You’re being watched: Cyber OPSEC in a deployed environment

  • Published
  • By Capt. Luis Morales
  • Kapisa Provincial Reconstruction Team
It's safe to say that most of us have the Internet, smart phones and other high-tech gadgets as daily fixtures in our lives. Modern technology provides a great deal of options for entertainment and communication at the speed of light, but what if I told you that these same gadgets are being used by our enemies to watch and listen to you?

In a deployed environment, digital entertainment and communication goes from a convenience to a necessity, since these are some of the very few sources of recreation and morale. What you may not realize is these devices can be used against you by the same enemies your body armor and weapons are supposed to protect you from.

As we get used to life on a forward operating base, sometimes complacency sets in, and we start to relax our security awareness. We need to be particularly mindful of security considerations while using high-tech devices, especially if such devices are online. Operations security is more than steps to follow or broad guidance. It is a systematic approach to conduct business while keeping information and the mission safe. The very core of OPSEC is not procedural in nature, rather it focuses on human behavior. Let's remember, the human element is the most important part of any automated system. After all, people are the ones making decisions while operating and managing electronic devices.

OPSEC is primarily a guard, from the decision-making standpoint, to assist us in preventing information and data compromise that adversaries can use against us. OPSEC focuses on human behavior and the way we make decisions. If a decision could compromise the safety and/or security of the forces, then either change the decision or implement proper countermeasures -- simple right?

Well, it's not so simple if we don't know or understand the risks associated with our decisions. Too often, we share information with friends and families that can, and is, exploited by adversaries. Your friends and family are not the only ones with access to this information as it travels over the air or through cyberspace. That is the main reason the Internet is the primary source of friendly forces' information for the bad guys; often they feed on information coming from you and from me.

Practicing good OPSEC in a deployed environment is paramount. Some of us don't think about the cyber-dimension aspect of OPSEC. Some of us may not even know how to keep cyber activities "safe" or what that entails. You may wonder: "What harm can a picture do if I post it on my Facebook page?" "What about my flight schedule ...? My family and friends need to know when to go to the airport and pick me up there, right?"

The picture of you in itself is not the issue; the radio and/or weapon systems you are displaying along with it are! The same goes for the flight schedule -- you are telling the enemy everything they need to know to target you and your buddies. Those are just two typical examples but the list goes on and on.

Some ways you can help protect your information include:

1. Open e-mails only from known sources
2. Check with the public affairs section before posting mission pictures online
3. Use (and regularly update) your anti-virus/computer protection software; don't use illegal software
4. If it feels "funny" don't do it or at least ask someone about it first

The bottom line is we need to think before we act, knowing cyberspace is open and free for the world to access. We need to think in terms of the enemy -- place ourselves in the enemy's shoes and consider if the information or data we are sharing could benefit them somehow. Remember some of the people who would love to hurt us are very good in the cyber arena, and they are constantly watching!