[ISN] DOD to re-emphasize security

From: InfoSec News (isnat_private)
Date: Thu Jun 05 2003 - 23:05:18 PDT

  • Next message: InfoSec News: "RE: [ISN] This computer security column is banned in Canada (Three messages)"

    http://www.fcw.com/fcw/articles/2003/0602/web-opsec-06-05-03.asp
    
    By Dan Caterinicchia 
    June 5, 2003
    
    FORT LAUDERDALE, Fla. -- The secretary of Defense will soon issue a
    directive placing a renewed emphasis on operational security (OPSEC)  
    throughout the department.
    
    Tom Mauriello, director of the interagency OPSEC support staff, said a
    document has been awaiting DOD Secretary Donald Rumsfeld's signature
    since before Operation Iraqi Freedom began that would infuse more
    funding and guidance in the realm of operational security.
    
    Mauriello's comments came during a June 4 speech at the Army Small
    Computer Program's IT conference. He refused to answer any follow-up
    questions, and would only tell FCW that there will soon be a
    "resurgence of emphasis" on OPSEC coming down from the Pentagon.
    
    During a high-energy, wide-ranging 90-minute presentation, Mauriello
    discussed all aspects of OPSEC from the physical through the cyber
    realm and explained the five-part process:
    
    * Collection of critical information, which is not difficult since 80
      percent of all data is open source.
    
    * Threat analysis.
    
    * Vulnerability analysis.
    
    * Risk assessment.
    
    * Counter measures.
    
    Everyone from the acquisition community to human resources personnel
    to building maintenance are involved in OPSEC, but more work is
    needed, he said.
    
    "A good OPSEC program educates people in all parts of an organization
    to think this way," Mauriello said.
    
    As an example, a government intelligence agency decided to outsource
    its building maintenance and gave all of its structural plans to 12
    potential contractors. Those blueprints included detailed schematics
    of the buildings, the locations of electronic and electric equipment
    and sources, and other critical information.
    
    Mauriello refused to name the agency, but said officials from there
    only called him after they realized the magnitude of the mistake they
    had made. "Many times [people] give information away and don't even
    know it."
     
     
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 01:19:26 PDT