Applying OPSEC to Terrorism

OPSEC in Warfare and Terrorism

Christopher Cox

[email protected]

“The enemy aggressively "reads" our open source and continues to exploit such information for use against our forces. Some soldiers continue to post sensitive information to internet websites and blogs, e.g., photos depicting weapon systemvulnerabilities and tactics, techniques, and procedures. Such OPSEC violations needlessly place lives at risk and degrade the effectiveness of our operations.” Peter Schoomaker (1).

Operations Security (OPSEC) as an idea was developed during the Vietnam War under the command of Admiral Ulyssess Sharp who established the “Purple Dragon” team. Their mission was to determine how the enemy was able to gather information on military operations (2). The team was able to understand the needto alter tactics and procedures to reduce an adversary's ability to make educated predictions based on the knowledge of routines (3). Post-war OPSEC was formally established as a national program when President Ronald Regan signed the National Security Decision Directive Number 298 in 1988 (4/ p1). Although the program was created as a result of the Purple Dragon team’s notable efforts in the Vietnam War; OPSEC as a concept has been acombat enabler (and a lack thereof has been an impediment to effectiveness) throughout history.

President George Washington understood this well, as did Sun Tzu almost a millennia before (2). During the Revolutionary War, President Washington employed tactics that would now be called “OPSEC countermeasures”. He has been famously quoted as saying, “Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with other of a more serious cast, may lead to valuable conclusions.” Supportingthis philosophy were his effective policies, such as referring tocritical personnel and locations by code number (for example,

Washington was “711” and New York was “727”), which allowed inaccurate information to be overheard and/or intercepted. He coupled this with using increased secrecy in movement and planning. In one case, he used easily-observable purchases and private discussions in public (meant to be intentionally overheard) to make his 3,000 strong force in Philadelphia appear to be 40,000 in number. (5/p1).

The Manchester Document emphasizes the need for increased OPSEC among governmental as well as public institutions. The ManchesterDocument was seized in 2000 in a police raid of an Al-Qaeda suspected member. The document is an Al-Qaeda training manual that outlines protocols for many different areas, including obtaining information from the enemy. On page 83 of the document,it reads: “Using this public source openly and without resorting to illegal means, it is possible to gather at least 80% of information about the enemy” (6/p83). It then lists multiple public sources for information gathering including news sources, official publications, radio and television, and other sources. Operatives are instructed to pay particular attention to published meetings and their agendas, present and future capabilities through photographs or other notations, arrival of foreign tourist groups, general directives, and also gauging public opinion and morale by paying special attention to jokes and comments (6/pp85-86). The Manchester Document confirms that we face an adversary that is increasingly aware of the value of Open Source Intelligence (OSINT), as it details its role in planning and executing terror actions. More importantly, it validates the concept that our adversary is watching public sources of information to gain valuable information in preparation for attacks.

A more recent example occurred in 2007, when the airfield at CampTaji, Iraq, came under rocket and mortar fire. Insurgents targeted helicopters by using publically available satellite imagery via Google Earth and subsequent news reports allowed for firing adjustments by revealing the relative proximity of “near misses”, as well as the number and types of helicopters actually

damaged or destroyed. As a result, several helicopters were damaged and there were multiple casualties, including one fatality (7). The above examples are just a few of many that not only validate but also, stress the need for OPSEC and its presence as an invaluable tool in our national defense arsenal. OPSEC alone is not the answer, but it is part of risk management processes and an essential part of any security posture (8). It is imperative that it includes not only security disciplines but also policies,practices, and procedures in protecting confidential information (9). OPSEC’s history and application must be fully understood andimplemented in order to effectively combat terrorism.OPSEC differs from other security disciplines in that it is formally conducted from the adversarial perspective, rather than based on lists of rules or best practices. To maximize OPSEC effectiveness, one must think like the adversary. Any adversary, including terrorist forces, relies on accurate intelligence when planning attacks (10). Terrorists often use the OODA Loop to planand carry out attacks (11) as was seen in the 2008 Mumbai attacks(12) or until very recently in Iraq within insurgents (13). Or asmentioned in the US Air Force's "Military Guide to Terrorism in the Twenty-First Century", a similar but extended seven stage terrorist planning cycle can be utilized (14).

Colonel John R. Boyd’s “OODA Loop” summarizes the process used toobtain the information and then act upon it. The OODA Loop (whichstands for: Observe, Orient, Decide and Act) is a decision-making process that was originally conceptualized for strategic military requirements; it is the process that many (well thought-out) tactical decisions are based upon (11). Harry Hillaker, a colleague of Boyd, said of the OODA Loop:

“The key is to obscure your intentions and make them unpredictable to your opponent while you simultaneously clarify his intentions. That is, operate at a faster tempo to generate rapidly changing conditions that inhibit your opponent from adapting or reacting to those changes and that suppress or destroy his awareness. Thus, a hodgepodge of confusion and disorder occur to cause him to

over- or under-react to conditions or activities that appear to be uncertain, ambiguous, or incomprehensible.” (11)

One of the principal tenets of current U.S. military doctrine is that it is desirable to go through your OODA Loop before your enemy goes through theirs.  But, according to Captain Jason Belcher of the US Air Force the reverse is happening with the waron terror (10). One way to be a step ahead is by restricting access to the information available for the adversary to Observe,thus restricting their ability to Orient, therefore delaying or impeding their ability to make a Decision on how to Act.

The seven stage terrorist planning cycle encompasses broad targetselection, intelligence gathering and surveillance, specific target selection, pre-attack surveillance and planning, attack rehearsal, actions on objectives and escape and evasion (except in the case of suicide attacks) (14/p1). The phase that is most impacted by a strong OPSEC program is that of intelligence gathering and surveillance, which is very similar to the Observe step of the OODA Loop, and will be referred to as such in this paper. In this phase, critical elements such as routines and workschedules, locations of key targets, means of travel and securitymeasures are considered in order to enable the attack and maximize damage that may be caused. If the target is a building, such as was the case of the Oklahoma City government building bombing in 1995, the terrorist would desire to ensure that the maximum number of potential victims are in the area during the time of the attack. In the event that the target is an individual, critical information to enable the attack could include routes, locations and other factors. Another element critical to the terrorist planning cycle, part of the Observe phase, is an understanding of the security measures in place, such as personnel, barriers, type of frequency and drills (14/p3). Knowledge of this element would allow the terrorist force to bypass security countermeasures and attack at a time beneficial to the terrorist force.

While the Observation phase can be conducted well ahead of time, the pre-attack surveillance and planning phase occurs mere days to weeks before the planned attack (14/p4). Most important to this phase is to confirm intelligence collected initially and ensure that there have been no significant changes to the security posture and procedures protecting the target. If the organization is protected by a weak OPSEC program and has allowedcertain profiles to be established, the attackers could very easily confirm the initial security findings and proceed with theattack.

For example, consider a hypothetical US Military transportation unit operating in Afghanistan. The unit feels that efficiency is critical to Logistics Package during delivery to a remote combat outpost in order to support their regular fire missions while reducing the amount of time spent in the volatile region. The unit has identified the most efficient route, and therefore is observed using the same Main Supply Route on the same schedule. The adversary is able to orient by Observing the schedule and behavior of the drivers, after which they may decide how to best exploit this information and, finally, act upon their planning. This can demonstrably have tragic results.

However, if the enemy OODA Loop is interrupted, it restricts their ability to ultimately act. In the previous scenario, mission planners may alter the routes and times, effectively reducing the adversary's ability to Observe patterns and orient to the mission. If the same route is required then even just altering the timing of the deliveries will reduce the adversary’sability to recognize patterns. While other patterns may, and often will, form over a greater period of time, this effectively extends the adversary's OODA Loop timeframe and reduces the number of actions that they are able to commit. If properly implemented, the unit's own OODA Loop cycle will be unaffected, meaning that they will be able to conduct several iterations within a single instance of the adversary's own.

A basic problem, like this, is one that should never occur in anyorganization with a mature OPSEC program. OPSEC, at its heart, isa five-step process (identification of Critical Information, analysis of threats, analysis of vulnerabilities, assessment of risk, and application of appropriate OPSECC measures) that is designed to capture and mitigate such vulnerabilities before the adversary is able to exploit them (15). While there are many security programs within the Military (as well as the private sector), OPSEC is unique among them because it considers vulnerabilities from an adversarial perspective, a process colloquially referred to as "Thinking like the Wolf". Consider again our hypothetical transportation unit:The OPSEC Officer would initially obtain an analysis of the threats to their mission by engaging intelligence personnel and other sources of information. Technically, this is step two of the five-step OPSEC process, but the Interagency OPSEC Support Staff (IOSS) now advocates for this step being completed first, as this results in a more thorough analysis of the risks presented by the adversary.

One must exercise caution when naming adversaries, as it's possible to either fail to consider a threat, or to mis-label a potential threat resulting in the inappropriate allocation of resources. In reality, in order to actually be a "threat", an adversary must possess both the intent and the capability to cause harm. In this example, regional insurgent forces have demonstrated the intent and the realized capability to do harm, and should be considered as bona-fide threat. Once identified, the unit shall then explore the capabilities, resources, historical acts and other factors related to this specific element.

Next, the OPSEC Officer would identify the Critical Information (CI), which is that information needed for the adversary to achieve their objective. As the adversary has already been identified and analyzed, they have an idea as to the capabilitiesand methods that may be employed against the unit. In our

hypothetical example, the OPSEC Officer has many elements to consider. In order to effectively attack the convoy, the enemy would need to know the timeframes and routes, as well as the number of vehicles, number of soldiers, responsiveness of Quick Reaction Forces (QRF) and number and types of weapons and armor- details of which would populate the CI list. The list could grow quite large, and the OPSEC Officer should make no attempt to limit it, at first. Only after developing a comprehensive list should he or she eliminate items that are redundant or infeasible.

Then, the OPSEC Officer considers each aspect of the planned mission in order to identify any indicators that may reveal the previously-identified CI. Again, there should be no initial restrictions placed on the development of this list, as every element should be considered. It is in this phase that the OPSEC Officer really needs to be able to consider the mission from the perspective of the adversary: from this perspective, what available or observable phenomenon may reveal their CI? The OPSECOfficer could conclude things such as convoy routes and time patterns, conversations spoken within earshot of local nationals, discarded planning or briefing documentation, etc or possibly even social networking sites used by unit members (particularly when soldiers provide geotagged information embedded in their pictures), as elements that can reveal CI. There are many methods which the adversary may use to determine indicators and exploitable vulnerabilities, and a thorough knowledge of the adversary’s intent and capability will help determine the tactics they may be likely to employ.

Afterwards, the OPSEC Officer, while working with commanders and key leaders, evaluates the risks associated with each vulnerability and identifies countermeasures for them. For example, in our situation, the adversary might be able to discernupcoming mission routes, Staring Point (SP) times and troop strength through social networking or TRASHINT (intelligence collected from refuse), and appropriate countermeasures should beconsidered based on risk and likelihood. Personnel controls,

regular OPSEC reviews, security inspections and a “mandatory shred” policy for certain types of documents are among the countermeasures that may be considered.Finally, with command support and emphasis, appropriate countermeasures are put in place. Evaluating countermeasures for effectiveness, which is a continuous progression based on feedback and observable effects, is built into this step (15). With this, each step is completed and the unit has an improved security posture with reduced vulnerabilities and a restricted capability for exploitation by adversarial elements.

Special consideration must be given to the perceptions and considerations of the adversary. As mentioned previously, OPSEC differs from other security disciplines in that it is carried outfrom the adversarial point of view. This is because, to use the common phrase, “your adversary gets a vote.” In other words, any codified list that attempts capture enduring requirements and “rules” will grow quickly obsolete in the face of a resourceful and adaptive enemy.

Consider again the hypothetical transportation unit stationed in Afghanistan; but this time, from the adversary's perspective. An insurgent cell operating in the region would have the intent to disrupt the unit’s mission in order to lessen the effectiveness of the units unable to be supplied as a result. The adversary would run through a basic narrative (simplified for the purpose of this paper) in order to best determine the vulnerabilities which they may exploit. The adversary's thought process could be as follows:

"What do I need to know in order to attack this unit? What route will they be taking and when? How many soldiers will there be? How long will I have until reinforcements arrive? Are there any issues with armor, weaponry, or communications? Are there any tertiary goals, such as high-value targets or rare/specialized cargo?"

Once the adversary considers what information they would require,they would then consider what methods they may use in order to answer their own questions.

"I can watch the routes they take and record the schedule. I can count the soldiers and determine when the best time to attack. Our operatives on the FOB (Forward Operating Base) can examine the trash for After Action Reviews, memos and other items. They can also listen to conversations in the gym, dining facility, and recreation facilities. And then, there's Facebook, Myspace and all those blogs!"

Their efforts pay off! Within a few weeks, the insurgent forces have built an accurate and comprehensive profile of the unit's mission. They find that the unit has created an association between a heavy maintenance stand down and a mission the following day. They note that the unit generally takes the same route with little variation, and always leaves early in the morning. By examining the trash and recycling, they find letters from home talking about upcoming missions, indications of maintenance and morale issues, as well as maintenance informationand load plans. The most valuable information, however, comes from overhearing soldiers’ conversations and reviewing their publicly available Facebook pages. In the latter, the insurgents notice a pattern in heavy posting before a mission, followed by near-silence, and then a resurgence of social media posts with pictures of their routes and destination- by all indications, theunit's preparing for another mission. Most telling, however, is asingle posting on Facebook from the unit's commander:

"Fly safe and we'll see in you a few days! Michael can't wait to see his daddy!"

The insurgents now know that there's an upcoming mission; as the FOB doesn't have an airfield, it's likely that he'll be on the next mission in order to leave for his R&R. They begin to plan the attack. Terrorist forces are not necessarily military combatants, by definition. However, many terrorists have extensive military training and maintain a tactical mindset. As

such, they will not only seek to exploit vulnerabilities, but also practice OPSEC when conducting their own operations. As there are no consistent limitations to the targets of terrorism, every organization, government entity, and private citizen must understand the basic concepts of OPSEC in order to frustrate the terrorist planning cycle and interrupt their OODA loop. This is the role, and the responsibility, of the OPSEC professional - theperson that understands the role that OPSEC plays in daily affairs, and must communicate this to those that need to know. The OPSEC Officer must "evangelize" for OPSEC and encourage others to incorporate it into their business planning and daily lives.

It is important to widely propagate the basic concepts of OPSEC, so that they can grow to understand the mindset behind it. OPSEC is not only a formal process, but also a mindset. Once one understands how seemingly inconsequential pieces of the puzzle may be formed into the "big picture", it becomes nearly second nature to protect important information. These basic concepts arelargely understood; most individuals understand that changing routes to and from work can reduce the likelihood of attack, and most comprehend that posting vacation details on Facebook can increase the likelihood of a burglary once the home is empty. Terrorist collection capabilities are changing as they adapt to the cyber environment. As referenced previously, knowing one's adversary is a critical component of the OPSEC process. This includes an in-depth knowledge of their capabilities and developing intentions. Cyber capabilities of terrorist elements have been widely discussed within the context of OPSEC, but have been generally restricted to passive collection methods like social networking sites and blogs, or basic intrusive capabilities such as phishing and social engineering. However, increasingly available technology and growing restrictions to terrorist acts have naturally resulted in the adoption of high-yield and low risk methods.

Also changing are the targets and methods that terrorist entitieswill use to attack them. Former Homeland Security Director Tom Ridge warned, "Terrorists can sit at one computer connected to one network and can create worldwide havoc" (16), and the Australian Government's Institute of Criminology assessed, "the potential damage which can be inflicted on our infrastructure – systems such as air traffic control, power, telecommunications, and the like, by a malicious person sitting at a keyboard on the other side of the planet, is mindboggling" (17). In order to adapt to this evolving threat, we must explore it and understand its implications.

The ability to use cyber capabilities in order to achieve terrorist goals is rather easy to determine. Relatively standardized control measures and security equipment help keep systems secure; automated network-based intrusion prevention systems watch for threats while each computer on a network most likely has its own host-based security suite. However, as computer security specialist and cryptologist Bruce Schneier noted, "If you think technology can solve your security problems,then you don't understand the problems and you don't understand the technology" (18). While security-assistive software and hardware help increase the security posture of the system, there's no such thing as "complete security" for any network that's connected to the same public internet that's expected to service 15 Billion devices by 2015 (19), more than double the population of the Earth at this time. These devices include not only desktop computers, laptops, and smart phones but also many kinds of tracking devices, medical devices, and entertainment devices (gaming systems). For example, a Dutch startup, Sparked,is using wireless sensors on cattle that electronically inform the famer of when one is sick or pregnant. In the future it is envisioned that our everyday electronics will be connected via the web allowing them to work together (19). This could be both ablessing and a curse as it provides another entry way into personal lives, corporations, and public and government entities.

The term 'Critical Infrastructure' refers to "systems and assets,whether physical or virtual, so vital to the United States that the incapacity of such systems and assets would have debilitatingimpact on security, national economic security, national public health or safety, or any combination of those matters" (20/pp6-7), and includes food and agriculture, dams, energy, IT, postal services, banking and finance, communications, transportation, chemical, emergency services, healthcare and public health, nuclear facilities and water, among others. This term also includes those critical international services upon which we depend but have no control, such as shipping, airports and communications services operated by other nations. In order to service increasingly large geographic areas in a cost-restrained environment, sectors rely heavily on the use of Supervisory Control and Data Acquisition (SCADA) systems and Distributed Control Systems (DCS's).

SCADA systems allow for remote monitoring of systems and their status, and include the capability to transmit commands from a remote location. For example, the remote monitoring and operationof railroad track switches, draw bridges and traffic control systems. DCS's are a network of computers that provide processed information to a centralized control location while also possessing the capability to receive remote commands. Generally, a DCS is used at a single site, rather than distributed across a wide geographic location; however, a SCADA and DCS may be implemented within the same organization to work in tandem. In 1997, the President's Commission on Critical Infrastructure Protection said of SCADA systems, "From the cyber perspective, SCADA systems offer some of the most attractive targets to disgruntled insiders and saboteurs intent on triggering a catastrophic event. With the exponential growth of information system networks that interconnect the businesses, administrative and operational systems, significant disruption would result if an intruder were able to access a SCADA system and modify the data used for operational decisions, or modify programs that control critical industry equipment or the data reported to control centers" (21). Although such systems were originally

designed to be isolated from commercial networks, the practice ofproviding real-time data to customers and field technicians has necessitated the integration of SCADA components into the public sphere, introducing previously unforeseen vulnerabilities.

In 2011, police in Berlin arrested Maqsood Lodin after travel to Pakistan. In his possession was a thumb drive with encrypted messages outlining terrorists’ plots and containing communications between senior leaders (22, 23). This discovery issignificant, as it goes far beyond the basic elements of social networking and reviewing blogs - it highlights the escalating useof advanced technologies in order to achieve terrorist objectives. In this case the group used steganography, the practice of hiding messages and files in images, to communicate. This is indicative of both a maturity in the cyber operations capabilities of international terrorist forces and also a restriction of our own ability to monitor communications and perform electronic surveillance.

Increasing technology provides an alarmingly increasing amount ofareas that can be exploited by terrorist factions. The TOR (The Onion Router) Project is one of these areas. It was originally designed, implemented, and deployed by the US Naval Research Laboratory to protect the content and source of government communications by reducing the risk of traffic analysis or network surveillance using the onion routing system(24) in 2004 (25). Now formally sponsored by the Electronic Freedom Foundation(EFF), the tool has gained wider use in the corporate world, the public sector, and private use. In order to understand this technology, imagine a separate network overlaid on the public internet with successive relays passing encrypted traffic all over the world. The intermediate relays, excluding the entrance node, have no awareness of the actual source of the traffic, and the data itself is encrypted via the onion protocol until passed from the exit node (where, conceivably, the traffic remains encrypted using the HTTPS protocol). TOR exists to conceal user identities, and is very successful at doing so (provided that theuser takes basic precautions in their browsing habits).

Additional protection is afforded by configurations that periodically change the location of the exit node, creating what is essentially untraceable network traffic that may appear to be originating in Germany at one time, and less than ten minutes later from Switzerland. Based on this capability, a targeted hacking effort against critical infrastructure would be difficultto correctly attribute and, even possibly, detect (24).

As the intermediate nodes are anonymized and all traffic between them is encrypted, the onion network provides for location-hiddenservices protected by a psuedo top-level domain referred to as ".onion", which are only accessible while using a TOR client. This function obfuscates both the location and identity of the requester from the host, and also the host from the requestor allowing for a high degree of security for both parties by eliminating the inherent security risks of traversing an exit node. An abundance of information and resources, both legal and illegal, are available via hidden services at minimal risk. For example, one may directly purchase illegal narcotics (using a built-in decentralized monetary system that protects both the origin and destination of funds) or browse child pornography as easily as anonymously provide information related to corporate wrongdoing ("whistleblowing") or share information with fellow urban-exploration enthusiasts interested in the steam tunnels under Virginia Tech.

As there is no "Google"-type service that autonomously cataloguessites for the .onion pseudomain, and addresses are hash-based rather than user-friendly (for example, http://a5ec6f6zcxtudtch.onion is the URL for an anonymous E-Mail service), services are very difficult to identify unless explicitly shared. Because of this, information and plans may be openly shared with little concern as to exploitation, potentiallysupporting key terrorist goals of training, planning, and equipping.

In this example, the tool itself (as is the case with most technology) is entirely neutral and its utilization dependent on the intent of the user. The service, as a whole, is beneficial and has multiple legitimate uses to include military (TOR is issued to US intelligence teams for open-source intelligence), journalists (to protect their sources), government employees (to protect their affiliation and identity when travelling overseas),individuals (who value privacy or have legitimate reasons to be concerned for their security, such as the Iranian protestors in 2009), law enforcement, and many others. However, the possibilityalso exists for exploitation by criminals, terrorists, hackers, and other elements.

Direct connections have not been established yet, terrorists havebeen adapting to new technology at an exponential rate and it is only a matter of time before they take advantage of the many protections TOR provides. Using proxies and encryption is alreadyon the FBI’s look out list when it comes to tracking terrorism (26), so the threat exists. It is already being used by criminalslike pedophiles, as the Anonymous hackavist group has recently exposed and continue to do so in a campaign called OpDarknetV2 (27).The Flame worm is another textbook example of this fact; the malware is designed for intelligence-gathering, specifically to capture computer screenshots, record audio via the microphone andsteal computer files. Such a tool, if deployed, would allow terrorist factions to effectively map a contact network by surreptitiously capturing data and tracking communications. This would provide a valuable starting point from which to gather future information or develop additional attack vectors. It's very similar to trespassing on private property to conduct TRASHINT- while illegal; the resulting information may be invaluable.

As the threat evolves, so must our response to it. This is a central theme within OPSEC, the ability of the program to adapt to deal with rapidly changing threats. This becomes the

responsibility of organizational leadership. It's the leadership (commanders, managers, and others in principle positions) that are charged with ensuring the effectiveness of any establishment.Without senior leadership, the OPSEC Officer is less able to motivate the organization to adopt restrictions and policies. Furthermore, senior leadership buy-in ensures that all elements upon which the OPSEC program depends are given complimentary guidance, ensuring that the program is properly funded, resourcesare made available, and all personnel are informed and bound by organization-wide direction. An OPSEC program that lacks leadership support is often left ineffective, as the OPSEC Officer can only do so much without support.

An example of an effective OPSEC program that adapts to an evolving adversary is the one at the Army's National Training Center (NTC) at Fort Irwin, CA. The Fort Irwin site has been in use by the US Military since the 1940s; it has been activated anddeactivated under different names and branches of the military several times. In 1979, though, the Department of the Army announced that Fort Irwin had been selected for the NTC. Fort Irwin houses over 20,000 people daily and its mission is to provide tough, and realistic training, assist in the development of competent leaders and soldiers, and to provide a venue for transformation. The NTC is unique because its primary mission is to train Battalion and Brigade size Army and Joint units for combat shortly before deployment (28). This presents a unique opportunity to train and educate commanders at all levels on the importance of OPSEC in an environment that replicates the battlefield. In support of this important mission, the NTC integrates OPSEC events into the training scenarios, forcing the unit commanders to consider the strength of their OPSEC program and its role in their offensive and defensive capabilities. When the unit commander sees that their mission is impeded because theopposing force has been able to discern their intentions and plans, it forces them to consider OPSEC in future planning endeavors. This is especially important given the timeframe, as units rotate through the NTC shortly before their actual deployment.

OPSEC plays a vital role in the security of our nation on a number of levels but especially during wartime and against terrorist factions. The lessons taught at the NTC are worth repeating in different environments as they reconfirm the notion that OPSEC is not only an invaluable mission enabler, but also how insufficient OPSEC can adversely impact an operation. This lesson must be taught to, and engrained within leadership at all levels, as all are potentially a target of domestic or foreign terrorism. They must understand how they are able to interrupt the adversary’s OODA Loop (or 7 stage planning cycle), protect against cyber terrorism and its reaches, and how to achieve greater levels of security by overlaying OPSEC on their traditional security measures.

REFERENCE

1. Chief of staff of the army OPSEC guidance. 2005. Federation

of American Scientists.

http://www.fas.org/sgp/news/2005/08/usa0805.html (accessed

August 1, 2012).

2. Sameulson, Ronald A. 1991. The great conversation: the origins and

development of the national operations security program. Interagency

OPSEC Support Staff.

3. Airmen must remain vigilant in OPSEC. 2010. U.S. Airforces

Central. http://www.afcent.af.mil/news/story.asp?

id=123193590 (accessed July 30, 2012).

4. Presidential Directives and Executive Orders. 1998. National

Security Decision Directive Number 298, National Operations Security Program.

Washington, D.C.

5. The Free Library. 2009. George Washington, “known OPSEC

practitioner”.

http://www.thefreelibrary.com/George+Washington+-

+Known+OPSEC+Practitioner-a01073968071 (accessed June 7,

2012).

6. Manchester Document. 2004. The Investigative Project on

Terrorism.

http://www.investigativeproject.org/document/id/10

(accessed June 7, 2012).

7. Roseboro, Linda. Critical Information Leak- Camp Taji Case

Study. Presented at the 2011 National OPSEC Conference,

Atlanta, Georgia, 16-20 May 2011.

8. Davis, Paul. 2002. Analyze this: OPSEC is Key in the War on

Terrorism. United States. National Criminal Justice Reference Service

(NCJRS) Abstracts Database. 8 Vol., no. 2:22-25. (accessed July 25,

2012).

9. R.A. Fisher, and D.B. Nickell. 1988. OPSEC (Operations

Security) Check. National Criminal Justice Reference Service (NCJRS)

Abstracts Database. 32 Vol., no. 2:67. (accessed July 25, 2012).

10. Jason Belcher. 2004. Destroying terrorist cells. Air &

Space Power Journal.

http://www.airpower.maxwell.af.mil/airchronicles/cc/belcher.

html (accessed July 30, 2012).

11. The Strategy of the Fighter. 2002. Fast Company

Magazine. http://www.fastcompany.com/magazine/59/pilot.html

(accessed June 7, 2012).

12. For speedy command & control.2010. SP's Land

Forces, ProQuest Research Library (accessed July 31, 2012).

13. Mostaghni, Michael. 2010. "OODA Loop." Infantry 99.1: 49-

50. ProQuest Research Library (accessed July 31, 2012).

14. A Military Guide to Terrorism in Twenty-First Century.

2007. Appendix A, Terrorist Planning Cycle. USAF, Washington, D.C.

15. The OPSEC Process. 1996. Federation of American

Scientists. http://www.fas.org/irp/doddir/dod/jp3-54/3-

54c_c3.htm (accessed June 8, 2012).

16. There are many ways terrorist can kill you—computers

aren’t one of them. 2002. Washington Monthly.

http://www.washingtonmonthly.com/features/2001/0211.green.ht

ml (accessed July 30, 2012).

17. Grabosky, P.N. (1998). Crime and Technology in the

Global Village. Australian Institute of Criminology. Paper

presented at the Internet Crime Conference of the Australian

Institute of Criminology, Melbourne, Australia, 16-17

February 1998. http://www.aic.gov.au/crime_types/cybercrime/onlinevictimisation/

~/media/conferences/internet/grabosky.ashx (accessed August 1,1

2012).

18. Schneier, Bruce. 2000. Secrets & Lies: Digital security in a

networked world. Preface: http://www.schneier.com/book-sandl-

pref.html (accessed July 30, 2012).

19. Evans, D. (2011, July 15). The internet of things [Web

log message]. Retrieved from

http://blogs.cisco.com/news/the-internet-of-things-

infographic/

20. Moteff, John, Copeland, Claudia, and Fischer, John.

2003. Critical Infrastructures: What makes an infrastructure

critical? Congressional Research Service – The Library of Congress.

http://www.fas.org/irp/crs/RL31556.pdf (accessed July 31,

2012).

21. Shea, D. A., and Library of Congress. 2004. Critical

Infrastructure: Control systems and the terrorist threat.

Congressional Research Service.

22. Documents reveal al Qaeda’s plans for seizing cruise

ships, carnage in Europe. 2012. CNN World.

http://articles.cnn.com/2012-04-30/world/world_al-qaeda-

documents-future_1_al-qaeda-leader-senior-al-cruise-ships?

_s=PM:WORLD (accessed August 4, 2012).

23. Terror Genius Hid His Schemes in Porn Files. 2012.

Wired. http://www.wired.com/dangerroom/tag/maqsood-lodin/

(accessed June 9, 2012).

24. TOR Project: Anonymity Online. 2012. TOR.

https://www.torproject.com (accessed June 9, 2012).

25. TOR (The Onion Router). University of Michigan,

Department of LSAIT.

http://webapps.lsa.umich.edu/lsait/admin/TOR%20Routing

%20Infomation%20.pdf (accessed August 2, 2012).

26. Communities Against Terrorism: Potential Indicators of

Terrorist Activities Related to Internet Café. 2007. Bureau of

Justice Assistance and Fderal Bureau of Investigation.

http://publicintelligence.net/fbi-suspicious-activity-reporting-

flyers/ (accessed August 11, 2012).

27. Anonymous Attacks Suspected Pedophiles Again. 2012.

NBCNews.com http://www.msnbc.msn.com/id/47435855/ns/technology_and_science-

security/t/anonymous-attacks-suspected-pedophiles-again/

#.UCayU01mT0o (accessed August 11, 2012).

28. Facts and Figures. 2011. Fort Irwin.

http://www.irwin.army.mil/Visitors/Info/Pages/FactsandFigure

s.aspx (accessed June 9, 2012).