Fri Apr 8 06:51:40 PDT 2016

Content control: How is intelligence gathering countered?


Options:

Option 1: A comprehensive system of operations security should be in place and adapted with time.
Option 2: A limited set of counterintelligence efforts should be undertaken for key high-valued systems and operations.
Option 3: Obvious sources of intelligence should be reduced where not burdensome.

Methods used include:

  • Identify what has to be protected.
  • Determine adversary intelligence capability.
  • Identify applicable intelligence vulnerabilities.
  • Determine seriousness of the risk from vulnerabilities.
  • Identify and apply countermeasures. (examples include:)
    • Reduction of available true information.
    • Increase in available false information.
    • Awareness and training for human actors.
    • Protective (confidentiality) measures non-human content.

Decision:

Use the following approach as appropriate:
Risk Approach
High A comprehensive system of operations security should be in place and adapted with time.
MediumA limited set of counterintelligence efforts should be undertaken for key high-valued systems and operations.
LowObvious sources of intelligence should be reduced where not burdensome.
Approaches to counter intelligence gathering

Basis:

A comprehensive system of operations security should be in place and adapted with time.
Operations security (OPSEC) is a process for identifying, controlling, and protecting information that an adversary could exploit to the defender's disadvantage. It generally happens in five phases; (1) identify what has to be protected, (2) determine adversary intelligence capability, (3) identify the vulnerabilities, (4) determine seriousness of the risk, and (5) identify and apply countermeasures. A more detailed analysis of this is contained in "Frauds, Spies, and Lies - and how to defeat them" on pages 155-165.

A limited set of counterintelligence efforts should be undertaken for key high-valued systems and operations.
For enterprises with a small number of higher valued content or for an enterprise with substantial amounts of medium risk content, it is reasonable to have a limited counterintelligence program. This is similar to a comprehensive program, except that it is not applied across the board, but rather only to small subsets of the enterprise where it is particularly important. As a good example, trade secrets are often very important to an enterprise, even though most of the enterprise doesn't need to know them in order to prosper. A limited counterintelligence program to protect these trade secrets is likely a sound approach.

Obvious sources of intelligence should be reduced where not burdensome.
It is always reasonable and prudent to reduce obvious sources of intelligence that can be harmful. For example, reducing the presence of email addresses on Web sites reduces the number of spam emails to those addresses, using a network address translation (NAT) firewall reduces the number of attack packets that reach typical computers, and shutting down open access to disk areas on enterprise computers stops remote users from accessing all of the files on those computers. These are obvious, simple, not expensive, and should be used as a matter of diligence unless there is a good reason not to do them.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved