Many of us have come to take traveling with our computers and mobile devices lightly – without remembering the security issues that may come about while being abroad. There are situations that should give you a second thought about how to travel with your personal devices, and while the risk varies, there are security steps, especially as a national security worker, that you should consider when planning to travel abroad or domestically.
For this episode of ClearedCast, we were joined by John Davis who is a retired U.S. Army counterintelligence Officer and linguist, currently in retirement and writing essays on counterintelligence, OPSEC, and security issues for the ClearanceJobs news site.
Davis was the counterintelligence point of contact for a major command facility and their security officers, and had installations around the world. He also taught the Department of Army OPSEC course for 10 years, which eventually became a model for the curriculum at other agencies.
KEY OPSEC PRINCIPLES
There are basic OPSEC principles that you should identify, basically what is critical to your specific program. “In other words, if you lost something, or if somebody stole something and your whole program is compromised, who ought to get it?” Davis notes. In the threat portion of the OPSEC process, you are determining who that who is. For example, is it a country? Or other type of adversary? Another determining factor in the OPSEC process is if you as a company or person are giving away vital information unwittingly.
For example, one aspect of any organization evaluating these types of protections is deciding what it is you’re actually trying to protect. Is it a thing? For example, are you protecting a single component on a tank or is it the entire tank? If you decide that the critical information is actually a small component of that tank, you are going to protect it differently than having to protect the entire vehicle. Perhaps you’re trying to protect a process . Everyone should always keep in mind what is critical to the success of your own mission.
“You can’t live in a world where you’re totally safeguarded from everything, and we see this in the pandemic, but you should always create a risk assessment,” says Davis. “What can I do to complete my mission without risking the entire compromise of the program. Lastly, you apply appropriate OPSEC measures depending on your vulnerability analysis.”
While Davis was in defense, he created a foreign travel briefing program, really of its own kind. “If any of our people went overseas, they were required to receive a classified foreign travel briefing program, but the interesting part is we established the method whereby they would get a tailored briefing.” Davis explained that companies tend to give boiler plate briefings to save time and money (i.e. we’re having 17 people travel this month so you kill all 17 briefings in one meeting). He stresses that this is almost wasting everyone’s time even more.
Each country has different threats and each traveler is threatened differently. There’s a whole host of issues that are out there that people need to be cognizant of, but the best defense is if you don’t need to go, don’t be there. If you don’t need a computer while you’re traveling, then don’t bring it. Another tactic is to bring a clean computer, one that is not your personal or company laptop so you are less compromised.
Don’t Leave Home Without Your OPSEC Awareness
Thinking of more than just your personal fun keeps your personal and professional life safe. It’s important to not leave home without your OPSEC awareness.