By Cynthia Flores-Wilkin | Garrison OPSEC Program Manager, Planning Department, specialist in training, mobilization and security operations
FORT CARSON, Colorado – Open Source Intelligence (OSINT) occurs when an individual uses publicly available or published sources of information, such as eavesdropping or participating in informal conversations. Many people choose a public place such as a restaurant for a meal and may be overheard or engaged in work-related conversations where they have discussed sensitive household information.
Social engineering prompts people to provide sensitive information or access. The most common type of social engineering is phishing. This scam uses a seemingly legitimate email where crooks trick people into installing malware or sending sensitive information.
Consider how easy it can be for an opponent to collect critical information about personal information. Make sure your loved ones are protected from social engineering and understand what critical information to protect.
Questions to consider when identifying a Critical Information List (CIL):
- What is the mission or the project?
- How can the adversary use the information?
- Would the information support an adversary’s strategy or activities?
- How long should the information be protected?
Know what to protect. A CIL is a list of critical information such as capabilities, activities, limitations, and intentions. Critical information can also include personal items such as personally identifiable information, health information, and travel plans.
Learn how to protect critical information and keep it safe. Learn about the vulnerabilities of families in order to protect them.
Refer to CIL when sharing information in these insecure instances:
- Unencrypted email
- Social media posts
- Public conversations or even at home with family and friends
- Travel planning
- Personal information requests
Vulnerabilities can be observed in many ways, so OPSEC practice is a good habit.
An adversary can detect a vulnerability by observing activity, such as security procedures when entering a building or exiting a residence, such as:
- Physical environment / work area
- Office operating procedures
- Obsolete computer software
The most common vulnerabilities include:
- Use of email, social media and the Internet
- Access to mail, garbage and recyclables
- Predictable patterns and procedures
- Lack of awareness of threats and vulnerabilities
- Increased connectivity on unsecured devices
Use countermeasures to reduce the risk of critical information exposure. Countermeasures reduce the likelihood that critical information will be lost. These include learning about threats and vulnerabilities, using traditional security precautions such as physical, personal and cyber measures, and enforcing policies.
Learn and practice OPSEC to ensure household safety.