Can Cyber Situational Awareness Effectively Combat OPSEC Viability?

Lapses in OPSEC can have significant implications for defenders and attackers alike. All too often organizations unknowingly expose confidential information that significantly increases risks. In some cases organizations leak details that are used to fuel social engineering attacks against their staff and, in other cases, sensitive documents are publicly exposed and put their brand at risk. Adversaries stand to lose from poor OPSEC as well. Dridex botnet operator Andrey Ghinkul associated his nickname – “Smilex” – with his real name, providing law enforcement a valuable clue in their investigation. As a defender, you can capitalize on weak attacker OPSEC to strengthen your security posture. Cyber situational awareness can provide insights into the people, processes and technology your adversaries use and turn those into an advantage. As in the Dridex example, humans can represent the most challenging element of OPSEC; a careless error can reveal their identity. The processes attackers use to retain privacy and anonymity, such as adopting aliases or conducting reconnaissance and lateral movement staging, can also tip you off to suspicious behavior. Knowledge of the technologies adversaries adopt to conduct operations – secure operating systems such as WHONIX and TAILS, anonymization networks like TOR, email encryption using PGP, and digital currencies like Bitcoin and WebMoney – can also give you an edge. When combined and analyzed, these insights can help you prevent and detect malicious activity as well as accelerate investigations when a breach happens. Conversely, to prevent adversaries from gaining information about your organization that they can use to their advantage, a tailored, flexible OPSEC program should be the cornerstone of your strategy. The National Operations Security Program Process provides a five-step OPSEC program that defenders can use to mature their OPSEC capabilities. How effective can situational awareness be when combating OPSEC viability? Share your comments with the Cloud and Cyber Security Center.