operational security

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems
by Heather Adkins , Betsy Beyer , Paul Blankinship , Ana Oprea , Piotr Lewandowski and Adam Stubblefield
Published 29 Mar 2020

-Compromises Versus Bugs email attack example, The Investigative Process establishing your incident team, Establishing Your Incident Team handovers, Handovers-Handovers, Handover, Handing Back the Incident hypothetical example, Putting It All Together-Closure intersection of security and reliability, Crisis Response investigative process, The Investigative Process-Sharding the investigation keeping control of the incident, Keeping Control of the Incident-Morale keeping the right people informed with the right levels of detail, Keeping the Right People Informed with the Right Levels of Detail operational security, Operational Security-Operational Security, Communications and Operational Security parallelizing the incident, Parallelizing the Incident preparing communications and remediation, Preparing Communications and Remediation reliability/security tradeoffs, Reliability Versus Security: Design Considerations taking command of your incident, Taking Command of Your Incident-Sharding the investigation trading good OpSec for the greater good, Trading Good OpSec for the Greater Good triage, Is It a Crisis or Not?

…

Liberia, Criminal Actors libFuzzer, How Fuzz Engines Work linters, Automated Code Inspection Tools LLVM Clang, How Fuzz Engines Work load balancing, Defendable Architecture load shedding, Load shedding location separation, Location Separation-Isolation of confidentialityaligning physical and logical architecture, Aligning physical and logical architecture isolation of confidentiality, Isolation of confidentiality isolation of trust, Isolation of trust location-based trust, Isolation of trust Lockheed Martin, Intelligence gathering loggingattackers' bypassing of, Small Functional APIs budget for, Budget for Logging collecting appropriate/useful logs, Collect Appropriate and Useful Logs-Budget for Logging designing for immutability, Design Your Logging to Be Immutable determining which security logs to retain, Determine Which Security Logs to Retain-Network-based logging and detection intersection of security and reliability, Investigating Systems and Logging logs as attack target, Reliability Versus Security: Design Considerations privacy issues, Take Privacy into Consideration reliability issues, Reliability Lonestar, Criminal Actors lost causes, value of, Pick Your Battles low-dependency service, Low-dependency components-Low-dependency components M malicious actions, recovery from, Malicious Actions malware reports, Threat Intelligence MASVN (minimum acceptable security version numbers), Minimum Acceptable Security Version Numbers-Minimum Acceptable Security Version Numbers mean time to detection (MTTD), Monitoring and Alerting mean time to repair (MTTR), Monitoring and Alerting meetings, in crisis management situations, Meetings Mehta, Neel, Example: Growing Scope—Heartbleed memory corruption, checksums and, Distinguish horses from zebras memory-safe languages, Use memory-safe languages mental modelsidempotency and, Pay attention to idempotent operations understandability and, Mental Models microservicesdesigning for change with, Use Microservices-Example: Google’s frontend design Google's frontend design, Example: Google’s frontend design Google-internal framework, Example: Microservices and the Google Web Application Framework rate-limiting mechanism as, Design to Go as Quickly as Possible (Guarded by Policy) role separation, Role Separation military, cyber warfare and, Military purposes Miller, Matt, Use memory-safe languages minimum acceptable security version numbers (MASVN), Minimum Acceptable Security Version Numbers-Minimum Acceptable Security Version Numbers Mission Control program, Build Empathy mission, of IR team, Establish a Team Charter mistakes, threat modeling and, Threat modeling insider risk MIT (Massachusetts Institute of Technology), Attacker Profiles mitigation doc, Scoping the Recovery mitigation strategies, advanced (see advanced mitigation strategies) MITRE, Tactics, Techniques, and Procedures morale issuesIC's responsibility for, Morale on incident response teams, Establish a Team Charter motivations, of attacker, Attacker Motivations MTTD (mean time to detection), Monitoring and Alerting MTTR (mean time to repair), Monitoring and Alerting multi-party authorization (MPA), Multi-Party Authorization (MPA)code review as, Require Code Reviews reliability and, Investing in a Widely Used Authorization Framework resilience and, Resilience unilateral insider risk protection, Three-Factor Authorization (3FA) multicomponent failure testing, Multicomponent testing multilevel nesting, Avoid Multilevel Nesting mutation testing, When to Write Unit Tests N NASA, Culture of Inevitably nation-state actors, protecting systems from, Protecting your systems from nation-state actors(see also governments) Netflix, Fuzz Testing network intrusion detection systems (NIDSs), Network-based logging and detection nonfunctional requirements, Nonfunctional Requirements nontechnical risks, Costs and nontechnical risks North Korea, Attacker Motivations notes, keeping during recovery, Recovery Logistics, Postmortems NotPetya ransomware, Risk Assessment Considerations NSA, Risk Assessment Considerations NSO Group, Policing domestic activity O observability, improving, Improve observability OIDC (OpenID Connect), Identities, Example: Identity model for the Google production system OL (operations lead), Establishing Your Incident Team one-time passwords (OTPs), Example: Strong second-factor authentication using FIDO security keys-Example: Strong second-factor authentication using FIDO security keys one-time programmable (OTP) devices, Rolling back firmware and other hardware-centric constraints OODA (observe, orient, decide, act) loop, Parallelizing the Incident open source componentsfor Google custom CA, Securing Third-Party and Open Source Components third-party insider threats, Third-party insiders OpenID Connect (OIDC), Identities, Example: Identity model for the Google production system OpenSSHconfiguration distribution via, POSIX API via OpenSSH custom OpenSSH ForceCommand, Custom OpenSSH ForceCommand OpenSSL library, Evolution, Example: Growing Scope—Heartbleed operating parameters, IR team, Define Operating Parameters for Engaging the IR Team operating system logs, Operating system logs Operation Aurora, Protecting your systems from nation-state actors, After the Recovery operational overload, Set aside time for debugging and investigations, Know what’s normal for your system operational security (OpSec)crisis management, Operational Security-Operational Security hypothetical crisis management example, Communications and Operational Security trading good OpSec for the greater good, Trading Good OpSec for the Greater Good operations lead (OL), Establishing Your Incident Team OSS-Fuzz, Example: ClusterFuzz and OSSFuzz OTP (one-time programmable) devices, Rolling back firmware and other hardware-centric constraints OTPs (one-time passwords), Example: Strong second-factor authentication using FIDO security keys-Example: Strong second-factor authentication using FIDO security keys overcommunication, Example: Increasing HTTPS usage, Misunderstandings, Overcommunicate and Be Transparent overprovisioning, Defender’s Strategy P panic rooms, Graceful Failure and Breakglass Mechanisms parallelizing an incident, Parallelizing the Incident Park Jin Hyok, Attacker Motivations partial restores, Persistent data passwords, On Passwords and Power Drills patch, defined, Short-Term Change: Zero-Day Vulnerability payment processing system design (case study), Example: Payment Processing-Security riskssecurity/reliability considerations, Security and reliability considerations third-party service provider for sensitive data, Using a third-party service provider to handle sensitive data-Security risks Peach Fuzzer, How Fuzz Engines Work penetration testers, Vulnerability Researchers, Special Teams: Blue and Red Teams permissions, Classifying Access Based on Risk persistent data, Persistent data personally identifiable information (PII), Security and reliability considerations Petya ransomware, Risk Assessment Considerations phishing attackcredential rotation and, Credential and Secret Rotation recovery from, Large-Scale Phishing Attack-Large-Scale Phishing Attack two-factor authentication to address risk of, Example: Strong second-factor authentication using FIDO security keys phone bridges, Communications physical location, Location Separation-Isolation of confidentiality PII (personally identifiable information), Security and reliability considerations pivot points, The Investigative Process playbooks, IR team, Create Detailed Playbooks poisoned regions, Dynamic Program Analysis police (see law enforcement agencies) policiesavoiding automated unsupervised changes, A foothold for humans creating unambiguous, Create Unambiguous Policies POSIX API, Small Functional APIs, POSIX API via OpenSSH postmortems, Postmortems-Postmortems, Building a Culture of Security and Reliability, Culture of Inevitably post_install command, Host management prestaging (disaster planning), Prestaging Systems and People Before an Incident-Processes and Proceduresconfiguring systems, Configuring Systems processes and procedures, Processes and Procedures training, Training pre_rm command, Host management priority models, IR teams and, Establish Severity and Priority Models privacy, logging and, Take Privacy into Consideration productionintersection of security and reliability, From Design to Production safe proxies in production environments, Safe Proxies in Production Environments-Safe Proxies in Production Environments single system testing/fault injection, Single system testing/fault injection testing response in production environments, Testing Response in Production Environments productivityincreasing, Increase Productivity and Usability-Increase Productivity and Usability least privilege and, Impact on User Productivity profile, attacker, Attacker Profiles program analysisdynamic, Dynamic Program Analysis-Dynamic Program Analysis static, Static Program Analysis-Formal Methods(see also static analysis) Project Shield, Defendable Architecture provenancebinary, Binary Provenance-What to put in binary provenance, Data Sanitization data sanitization and, Data Sanitization ensuring unambiguous provenance, Ensure Unambiguous Provenance provenance-based deployment policies, Provenance-Based Deployment Policies-Implementing policy decisions proxies, Proxiesbenefits of, Safe Proxies in Production Environments downsides of, Safe Proxies in Production Environments safe (see safe proxies (case study)) pseudonymization, Take Privacy into Consideration publicly trusted certificate authority (CA), Case Study: Designing, Implementing, and Maintaining a Publicly Trusted CA-Conclusion Purple Team, Evaluating Responses, Special Teams: Blue and Red Teams Pwn2Own, Speed Matters Pwnium, Speed Matters Q quality-of-service (QoS) controls, Graceful Degradation quarantine (isolation)assets, Isolating Assets (Quarantine)-Isolating Assets (Quarantine) compartments and, Controlling the Blast Radius R random errors, recovery from, Random Errors ransomware attacks, Criminal ActorsPetya, Risk Assessment Considerations responses based on culture, Triaging the Incident Rapid (software release tool at Google), System Rebuilds and Software Upgrades rate-limiting mechanism, Design to Go as Quickly as Possible (Guarded by Policy) readability, Rollout Strategy recovery, Recovery and Aftermath-Credential and Secret Rotation, Examples-Targeted Attack Requiring Complex Recoveryaftermath of, After the Recovery-Postmortems attacker's response to, How will your attacker respond to your recovery effort?

…

Triaging the Incident Compromises Versus Bugs Taking Command of Your Incident The First Step: Don’t Panic! Beginning Your Response Establishing Your Incident Team Operational Security Trading Good OpSec for the Greater Good The Investigative Process Keeping Control of the Incident Parallelizing the Incident Handovers Morale Communications Misunderstandings Hedging Meetings Keeping the Right People Informed with the Right Levels of Detail Putting It All Together Triage Declaring an Incident Communications and Operational Security Beginning the Incident Handover Handing Back the Incident Preparing Communications and Remediation Closure Conclusion 18.

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
by Ben Buchanan
Published 25 Feb 2020

For this reason, the NSA calls these documents “technology warning mechanism[s]” and spies on groups like the GSM Association to get them.27 The NSA uses a secretive unit, the Target Technology Trends Center, to do this. The unit’s logo, a giant telescope superimposed on a globe, and its motto—“Predict, Plan, Prevent”—give a sense of its mission: to make sure the agency is not rendered blind by the network operators’ security upgrades and advances. The mobile communications experts and analysts in the unit spy on phone companies all over the world to ensure that future collection remains unimpeded.28 The Target Technology Trends Center builds and maintains a database of mobile phone operators. As of 2012, the database included around seven hundred companies, about 70 percent of the world’s total.29 The group focuses on gathering information that the agency can use to defeat security mechanisms and gain access to cellular calls, messages, and data.30 The NSA maintains a list of around twelve hundred email addresses associated with employees at mobile phone operators around the world.31 Using its signals intelligence methods—almost certainly including passive collection—the NSA makes its own surreptitious copy of some of the information sent to and from these addresses.

…

From this intermediate vantage point, the team at TAO sat back and observed as a wealth of useful information passed by. They watched as the Chinese conducted vulnerability scans and looked for new targets. They spotted Chinese misdirection efforts using email account masquerades and spear-phishing in action. The Chinese hackers were sloppy at times, demonstrating a lack of discipline and operational security. From the same hop points they used for espionage efforts, they sometimes logged into personal email accounts, checked stock portfolios, and watched pornography. TAO quietly kept tabs on them all the while. Once again, the situation highlights the absurd cat-and-cat-and-mouse game endemic to modern cyber operations.

…

Analysts began to develop signatures for the hackers and to track their activities across the internet. To do this, they married the indicators of the group’s activity with the broad net of the Five Eyes’ passive collection apparatus. They were able to see the hop points from which the hackers operated, and, due to the hackers’ poor operational security, log into those systems themselves. This increased collection of information revealed that, in addition to their interest in Iranian targets, the unknown hackers also spied on computers in North Africa, in French-speaking media organizations, in former French colonies, and in European supranational organizations.

Outlaw Platoon: Heroes, Renegades, Infidels, and the Brotherhood of War in Afghanistan
by Sean Parnell and John Bruning
Published 28 Feb 2012

On the other end of the chow hall, Yusef sat shooting the breeze with some of Second Platoon’s men. He was always asking us to define words and sayings. He loved jokes, the raunchier, the better. He preferred to hang out with our troops, something that unsettled me at times because of the familiarity it bred. That level of closeness could become an operational security issue, and I made a mental note to talk to the men about it. As I walked past him, Yusef greeted me with all the effusive warmth of a used-car salesman. “Commander Sean, I get an AK-47 today?” he asked. “No,” I said. “But Abdul carried AK,” he said. “No.” “But how will I defend myself?

…

As I checked around for it, somebody mentioned that the ’terps occasionally used them. That surprised me, and I felt a fleeting sense of disquiet over the discovery. A sat phone can be used to call anywhere on the planet. A local national on our base using one could be seen as a breach in operational security. I hustled over to the ’terp hooch, where I found Yusef curled up on his cot, talking quietly into the missing sat phone. He was alone; Bruce Lee and Shaw were out on duty. When he saw me enter, he hung up and said sheepishly, “Just talking to my family, Commander Sean.”

…

On August 16, the mole had made contact with the Iranian team. In coded references, he had revealed the exact location at which Outlaw Platoon planned to establish an observation post that day. Somehow, between the time the platoon had come in from the hilltop in the morning and the time the men had returned to it, the mole had penetrated our operational security and learned exactly what we were going to do. Then he had tipped off the Iranians, who had contacted Galang’s old force. The insurgents had beat us to the hilltop and seeded it with mines. No doubt, the nearby villagers had seen them emplace the devices. When our platoon had arrived a few hours later, they wanted to see what would happen.

Active Measures: The Secret History of Disinformation and Political Warfare
by Thomas Rid

Active measures are contradictory: they are covert operations designed to achieve overt influence, secret devices deployed in public debates, carefully hidden yet visible in plain sight. This inherent tension has operational consequences. Over the decades, dirty tricksters in various intelligence agencies, Western and Eastern, have discovered that tight operational security is neither cost-effective nor desirable, for both partial and delayed exposure may actually serve the interests of the attacker. It is not an accident that disinformation played out in shifting shadows, not in pitch-black darkness. Often, at least since the 1950s, the covert aspect of a given disinformation campaign was only a veneer, imperfect and temporary by design.

…

Just one day after the first documents became public, Lorenzo Franceschi-Bicchierai, one of the best reporters at the technology-focused website Motherboard, was the first journalist to publish an investigative story calling the DNC hack “a disinformation campaign by Russian spies.”11 The same day, June 16, a private intelligence firm named Secureworks published a stunning finding. The firm had discovered what would later be recognized as one of the GRU’s gravest operational security mistakes, one that became clear only when investigators finally figured out the mechanics of the Russian campaign. The remarkable discovery began with an email not unlike the one that tricked John Podesta’s staffers. The link to the fake log-in page was behind the fake CHANGE PASSWORD button.

…

The IRA did not have a cafeteria or canteen, although Prigozhin, known as “Putin’s chef,” owned a sprawling catering business. “People had to bring food boxes from home,” said one former worker to The Washington Post. “Prigozhin did not treat the trolls well. He could at least feed them.” Such poor discipline and operational security contrasts sharply with proper intelligence fronts, such as the CIA’s LCCASSOCK in the 1950S, where only the principal agent and perhaps a treasurer would know about the real source of funding. Yet a division of labor was emerging. The Russian security establishment effectively kept collection and release within the intelligence community, but outsourced the noisy and cheap business of driving wedges through social media to dedicated third-party service providers.

No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State
by Glenn Greenwald
Published 12 May 2014

He became adept at the most sophisticated methods for safeguarding electronic data from other intelligence agencies and was formally certified as a high-level cyber operative. He was ultimately chosen by the Defense Intelligence Agency’s Joint Counterintelligence Training Academy to teach cyber counterintelligence at their Chinese counterintelligence course. The operational security methods he insisted we follow were ones he learned and even helped design at the CIA and especially the NSA. In July 2013 the New York Times confirmed what Snowden had told me, reporting that “while working for a National Security Agency contractor, Edward J. Snowden learned to be a hacker” and that “he had transformed himself into the kind of cybersecurity expert the N.S.A. is desperate to recruit.”

…

The pattern that I followed my entire time in Hong Kong was thus set: working on stories throughout the night with the Guardian, doing interviews by day with the media, and then joining Laura and Snowden in his hotel room. I frequently took cabs around Hong Kong at 3:00 or 4:00 a.m., going to television studios, always with Snowden’s “operational security” instructions in mind: never to part with my computer or the thumb drives full of documents to prevent tampering or theft. I traveled the desolate streets of Hong Kong with my heavy backpack permanently attached to my shoulders, no matter where or what the hour. I fought paranoia every step of the way and often found myself looking over my shoulder, grabbing my bag just a bit more tightly each time someone approached.

…

“They want to be able to say, ‘We had nothing to do with transporting these documents, it was Glenn and Laura who passed them back and forth.’” She added that using FedEx to send top secret documents across the world—and to send them from her in Berlin to me in Rio, a neon sign to interested parties—was as severe a breach of operational security as she could imagine. “I will never trust them again,” she declared. But I still needed that archive. It contained vital documents related to stories I was working on, as well as many others still to be published. Janine insisted that the problem was a misunderstanding, that the staffer had misinterpreted comments by his supervisor, that some managers in London were now skittish about carrying documents between Laura and me.

This Is How You Lose the Time War
by Amal El-Mohtar and Max Gladstone
Published 15 Jul 2019

Closing a letter—a physical object without even a ghost in the cloud, all that data on one frail piece of paper—with an even more malleable substance, bearing, of all things, an ideographic signature! Informing any handler of the message’s sender, her role, perhaps even her purpose! Madness—from an operational-security perspective. But, as the prophets say, there ain’t no mountain high enough—so I’ve essayed the work here. I hope you enjoy your whacked seal. I didn’t supply any extra scent, but the medium has a savor all its own. There’s a kind of time travel in letters, isn’t there? I imagine you laughing at my small joke; I imagine you groaning; I imagine you throwing my words away.

…

I should tell you, as Mrs. Leavitt would, that it’s customary to send letters that can be opened without ruining the seal, but I appreciate your innovation more than I can say. What I can say: It was very cold out on the ice. Your letter warmed me. Your talk of ideographic signatures and operational security brought to mind some grooming work I did among a few strands’ worth of Bess of Hardwick’s botanists. While there it was my pleasure to observe correspondence between them and their Lady; just how layered and complex plain speech could be, how many secrets wrapped in the banner of Sincerity (a word commonly invented in sixteenth centuries).

Glasshouse
by Charles Stross
Published 14 Jun 2006

"I'm all ears," I say. He shudders. "Don't say that." "Well it's"—not literally—"true. Sort of." "Where were you when the war broke out?" he asks. Oops. I didn't expect him to ask that. Revealing that kind of thing would be a big no-no under normal circumstances—a breach of operational security that could allow an opponent to work out exactly who you are and thereby figure out all sorts of useful things about you, enough to endanger you operationally, because virtually everything you ever did in public is stored in a database somewhere. But —we're in the guts of a MASucker, and if I'm not mistaken, there's only one data channel in or out, and Sam isn't part of the cabal, and I reckon the current risk of our being eavesdropped on is low.

…

The setup is designed to encourage resocialization, to help integrate them back into something vaguely resembling postwar society; it's a former MASucker configured as a compact polity with with just one T-gate in or out. Bad guys go in, civilians come out. At least, that was the original theory. "What's going on?" I ask. "I think someone's broken our operational security," says Sanni. I shudder and stare at the muggers. "Yes," he says, seeing the direction of my gaze. "I said we don't have long. A group drawn from several of our operational rivals have infiltrated the Strategic Amnesia Commissariat of the Invisible Republic and taken over the funding and operational control of the glasshouse.

…

Team Yellow, hang around, and I'll brief you. Team Green, eat your lunch, then go back to work—come back to the library individually this afternoon or tomorrow, and Janis will sort you out, back you up, and brief you." There's more muttering from the back. Janis clears her throat. "One more thing. Operational security is paramount. If anyone says anything, we are all . . . not dead. Worse. Dr. Hanta has a full-capability brainfuck clinic running in the hospital. If you give any sign outside of this basement that you're involved in this plan, they'll shut down the shortjump gates, isolating you, and flood us with zombies until we run out of bullets and knives.

This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers
by Andy Greenberg
Published 12 Sep 2012

He read it. Then he put it in an archive folder and never responded. Why? May says that he had shown that BlackNet could serve its intended purpose. But he argues, a little defensively, that trying to set up a WikiLeaks-like system to distribute or publish black market information required operational security he couldn’t handle. Even if he had kept BlackNet’s source secret, he was clearly the cypherpunks’ prime suspect for enacting such a scheme. And he points out that the message may have also been a honey trap designed to ensnare him and put him in prison. But more frankly, May says, he simply didn’t care.

…

Assange’s first reaction, when Berg told him about meeting Domscheit, was to suggest that Berg dig up “dirt” on her that would be useful when they separated, a piece of advice that deeply wounded Berg. When Berg moved into Domscheit’s apartment shortly after their relationship began, Assange chastised him for putting his full name on the door, a gross display of negligence in Assange’s unspoken rules of operational security. In a written statement Assange would release eighteen months later explaining Domscheit-Berg’s expulsion from WikiLeaks, he would mark that violation as the first sign that Berg couldn’t be trusted with WikiLeaks’ resources and materials. In the same statement, he went on to write that the girlfriend of a Mossad agent attended the Domscheit-Bergs’ wedding, and to accuse Daniel Domscheit-Berg of having given “helpful” information to U.S. intelligence agencies.

…

But to Assange and any other hacker, revealing a password represented a glaring security breach. Those familiar with PGP know that when a file is encrypted to a certain key, the private key will always open a copy of that encrypted file and thus can never be revealed. Secret keys remain secret for life. This was no minor operational security slipup. If someone curious about the archive’s mysterious “xyz” folder—and Web forums of WikiLeaks-watchers were already buzzing about the folder’s mysterious contents—tried testing the printed password out on the four files, one by one, the result would be an incredible and terrible discovery: When he or she reached “z,” the final file would open to reveal the entire, unredacted set of State Department Cables, complete with every sensitive source’s name, from Chinese dissidents to African journalists, every innocent informant to the State Department in every repressive regime around the world.

Top Secret America: The Rise of the New American Security State
by Dana Priest and William M. Arkin
Published 5 Sep 2011

IO (Information Operations): Information operations, sometimes called influence operations, are primarily engaged in influencing foreign perceptions and decision making. During armed conflict, they also include efforts to achieve physical and psychological results in support of military operations. Military IO includes psychological operations (PSYOP), military deception, and operations security (OPSEC), which are measures to protect the security of U.S. operations and information and further their goals. JCITA (Joint Counterintelligence Training Academy): Located in Elkridge, Maryland, JCITA is the primary training organization specializing in advanced counterintelligence. Established in 2000, it is a part of the Defense Intelligence Agency.

…

ONI (Office of Naval Intelligence): The navy’s lead intelligence center, it is headquartered at the National Maritime Intelligence Center (NMIC) in Suitland, Maryland. It produces maritime intelligence and analyzes and assesses foreign naval capabilities, trends, operations, and tactics, global civil maritime activity, and an extensive array of all-source analytical products. OPSEC (Operation Security): Measures taken to prevent documents, technology, and plans from being disclosed to unauthorized personnel. OSD (Office of the Secretary of Defense): The OSD formulates general defense policy and policy related to the DoD. It is organized primarily through a set of undersecretaries: undersecretary for acquisition, technology, and logistics; undersecretary for intelligence; undersecretary for personnel and readiness; and undersecretary for policy.

…

Examples are Department of Homeland Security threat assessments. 2 Information operations (IO) are those operations primarily engaged in influencing foreign perceptions and decision making. During armed conflict, they also include efforts made to achieve physical and psychological results in support of military operations. Military IO capabilities include psychological operations (PSYOP), military deception (MILDEC), and operations security (OPSEC), which are measures to protect the security of U.S. operations and information and further their goals. 3 Special Technical Operations (STO) involve “nonkinetic” (for example, nonexplosive) modes of warfare, from classic electronic warfare to the latest cyberwarfare and directed energy techniques.

Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
by David Gerard
Published 23 Jul 2017

The Silk Road server had been traced when its real address leaked; they had found the name “Frosty” for the apparent system administrator, an alias Ulbricht had used with forum accounts linked to his GMail account and in many other places. Multiple FBI agents had befriended him on the site and even become administrators. Everyone had assumed that “Dread Pirate Roberts” had the most painstaking operational security imaginable. It turned out Ulbricht was protected by nothing more than an impenetrable shield of narcissism, and an apparent belief that he was too smart and virtuous to be caught. At trial, on charges of money laundering, computer hacking, conspiracy to traffic fraudulent identity documents and conspiracy to traffic narcotics, Ulbricht’s defense amounted to digital identity being ambiguous, with unsubstantiated claims that someone else had set him up.

…

In 2014, darknet markets were estimated to have processed more bitcoins than all legitimate payment processors put together.200 Gwern Branwen has written extensively on the darknet markets and has released 1.6 terabytes of screenshots from darknet sites,201 with analyses.202 The darknet markets fulfil a demand (drugs), but, despite increasingly complex escrow arrangements, they still fall to bad operational security or getting hacked, or just steal all their users’ money – “the constant wearying turmoil of exit-scams and hacks”.203 That said, reliability and quality remain surprisingly good otherwise. However, even drug buyers avoid Bitcoin if they possibly can. Both buyers and sellers frequently complain of Bitcoin’s ridiculously volatile price messing up deals, and transactions taking hours or days to be confirmed with an unpredictable fee.

Spies, Lies, and Algorithms: The History and Future of American Intelligence
by Amy B. Zegart
Published 6 Nov 2021

Desperate for information about British troop strength and plans, Washington instructed Colonel Thomas Knowlton to send a spy behind enemy lines. A twenty-one-year old captain from Connecticut named Nathan Hale courageously volunteered. Hard facts are scant, but evidence suggests the operation was botched from the start. The mission was announced and volunteers solicited in a meeting of several officers—poor operational security.31 Hale used his real name32 and brought his Yale diploma with him, presumably to bolster his cover story that he was an unemployed school teacher looking for work—except that unemployed school teachers didn’t usually hang around British fortifications. In addition to Hale’s flimsy cover, Hale was known to be exceptionally trusting, a poor quality for a spy.

…

During this early period, America’s intelligence system, from collection to analysis to counterintelligence, was largely a do-it-yourself operation. General Washington frequently served as his own spymaster and chief analyst, setting up production for invisible ink,43 advising assets on how to maintain operational security, planting false information for suspected double agents, and assessing the value of the information that came in. Because Washington was enmeshed in running so many intelligence and military operations, he sometimes found it difficult to keep track of everything. In 1777, he wrote to one of his agents, “It runs in my head that I was to corrispond [sic] with you by a fictitious name, if so I have forgotten the name and must be reminded of it again.”44 In 1775, Washington ordered a secret paramilitary mission to seize gunpowder stores in Bermuda.

…

The National Geospatial-Intelligence Agency (NGA) used reference points from the images to estimate his height as well as the genders and heights of others living there.126 NGA used other sensing devices to create 3D models of the compound. The CIA’s open-source center scooped up public information about the city of Abbottabad, but to keep operational security tight, officials requested research on several Pakistani cities.127 The CIA also set up a safe house in Abbottabad with a small team to establish “patterns of life” at the compound.128 Their activities included spying on the laundry hanging outside to determine the number of residents, their genders, and whether they were adults or children.129 All of this does indeed sound like something out of a Jason Bourne film.

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous
by Gabriella Coleman
Published 4 Nov 2014

But as computer security researcher Robert Graham put it, chat logs culled by an informant can be used to “convict you of conspiracy, intent, obstruction of justice [and] racketeering.”34 And the prosecution had an enormous hunk of logs from which to build its case. Still, having Sabu around was not enough to nab everyone—some members of AntiSec and LulzSec remain out of reach of the law. Had others been more careful with their operational security, they may have never been caught. How were mistakes made? Hammond practiced nearly flawless technical operational security, but in chats he revealed personal details. The most important—which I had seen him mention once in public and once in a private channel—was that he had spent time in federal prison. Given one of his main nicknames, “Anarchaos,” his unique status as one of the only bona fide anarchist hackers to have done time in US prison must have placed him pretty high on the list of candidates.

…

They had become so close, in fact, that everyone knew, roughly, where everyone else was logging in from (real names were never shared) Most were headquartered in or around the UK, except Sabu. Some had even foolishly spoken over Skype, which is how Topiary had determined that Cleary’s voice was “annoying”. OpSec, short for Operational Security, is the art of protecting your group’s human and digital interactions. One of the foundations of good OpSec is the knowledge that one’s computer is secure. Depending on proprietary software packages—opaque in both source code and business practices—can compromise that knowledge. The use of free software, such as GNU/Linux, and the avoidance of tools like Skype (commonly understood to have government backdoors) are necessary measures in the never-ending journey of vigilant OpSec.

Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency
by Andy Greenberg
Published 15 Nov 2022

For Miller and any other federal agents and prosecutors sniffing around the site, it also suggested that AlphaBay and its mysterious founder were likely based in Russia—an impression cemented by Alpha02’s signature in messages on the site’s user forums: “Будьте в безопасности, братья,” Russian for “Be safe, brothers.” In an interview in April 2015 with the dark-web-focused news site and directory DeepDotWeb, Alpha02 reassured his users that he and his site were beyond the reach of any Silk Road–style seizure. “I am absolutely certain my opsec is secure,” he wrote, using the shorthand for “operational security,” and added, “I live in an offshore country where I am safe.” From the start, Alpha02 declared that AlphaBay’s “goal is to become the largest eBay-style underworld marketplace.” He used almost none of the flowery libertarian rhetoric of the Dread Pirate Roberts and instead seemed to have a steely focus on the bottom line.

…

But by the time he had recruited the DEA’s Robert Miller out of the wiretap room, Rabenn had started to wonder whether they really needed to go to all that effort to achieve their busts. By then they’d done plenty of undercover buys; Rabenn had begun to suspect that many of the dealers they targeted were sloppy enough in their operational security that they could simply purchase their wares and look for clues either in their packaging or in the vendors’ online profiles. Miller, starting his new assignment, assembled the usernames of the top heroin and fentanyl dealers on AlphaBay and began to buy dope from them, one by one. As the packages arrived, triple sealed in silver Mylar and plastic, Miller and the team scrutinized both the shipments and their sellers’ opsec.

…

Years earlier, it seemed, he had written posts there under a username that left little room for doubt: Alpha02. Alpha02 had tried to erase his tracks, deleting messages from the forums and changing his now-notorious username. But the evidence had been preserved by the Internet Archive, a nonprofit project that crawls and copies web pages for posterity. Just as with Ross Ulbricht, Alexandre Cazes’s operational security slipups had been permanently etched into the internet’s long memory. * * * · · · Within days, Rabenn and Miller believed their Alpha02 lead was real. They also knew the case was too big for them to take on alone. They decided to bring their findings to the FBI field office in Sacramento, a much larger outpost just a few hours’ drive north, with significantly more computer crime expertise and resources than their small Fresno office.

Rise of the Machines: A Cybernetic History
by Thomas Rid
Published 27 Jun 2016

The air force, by contrast, had a potent intrusion detection system in place. The NSA formed the red team.47 The NSA red team was physically in one large room in the Friendship Annex, at FANX III (pronounced “FAN-ex”), near the Baltimore/Washington International Airport in Maryland, about 10 miles north of the NSA’s main headquarters at Fort Meade. Operational security was tight: the red team needed special access to get into its operations center, packed with computers. The exercise was so intense that the NSA needed to make sure the red team ate and slept properly, because work on the mock attack was so exciting. Before the exercise kicked off, Kenneth Minihan, the NSA director and an air force general, came out to brief his hackers: “We’re shaping history,” he told his team at FANX III.48 The NSA team had no privileged intelligence about the systems it was supposed to bring down, but it did simple reconnaissance for six months.

…

“In light of the press coverage, the consensus among the participating agencies was that we had no real choice but to go directly to Moscow with a request for assistance,” the FBI noted later.97 The intruders were unfazed. The Russians suspected that the machine in London had been watched, and immediately stopped using it. “The publicity stopped it in its tracks,” one of the Met investigators watching the Wimbledon site recalled.98 Then the intruders reviewed their operational security—and continued hacking. “In spite of the ABC story on 3/4/1999, intrusions continued,” the FBI wrote in a memo on April 15.99 One day after the story, the Russian spies broke into Lawrence Berkeley National Laboratory and into Argonne National Laboratory, both passing through the central hop point in Jefferson County, Colorado.

…

Several countries were scanning each other’s networks, probing for vulnerabilities, trying to find things to knock out when the virtual bombs start hissing down. “Think of it as prewar reconnaissance,” Clarke told CBS. Meanwhile, the Russian intelligence operators became more determined not to be caught again. The Moscow-based hackers started improving their operational security. They encrypted files before smuggling them out of their victims’ networks so that a filter at the exit could not spot keywords in cleartext. They started moving more stealthily on their victims’ networks. Later the Russian spies showed even more impressive ingenuity. Intelligence analysts at the NSA and GCHQ suspected that the Moonlight Maze intruders began to hijack satellite downstream links to cover their tracks.

Predator: The Secret Origins of the Drone Revolution
by Richard Whittle
Published 15 Sep 2014

To stress the importance of secrecy, USAFE commander Martin called a meeting with the unit’s leaders: Boyle, Cooter, Wallace, communications specialist Captain Paul Welch, and Raduenz of Big Safari, who was there to help with logistics and personnel. Martin told them he was going to have the U.S. Air Force Office of Special Investigations test the special Predator unit’s operational security, or, in military parlance, its OPSEC (pronounced “OPP-seck”). “I’m not going to tell them what you’re doing, but I am going to give them access to your phones, your garbage cans, where you’re located, and I’m going to have them try to find out what you’re doing,” the general said. “And if they do, I’m going to kill all of you.

…

With a bit of research, Werner found a company in Catania, Sicily, that was offering for lease a satellite earth terminal with a four-meter antenna that could transmit in the 13.75- to 14-gigahertz range the SESAT required. The company seemed a bit desperate for business, and after negotiating a price Werner thought a bargain, he added an unusual condition. For operational security, he insisted that the Sicilian company deliver the satellite terminal to a location in Germany he would disclose to them at a time of his choosing and hand it over without being told where the equipment was going. The Sicilians agreed, and Werner choreographed a clandestine exchange that unfolded one night a few miles east of the Rhine River.

…

“All we need now is a sofa out front, a broken-down truck on cement blocks, and pink flamingos,” someone said, and though they couldn’t manage the sofa and truck, someone came up with four plastic pink flamingos, which they stuck in the ground around their “redneck flower pot.” CIA officials came out to the Trailer Park from time to time for various reasons, and one or two who saw the pink flamingos and toilet bowl on their grounds suffered shock and awe. Some told Boyle he had to get rid of that junk, if not for operational security then for aesthetic reasons. When CIA Director Tenet saw the hillbilly tableau, he chuckled, then chuckled some more. He also promised to get the toilet fixed, and did. But the flamingos stayed. Tenet, gregarious by nature, occasionally made the fifteen-minute trip from his office to the double-wide on his way home at night to let the Air Force team know how much he appreciated what they were doing.

The Teeth of the Tiger
by Tom Clancy
Published 2 Jan 1998

It is nothing you have not done yourselves, of course. " But not in America, he did not add. Here in Colombia the gloves were all the way off, but they'd been careful to limit themselves in the U.S., their "customer" nation. So much the better. It would be entirely out of character with anything they'd done. Operational security was a concept both sides fully understood. "I see," the senior Cartel man noted. He was no fool. Mohammed could see that in his eyes. The Arab was not going to underestimate these men or their capabilities Nor would he mistake them for friends. They could be as ruthless as his own men, he knew that.

…

I can take care of travel. Arms will be provided by our new friends?" A nod. "Correct " "And how will our warriors enter America?" "That is for our friends to handle. But you will send in a group of three at first, to make sure the arrangements are satisfactorily secure." "Of course." They knew all about operational security. There had been many lessons, none of them gentle. Members of his organization peopled many prisons around the world, those who were unlucky enough to have avoided death. That was a problem, one which his organization had never been able to fix. To die in action, that was noble and courageous.

…

"They think they can strike fear in our hearts by showing us they can attack us anywhere, not just at obvious targets like New York. That was the element of cleverness in this operation. Probably fifteen to twenty total terrorists, plus some support personnel, maybe. That's a fairly large number, but not unprecedented-they maintained good operational security. Their people were well motivated. I would not say that they were particularly well trained, though, they just decided to toss a mad dog in the backyard to bite some of the kids, as it were. They've demonstrated their political willingness to do some very bad things, but that's not a surprise; also to throw dedicated personnel away, but that's not a surprise either.

Dark Mirror: Edward Snowden and the Surveillance State
by Barton Gellman
Published 20 May 2020

Just as I began to wonder why I bothered, a man who called himself Verax showed up. Using a clever method I had not seen before, he sent me an encryption key, a recognition signal, and a method to verify both. It was like one of those old comic book advertisements: “If U Cn Rd Ths Msg . . .” Delighted, even vindicated, I found that I could. “I appreciate your concern for operational security, particularly in the digital environment,” Verax wrote in his next message. “Many journalists are still exceedingly weak on this topic, which leaves their interests and intentions an open book for sophisticated adversaries. . . . I’m told you’re already quite skilled in this regard.” That was not true, actually.

…

When I confronted a CIA spokesman, he could not give me a categorical answer on whether the agency had made an exception here. The impostor, of course, could have come from anywhere. I built ever-thicker walls of electronic and physical self-defense, and I had access to world-class expertise, but I had not been formally trained in operational security. Put less gently, I was an amateur playing against professionals. Twice I left my keys in the front door overnight. Once I met a source for a drink and agreed to a second round, then a third, a rarity for me. In the morning I could not find my laptop bag anywhere. Frantically I canvassed the possibilities.

…

Its origins, design, and successive tenants are described in “History of NIOC Hawaii,” Navy Information Operations Command, www.public.navy.mil/fltfor/niochi/Pages/AboutUs.aspx; and Donna Miles, “Beneath the Pineapple Fields,” Soldiers, January 1995, 26–27, https://fas.org/irp/news/1995/soldiers_jan95_p26.htm. did not break ground: See Michael A. Lantron, “NSA/CSS Hawaii Breaks Ground for New Operations Security Center,” U.S. Navy news release, September 7, 2007, www.navy.mil/submit/display.asp?story_id=31660. was still “Charlie Foxtrot”: The NSA announced completion of the new Captain Joseph J. Rochefort Building just before Snowden arrived. Sources with firsthand knowledge told me that much confusion accompanied the move, with the usual complaints and growing pains.

Baghdad at Sunrise: A Brigade Commander's War in Iraq
by Peter R. Mansoor , Donald Kagan and Frederick Kagan
Published 31 Aug 2009

Kelly Flynn, however, did not serve in a combat zone. I could not overlook Sergeant Blackwell’s and Corporal Dagen’s serious breach of operational security, but I would not allow the two soldiers to use a court-martial proceeding as a platform on which to disparage the U.S. Army and the antifraternization policy. After consultation with Brigadier General Dempsey, Lieutenant Colonel Hill, and my legal adviser, Captain Dan Sennott, I decided to give each of the soldiers a letter of reprimand. The letters focused squarely on the violation of operational security that put U.S. soldiers at risk and did not mention the violation of General Order no. 1, a subordinate matter that would have clouded the primary issue.

…

I intended for these raids to distract the enemy’s attention from the larger operation that was about to unfold. It was no doubt a forlorn hope. The enemy’s intelligence network was better than ours, and keeping any operation of this magnitude a secret was difficult at best. Despite constant attention to operations security, it is hard to hide the preparations for combat of thirty-five hundred soldiers in seven forward operating bases. At best we could hope that our objective would remain a secret. Even then, because the insurgents knew where their safe houses were located, they could often figure out our intentions.

The Last Punisher: A SEAL Team THREE Sniper's True Account of the Battle of Ramadi
by Kevin Lacz , Ethan E. Rocke and Lindsey Lacz
Published 11 Jul 2016

The KYK-13, although mostly outdated now, is a device the National Security Agency developed for the transfer and loading of cryptographic keys for our long-range radios. In enemy hands, the little metal box with its crude knobs and switches could have some pretty hefty implications for our operational security within Ramadi and pretty much all of CENTCOM. The likelihood that the muj would be able to use the KYK was low, but the potential for disaster was still there should it fall into the wrong hands. Our priorities immediately shifted. Without the KYK, we couldn’t launch for the scheduled operation.

…

Our loved ones knew what we told them and understood as much as we could make them, but the rest of the world seemed somehow clueless about the fact that we were at war or that one of my best friends had just given his life for them. It was a hard conclusion to reach, but I began to understand that most people will never understand the brotherhood. * * * “You were in Ramadi?” my mom asked incredulously. Five months in Ramadi, and I’d never told my family where I was. I kept them in the dark for the sake of operational security and for their own peace of mind. My mother’s wide eyes and dropped jaw told me I’d made the right call by not telling them. Ramadi was in the news constantly. Like many Americans with loved ones overseas, she knew the city was the most dangerous place in Iraq. It feels sort of strange to admit that it had never really struck me that what I was doing would have a profound impact on my family.

Chaos Engineering: System Resiliency in Practice
by Casey Rosenthal and Nora Jones
Published 27 Apr 2020

Today’s security practices lack the rapid iterative feedback loops that have made modern product delivery successful. The same feedback loops should exist between the changes in product environments and the mechanisms employed to keep them secure. Security measures should be iterative and agile enough to change their behavior as often as the software ecosystem in which they operate. Security controls are typically designed with a particular state in mind (i.e., production release on Day 0). Meanwhile, the system ecosystem that surrounds these controls is changing rapidly every day. Microservices, machines, and other components are spinning up and spinning down. Component changes are occurring multiple times a day through continuous delivery.

…

Benefits of Security Chaos Engineering SCE addresses these problems and offers a number of benefits, including the following: SCE has a more holistic focus on the system. The principal goal is not to trick another human or test alerts; rather, it is to proactively identify system security failures caused by the nature of complex adaptive systems and build confidence in operational security integrity. SCE utilizes simple isolated and controlled experiments instead of complex attack chains involving hundreds or even thousands of changes. It can be difficult to control the blast radius and separate the signal from the noise when you make a large number of simultaneous changes.

Home Maintenance Checklist: Complete DIY Guide for Homeowners: 101 Ways to Save Money and Look After Your Home
by Ian Anderson
Published 6 Mar 2019

Check that each breaker/fuse actually kills the power to that area by double checking that the lights/appliances go off on activation of the breaker or removing the fuse. Remember to keep a torch on, or very close to your consumer unit in a place you can find in total darkness. I like magnetic ones which you can stick to the box itself. Switches and Power Outlets Check each switch and power outlet for correct operation, security (to the wall) and integrity (i.e. not cracked or broken). You can buy a tester which you just plug in and it checks each wire for faults. Make sure that those new appliances added over the years don’t lead to permanent extension leads or multi way plug adapters which may overload an outlet and are a common cause of house fires.

Beautiful security
by Andy Oram and John Viega
Published 15 Dec 2009

It’s amazing that a little bit of alcohol can provide enough courage to do this, given the people we were dealing with. Or perhaps I just didn’t know any better at the time. I think this stunned them a bit. Everyone in their group of about five high-level staff looked at one member who had not, up to that point, stood out in our minds as the senior person (nice operational security on their part). He gazed directly back at me and said, “We were just talking about what you have managed to put together here.” “What do you mean?” I pressed. He replied, “All of the briefings we have received state that the sort of setup with the capabilities you have here is not possible without nation-state-type funding.”

…

At this point, I should refer you back to my Upton Sinclair quote earlier in this chapter; but it does leave an interesting thought about the role security will have in the overall landscape of information technology evolution. I was once accused of trivializing the importance of security when I put up a slide at a conference with the text “Security is less important than performance, which is less important than functionality,” followed by a slide with the text “Operational security is a business support function; get over your ego and accept it.” As a security expert, of course, I would never diminish the importance of security; rather, I create better systems by understanding the pressures that other user requirements place on experts and how we have to fit our solutions into place.

Armed Humanitarians
by Nathan Hodge
Published 1 Sep 2011

As she climbed inside the truck, she found her boots on the top of some odd black box in the passenger compartment. “What’s that?” she asked. One of her colleagues silenced her: their interpreter was in the car. He was a local hire and had no security clearance. You had to be careful not to talk about the equipment in front of them. It was her first encounter with what the military calls OPSEC (operational security): keeping a lid on classified information, keeping operational plans closely held, not revealing sensitive information about equipment or intelligence collection capabilities. OPSEC was not a phrase that was usually employed in aid and development circles. They arrived at Torkham. Sure enough, Parker found herself the lone woman at the meeting with local leaders on the electrification project.

…

The city was also a key trade center, and the division began spending money across the board to keep Mosul stable. In a press briefing shortly after the division’s arrival in Mosul, Petraeus ticked off a laundry list of projects his troops had undertaken: Our soldiers have deployed throughout our area of operation, securing cities and key infrastructure facilities; helping the new interim city and province government get established; conducting joint patrols with Iraqi policemen and manning police stations in the city; helping organize and secure the delivery of fuel and propane; assisting with the organization of the recently begun grain harvest, a huge endeavor in this part of Iraq; building bridges and clearing streets; helping reopen schools and Mosul University; assisting with the reestablishment of the justice system in the area; distributing medical supplies; helping with the distribution of food; guarding archaeological sites; working to restore public utilities, and ninety percent of Mosul now has power and water.7 Petraeus also began paying salaries to government workers.

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime
by Renee Dudley and Daniel Golden
Published 24 Oct 2022

The ransom note for one of the variants featured an image of Hitler and a Nazi flag. “You are infected by the Exotic virus,” it said. “Pay or your files will be gone! Have a nice day:)” Daniel was determined to track down the hacker, who went by the name EvilTwin online. EvilTwin had made “dumb mistakes in operational security,” which allowed Daniel to trace his identity. On a beautiful fall Saturday afternoon, before heading outside to enjoy the North Carolina foliage, he reported his progress to the team. “Pretty much have this little kid and his Minecraft buddies all fully identified,” he wrote over Slack. “Names, and towns they live in.

…

After the hacker went dark, Ransomware Hunting Team member Jornt van der Wiel, a Dutch researcher for the Russian cybersecurity company Kaspersky, contacted the French police. “Ok they are interested,” Jornt told the team. “I just need to gather all the info this evening.” The team was ecstatic. “Yes yes and fucking yes to all of this,” Michael wrote. “Hell yeah,” Sarah said. Fabian noted that Wazix’s operational security “has as many holes as his ransomware it seems.” Jornt’s police contact let him know that Wazix could be prosecuted even though he was a juvenile. But the investigator needed a “clear picture” of Wazix’s activities, Jornt said, so that he could convince his boss and the prosecutor to open the case.

Not a Good Day to Die: The Untold Story of Operation Anaconda
by Sean Naylor
Published 1 Mar 2005

Their job was made all the harder by the fact that no one at the Mountain headquarters, including Hagenbeck himself, had access to the most current intelligence about events in Afghanistan. This was a function of the compartmentalized approach to intelligence gathering in the war, in which, for reasons of operational security and bureaucratic turf protection, intelligence gathered by one U.S. agency or command was often not shared with other senior U.S. officials or military commanders in the region. CENTCOM even held back intelligence from Mikolashek’s headquarters. Nevertheless, by the end of December, Wille and Ziemba produced a well-developed concept paper that showed how the Mountain HQ could use conventional and unconventional forces to crush Al Qaida guerrillas in the Shahikot.

…

(The use of the British abbreviation recce, rather than the more American recon, reflected Delta’s roots as an organization modeled along the lines of the British Special Air Service, or SAS, by its founder, Colonel Charlie Beckwith, who had served with the SAS as an exchange officer.) For reasons of operational security and practicality, Delta, now known also by its cover name of Combat Applications Group, was a very self-contained organization. The rest of the unit consisted of superbly trained and equipped mechanics, communications specialists, intelligence analysts, and other support troops, plus a headquarters staff.

…

As soon as the ceremony finished, Ropel, still wearing his Class A dress uniform, jumped in his car at midday and started the long drive to Fort Drum, sleeping for three hours in a truck stop before arriving on post at 4 p.m. the next day. He drove straight to the battalion headquarters, where he ran into the absurd lengths to which the military sometimes goes in order to convince itself that it is dutifully protecting operational security. His own chain of command wouldn’t tell him officially that the unit had deployed to Uzbekistan. “It was a joke,” he recalled. “You could find out more from TV sometimes than from your own commander.” It was an open secret that the battalion had gone to K2, and all Ropel was concerned with was catching up with them as soon as possible.

Tools and Weapons: The Promise and the Peril of the Digital Age
by Brad Smith and Carol Ann Browne
Published 9 Sep 2019

At Microsoft we were spending more than $1 billion a year developing new security features, an investment that involved more than thirty-five hundred dedicated security professionals and engineers. This work is ongoing as we continually roll out new security features at an accelerating pace, and it’s a huge priority across the tech sector. The second approach, involving what we call operational security, was in some ways more of a priority at Microsoft than at some other tech companies. It includes the work of our threat intelligence teams to detect new threats, the focus of our Cyber Defense Operations Center to share this information with customers, and the work of the Digital Crimes Unit to disrupt and take action against cyberattacks.

…

A second critical need will involve security. Clearly, if data is federated and accessible by more than one organization, the cybersecurity challenges of recent years take on an added dimension. While part of this will require continuing security enhancements, we’ll also need improvements in operational security that enable multiple organizations to manage security together. We’ll also need practical arrangements to address fundamental questions around data ownership. We need to enable groups to share data without giving up their ownership and ongoing control of the data they share. Just as landowners sometimes enter into easements or other arrangements that allow others onto their property without losing their ownership rights, we’ll need to create new approaches to manage access to data.

Rise and Kill First: The Secret History of Israel's Targeted Assassinations
by Ronen Bergman
Published 30 Jan 2018

The negotiations, however, were kept secret, even from the heads of Israel’s military and intelligence organizations. Rabin instructed Unit 8200, which eavesdropped on Palestinian communications, to report anything they heard about the discussion directly and solely to him. Officially, this was for operational security—any leak that got out to the various Palestinian factions could derail the talks. Unofficially, Rabin wasn’t entirely certain that men who’d spent years trying to kill Arafat and his minions, who ran agencies that had invested enormous effort in the war on Palestinian terrorism, could make the mental adjustment necessary to see a former enemy as a partner in peace.

…

I decided that anything that did not endanger ourselves or our sources could be traded, or otherwise no one would take us seriously. “Three hundred people quit when I came to the Mossad, a massive exodus,” he said. “Incidentally, I’m glad that some of them left.” In light of the demand for more and more operations, Dagan also abolished some of the Mossad’s operational security protocols that had been in place for a long time, some of them for decades. Before he took over, if there weren’t enough passports, credit cards, and secure means of communication for an operation, it was aborted, to stay on the safe side. A large number of operations were canceled due to these security protocols.

…

This time, though, the Israelis knew there was no chance the United States would get involved. Mughniyeh, who had killed hundreds of Americans, was one thing. A Syrian general, the high-ranking official of a sovereign state, was something entirely different. On their own, then, the Israelis began planning a way to dispose of Suleiman. After the Mughniyeh operation, security arrangements in Damascus had been stepped up, and any idea of conducting the operation there was ruled out. Suleiman was closely guarded and constantly escorted by a convoy of armored vehicles, so the possibility of using an explosive device was also rejected. Meir Dagan reached the conclusion that the Mossad would need assistance, and, as it happened, the IDF was eager to take on the job.

Red Rabbit
by Tom Clancy and Scott Brick
Published 2 Jan 2002

We can use them to formulate the black propaganda, and then use people from the First Chief Directorate to propagate it. This proposed operation is not without risk, of course, but, though complex, it is not all that difficult from a conceptual point of view. The real problems will be in its execution and in operational security. That's why it's critical to eliminate the assassin immediately. The most important thing is the denial of information to the other side. Let them speculate all they wish, but without hard information, they will know nothing. This operation will be very closely held, I presume." "Less than five people at present.

…

He'd have to present it in such a way as to make the urgency of the matter plain and… frightening to them. Would they be frightened? Well, he could help them along that path, couldn't he? Andropov pondered the question for a few more seconds and came to a favorable conclusion. "Anything else, Colonel?" "It hardly needs saying that operational security must be airtight. The Vatican has its own highly effective intelligence service. It would be a mistake to underestimate their capabilities," Bubovoy warned. "Therefore, our Politburo and the Bulgarians must know that this matter cannot be discussed outside of their own number. And for our side, that means no one, even in the Central Committee or the Party Secretariat.

…

"Quite so, Andrey." Every country in the world had a bureaucracy, whose entire purpose was to delay important things from happening. "And we don't want the world to know that our rezident is making a highly important call on the man," the Foreign Minister added, teaching the KGB Chairman a little lesson in operational security, Colonel Rozhdestvenskiy noted. "How long after that, Aleksey Nikolay'ch?" Andropov asked his aide, "Several weeks, at least." He saw annoyance in his boss's eyes and decided to explain. "Comrade Chairman, selecting the right assassin will not be a matter of lifting a phone and dialing a number.

The Market for Force: The Consequences of Privatizing Security
by Deborah D. Avant
Published 17 Oct 2010

As Terry puts it, “the humanitarian imperative to give aid wherever it was needed clashed with the responsibility to ensure that their aid was not used against those for whom it was intended.”96 Organizations within the relief community 94 95 96 Koenrad Van Brabant has suggested that aid organizations considering hiring PSCs address a checklist of questions including this one. See Koenrad Van Brabant, Operational Security Management in Violent Environments (Washington, DC: Overseas Development Institute, 2000). Shearer, Private Armies and Military Intervention; Correspondence with James Fennell, Managing Director, Defense Systems Africa and Regional Manager (Central Africa), ArmorGroup, April 2000. Terry, Condemned to Repeat, p. 195. 

…

H., “Private Contractors on United Kingdom Deployed Military Operations: Issues and Prospects,” paper presented at the International Security Studies Section (ISSS) Meeting of the International Studies Association, US Army War College, Carlisle, PA, 1 November 2003. Vallette, Jim and Pratap Chatterjee, “Guarding the Oil Underworld in Iraq,” CorpWatch (5 September 2003). Van Brabant, Koenrad, Operational Security Management in Violent Environments, (Washington, DC: Overseas Development Institute, 2000). Van Creveld, Martin, The Transformation of War (New York: Free Press, 1991). Vandergriff, David, Path to Victory : a Critical Analysis of the Military Personnel System and how it Undermines Readiness (Novato: Presido Press, 2002).

The Death of Money: The Coming Collapse of the International Monetary System
by James Rickards
Published 7 Apr 2014

A standard rejoinder, by many in the intelligence community, to suggestions of terrorist insider trading is that terrorists would never compromise their own operational security by recklessly engaging in insider trading because of the risks of detection. This reasoning is easily rebutted. No one suggests that terrorist hijacker Mohamed Atta bought put options on AMR through an E*Trade account on his way to hijack American Airlines Flight 11 from Logan Airport, Boston. The insider trading was done not by the terrorists themselves but by parties in their social network. As for operational security, those imperatives are easily overridden by old-fashioned greed. A case in point is home decorating maven Martha Stewart.

The Last Astronaut
by David Wellington
Published 22 Jul 2019

He twisted around—shit, that made his head spin way too much—and saw Parminder Rao lying there on the ground, one arm under her own intact helmet. It couldn’t have been her, she was a good kid. Where was—where was Jansen? He found her curled up in a ball on the unsolid ground. Fast fucking asleep. Everyone was asleep but him. What the hell? Didn’t anybody else ever think about operational security? He reached down and touched a pocket on the front of his suit. A pocket he had kept carefully zipped up since they’d left Orion. If Jansen had stolen what was in that pocket, if she’d figured out his secret and—he would—he didn’t know what he would— Good God. His brain was mush. He couldn’t think straight.

…

We’re very grateful that you saved us from—” “I wasn’t supposed to talk to you before,” the woman said. She didn’t turn around to look at them. “I wasn’t supposed to have any contact with you. I broke the rules to tell you to leave, but you didn’t listen.” She moved, but only to sit in the opening, her legs dangling out over thin air. “I understand,” Hawkins told her. “I’m military. I get operational security. But there are some basic facts we need to resolve.” Channarong shook her head. “Foster’s had a change of heart. He sent me to find Commander Jansen. He has a message for her.” “Foster’s alive?” Jansen asked, sitting up and pushing herself forward, supporting her weight on her hands. “Where is he?

The Good, the Bad and the History
by Jodi Taylor
Published 21 Jun 2023

Once you are recovered, of course.’ Wow. And he hadn’t finished yet. ‘I intend to promote Mr Markham similarly. He will be Chief Security Officer, presiding over two sections – Internal Security under Captain Hyssop, which will deal with all matters relating to the St Mary’s campus – and Operational Security under Mr Evans, dealing with matters pertaining to jumps.’ ‘Both you and Mr Markham will report to Dr Peterson since, for a short period at least, I shall be spending more time in London and Thirsk, protecting our backs and securing our pos­ition.’ Well, that made sense. And with Mrs Brown by his side, he would be unstoppable.

…

‘In that case – Chief Farrell, I shall require a breakdown of our pod status, together with your maintenance schedule, sometime today, please. ‘Mr Dieter, an inventory of all plant and equipment is to be on my desk by Thursday, please. ‘Mr Markham – a survey and report on both Internal and Operational Security, together with your recommendations, by the end of the week, please.’ He paused. ‘I know things have been a little haphazard recently, but St Mary’s is to be up and fully functioning by next Monday. It’s been a refreshing interlude but it’s time to pick up the reins again. Dismissed.’ Dr Rosemary Salt was not what anyone was expecting.

Blockchain: Blueprint for a New Economy
by Melanie Swan
Published 22 Jan 2014

In the case of cryptocurrencies, if they are applied with the principles of neutrality, everyone worldwide might start to have access. Thus, alternative currencies could be a helpful tool for bridging the digital divide. However, there is another tier of digital divide beyond access: know-how. A new digital divide could arise (and arguably already has in some sense) between those who know how to operate securely on the Internet and those who do not. The principles of neutrality should be extended such that appropriate mainstream tools make it possible for anyone to operate anonymously (or rather pseudonymously), privately, and securely in all of their web-based interactions and transactions. Digital Art: Blockchain Attestation Services (Notary, Intellectual Property Protection) Digital art is another arena in which blockchain cryptography can provide a paradigm-shifting improvement (it’s also a good opportunity to discuss hashing and timestamping, important concepts for the rest of the book).

What We Say Goes: Conversations on U.S. Power in a Changing World
by Noam Chomsky and David Barsamian
Published 1 Oct 2007

Frank, “A Health Care Plan So Simple, Even Stephen Colbert Couldn’t Simplify It,” New York Times, 15 February 2007. 44 See Noam Chomsky, 9-11 (New York: Seven Stories, 2001). 45 Charles Forelle, James Bandler, and Mark Maremont, “Executive Pay: The 9/11 Factor,” Wall Street Journal, 15 July 2006; Mark Maremont, Charles Forelle, and James Bandler, “Companies Say Backdating Used in Days After 9/11,” Wall Street Journal, 7 March 2007. 46 “Operations Security Impact on Declassification Management Within the Department of Defense,” 13 February 1998, produced by Booz Allen & Hamilton Inc., Linthicum, Maryland, in response to Executive Order 12958, available online at http://www.fas.org/sgp/othergov/dod_opsec.html. The document recommends a declassification strategy that includes “Diversion: List of interesting declassified material—i.e.

Executive Orders
by Tom Clancy
Published 2 Jan 1996

We don't know for sure, and without ID'ing people, we can't find out.” “I can dig it, guys.” Murray grunted, and reached for his beer. “When I was working OC-organized crime-sometimes we ID'd Mafia capi by who held the car door open for whom. Hell of a way to do business.” It was the friendliest thing the Foleys remembered hearing from the FBI about CIA. “Operational security really isn't all that hard if you think about it a little.” “Makes a good case for PLAN BLUE,” Jack said next. “Well, then you might be pleased to know the first fifteen are in the pipeline even as we speak. John should have given them their welcoming speech a few hours ago,” the DCI announced.

…

The British Airways team had the most options of all. One would take Concorde Flight 3 into New York. The only trick was getting them through the first series of flights. After that, the whole massive system of international air travel would handle the dispersal. Still, twenty people, twenty possible mistakes. Operational security was always a worry. He'd spent half his life trying to outfox the Israelis, and while his continued life was some testimony to his success-or lack of total failure, which was somewhat more honest-the hoops he'd had to leap through had nearly driven him mad more than once. Well. At least he had the flights figured out.

…

“Who do you suppose did it?” It was a dumb question, and it generated a dumber reply. “Somebody who doesn't like us a whole hell of a lot,” John answered crossly. “Sorry.” Chavez looked out the window and thought for a few seconds. “It's one hell of a gamble, John.” “If we find out it is and operational security on something like this is a motherfucker.” “Roge-o, Mr. C. The people we've been looking at?” “That's a possibility. Others, too, I suppose.” He checked his watch. Director Foley should be back from Washington by now, and they should head up to his office. It took only a couple of minutes.

My Journey as a Combat Medic: From Desert Storm to Operation Enduring Freedom
by Patrick Thibeault
Published 23 Jul 2012

I remembered listening to Armed Forces Radio in Europe as a kid when we moved around Army bases with my dad’s work, and it was like coming home again, listening to the same radio station that I had heard when I was a child. They didn’t play any radio commercials on these stations, but instead had these military-related snippets about how to watch what you say in front of others including operation security, or OPSEC. Every morning the radio station started the day playing this one song called “Rock the Casbah,” which seemed like it was becoming the theme song of the war. I didn’t know how to rock any Casbah; I had no idea what a Casbah was. However, the song did inspire the troops and I liked it.

Survival of the Richest: Escape Fantasies of the Tech Billionaires
by Douglas Rushkoff
Published 7 Sep 2022

The second one, somewhere in the Poconos, has to remain a secret. “The fewer people who know the locations, the better,” he explained, along with a link to the Twilight Zone episode where panicked neighbors break into a family’s bomb shelter during a nuclear scare. “The primary value of Safe Haven is Operational Security, nicknamed OpSec by the military. If/when the supply chain breaks, the people will have no food delivered. Covid-19 gave us the wake-up call as people started fighting over TP. When it comes to a shortage of food it will be vicious. That is why those intelligent enough to invest have to be stealth.”

Hunting in the Shadows: The Pursuit of Al Qa'ida Since 9/11: The Pursuit of Al Qa'ida Since 9/11
by Seth G. Jones
Published 29 Apr 2012

“Sometimes at his apartment, or sometimes in the mosque, like after the prayers and stuff, we’ll just hang out there, just come,” said Sahim Alwan. “He also taught the Qur’an to the kids in the mosque.”85 The location was important. For Derwish, recruitment and incitement were better in private, informal settings where operational security could be maintained, rather than at public mosque services which law enforcement agencies could be monitoring. These clandestine meetings drew as many as twenty regular attendees, most of whom were in their late teens and early twenties. Lackawanna’s young Muslims were captivated by Derwish.

…

Lawrence, better known as Lawrence of Arabia, during a short visit in the 1920s; “no birds or beasts except a jackal concert for five minutes about ten p.m.”33 For Philip Mudd, who had moved from the CIA to the FBI, the ability of terrorists to establish overseas connections had a multiplier effect. “Their operational security capabilities are often better than those of purely homegrown terrorists,” he concluded. Part of the reason was that the individuals they interacted with had developed sophisticated countersurveillance and counterintelligence capabilities just to survive. “In short,” he noted to colleagues, “counterintelligence improves when they go overseas.”34 From 2003 to 2005, when the United States was engrossed by Iraq, the tribal areas were largely ignored.

Why Airplanes Crash: Aviation Safety in a Changing World
by Clinton V. Oster , John S. Strong and C. Kurt Zorn
Published 28 May 1992

Their personnel tend to be paid low wages, earning near minimum 11Ibid.,p.32. 154 WHY AIRPLANES CRASH: AVIATION SAFETY IN A CHANGING WORLD wage in some cases. High turnover occurs as a result; in some cases, turnover rates have exceeded 100 percent per year.12 The FAA has attempted to help, doubling the number of air marshals and security inspectors since 1985. However, the government role is largely relegated to monitoring security operators. Security services are not required to meet an established set of standards; without such requirements, enforcement actions are quite difficult. As a result, airport security efforts exhibit a strong preference for, and reliance on, technology to provide safety. However, the basic X-ray and metal screening technology widely used in airport detection systems has not changed very much since its introduction in 1973.

Smart Cities, Digital Nations
by Caspar Herzberg
Published 13 Apr 2017

“We regard the IP network as the fourth utility.” Each network is subject to a distinct list of requirements. A casino resort, like any institution that operates constantly and supports huge numbers of financial transactions and interior communications, requires speed, efficiency, and security of data as a baseline for operations. Security against criminal activities is also critical. Cisco’s camera networks and video analytics could fulfill the function of protecting the house and players from criminal activity. No less important was security against unsolicited packets of data embedded deep in the IP network. Cisco was tasked with securing the gates at all layers of this city’s function.

Team Topologies: Organizing Business and Technology Teams for Fast Flow
by Matthew Skelton and Manuel Pais
Published 16 Sep 2019

Figure 4.4: Influence of Size and Engineering Maturity on Choice of Topologies Organization size (or software scale) and engineering discipline influence the effectiveness of team interaction patterns. Low maturity organizations will need time to acquire the engineering and product development capabilities required for autonomous end-to-end teams. Meanwhile, more specialized teams (development, operations, security, and others) are an acceptable trade-off, as long as they collaborate closely to minimize wait times and quickly address issues. For a moderate scale of organization or software, patterns that emphasize close collaboration between teams at speed work well. As the size of the organization or software scale increases, focusing on providing the underlying infrastructure or platform as a service brings important benefits in terms of user-facing service reliability and the ability to meet customer expectations.

Bottoms Up and the Devil Laughs
by Kerry Howley
Published 21 Mar 2023

A staffer remembers reporters sitting in silence on a couch. Someone had scotch. The TV spots were canceled. There was a time when you could look at a classified document and convince yourself it had been taken without a trace. With the prosecution of Reality Winner, that time period definitively closed. The head of operational security at The Intercept, who had not been consulted at any point from the moment the document arrived to the moment it was posted for all to see, was in Iceland with his wife, en route to Europe at the start of what might otherwise have been a restful vacation. He would find on social media, the morning after the document was posted, a slew of angry strangers blaming him for the failure.

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
by Nicole Perlroth
Published 9 Feb 2021

Attached to the message was a link to 300 megabytes of data—the equivalent of text in three hundred novels—only in this case the files contained hacking tools with code names like Epicbanana, Buzzdirection, Egregiousblunder, and Eligiblebombshell. A few figured that some idiot with way too much time on his hands had simply gone through the Snowden documents and the TAO ANT catalog Der Spiegel posted years earlier, come up with his own silly names, and slapped them onto hacking tools plucked from the dark web. But as NSA operators, security researchers, and hackers all over the world started teasing the file apart, it became clear this was the real deal. The trove contained zero-day exploits that could invisibly break through the firewalls sold by Cisco, Fortinet, and some of the most widely used firewalls in China. I immediately called up every former TAO employee who would pick up their phone.

…

When FBI agents showed up at Winner’s home, she confessed to removing the classified report and mailing it to the Intercept. The report contained dots, denoting a serial number invisible to the naked eye, that allowed the NSA to match the document back to a machine in its offices. This was a tragic lapse in reporters’ “operational security.” In August 23, 2018, Ms. Winner was sentenced to sixty-three months in prison. See Amy B. Wang, “Convicted Leaker Reality Winner Thanks Trump after He Calls Her Sentence So Unfair,” Washington Post, August 30, 2018. For our early reporting on Guccifer 2.0, see Charlie Savage and Nicole Perlroth, “Is DNC Email Hacker a Person or a Russian Front?

Rainbow Six
by Tom Clancy
Published 2 Jan 1998

"You ask us to give up much," Hans Furchtner pointed out. "You will be properly provided for. My sponsor-" "Who is that?" Petra asked. "This you may not know," Popov replied quietly. "You suppose that you take risks here? What about me? As for my sponsor, no, you may not know his identity. Operational security is paramount. You are supposed to know these things," he reminded them. They took the mild rebuke well, as he'd expected. These two fools were true believers, as Ernst Model had been, though they were somewhat brighter and far more vicious, as that luckless American sergeant had learned, probably staring with disbelief into the still-lovely blue eyes of Petra Dortmund as she'd used the hammer on his various body parts.

…

He'd just informed John Brightling of the operational dangers involved in using him, Popov, to set up the terrorist incidents, and especially of the flaws in his communications security. The latter, especially, had frightened the man. Perhaps he ought to have warned him earlier, but somehow the subject had never arisen, and Dmitriy Arkadeyevich now realized that it had been a serious error on his part. Well, perhaps not that great an error. Operational security was not all that bad. Only two people knew what was happening well, probably that Henriksen fellow as well. But Bill Henriksen was former FBI, and if he were an informer, then they'd all be in jail now. The FBI would have all the evidence it needed for a major felony investigation and trial, and would not allow things to proceed any further unless there were some vast criminal conspiracy yet to be uncovered - but how much larger would it have to be than conspiracy to commit murder?

…

We've checked out the objective, and our plan is a thing of beauty, my friend. We will sting them, Iosef Andreyevich," Grady promised. "We will hurt them badly." "I will need to know when, exactly. There are things I must do as well," Popov told him. That stopped him, Dmitriy saw. The issue here was operational security. An outsider wanted to know things that only insiders should have knowledge of. Two sets of eyes stared at each other for a few seconds. But the Irishman relented. Once he verified that the money was in place, then his trust in the Russian was confirmed-and delivery of the ten pounds of white powder was proof of the fact in and of itself-assuming that he wasn't arrested by the Garda later this day.

The Snowden Files: The Inside Story of the World's Most Wanted Man
by Luke Harding
Published 7 Feb 2014

Snowden flung up his arms in alarm, as if prodded by an electric stick. ‘I might as well have invited the NSA into his bedroom,’ MacAskill says. The young technician explained that the spy agency was capable of turning a mobile phone into a microphone and tracking device; bringing it into the room was an elementary mistake in operational security, or op-sec. MacAskill exited, and dumped the phone outside. Snowden’s own precautions were remarkable. He piled pillows up against the door to stop anyone from eavesdropping from outside in the corridor; the pillows were stacked up in half-columns either side, and across the bottom. When putting passwords into computers, he placed a big red hood over his head and laptop – a sort of giant snood – so the passwords couldn’t be picked up by hidden cameras.

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door
by Brian Krebs
Published 18 Nov 2014

ChronoPay employees used their MegaPlan accounts to track payment processing issues, customer order volumes, and advertising partnerships for these black programs. In a move straight out of the Quentin Tarantino film Reservoir Dogs, the employees adopted curious aliases such as “Mr. Kink,” “Mr. Stranger,” “Mr. Templar,” and “Ms. Gandalfine.” However, in a classic failure of operational security, many of these employees had their MegaPlan messages and passwords automatically forwarded to their ChronoPay employee email accounts, which ended up in the corpus of emails that were leaked. An organizational chart featured on the ChronoPay MegaPlan homepage showed that the former cop Maltsev (a.k.a.

The (Honest) Truth About Dishonesty: How We Lie to Everyone, Especially Ourselves
by Dan Ariely
Published 27 Jun 2012

It’s more akin to taking several boxes of pens, a stapler, and a ream of printer paper, which is much more difficult to ignore or rationalize. To Catch a Thief Our next experiment looked at what might happen if participants felt that there was a higher probability of getting caught cheating. Basically, we inserted the mental equivalent of a partially operating security camera into the experiment. We asked one group of participants to shred one half of their worksheet—which meant that if they were dishonest, we might find some evidence of it. We asked a second group to shred the whole work sheet, meaning that they could get off scot-free. Finally, we asked a third group to shred the whole worksheet, leave the testing room, and pay themselves from a sizable bowl of money filled with more than $100 in small bills and coins.

Silk Road
by Eileen Ormsby
Published 1 Nov 2014

He said he bought other vendors laundering consultations, ‘playing it all quite dumb so I could see the depth of their knowledge which to be frank, wasn’t deep at all’. He claimed most major Silk Road vendors had been in touch with him, he laundered most of the top-ranked sellers’ money and they were all really happy with him. But, of course, he couldn’t provide any details ‘for opsec [operational security] reasons’. It all sounded like the deluded fantasies of a wannabe gangster. Upon checking the forums’ archives to read StExo’s old posts, it was revealed he had deleted all of them – hundreds – a couple of months earlier. This would have been done manually, post by post; it is a job only someone dedicated to hiding something would do.

Home Grown: How Domestic Violence Turns Men Into Terrorists
by Joan Smith
Published 5 Apr 2019

His daughter was only days old at the time and his wife, now a widow, had barely had time to recover from the birth before images of her husband’s dead body, lying on the ground, wearing the shirt of his favourite football team, Arsenal, under his dummy suicide vest, began to circulate on the Internet and news sites. David Anderson’s report points out that Butt employed ‘strong operational security’ and that much remains unknown about both his ‘mindset’ and the planning that went into the attack. We know a great deal less about him than the other men who committed terrorist attacks in the UK in 2017 and it is impossible to say definitively whether he was a domestic abuser, although his frank misogyny and callous attitude towards his wife and children suggest he was a controlling husband at the very least.

The Rebel and the Kingdom: The True Story of the Secret Mission to Overthrow the North Korean Regime
by Bradley Hope
Published 1 Nov 2022

He’d always been a user of the best-in-practice encrypted apps and careful to make sure that messages were automatically deleted after a short time—so short that it was sometimes hard to keep track of a conversation because the messages would delete after seconds. But this time, he seemed to be operating an even more paranoid level of operational security. We met inside Paddington Station and quickly found a back entrance to the Mercure Hotel, where we sat at a quiet table in the corner of the room. During previous meetings, Adrian had struck me as businessman first and North Korea activist second. He’d show up wearing a suit and tie and have his hair carefully slicked back.

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It
by Marc Goodman
Published 24 Feb 2015

The swarms of low-level thugs executing the actual financial frauds would forward any funds received to a mule network, which in turn would collaborate with a money-laundering network to ensure all criminal parties were paid for their services and received their cut of criminal proceeds. In the worlds of both Crime, Inc. and swarm criminal networks, operational security is paramount. Work and communications are carried out remotely, obviating the need to ever meet in person. Work is compartmented and layered to ensure low-level participants don’t know the true identities of other parties to the crime. Underground online hacking forums and communications channels serve as the main introduction, recruitment, and assembly points for the criminal conspiracies and enable coordination for the swarm as necessary to complete work on specific projects.

…

After the former NSA contractor Edward Snowden leaked details of his agency’s vast communications interception capabilities, evidence emerged suggesting that numerous terrorist groups reevaluated their communications strategies and in numerous missives stressed the ongoing importance of online operational security to their members. Organizations such as al-Qaeda in the Arabian Peninsula and Ansar al-Mujahideen have even produced training materials and YouTube videos encouraging their members to use Tor for all online activities. Given Snowden’s revelations, as well as the widespread assaults on privacy previously noted, it is absolutely logical that ordinary citizens would turn to a powerful tool like Tor to maintain their online dignity, freedom, and human rights.

Suburban Nation
by Andres Duany , Elizabeth Plater-Zyberk and Jeff Speck
Published 14 Sep 2010

Fortunately, many of the concepts and techniques that mall designers use can be easily adapted for the benefit of the city core:ci Centralized Management: While centralized ownership of real estate may be the ideal, as in a mall, a central management agency can be nearly as effective,cj In its weakest form, this would be nothing more than an interested chamber of commerce. In its strongest form—which may not be necessary—it would be an agency legally empowered to coordinate hours of operation, security, maintenance, landscape, storefront design, and even the location and mix of stores. The following techniques can only be implemented effectively under unified management. Joint Advertising and Merchandizing: Shoppers are attracted to malls by an advertising strategy that emphasizes the variety of merchandise available at a single location—what experts call a “park-once environment.”

Writing Effective Use Cases
by Alistair Cockburn
Published 30 Sep 2000

What feedback or project visibility do the users and sponsors wish? Q4. What can we buy, what must we build, what is our competition to this system? Q5. What other process requirements are there (testing, installation, etc.)? Q6. What dependencies does the project operate under? 5b. Business rules 5c. Performance 5d. Operations, security, documentation 5e. Use and usability 5f. Maintenance and portability 5g. Unresolved or deferred Chapter 6. Human backup, legal, political, organizational issues Q1. What is the human backup to system operation? Q2. What legal, what political requirements are there? Q3. What are the human consequences of completing this system?

The Burning Shore: How Hitler's U-Boats Brought World War II to America
by Ed Offley
Published 25 Mar 2014

“Its position was approximately 100 miles east of New York.” Even after the release of the statement, Admiral Andrews and the Eastern Sea Frontier continued to refuse to comment. Official navy records are silent on the rescue of Coimbra’s ten survivors. This would not be the last example of the US Navy feigning operational security to mask its incompetence. As the U-boats steadily escalated their attacks during the last half of January, desperate navy officials would resort to outright lies and complete fabrications to cloak the disaster at sea.5 BY THE TIME U-701 REACHED its designated attack area east of the Avalon Peninsula on Newfoundland’s southeastern coast in the twilight dawn hours of Sunday, January 18, the Battle of the Atlantic in Canadian waters was raging with white-hot intensity.

A Theory of the Drone
by Gregoire Chamayou
Published 23 Apr 2013

Gibson, “Hell-Bent on Force Protection: Confusing Troop Welfare with Mission Accomplishment in Counterinsurgency,” master’s thesis, Marine Corps University, Quantico, VA, 2009, 6. 12. See Mike Davis, Buda’s Wagon: A Brief History of the Car Bomb (London: Verso, 2007), 190. 13. To the principle of the nonexposure of lives at the scene of hostilities is added the principle of making the base of operations secure: “the US homeland must remain a secure base from which the Air Force can globally project power”—which means “ensuring the protection of US facilities and infrastructures used for power projection.” Steven M. Rinaldi, Donald H. Leathem, and Timothy Kaufman, “Protecting the Homeland Air Force: Roles in Homeland Security,” Aerospace Power Journal, Spring 2002, 83. 14.

How Music Got Free: The End of an Industry, the Turn of the Century, and the Patient Zero of Piracy
by Stephen Witt
Published 15 Jun 2015

His agents began meeting regularly with the antipiracy division at the RIAA to exchange information and intelligence, and to discuss the progress of the case—what little there was. RNS’ chat channels were closed off, and its recruiting strategy was to pull connected players who were already long-standing members of other groups, making infiltration difficult. RNS’ leader, whoever he was, had an excellent understanding of operational security, cultivating high-placed moles in other organizations while preventing his own from being compromised. Vu worked the case for years, and for a long time he got nowhere. CHAPTER 13 By 2001 Brandenburg and Grill had parted ways. The compression ratios of the latest generation of psychoacoustic products were approaching theoretical limits, and the outstanding problems in the field were considered solved.

House to House: An Epic Memoir of War
by David Bellavia
Published 4 Sep 2007

I took the phone and tried to dial with shaking hands. The phone rang back in New York. Deanna answered. She knew it was me. “David! Where are you?” “I’m safe,” I said. I wonder what she’s been doing as all this has gone on. “I’ve been watching the news. Are you in Fallujah?” I couldn’t tell her that without violating operational security. Yet I wanted to tell her everything. I didn’t have time and I didn’t know how. How do you tell the love of your life that you smelled a man’s breath as you drove the life from him? “My heart is killing me,” she exclaimed. “Every time I watch the news, I can’t stand it. Where are you? Tell me!

Gray Day: My Undercover Mission to Expose America's First Cyber Spy
by Eric O'Neill
Published 1 Mar 2019

Organizations that combine cybersecurity defense with active threat hunting thwart spies, both from without and within. Even wannabe spies. * * * Gregory Allen Justice worked the graveyard shift as a mechanical engineer for a US defense contractor in California. His job focused on operational security testing for commercial and military satellites deployed by the Air Force, the Navy, and NASA. While he did not have access to information classified by the US government, Justice did work on defense-group systems that help the US military communicate. Not the sort of information you’d like the Russians to get their hands on.

Lions of Kandahar: The Story of a Fight Against All Odds
by Rusty Bradley and Kevin Maurer
Published 27 Jun 2011

It is simply a story of ordinary men who did extraordinary things in the face of overwhelming adversity. Every legal and operational consideration has been exercised in writing this book. I have only used first names and nicknames to protect those persons discussed, unless individuals’ names have been previously released. Some call signs have been changed because of operational security. In writing this, I have made every attempt to abide by the security requirements of the U.S. Army Special Operations Command and old-fashioned common sense. My intent in writing this story was not to gratify any particular rank or ego, or to make any political statements. In portraying events, I adhere strictly to facts, not opinions.

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
by Kevin Mitnick , Mikko Hypponen and Robert Vamosi
Published 14 Feb 2017

However, there’s also more targeted monitoring: the kind of monitoring done by government agencies, domestic or foreign. Digital communication has made it possible for governments to do bulk surveillance. But it has also enabled us to protect ourselves better. We can protect ourselves with tools like encryption, by storing our data in safe ways, and by following basic principles of operations security (OPSEC). We just need a guide on how to do it right. Well, the guide you need is right here in your hands. I’m really happy Kevin took the time to write down his knowledge on the art of invisibility. After all, he knows a thing or two about staying invisible. This is a great resource. Read it and use the knowledge to your advantage.

The Man Who Broke Capitalism: How Jack Welch Gutted the Heartland and Crushed the Soul of Corporate America—and How to Undo His Legacy
by David Gelles
Published 30 May 2022

Eventually, GE would sell its lighting business, too—again licensing the GE name—completing the nearly wholesale dismantling of the conglomerate that Welch had made the most valuable company on earth. All the while, GE Capital just kept growing. Immelt continued to acquire niche financial businesses, paying $4 billion for a real estate finance operation, Security Capital Group, in December 2001. GE acquired commercial loan portfolios from Boeing, and car loans from South Korea. It gobbled up more private label credit cards and invested in banks from Turkey to New Zealand. And in 2004, GE Capital waded into riskier territory, acquiring Western Asset Mortgage Capital, or WMC, a subprime mortgage lender, for $500 million.

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
by Justin Schuh
Published 20 Nov 2006

This problem occurs when an application is deployed in a manner that’s not secure or when the base platform inherits vulnerabilities from the deployment environment. The responsibility for preventing these vulnerabilities can fall somewhere between the developer and the administrative personnel who deploy and maintain the system. Shrink-wrapped commercial software might place most of the operational security burden on end users. Conversely, you also encounter special-purpose systems, especially embedded devices and turnkey systems, so tightly packaged that developers control every aspect of their configuration. This chapter focuses on identifying several types of operational vulnerabilities and preventive measures.

…

If users browse to the site, they get an error message stating that the certificate isn’t signed by a trusted authority; the only option is to accept the untrusted certificate or terminate the connection. An attacker capable of spoofing the server could exploit this situation to stage man-in-the-middle attacks and then hijack sessions or steal credentials. Network Profiles An application’s network profile is a crucial consideration when you’re reviewing operational security. Protocols such as Network File System (NFS) and Server Message Block (SMB) are acceptable inside the corporate firewall and generally are an absolute necessity. However, these same types of protocols become an unacceptable liability when they are exposed outside the firewall. Application developers often don’t know the exact environment an application might be deployed in, so they need to choose intelligent defaults and provide adequate documentation on security concerns.

…

For example, a Web server module might perform some decoding of request data to make security decisions about that decoded data. The data might then undergo another layer of decoding afterward, thus introducing the possibility for attackers to sneak encoded content through a filter. This example brings up another interesting point: Vulnerabilities of this nature might also be a result of operational security flaws. As you learned in Chapter 3, “Operational Review,” applications don’t operate in a vacuum, especially integrated pieces of software, such as Web applications. The web server and platform modules may provide encoding methods that attackers can use to violate the security of an application.

The End of Secrecy: The Rise and Fall of WikiLeaks
by The "Guardian" , David Leigh and Luke Harding
Published 1 Feb 2011

The result of that one was that the Icelandic ambassador to the US was recalled, and fired. That’s just one cable.” “Anything unreleased?” “I’d have to ask Assange. I zerofilled [deleted] the original.” “Why do you answer to him?” “I don’t. I just want the material out there. I don’t want to be a part of it.” “I’ve been considering helping WikiLeaks with Opsec [operational security].” “They have decent Opsec. I’m obviously violating it. I’m a wreck. I’m a total fucking wreck right now.” The transcript edited by Lamo resumes a little while later, with some more confessions: “I’m a source, not quite a volunteer. I mean, I’m a high profile source, and I’ve developed a relationship with Assange, but I don’t know much more than what he tells me, which is very little.

The Most Human Human: What Talking With Computers Teaches Us About What It Means to Be Alive
by Brian Christian
Published 1 Mar 2011

In fact, the etymology of “sabotage,” which comes from the French word sabot, meaning a type of wooden clog, is said (perhaps apocryphally) to be rooted in a story of workers destroying mechanical looms by throwing their shoes at, and into, them. 5. See also, for instance, the Army chatbot SGT STAR, who gives very Army-like yet strangely endearing answers like the following: “Brian: What is Delta Force? SGT STAR: Delta Force is rumored to be the Army’s counter-terrorist operations unit. In line with operational security we cannot discuss, nor ponder the unit’s abilities.” He even admonishes you in an Army-like (yet strangely endearing) way: “Brian: Wow, that sounds pretty badass. SGT STAR: OK Private, watch your language or I’ll have to shut you down.” The pathetic fallacy be damned—er, darned—I couldn’t close the window without apologizing.

Superforecasting: The Art and Science of Prediction
by Philip Tetlock and Dan Gardner
Published 14 Sep 2015

The deputy director answers first. “We don’t deal in certainty,” he says. “We deal in probability. I’d say there’s a sixty percent probability he’s there.” The fictional Panetta points to the next person. “I concur,” he says. “Sixty percent.” “I’m at eighty percent,” the next in line says. “Their OPSEC [operational security] convinces me.” “You guys ever agree on anything?” Panetta asks. So it goes around the table, from one person to the next. Sixty percent, one says. Eighty percent. Sixty percent. Panetta leans back in his chair and sighs. “This is a clusterfuck, isn’t it?” Let’s pause the movie here.

Revolution Business
by Stross, Charles
Published 9 Apr 2009

"Memo to Duke Angbard Lofstrom, Office of Clan Security. Re: training program for armed couriers. Classification: Clan Confidential. All couriers must attend mandatory Cooking with Rachael Ray video screening and Culinary Skills 101 course prior to commencing overnight missions. Malnutrition a threat to morale, combat-readiness, and operational security." He straightened up, a pizza box in each hand. "Meat lover's feast or four cheese, my lady?" "Oh hell, I'll take the cheese." She forced a smile to take the sting out of her words. "Sorry. It just bugs me." "It'd be good to have a staff, or use a hotel or something," Huw agreed. "But this is less conspicuous, and less conspicuous is good right now."

Messing With the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News
by Clint Watts
Published 28 May 2018

“Yeah, I thought it was a fun dramatic question to ask. I’m a grown up and know who I’m dealing w/. Good answers tho.” I then offered, “funny, u & I r 2 only people I see in these discussions that r actually who we say we r on this thing called Twitter.” Omar, a typical American, confirmed, “I like to keep it real yo. Word.” Our game of operational-security chicken needed to end, though. By tweeting with him, I was revealing a good deal about my own locations and activities and making myself vulnerable to whatever young jihadi boy might decide to knock on my door and behead me. In Omar’s case, he should have been worried, as even his most innocuous revelations provided details of his whereabouts.

Ghost Work: How to Stop Silicon Valley From Building a New Global Underclass
by Mary L. Gray and Siddharth Suri
Published 6 May 2019

Jonathan Grossman, “Fair Labor Standards Act of 1938: Maximum Struggle for a Minimum Wage,” Office of the Assistant Secretary for Administration and Management, U.S. Department of Labor website. Originally published in Monthly Labor Review, June 1978, https://www.dol.gov/oasam/programs/history/flsa1938.htm. [back] 25. Young women were hired on contract to operate secure lines for the Coast Guard and Navy yards in the area so that they could call from ship to land. They were all let go after the war and none were paid benefits or severance of any kind. See Jill Frahm, “The Hello Girls: Women Telephone Operators with the American Expeditionary Forces During World War I,” Journal of the Gilded Age and Progressive Era 3, no. 3 (2004): 271–93.

Reaper Force: The Inside Story of Britain’s Drone Wars
by Dr Peter Lee
Published 14 Jul 2019

Eventually a letter of authority was granted but one final hurdle remained: the RAF, MoD and my university research ethics committees. In theory, ethics committees exist to promote quality research and protect participants. In practice, some of them can seem more like research prevention committees. Ultimately, however, with safeguards in place to ensure personnel and operational security, most notably through anonymity, the final research permissions were granted in June 2016.1 I was committed. All it needed was for the Reaper operators to be committed or all this would have been for nothing. In July 2016, with my final clearances in hand, I travelled to 39 Squadron (RAF) at Creech Air Force Base, Nevada, for a week.

Easy Money: Cryptocurrency, Casino Capitalism, and the Golden Age of Fraud
by Ben McKenzie and Jacob Silverman
Published 17 Jul 2023

OTC transactions take place all the time in mainstream finance, and they’re not inherently suspect, but you can see why they might be a favored tool of financial outlaws. What you see on the blockchain is only part of the story, but it is an important part. And plenty of crypto fraudsters have been lazy enough with their operations security that they are regularly tracked and unmasked (or doxed) by online sleuths, who are also known as on-chain investigators. Some of them work for respected security firms and have access to powerful analytic programs and deep stores of data. Others are anonymous and self-taught and rely on free online services like Etherscan, a blockchain explorer tool, but they can be just as consequential in exposing skullduggery, especially when the relevant authorities and the financial and tech press aren’t doing their jobs.

The Apocalypse Factory: Plutonium and the Making of the Atomic Age
by Steve Olson
Published 28 Jul 2020

Groves and Matthias had always thought of the Hanford camp as temporary. It would accommodate the rowdy construction workers for a few years and then be abandoned. But the people who would be overseeing and operating the production plants—the construction managers, scientists and engineers, DuPont executives, plant operators, security officers—needed a place to live. The nearby towns of Kennewick and Pasco were too far away, too provincial, and too accessible to house the high-level employees of a secret facility. Groves needed a town that would attract people to the middle of a desert, keep them there, and isolate them so that no one else knew what they were doing.

Halting State
by Charles Stross
Published 9 Jul 2011

Red versus Blue, playing for Scotland or Poland. And it’s all happening quietly when Chen and his accomplice…?” “Chen’s over here, being a pair of hands for Team Red. And he’s got access to their key cracker back home, and he thinks, why shouldn’t I make some money on the side? It’s typical, really: Great plan, but the operational security is blown wide open because a team member got greedy and ran a bank robbery in Avalon Four. Which must have netted him, oh, all of about ten thousand euros’ worth of loot, and maybe a death sentence from the Guoanbu when they find out. Which is why he was so desperate to spill his guts when we showed up.”

Network Security Through Data Analysis: Building Situational Awareness
by Michael S Collins
Published 23 Feb 2014

Audience Information security analysis is a young discipline and there really is no well-defined body of knowledge I can point to and say “Know this.” This book is intended to provide a snapshot of analytic techniques that I or other people have thrown at the wall over the past 10 years and seen stick. The target audience for this book is network administrators and operational security analysts, the personnel who work on NOC floors or who face an IDS console on a regular basis. My expectation is that you have some familiarity with TCP/IP tools such as netstat, and some basic statistical and mathematical skills. In addition, I expect that you have some familiarity with scripting languages.

Nation-Building: Beyond Afghanistan and Iraq
by Francis Fukuyama
Published 22 Dec 2005

For ease of analysis, I now consider in turn each pillar of America’s nation-building strategy in Afghanistan. Security Both Afghanistan and Iraq (and, indeed, earlier nation-building experiences) suggest that the first priority of nation-builders must be to establish or maintain security for the civilian population (not just operational security or force protection for the troops) and to build on that security to push the postconflict society toward the rule of law. In this regard, the American “light footprint” would prove extremely problematic, producing a situation in which security could not be guaranteed by the American-led coalition, thus allowing a panoply of other actors to affect the security equation.

The Road to Ruin: The Global Elites' Secret Plan for the Next Financial Crisis
by James Rickards
Published 15 Nov 2016

Shock doctrine is an ideal tool: Popper, The Open Society and Its Enemies: Volume 1, The Spell of Plato, 157–59. the Open Society Foundations: Ibid. CHAPTER 3: DESERT CITY OF THE MIND “Keynes asked me what I was advising”: Somary, The Raven of Zurich, 146–47. LANL is the crown jewel: Extensive information about Los Alamos National Laboratory, including history, operations, security protocols, and a virtual tour, is available at the laboratory’s website, “Los Alamos National Laboratory,” accessed August 9, 2016, http://lanl.gov. In a seminal 1963 paper, Lorenz: Edward N. Lorenz, “Deterministic Nonperiodic Flow,” Journal of the Atmospheric Sciences, Vol. 20, January 7, 1963, accessed August 8, 2016, http://eaps4.mit.edu/research/Lorenz/Deterministic_63.pdf, 133.

Fuller Memorandum
by Stross, Charles
Published 14 Jan 2010

Choudhury glares. Neither Shona nor Iris is smiling. "You'd better explain," Iris tells me. "What I said. Here is a hint: Panin knew. He tried to pump me about Teapot, so I played dumb. He knows the rules; left me a calling card. It's downstairs in the Security Office safe. For reasons of operational security I didn't report the contact immediately, but I'm reporting it now. The Plumbers should be able to confirm it from the pub CCTV." I sit up. "Personally, I find the implications highly suggestive." "Why did you not tell Security--" Shona stops, her eyes widening. "We're not as secure as we'd like to be.

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance
by Julia Angwin
Published 25 Feb 2014

(Public places are apparently good places to have private conversations as long as you don’t use trigger words such as “bomb” that cause people to listen carefully, according to John Strauchs.) Perry looked like your basic issue hacker—skinny, slightly pale, and clad in all black. He told me some of the basics of his operational security (although not all, since that would compromise his security). Perry describes himself as a “surveillance vegan”—by which he means that he is as strict about avoiding surveillance as vegans are about avoiding animal products. (His two exceptions: he still books plane tickets and sometimes stays in hotels under his own name.)

The Targeter: My Life in the CIA, Hunting Terrorists and Challenging the White House
by Nada Bakos
Published 3 Jun 2019

And on our team, the targeting side of things was really starting to hum. That was thanks in part to Ginny’s work on the cyber desk, where she spent much of her days sifting through cyber collection. She was as much a code breaker as a cybersleuth. Zarqawi and his men, of course, had been very aware of using operational security in order to not be traced or tracked. Everyone who uses a piece of technology leaves a digital trail; Al Qaida in Iraq was no exception. All the data we collected got funneled into our growing database, which better informed our initial analysis. We could corroborate hunches, and case officers on the ground could sometimes help confirm leads.

Dark Territory: The Secret History of Cyber War
by Fred Kaplan
Published 1 Mar 2016

First, there were financial concerns: the defense budget was getting slashed in the wake of the Cold War; the NSA’s share was taking still deeper cuts; and he didn’t need other, more narrowly focused entities—novices in a realm that the NSA had invented and mastered—to drain his resources further. Second, some of these aspiring cyber warriors had poor operational security; they were vulnerable to hacking by adversaries, and if an adversary broke into their networks, he might gain access to files that the NSA had shared. Finally, there was an existential concern. When Minihan became NSA director, Bill Perry told him, “Ken, you need to preserve the mystique of Fort Meade.”

Permanent Record
by Edward Snowden
Published 16 Sep 2019

This creates a sense of tribalism, which can lead many to believe that their primary allegiance is to the institution and not to the rule of law. I wasn’t thinking any of these thoughts at my Indoc session, of course. Instead, I was just trying to keep myself awake as the presenters proceeded to instruct us on basic operational security practices, part of the wider body of spy techniques the IC collectively describes as “tradecraft.” These are often so obvious as to be mind-numbing: Don’t tell anyone who you work for. Don’t leave sensitive materials unattended. Don’t bring your highly insecure cell phone into the highly secure office—or talk on it about work, ever.

Habeas Data: Privacy vs. The Rise of Surveillance Tech
by Cyrus Farivar
Published 7 May 2018

Moving from place to place required transporting a pair of bulky 25-gallon containers—with snap-on tops—that contained all of his equipment, including a die cutter, an inkjet printer, a hologram printer, a laminator, and more. Rigmaiden was detail oriented and he worked hard to make sure that his own physical and digital protocols were followed to a t. (In military parlance, this is what’s known as good OPSEC, or operational security.) By keeping his operation small, nimble, and constantly moving, it was easy for him to stay ahead of local authorities. He only accepted payment in e-gold, an early electronic payment system that was not particularly scrupulous as to who could open accounts. Money orders and Western Union would have been too risky.

Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy
by Laurent Richard and Sandrine Rigaud
Published 17 Jan 2023

But I don’t use that laptop for personal things, and I don’t bring it with me if I have to do meetings [about Pegasus]. If there are things that are sensitive that I don’t want to leave exposed because I’m afraid of someone breaking into my house, then I make sure to take those things with me. These kinds of measures are the ones that matter. “Ultimately, what really makes a difference is the operational security aspects rather than the digital one. That’s what it boils down to.” * * * BASTIAN WAS ABLE to join us on the secure app a few hours into the meeting in Berlin, and he was very reassuring to Danna. He had experience in large journalistic collaborations where secrecy was paramount, and he told her, in his usual direct and resolute manner, that there was no reason Laurent and I would ever need to share the source of the leak with any of the media partners.

The Code Book: The Science of Secrecy From Ancient Egypt to Quantum Cryptography
by Simon Singh
Published 1 Jan 1999

His work in this capacity culminated in a visit to the White House, when, as a nine-year-old, Johnston translated for two Navajos who were appealing to President Theodore Roosevelt for fairer treatment for their community. Fully aware of how impenetrable the language was for those outside the tribe, Johnston was struck by the notion that Navajo, or any other Native American language, could act as a virtually unbreakable code. If each battalion in the Pacific employed a pair of Native Americans as radio operators, secure communication could be guaranteed. He took his idea to Lieutenant Colonel James E. Jones, the area signal officer at Camp Elliott, just outside San Diego. Merely by throwing a few Navajo phrases at the bewildered officer, Johnston was able to persuade him that the idea was worthy of serious consideration.

Merchants' War
by Stross, Charles
Published 30 Sep 2007

And we don't get to go on to a juicy research contract with the Heritage Institute, or a part-time boardroom post with some defense contractor when this is over." "What do you want?" James's intonation was precise and his voice even, but Eric didn't let it fool him. "Something vague, but in writing. The vaguer the better. Something like, 'In the interests of operational security and in view of the threat of enemy intelligence-gathering attempts aimed at compromising our integrity, all investigations are to be restricted to those with a need to know, and normal committee oversight will be suspended until such time as the immediate threat recedes.' Just keep it vague.

Bank 3.0: Why Banking Is No Longer Somewhere You Go but Something You Do
by Brett King
Published 26 Dec 2012

However, the reality is that the bank actually needs to find a way to optimise the point-of-sale experience for each individual customer—who would own that? Creating the right precognitive service selling offers requires more than a cards team—it requires a deeper understanding of customer behaviour through analytics. It also requires partnerships with retailers, mobile operators, secure payments providers, perhaps a wallet provider, and others. Without a customer-focused, overarching channel team, you’re screwed. All these challenges cannot simply be met by the current technology platform and organisation structures that most banks employ. How will the platform be optimised to serve a true multichannel services concept?

Waco: David Koresh, the Branch Davidians, and A Legacy of Rage
by Jeff Guinn
Published 24 Jan 2023

Some of the ATF personnel went about their errands wearing jackets emblazoned with the agency name. They wore the jackets because it was chilly, with intermittent rain. Two years later, newly appointed ATF director John Magaw told congressional investigators, “It’s not that they didn’t want to do it, [it’s that] they didn’t think about operational security.” In his 2007 article, “What Really Happened at Waco” for The Huffington Post, James Moore wrote that ATF “booked a room at the [town’s] convention center for a 4 p.m. Sunday news conference,” and a “front page newspaper series, commandeered local hotel rooms, media tips from government officials and law enforcement warnings meant that, if the Branch Davidians did not know that [ATF] was coming, they were the only souls in a five-county region who did not.”

The Windup Girl
by Paolo Bacigalupi
Published 15 Sep 2009

Anderson shifts in his seat, stifling irritation, wiping away sweat. He's so close. Nightshades have been reborn, and now ngaw. And Gibbons is running loose in Southeast Asia. If it weren't for that illegal windup girl he wouldn't even know about Gibbons. The Kingdom has been singularly successful at maintaining its operational security. If he could just ascertain the seedbank's location, a raid might even be possible. . . They've learned since Finland. Beyond the veranda, nothing with any intelligence is moving. Tantalizing beads of sweat run down Lucy's neck and soak her shirt as she complains about the state of the coal war with the Vietnamese.

Jennifer Morgue
by Stross, Charles
Published 12 Jan 2006

Grimacing, I tie the shoe laces. Then I reach down and trench the left heel round. Instantly, the shadows in my cabin darken and deepen, taking on an ominous hue. The Tillinghast resonator is running: in this confined space it should give me just enough warning to shit myself before I die, if Billington's entrusted his operational security to daemons, but in the open ... well, it adds a whole new meaning to take to your heels. The corridor outside my door is dark and there's an odd, musty smell in the air. I pause, skulking just inside the doorway as I wait for my eyes to adjust. Ellis Billington and his cronies are aboard the Explorer, but there's no telling who's still here, is there?

The Intelligence War Against the IRA
by Thomas Leahy
Published 26 Mar 2020

What makes his account believable is that he admits that by the second prolonged ceasefire in 1997, the organisation was beginning to struggle in Belfast.99 The fact that commercial bombings inflicted significant financial damage and regularly went ahead casts doubts on claims that Stakeknife or other informers had complete access to Belfast IRA operations on a regular basis. These attacks suggest that the Belfast IRA was not completely ‘rotten’ with informers by the 1990s.100 It has often been overlooked that the cell structure provided the IRA with ‘greater operational security’ than it had had before 1975 in areas such as Belfast. In particular, cells often restricted foreknowledge about operations.101 A former British soldier recalled: The times when you would be given chapter and the verse [by human sources] were very, very few … People would be told at the last minute about an operation … PIRA did this deliberately, frightened that the information would be told to the intelligence agencies from sources.102 For instance, McGartland’s cell leader asked him to attend a meeting in June 1991.

The Contrarian: Peter Thiel and Silicon Valley's Pursuit of Power
by Max Chafkin
Published 14 Sep 2021

Then, after his parents moved to the United States in 1991, he’d taught himself enough English to get into college in part by watching Diff’rent Strokes. At Urbana-Champaign, he’d gotten interested in cryptography, the science of making and breaking codes. It was an arcane field that proved to be essential to anyone hoping to build services that would operate securely on the internet. Levchin had also become convinced that he was destined to start a company, which meant relocating to the Bay Area as soon as possible. “When I was graduating, basically if you were a good student in computer science you were figuring out the cheapest apartments in Palo Alto,” Levchin later recalled.

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
by Bruce Schneier
Published 2 Mar 2015

Photos of the girlfriend matched the original photo that started all this, and police arrested w0rmer aka Ochoa. Maintaining Internet anonymity against a ubiquitous surveillor is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, you’ve permanently attached your name to whatever anonymous provider you’re using. The level of operational security required to maintain privacy and anonymity in the face of a focused and determined investigation is beyond the resources of even trained government agents. Even a team of highly trained Israeli assassins was quickly identified in Dubai, based on surveillance camera footage around the city.

The Gamble: General David Petraeus and the American Military Adventure in Iraq, 2006-2008
by Thomas E. Ricks
Published 14 Oct 2009

Tactical and Operational Considerations: The Sunni outlook underlies the dramatic increase in attacks since February. However, several tactical and operational considerations have contributed to the rise in violence. Despite some success in isolated areas of the province, the insurgency has strengthened in the past six months. Insurgent groups are better organized, increasingly achieve effective operational security, have improved their capabilities to cache and distribute weapons, and have refined and adapted their tactics. Control of criminal enterprise means the majority of insurgents are now financially self-sustaining at the lowest levels. Broad control of the illicit oil trade from Bayji provides millions af dollars per year to AQI, while official profits appear to feed Shi’a cronyism in Baghdad.

Ghost Fleet: A Novel of the Next World War
by P. W. Singer and August Cole
Published 28 Jun 2015

They had pulled up a hundred and fifty yards short of the summit to avoid highlighting their position along the ridge line, and Conan had disappeared for an hour while the rest set a security detail below. Conan would not tell Finn or any of the others why they’d had to go there. They knew she kept it from them for operational security, but it still made the whole trek a sullen expedition. Now, after a long hike back down, it was raining. Finn splashed into the swollen stream behind Conan and trudged on through the water. Going that way, they left no tracks and erased their movement signature in case they were being monitored from above, but really, he’d have chosen to go the stream route anyway.

How Everything Became War and the Military Became Everything: Tales From the Pentagon
by Rosa Brooks
Published 8 Aug 2016

There was literally a new language to be learned: for several muddled months, I assumed that the constant references I heard to the “DOTMLPF Spectrum” (pronounced dot-mil P F) had something to do with websites or the military’s Internet domain; in fact, the acronym stood for “Doctrine, Organization, Training, Matériel, Leadership & Education, Personnel, and Facilities.” Month by month, I learned to “speak DoD” as a second language. By the time I left the Pentagon, I could pontificate knowledgeably about OPSEC and MILDEC (operations security and military deception), wax eloquent about the importance of “shaping the battlespace” during “Phase Zero Operations,” and explain the difference between a D-FAC (the dining facility) and an MRAP (a mine-resistant ambush-protected vehicle). Like a total-immersion language course, my work at the Pentagon occupied every corner of my mind.

Small Wars, Big Data: The Information Revolution in Modern Conflict
by Eli Berman , Joseph H. Felter , Jacob N. Shapiro and Vestal Mcintyre
Published 12 May 2018

In Vietnam—as in Afghanistan, Iraq, and the Philippines—the data were tremendously informative about the tactical question of how to best win local battles but could not help with larger strategic questions about how to make the South Vietnamese government sustainable. Future operations should build in good data collection from the start and place a high value on consistency. Being able to track trends over time is critical for learning. Moreover, despite the risk to operational security that might come with disseminating data for research, sharing those data enables benefits that come from rigorous analysis of these complex problems.54 Faster sharing allows more immediate application, as we saw in the successes of Joe’s research team in Afghanistan. Thoughtful data collection and sharing the hard-earned information can provide returns beyond the immediate episode.

Coders: The Making of a New Tribe and the Remaking of the World
by Clive Thompson
Published 26 Mar 2019

So Helsby started using her data-crunching skills to help a Chicago project study urban blight, and then she helped found the Lucy Parsons Lab, which creates free, open source software to help citizens lodge complaints against police. (One is a database of officers with photos, to help citizens figure out, among other things, which officer harassed them.) She’d warn fellow activists that police and government agencies were likely monitoring them, and she held crypto parties to teach “opsec”—operational security, like using encrypted apps such as Signal instead of text messaging. “People should have the ability to read freely, speak freely, which you don’t have when everything is being watched by the government, and they can take action against you when they don’t like what they’re seeing,” she says.

The Disappearing Act
by Florence de Changy
Published 24 Dec 2020

The use of the word ‘tragedy’ also seemed to indicate that Commander Okata already knew the fate of the plane while the rest of the world was still essentially hoping. In a subsequent message, the following strongly worded reminder that all talk about the activities and the whereabouts of the USS Pinckney must stop was posted: VERY IMPORTANT message to our PINCKNEY family and friends: OPERATIONAL SECURITY (OPSEC) is imperative, as it ensures the safety of our operations and our personnel. Disclosing sensitive information could jeopardize the crew’s safety. When it comes to conversations with friends or posts on social media, please refrain from discussing information that could be detrimental to our mission.

Superintelligence: Paths, Dangers, Strategies
by Nick Bostrom
Published 3 Jun 2014

It might even present an existential risk, especially if preceded by the introduction of novel military technologies of destruction or unprecedented arms buildups. 35. A project could have its workers distributed over a large number of locations and collaborating via encrypted communications channels. But this tactic involves a security trade-off: while geographical dispersion may offer some protection against military attacks, it would impede operational security, since it is harder to prevent personnel from defecting, leaking information, or being abducted by a rival power if they are spread out over many locations. 36. Note that a large temporal discount factor could make a project behave in some ways as though it were in a race, even if it knows it has no real competitor.

The Hunt for Red October
by Tom Clancy
Published 2 Jan 1984

"The latter alternative means that their security has been violated by outsiders, but being a victim is more palatable than having to recognize the intrinsic contradictions of their own governing philosophy. On top of that we have the fact that the KGB will be running the investigation." "Why?" Pelt asked, caught up in the judge's plot. "In either case, a defection or a penetration of naval operational security, the GRU would have been responsible. Security of the naval and military forces is their bailiwick, the more so with the damage done to the KGB after the departure of our friend Andropov. The Soviets can't have an organization investigating itself—not in their intelligence community! So, the KGB will be looking to take its rival service apart.

A Line in the Sand: Britain, France and the Struggle for the Mastery of the Middle East
by James Barr
Published 15 Feb 2011

It was ‘a cock-up of the first water’, said a colleague.⁵⁶ Wingate wrote up his report of the operation from hospital. ‘More deliberation and care is called for,’ he admitted.⁵⁷ Although Wingate recovered and returned to lead the night squads on further raids, the squads were wound up later in the year. By then, Wingate’s refusal to share the details of his plans – on the grounds of operational security – had annoyed other British officers. Wingate was an easy scapegoat for the more general failings of British policy. A senior policeman described him as a ‘definite hindrance’. ⁵⁸ He said that Wingate made ‘no attempt to co-ordinate what he did with the government force for law and order, the police force, at all.’

Inside British Intelligence
by Gordon Thomas

In June 2001, Labour was reelected with a majority of 179 seats, and the Scarletts were among their friends who danced the night away. Despite Scarlett’s efforts to build trust, however, mutual suspicions remained, with Labour politicians calling for a detailed account of MI6 spending and the Secret Intelligence Service arguing that revealing this would “prejudice its operational security.” A Cabinet Office inquiry had concluded that MI6 “lacked focus” and had recommended some “downsizing as it appears to have run out of things to do.” Scarlett had rejected this and crisply reminded Blair that the party’s election manifesto had no “discernible” intelligence policy. Foreign Secretary Robin Cook, under whose political control MI6 came, had been among the fiercest critics of the service for “its lack of performance and often [being] a waste of taxpayers’ money.”

Disrupt and Deny: Spies, Special Forces, and the Secret Pursuit of British Foreign Policy
by Rory Cormac
Published 14 Jun 2018

And yet, its impact would have decreased the longer the campaign was drawn out.115 Building on nearly two years of subversion, the effort peaked in mid-August 1953. Conditions were now ripe for revolution. Unfortunately for SIS and the CIA, the initial coup attempt was betrayed.116 After problematic experiences with leaky émigrés in Albania, this initial failure served only to remind Whitehall of the difficulties of operational security. This time the culprit was a young Imperial Guard captain and communist who had informed the leftist Tudeh Party.117 Mossadeq evaded capture and arrested the key conspirators as his supporters flooded the streets in protest against the attempted coup. Bedell Smith warned Eisenhower that America would now have to ‘snuggle up to Mosadeq if we’re going to save anything there’—and braced himself for ‘added difficulty with the British’.118 With his country in chaos, the shah fled, retreating, without warning, to the Caspian Sea.

A Better War: The Unexamined Victories and Final Tragedy of America's Last Years in Vietnam
by Lewis Sorley
Published 2 Jun 1999

Douglas Pike estimates that South Vietnamese civilian casualties reached the staggering total of 465,000 killed and 935,000 wounded, those in the North only a tiny fraction of that.4 IT WAS WIDELY believed that the enemy had numerous penetration agents in South Vietnam’s government and armed forces, and indeed there were frequent indications that this was in fact the case. South Vietnamese commanders also were notoriously careless about operational security, providing in the process much valuable information to an alert and watchful enemy. What is less well known, however, is that the enemy was similarly at risk. General Le Nguyen Khang, while commanding AKVN III Corps, had an agent in the 9th VC Division and was tapping him weekly for information.

The Prefect
by Alastair Reynolds
Published 2 Jan 2007

"But it is part of the mandate that, when circumstances dictate, Panoply has the means to return to the citizenry and request the temporary right — a period specified as exactly one hundred and thirty hours, not a minute longer — to arm its agents with those weapons that remain in our arsenal, designated for use under extreme circumstances. I need hardly add that such a request is not issued lightly, nor in any expectation of automatic affirmation. It is, nonetheless, my unfortunate duty to issue such a request now. For matters of operational security, I regret that I cannot specify the exact nature of the crisis, other than to say that it is of a severity we have very rarely encountered, and that the future safety of the entire Glitter Band may depend on our actions. As you are doubtless aware, tensions between the Glitter Band and the Ultras have reached an unacceptable level in the last few days.

More Money Than God: Hedge Funds and the Making of a New Elite
by Sebastian Mallaby
Published 9 Jun 2010

Rickards recalls, “What you realize [when you suddenly need to raise capital] is that everybody will see you. They might not have any intention of investing with you, but to them it’s information. You’re the desperate ones, so you’re like, ‘What do you want to know?’ We had had high-quality operational security for four years, and all of the sudden we’re pouring our hearts out.” Rickards interview. 35. Gary Gladstein, managing director of Soros Fund Management, recalls of this period, “The major bank we dealt with was Kleinwort Benson. Kleinwort had been acquired by Dresdner. The CEO of Dresdner made this comment in Europe that he didn’t have any exposure to hedge funds.

Against All Enemies
by Tom Clancy and Peter Telep
Published 13 Jun 2011

That would take the focus off him. He descended the ladder, turned, and hurried across the damp earth, following the strings of LED lights. And now he really had to use the bathroom. While driving to the tunnel, Romero had explained to Samad that the three sicarios in the trailer would be watching via battery-operated security cameras around the warehouse and the tunnel. They’d tested wireless cameras, but the signals had been too weak to be read on the surface. Two things needed to happen at once: The power would need to be cut to the monitors of those cameras, and the sicarios would need to be “separated from their phones,” as Romero had put it.

The Price of Time: The Real Story of Interest
by Edward Chancellor
Published 15 Aug 2022

‘It’s the way of radical monetary gimmicks that one begets another,’ wrote James Grant. ‘The more they’re tried, the less they succeed. The less they succeed, the more they’re tried. There is no “exit”.’17 Not every monetary innovation was concocted in Washington, DC. The Bank of England came up with ‘credit easing’. The ECB had its ‘long-term refinancing operations’, ‘securities markets programme’ and ‘outright monetary transactions’. The currency pegs of the Danish and Swiss central banks provided them with an excuse to buy foreign securities with newly printed money. The Bank of Japan, which had been the first to initiate quantitative easing (in March 2001), later came up with ‘quantitative and qualitative easing’, to which it added ‘yield-curve control’.18 While interest rates in the United States and the rest of the Anglophone world never went below the ‘zero lower bound’, central banks in Europe and Japan crossed the Rubicon, venturing into the unknown territory of negative rates.

Ubuntu 15.04 Server with systemd: Administration and Reference
by Richard Petersen
Published 15 May 2015

sftp download.ubuntu.com To use the sftp client to connect to an FTP server, that server needs to be operating the sftp-server application. The ssh server invokes sftp-server to provide encrypted FTP transmissions to those using the sftp client. The sftp server and client use the SSH File Transfer Protocol (SFTP) to perform FTP operations securely. Port Forwarding (Tunneling) If, for some reason, you can connect to a secure host only by going through an insecure host, ssh provides a feature called port forwarding. With port forwarding, you can secure the insecure segment of your connection. This involves simply specifying the port at which the insecure host is to connect to the secure one.

Blackwater: The Rise of the World's Most Powerful Mercenary Army
by Jeremy Scahill
Published 1 Jan 2007

Prisoners are alleged to have been brought there both for interrogation and repatriation from Afghanistan.86 Also, as it happens, Blackwater’s planes in Afghanistan operate out of Bagram, a known U.S.-run detention and torture facility. According to Blackwater /Presidential’s Afghanistan contract, all personnel “are required to possess a Secret security clearance.”87 The contract also outlined “operations security” requirements: “Information such as flight schedules, hotels where crews are staying, return trips, and other facts about the international mission shall be kept close hold and only communicated to persons who have a need to know this information. Flight crews should be aware of persons who are seeking information about the contractor, flights, etc.

Facebook: The Inside Story
by Steven Levy
Published 25 Feb 2020

The stuffed-toy nicknames are deceiving. These were two separate groups of digital marauders based in Russia. Intelligence officials knew them as Units 26165 and 74455 of the Main Intelligence Directorate of the General Staff (GRU), roughly the Russian equivalent of the CIA. “Their tradecraft is superb, operational security second to none, and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter,” wrote CrowdStrike’s cyber-espionage specialists. Facebook knew that some of its active accounts were associated with the GRU. Instead of shutting them down—they weren’t doing anything illegal anyway—the Threat Intelligence team monitored them, to keep track of potential security concerns.

The Defence of the Realm
by Christopher Andrew
Published 2 Aug 2010

Most of the people who have been as intimately associated with it as I have been, have developed an affection for the Office as a whole and the staff in particular which I am certain is most unusual in a large Government Department.154 Few of the Security Service’s wartime successes were known to other government departments. The reasons for the Service policy of hiding its light under a bushel went some way beyond the demands of operational security. Petrie preferred to keep his contacts with Whitehall to a minimum. Two years after becoming director general, he admitted to Duff Cooper (Swinton’s successor as head of the Security Executive) that he was a bad ‘publicity merchant’ for the Service: I have lived so long abroad that I had comparatively few contacts in London, and I never cared to extend them beyond what was necessary for business purposes.

…

Giskes, who was interrogated at Camp 020 (see below. p. 250), struck ‘Tin-eye’ Stephens as one of the ablest German intelligence officers he had encountered; Hoare (ed.), Camp 020, p. 356. 32 Security Service Archives. 33 A year before the outbreak of war the Abwehr had sent to Britain ‘a private individual who had very good connections in high British government circles’, who was expected to be ‘questioned closely by the British about German policy’. With the personal approval of Canaris, he was supplied with a plausible mixture of information and disinformation likely to deceive the British. ‘Preliminary note on the use by German Intelligence of Deception as an aid to military operations’, Security Service Archives. No similar operation was mounted after the outbreak of war. 34 The continuing ability of German intelligence to run a successful deception operation was demonstrated by the SD Englandspiel in the Netherlands in 1942–3, which completely deceived SOE and cost the lives of fifty-four agents, as well as other Dutch civilians and about fifty RAF personnel.

GCHQ
by Richard Aldrich
Published 10 Jun 2010

At a higher level there was a supervising body called the Cypher Security Committee, supposedly chaired by Sir Stewart Menzies, but this had not attracted Menzies’ interest. Moreover, it lacked the power to compel Whitehall departments to change any practices that they thought lax. Chitty had done a spot check of twelve departments around Whitehall, and found that few were taking cypher security seriously. Britain needed a decent operational security section at Bletchley Park, and a proper supervisory board with teeth.27 No cypher system, Chitty warned, was unbreakable. Britain’s most sensitive material was sent by one-time pads, which were, in his opinion, ‘unassailable’ if used correctly. Yet he reminded his superiors that Bletchley was making a ‘most successful daily attack’ on the one-time pads of other countries, ‘which reach us in a steady stream by Photography, Theft, and the sifting of Embassy waste-paper baskets’.

Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems
by Martin Kleppmann
Published 17 Apr 2017

Alternatively, you can find all of the references at https:// github.com/ept/ddia-references, where we maintain up-to-date links. We look primarily at the architecture of data systems and the ways they are integrated into data-intensive applications. This book doesn’t have space to cover deployment, operations, security, management, and other areas—those are complex and impor‐ tant topics, and we wouldn’t do them justice by making them superficial side notes in this book. They deserve books of their own. Many of the technologies described in this book fall within the realm of the Big Data buzzword. However, the term “Big Data” is so overused and underdefined that it is not useful in a serious engineering discussion.

Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems
by Martin Kleppmann
Published 16 Mar 2017

Alternatively, you can find all of the references at https://github.com/ept/ddia-references, where we maintain up-to-date links. We look primarily at the architecture of data systems and the ways they are integrated into data-intensive applications. This book doesn’t have space to cover deployment, operations, security, management, and other areas—those are complex and important topics, and we wouldn’t do them justice by making them superficial side notes in this book. They deserve books of their own. Many of the technologies described in this book fall within the realm of the Big Data buzzword. However, the term “Big Data” is so overused and underdefined that it is not useful in a serious engineering discussion.

Unelected Power: The Quest for Legitimacy in Central Banking and the Regulatory State
by Paul Tucker
Published 21 Apr 2018

Here the issues are less about coordination among the authorities, than about whether there are any absolute boundaries and what any permissive constraints might look like. Secured Lending Is Much More Acceptable Than Purchases The first thing to say is that, under our general principles for central bank operations, secured loans (repos) against baskets of diversified portfolios of private sector securities are preferable to outright purchases. Repos avoid important political economy hazards, as they leave the choice to invest in particular instruments in private hands and enable ongoing risk management by the central bank.18 For those reasons, if the usual banking counterparties are unable to participate in repo operations because they are distressed, rather than leap straight to outright purchases, it is preferable for the central bank temporarily to widen the population of intermediaries it will deal with (eligible counterparties).

Without Remorse
by Tom Clancy
Published 2 Jan 1993

'Where will we stay tonight?' 'On board,' Kelly answered. 'We'll be secure here.' Pam merely nodded, but he explained anyway. 'You look different now, and they don't know me from Adam. They don't know my car or my boat. Frank Allen doesn't know your name or even that you're a girl. That's operational security. We ought to be safe.' 'I'm sure you're right,' Pam said, turning to smile at him. The confidence in her face warmed his blood and fed his already capacious ego. 'Going to rain tonight,' Kelly noted, pointing at distant clouds. 'That's good, too. Cuts down visibility. We used to do a lot of stuff in the rain.

Backup & Recovery
by W. Curtis Preston
Published 9 Feb 2009

Magstar MP) 3590, 3590 3592, 3592 AIX operating system, AIX Bare-Metal Recovery bare-metal recovery tools, AIX Bare-Metal Recovery mksysb utility, IBM’s mksysb and savevg Utilities T1120, TS1120 IBM DB2 Universal Database, IBM DB2 Backup and Recovery (see DB2) Ignite-UX recovery tool, HP-UX Bare-Metal Recovery, Troubleshooting Recovery Operations, Ignite-UX Overview, Network Services and Remote Boot Protocols, Differences Between HP Integrity and HP9000 Clients, Planning for Ignite-UX Archive Storage and Recovery, Recovery Archive Management, Considerations for the Remote Booting of Clients, Sizing the Recovery Archive, Configuring an Ignite-UX Network Server, Recovery Archive Management, Verifying Archive Contents, Troubleshooting Recovery Operations, Security, System Recovery and Disk Mirroring archive contents, verifying, Verifying Archive Contents archive management, Recovery Archive Management disk mirroring, System Recovery and Disk Mirroring HP Integrity versus HP9000 clients, Differences Between HP Integrity and HP9000 Clients network server, configuring, Configuring an Ignite-UX Network Server network services and remote boot protocols, Network Services and Remote Boot Protocols overview, Ignite-UX Overview planning for archive storage and recovery, Planning for Ignite-UX Archive Storage and Recovery, Recovery Archive Management recovery archive, sizing, Sizing the Recovery Archive remote booting, Considerations for the Remote Booting of Clients security issues, Security troubleshooting, Troubleshooting Recovery Operations image versus filesystem level, Image level or filesystem level?

Clear and Present Danger
by Tom Clancy
Published 2 Jan 1989

It was not unknown, in fact, for those left out to have had knowledge crucial to the operation's successful conclusion. But it was equally true that history was replete with examples of the disasters that resulted from making an operation so broadly based as to paralyze the decision-making process and compromise its secrecy. Drawing the line between operational security and operational efficiency was historically the most difficult task of an intelligence executive. There were no rules, Judge Moore knew, merely the requirement that such operations must succeed. One of the most persistent elements of spy fiction was the supposition that intelligence chiefs had an uncanny, infallible sixth sense of how to run their ops.

The Irrational Bundle
by Dan Ariely
Published 3 Apr 2013

It’s more akin to taking several boxes of pens, a stapler, and a ream of printer paper, which is much more difficult to ignore or rationalize. To Catch a Thief Our next experiment looked at what might happen if participants felt that there was a higher probability of getting caught cheating. Basically, we inserted the mental equivalent of a partially operating security camera into the experiment. We asked one group of participants to shred one half of their worksheet—which meant that if they were dishonest, we might find some evidence of it. We asked a second group to shred the whole work sheet, meaning that they could get off scot-free. Finally, we asked a third group to shred the whole worksheet, leave the testing room, and pay themselves from a sizable bowl of money filled with more than $100 in small bills and coins.

Lawrence in Arabia: War, Deceit, Imperial Folly and the Making of the Modern Middle East
by Scott Anderson
Published 5 Aug 2013

Since the early days of the war, the British had employed carrier pigeons to relay messages on the Western Front, and in the summer of 1917 someone in Cairo hit on the same idea as a way to maintain contact with the NILI operatives in Palestine. On paper, the notion had a lot going for it. It would help eliminate the need for the perilous and trouble-prone spy-ship runs from Egypt—with almost eerie regularity, these voyages had a way of coinciding with bad storms—as well as the risk to operational security inherent in face-to-face contact between spies and spy handlers. Carrier pigeons might also mean that crucial intelligence would reach British lines much faster. Between the difficulty in getting informants’ reports to Athlit, and then the wait for the ship, the information Cairo received from NILI was often five or six weeks out of date.

Ghost Wars: The Secret History of the CIA, Afghanistan, and Bin Laden, from the Soviet Invasion to September 10, 2011
by Steve Coll
Published 23 Feb 2004

The Defense Intelligence Agency, working its own Pakistani and Afghan sources, produced scores of its own classified reports about bin Laden.7 One purpose of the recruitments was to collect detailed intelligence about bin Laden’s movements, his training camps, the houses where he stayed, the houses where his wives stayed, and the houses where al-Zawahiri, Mohammed Atef, and other top lieutenants lived or worked. Gradually the CIA built up a detailed map of bin Laden’s infrastructure in Afghanistan. Reports and photography from unilateral agents were matched against satellite imagery to fill in maps of camps and urban neighborhoods. Bin Laden practiced intensive operational security. He was wary of telephones. He allowed no Afghans into his personal bodyguard, only Arabs he had known and trusted for many years. He varied his routes, did not stay in any one place for long, and never told anyone but his Arab inner circle about his plans. These practices limited the effectiveness of the CIA’s recruitments because the agency’s sources and paid agents were mainly Afghans who were kept at bay by bin Laden’s core bodyguard and leadership group.

Dirty Wars: The World Is a Battlefield
by Jeremy Scahill
Published 22 Apr 2013

US Special Operations Forces had taken over the base soon after the March 2003 invasion of Iraq and erected a fence around the cluster of buildings that made up Camp NAMA. At the center of the small compound, surrounded by barbed wire, was the Battlefield Interrogation Facility (BIF). Members of the JSOC Task Force resided at NAMA, but it was hardly just a dormitory. This task force went by various code names, and the names were frequently changed for operational security and to make investigating it difficult. At various times, it was known as Task Force 20, Task Force 121, Task Force 6-26, Task Force 714 and Task Force 145. Suspected insurgents snatched in house raids or taken off the streets of Iraq cities were brought to NAMA and placed in one of two structures: “Motel 6” was a plywood barracks; “Hotel California” was an actual cellblock that a few months earlier had been used by Saddam’s regime as a prison.

The Sum of All Fears
by Tom Clancy
Published 2 Jan 1989

If China were to do something like this, they would more likely attack us. We have the land and resources they need, and America has much more value to them as a trading partner than as an enemy. No, for this to be a project of a nation-state means that only one of a handful has the ability to do it, and the problems of operational security are virtually insurmountable. Andrey Il'ych, if you directed KGB to do this, we probably could not. The type of individual necessary for such a mission - by that I mean the skill, intelligence, dedication - are not qualities which you find in a psychotic; murder on this scale, likely to bring about such a crisis as this, would require a diseased personality.

Post Wall: Rebuilding the World After 1989
by Kristina Spohr
Published 23 Sep 2019

Despite the efforts of some European statesmen – notably Genscher, Gorbachev and Mitterrand – in 1989–91, no new pan-European architecture was created to embrace the two halves of the continent and incorporate Russia into a shared security structure. The Helsinki 1975 Conference on Security and Cooperation in Europe (CSCE) possessed the potential to become such a structure, but it was never converted into an operative security organisation. The post-Wall political reality – with America set to remain a ‘European power’ – conspired against such pan-European paths. And the attractions of a Europe reunified under the aegis of an ever-closer European Union and secured by a reinvented NATO were simply too strong.[21] Consequently, the West–East asymmetry increased over time, as the jumbled fragments of what had been the Cold War order were re-formed within an ever-larger Western-dominated framework.

Pandora's Star
by Peter F. Hamilton
Published 2 Mar 2004

Rob and the other guard waved their pistols meaningfully, shepherding the managers over to the glass wall. They were made to crouch down. “Joanne Bilheimer,” Rob called. “Front and center, now.” One of the women looked up fearfully. “I’m Joanne. What do you want?” “Up.” Rob beckoned with all four fingers. He pointed to the console marked Chief of Operations. “Secure this room, activate level three isolation.” “I . . .” She gave his pistol a frightened glance. “I’m not . . .” “Please,” he said. “Don’t give me any bullshit about not having the authority. And you really don’t want to make me start issuing threats, because I’ll carry them out. Now, level three?”

Days of Fire: Bush and Cheney in the White House
by Peter Baker
Published 21 Oct 2013

It would be a daring display of progress for the audience back home and a chance for the president to see the results of the surge. First, he had to slip out of the world’s most heavily guarded building without detection. Bush found himself in an unmarked vehicle heading to Andrews Air Force Base and stuck in traffic on an often-clogged exit ramp in Washington. For operational security, they posed as a regular vehicle, and no roads were cleared ahead of time. Suddenly Bush’s aides saw a panhandler collecting coins in a McDonald’s cup making his way to each of the cars stuck at the traffic light. Bush was in the third one back. Any moment the man would reach them, peer into the window, and notice the president of the United States, blowing the secrecy of the trip.

Engineering Security
by Peter Gutmann

While the interception of tactical video communications may not seem like a major problem since the footage has a very short lifetime, in practice it can have all sorts of long-term benefits for an opponent such as allowing them to test the effectiveness of various camouflage measures, revealing details of UAV surveillance manoeuvres, search patterns and times, and operational security, and even providing clues on how to make civilian gatherings looks like targets (to create bad publicity when they’re attacked) or conversely targets look like civilian gatherings. When the situation was re-examined four years later, the majority of the UAVs were still transmitting video in the clear (the Navy’s equivalent, in contrast, had used encrypted feeds from day one) [103].