Cyber & IT Supervisory Forum - Additional Resources

TLP:GREEN

6 D IGITAL E XHAUST TOPS F RAMEWORK

Digital Exhaust And Operational Security This Guide is designed to provide you an interactive resource to strengthen their Operational Security (OPSEC) awareness and posture within the totality of the Digital Exhaust Ecosystem. The term OPSEC was coined by the U.S. military following the realization during the Vietnam War that the enemy was piecing together seemingly innocuous, unprotected information to learn about U.S. military operations in advance. Predictable behavior, lack of communications discipline, and unnecessary sharing of information resulted in the collection and exploitation of information by the enemy. 20 Glossary Of Terms Today, OPSEC is a systematic and proven security discipline for denying threat actors the ability to collect, analyze, and exploit information, including capabilities and intentions within the Digital Exhaust Ecosystem. OPSEC has and will continue to be applied effectively throughout various industries and sectors, not just in the military. 21 OPSEC is unachievable without understanding the risks and vulnerabilities the Digital Exhaust ecosystem presents and providing users the appropriate countermeasures to ensure their safety.

Term

Definition

Digital Footprint

A digital footprint typically consists of the content the data subject puts out onto the Internet. This includes social media, streaming content, websites, blogs, etc. Digital Exhaust goes beyond the data subject’s digital footprint as it includes content that has been created not only by the individual, but also by others by means such as open sources, telemetry, data scraping, use of cookies, meta data sharing, etc. Digital Exhaust can be used for marketing purposes, as well as nefarious purposes and creates a much greater in-depth profile about the data subject than a digital footprint because of the wider reach of data points. What exists is a vast ecosystem of professional online data aggregation services which perpetually creates Digital Exhaust via organic harvests and inorganic purchases of user data from multiple types of systems used by the public. Information important to the achievement of an organization’s objectives and missions that requires safeguarding or dissemination controls and for which unauthorized access to, or modification of, could adversely affect the organization and potentially also impact national interest or national security, the conduct of Federal programs or operations, or individual privacy and Identity Management, and which may be of use to an adversary of the United States. An OPSEC capability that seeks to mitigate risks to personnel, organizations, missions, and capabilities through the discovery, examination, analysis, assessment, and management of an individual's or organization's identity elements, characteristics, or other attributes in public or non-public records and databases or in social media or other unstructured data sources. A security discipline designed to deny threat actors the ability to collect, analyze, and exploit information that might provide an advantage against an organization as well as the United States by preventing inadvertent compromise of Critical Information through a process of continual assessment that identifies and analyzes Critical Information, vulnerabilities, risks, and external threats.

Digital Exhaust

Critical Information 22

Identity Management 23

Operational Security (OPSEC) 24

TLP:GREEN