DOD to re-emphasize security
- By Dan Caterinicchia, Dan Caterinicchia
- Jun 05, 2003
FORT LAUDERDALE, Fla. — The secretary of Defense will soon issue a directive placing a renewed emphasis on operational security (OPSEC) throughout the department.
Tom Mauriello, director of the interagency OPSEC support staff, said a document has been awaiting DOD Secretary Donald Rumsfeld's signature since before Operation Iraqi Freedom began that would infuse more funding and guidance in the realm of operational security.
Mauriello's comments came during a June 4 speech at the Army Small Computer Program's IT conference. He refused to answer any follow-up questions, and would only tell FCW that there will soon be a "resurgence of emphasis" on OPSEC coming down from the Pentagon.
During a high-energy, wide-ranging 90-minute presentation, Mauriello discussed all aspects of OPSEC from the physical through the cyber realm and explained the five-part process:
* Collection of critical information, which is not difficult since 80 percent of all data is open source.
* Threat analysis.
* Vulnerability analysis.
* Risk assessment.
* Counter measures.
Everyone from the acquisition community to human resources personnel to building maintenance are involved in OPSEC, but more work is needed, he said.
"A good OPSEC program educates people in all parts of an organization to think this way," Mauriello said.
As an example, a government intelligence agency decided to outsource its building maintenance and gave all of its structural plans to 12 potential contractors. Those blueprints included detailed schematics of the buildings, the locations of electronic and electric equipment and sources, and other critical information.
Mauriello refused to name the agency, but said officials from there only called him after they realized the magnitude of the mistake they had made. "Many times [people] give information away and don't even know it."