Tue Mar 10 20:41:42 PDT 2015
Content control: How is intelligence gathering countered?
Option 1: A comprehensive system of operations security should be in place and adapted with time.
Option 2: A limited set of counterintelligence efforts should be undertaken for key high-valued systems and operations.
Option 3: Obvious sources of intelligence should be reduced where not burdensome.
Methods used include:
- Identify what has to be protected.
- Determine adversary intelligence capability.
- Identify applicable intelligence vulnerabilities.
- Determine seriousness of the risk from vulnerabilities.
- Identify and apply countermeasures. (examples include:)
- Reduction of available true information.
- Increase in available false information.
- Awareness and training for human actors.
- Protective (confidentiality) measures non-human content.
A comprehensive system of operations security should be in place and adapted with time.
Operations security (OPSEC) is a process for identifying,
controlling, and protecting information that an adversary could
exploit to the defender's disadvantage. It generally happens in five
phases; (1) identify what has to be protected, (2) determine adversary
intelligence capability, (3) identify the vulnerabilities, (4)
determine seriousness of the risk, and (5) identify and apply
countermeasures. A more detailed analysis of this is contained in
"Frauds, Spies, and Lies - and how to defeat them" on pages 155-165.
A limited set of counterintelligence efforts
should be undertaken for key high-valued systems and operations.
For enterprises with a small number of higher valued content or
for an enterprise with substantial amounts of medium risk content, it
is reasonable to have a limited counterintelligence program. This is
similar to a comprehensive program, except that it is not applied
across the board, but rather only to small subsets of the enterprise
where it is particularly important. As a good example, trade secrets
are often very important to an enterprise, even though most of the
enterprise doesn't need to know them in order to prosper. A limited
counterintelligence program to protect these trade secrets is likely a
Obvious sources of intelligence should be reduced
where not burdensome. Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved
It is always reasonable and prudent to
reduce obvious sources of intelligence that can be harmful. For
example, reducing the presence of email addresses on Web sites reduces
the number of spam emails to those addresses, using a network address
translation (NAT) firewall reduces the number of attack packets that
reach typical computers, and shutting down open access to disk areas
on enterprise computers stops remote users from accessing all of the
files on those computers. These are obvious, simple, not expensive,
and should be used as a matter of diligence unless there is a good
reason not to do them.