07 March 2009

Educate Soldiers about Online OPSEC

Ensuring our Soldiers practice security when blogging requires two things: proper education and trust. Proper education comes in several forms, one of which already exists as a regular training requirement for soldiers. Annually, every Soldier must attend a training session about OPSEC. This training is conducted at the unit level and typically consists of standard training material coupled with information specific to their unit and/or location. Adding discussion about how the principles of OPSEC apply to all manners of transmitting information will ensure Soldiers understand all aspects of OPSEC. Several slide presentations prepared by the 1st Information Operations Command provide an excellent basis for any unit to use when educating their Soldiers about the security risks of online activity and how to be an honest and interesting blogger while still maintaining appropriate OPSEC.

In accordance with the Army's current blogging policy, before a Soldier is authorized to blog about anything pertaining to the military they must have a conversation with their commander and their unit security officer. The security officer must cover in detail how OPSEC applies to the Soldier’s blog and things they should be very careful about when blogging. After providing quality education and training and maintaining a register of all websites maintained by Soldiers in their command, commanders must then trust their Soldiers to practice proper security while blogging. Commanders can certainly spot check Soldiers’ blog entries, but this will not prevent security breaches: it will only identify them after they have occurred. Preventing the breach in the first place requires the Soldier to be fully aware of what can and cannot be posted as well as being aware of methods the enemy uses to piece together bits of information gained from around the wide variety of open sources. Knowing that their commanders may spot check their blog at any time may motivate Soldiers to think clearly about any possible security violations in a draft post and remove them before posting. This requires the commander to trust his Soldiers online just as he trusts them with a weapon and the mission.

No comments:

Post a Comment