 2008 by Revelator.

Here’s a random non-OPSEC thought: Do you think millions of twenty-something Chinese people are running around with American symbols/letters on their arms, necks and the small of their backs? Do you think their friends are coming up and asking; “Dude, is that American or what? What does that mean? Is that the symbol for luck or wisdom? Man, that is soooo cool.”

Somehow I don’t think so. And by the way, none of the Americans I see with these Chinese symbols/letters tattoo’ed into their skin look remotely Chinese. So I must confess, I don’t get it. But then I’m old. I think if I wanted to convey to people that I am honest, or lucky, or blessed with great wisdom then I would use the English language to convey this thought so that no one would ever have to ask me what that damn thing on my arm means.

By the way - I have six tat’s myself so I’m not picking on those who chose to get inked - I’m just saying.

Keep the Faith,
Revelator

China Girl - David Bowie

Posted in BS | Print | No Comments »

1. August 2008 by Revelator.

Every organization I’ve ever assessed, military or civilian, spent an inordinate amount of time, money, manpower and resources protecting information that had already been compromised. I know it doesn’t make a lot of sense but here’s one way this happens. An organization has an outdated Critical Information List (CIL) - or one stolen from another…did I say “stolen”? I meant benchmarked. So they have a “benchmarked” CIL from another organization - either way, they find themselves (quite unwittingly) with a bad CIL. And then they go about trying to protect all the information on the CIL without giving any thought to the reality of the situation and they’re wasting time, money, manpower and resources.
But how do you know truly what is already known about your company or military organization? Get, or perform yourself, and Open Source assessment of your own organization. Start by looking in the mirror - cuz baby, you ain’t seen nothing yet if you haven’t done this. That’s right, start with looking at your own web sites. I’ve seen a lot of corporate (and military for some unknown reason) CIL’s that list items that are readily available on their web site. And I’ve got to ask; “Why are you telling your people to protect what is already available in open source?”
Now, civilian corporations are going to have a tough time with this because if you don’t advertise your products and capabilities you will lose customers. You’ve got to deal with your marketing and advertising departments don’t you? Yep - that’s a tough one.
I’ve sat in a number of assessment in-briefs where I’ve been told that the information I was about to receive was company proprietary and shouldn’t be talked about outside of the company and then they show me the exact information that I saw when I looked at their web site the night before! At this point, very early in the assessment process, it starts to get painful for them - this realization that we couldn’t get through the in-brief without highlighting a significant security concern.
So, whattaya gonna do now? Well, after you finish your Open Source assessment you most likely will need to rewrite your CIL so that it concentrates on protecting your truly sensitive or critical information that has yet to be compromised.
Can we hide that a military unit is deploying? Probably not. But can we protect where that unit is going and how long they anticipate being there? When hundreds of pizza’s start showing up a the Pentagon (or we keep the food court operating 24/7) can we deny that something is going on somewhere? No, but we can protect exactly what is going on and where it just might be happening. When a car company is developing a new model can they hide that this new model is coming out soon. Probably not. But we can paint the car in weird ways and add some plastic molding to that competing car companies won’t get any good pictures of the car. Can we totally protect that we’re holding contract discussions with another company? Most likely not, but we can protect exactly what that contract will be for and how much it’s going to cost and how long it’s going to last. Was Henry Ford II able to protect the fact that the Edsel was coming out? No way. But did he protect the design? Absolutely not! You’ve seen the car - there was no reason to protect the design. Same goes for the Pacer, the Gremlin and the Reliant K. Focus here folks…
Spend your time, money, manpower and valuable resources protecting what isn’t already known.

Keep the Faith!
Revelator

You Ain’t Seen Nothing Yet - Bachman - Turner Overdrive

Posted in Critical Information Lists, Assessments/Surveys | Print | 5 Comments »