HANSCOM AIR FORCE BASE, Mass. – Operations security, or OPSEC, knows no boundaries. With so many of us shifted to telework amidst the COVID-19 outbreak, local protection professionals emphasize it’s as important as ever to remain vigilant and continue to practice risk-appropriate OPSEC principles.
Integrating systematic OPSEC measures into day-to-day activities and operations – whether at home or in the office – helps protect personal, proprietary and sensitive program information from disclosure and subsequent adversary exploitation, according to security experts.
Jeff Jeghers, directorate security chief for Digital Directorate, underscores the importance of taking appropriate steps to deter those who strive to exploit information during times of change and stress.
“It’s about perspective,” he said. “The concept of looking at yourself through the eyes of an adversary is what makes OPSEC effective.”
Jeghers recommends learning the criticality of the data being conveyed and aggregated, knowing how you are communicating or storing it during this current contingency, and with whom you’re sharing the information.
Joseph Massey, the 66th Air Base Group installation OPSEC program manager, agrees.
“The old adage of ‘loose lips sink ships’ is true across the board,” he said. “OPSEC is the building principle upon which all other security disciplines have relevance, so attention to detail and education, especially in this environment, are key.”
While teleworking can present its own set of challenges, tried-and-true security standards should still be applied at home, noted Deborah DeTora, the 66 ABG’s director of Information Protection.
“Continue to be aware of your surroundings, and use the same procedures as you do in your office on base,” she said.
The security pros concur on those essential protection guidelines, offering teleworkers the following OPSEC tips to keep in mind:
· Don’t rush: Take your time and make deliberate actions before you send data or respond to an inquiry.
· Don’t be intimidated: Adversaries will force your action by using fear, especially during this time frame.
· Move with confidence: Use only authorized systems and log-on procedures. “Digitally signing emails and encrypting what is required are now more important than ever,” Jeghers said.
· Make risk decisions at appropriate levels: If you find you won’t be able to adhere to an expected standard while working remotely, use your chain of command to make sound decisions before you proceed.
· Work within government resources: Use only government-issued computers and email accounts. “And remember, personal peripheral devices are not authorized, including printers, thumb drives or external hard drives,” DeTora said.
· Consult with the proper points of contact for assistance: Information assurance experts are vital for system guidance, and should be contacted when you have technical concerns. Information-protection leads or security managers can assist with tracking down and interpreting unit critical information and indicator lists, or CIILs, which are essential for proper OPSEC application.
“Overall, use sound judgement, and seek out trusted sources of both information and products," Jeghers said. “And most importantly, remember to stay flexible, focus on mission, your colleagues and your families.”