By Cynthia Flores-Wilkin | Garrison OPSEC Program Manager, Directorate of Plans, Training, Mobilization and Security operations specialist
FORT CARSON, Colo. — Open-source intelligence (OSINT) is when a person uses publicly available or published sources of information, such as eavesdropping or engaging in casual conversations. Many people choose a public place such as a restaurant for a meal and can be overheard or engaged in work-related conversations where they have discussed sensitive household information.
Social engineering is tricking people into providing sensitive information or access. The most common type of social engineering is phishing. This scam uses a seemingly legitimate email where scammers trick people into installing malware or sending sensitive information.
Consider how easy it might be for an adversary to collect critical information on personal information. Ensure loved ones are protected against social engineering and understand what critical information to protect.
Questions to consider when identifying a critical information list (CIL):
- What is the mission or project?
- How can the adversary use the information?
- Would the information support an adversary’s strategy or activities?
- How long does the information need to be protected?
Know what to protect. A CIL is a list of critical information such as capabilities, activities, limitations and intentions. Critical information can also include personal items such as personally identifiable information, health information and travel plans.
Learn how to protect critical information and keep it safe. Learn what the families’ vulnerabilities are in order to protect them.
Refer to the CIL when sharing information in these unsecure instances:
- Unencrypted email
- Social media posts
- Public conversations or even at home with Family and friends
- Travel planning
- Requests for personal information
Vulnerabilities can be observed in many ways, so practicing OPSEC is a good habit.
An adversary can detect a vulnerability by observing an activity, such as security procedures when entering a building or leaving a residence, such as:
- Physical environment/work area
- Office operating procedures
- Outdated computer software
The most common vulnerabilities include:
- Use of email, social media and the internet
- Access to mail, trash and recyclables
- Predictable patterns and procedures
- Lack of awareness of threats and vulnerabilities
- Increased connectivity on unsecure devices
Use countermeasures to reduce the risk of critical information being exposed. Countermeasures reduce the likelihood that critical information will be lost. These include learning threats and vulnerabilities, using traditional security precautions such as physical, personal and cyber, and enforcing policies.
Learn and practice OPSEC to keep the household safe.