ORWG Sept 2019 Communications Webinar

1. ORWG Sept 2019 Communications Webinar LtCol David Rudawitz Director of Communications Oregon Wing Communications - Voice of Command

2. OPSECOperations Security LtCol David Rudawitz ORWG Sept 2019 Communications Webinar

3. Consider some of the following “traditional” security programs: • Personnel Security • Personally Identifiable Information • Names, telephone numbers, addresses, call signs • Physical Security • Security of repeater sites • Security of radio equipment • Communications Security • Using encryption on VHF • Using off line encryption • Information Security • Encrypting files posted to the internet • Using password protected, member access web sites as compared to public facing sites ORWG Sept 2019 Communications Webinar

4. OPSEC Program • 18 August 2017 CAP OPSEC Officer and Asst OPSEC Officer Appointed • LtCol Ed Wolff, HQ OPSEC Officer • LtCol Brian Falvey, HQ Asst OPSEC Officer • Approved to establish joint CAP-USAF OPSEC Working Group with HQ CAP-USAF • Initial Critical Information List (CIL) developed • CAP-USAF staff assignment to OPSEC WG pending ORWG Sept 2019 Communications Webinar

5. Do we need a security program? • XX Wing- PDF file that provides calls signs • X Region Communications Guidebook providing calls signs • XX Wing- Communications Exercise Plan with names, phone numbers, call signs, etc. • XX Region- Exercise Plan • XX Wing- Call sign list document • XX Wing- Call sign list • XX Wing- Call signs on web page • XX Region- Call sign list ORWG Sept 2019 Communications Webinar

6. When can OPSEC be used? • Communications Training Exercises • Communications Plans and Standard Operating Procedures • Communications Methods, Sources, and Technical Tradecraft (Code Plugs) • Software and Source Code, P/W protect code plugs • PIO/PAO releases • Personal social media published information ORWG Sept 2019 Communications Webinar

7. Every Person Is An OPSEC Sensor! • Every person in your squadron and wing is a part of the security solution by: • Knowing the threats • Knowing what to protect • Knowing how to protect it! ORWG Sept 2019 Communications Webinar

8. Critical Information List • CAP C.I.L. for OPSEC Survey • Personally Identifiable Information (PII) • Call signs • Frequencies and Radio Code Plugs • Net schedules • Mission specific details • CD missions, Green Flag, HLS Missions, AD Missions • Operations and Exercise Plans • Infrastructure Information- repeater locations ORWG Sept 2019 Communications Webinar

9. A note on public websites: • Certain things should not be found on public websites, blogs, etc., including: • Sensitive Operations Plans • Sensitive Communications Plans • Alerting Lists, With Names • By Name Personnel Lists • Locations of Sensitive Assets (Vehicles, Airplanes, Radios, etc.) • Locations of Sensitive Facilities (EOC's, COOP Sites, etc.) ORWG Sept 2019 Communications Webinar

10. Open Source Intelligence (OSINT) • AKA- One of the greatest threats to any organization • Publically available information that any member of the public may lawfully obtain my request or observation. • Unclassified information that has limited public information or access • 80-85% of intelligence can be gathered using OSINT Source: re-configure.org ORWG Sept 2019 Communications Webinar

11. “It” never goes away! • When you put information on the net, via your blog, Facebook, email, etc., you have to assume that it’s going to stay there forever. • Same thing with newspapers, magazines, and other media. • The only safe bet is to make sure that it never gets there in the first place! ORWG Sept 2019 Communications Webinar

12. Position Reporting over Radio • As you can see, position reports made over the radio are an OPSEC issue • Plain language no code ICS guidance is for interoperability with external resources • Does not apply to all internal operations • What OPSEC-compliant solutions can we use? • Bullseye Coding • Check Point Code Words • Coordinate encryption • CUL makes the decision ORWG Sept 2019 Communications Webinar

13. Bullseye Coding • On an incident, select and code name a reference point • Locations are provided using a bearing and distance from the reference point – true or magnetic but consistent • Unique location used for each incident • Requires ground units have a GPS that can provide distance and bearing from a way point. • Example – “Spatz 62 miles 30 degrees” ORWG Sept 2019 Communications Webinar

14. Check Point Code Words • When specific checkpoints can be predetermined • Assign a code word to each – maybe a theme • Use a code set for standard operations reporting – wheels up, in grid, ops normal, RTB, etc. • Example, “Hans, Laia, Luke, Rey, Darth ….” • Provide an FOUO document to all ORWG Sept 2019 Communications Webinar

15. Coordinate Encryption • Offline encryption of lat long coordinates • ORWG has used this method for many years • WMIRS does not include a decryption feature ORWG Sept 2019 Communications Webinar

16. How it works • Add CAPID of PIC or Team Leader to coordinates to encode, subtract to decode • Transmit as a six character number • Example - PIC CAPID 123456 Lat 43° 15.5 N Long 121° 35.7 W Encode 43155 123456 166611 Decode 166611 -123456 43155 43° 15.5 N Encode 121357 123456 244813 Decode 244813 -123456 121357 121° 35.7 W ORWG Sept 2019 Communications Webinar

17. Coordinate Encryption in WMIRS • WMIRS does not directly support coordinate encryption • Lat/Long entry in Comm Log must have actual coordinates • Procedure • Enter encrypted location in message field • Enter message and save log entry • Decrypt coordinates offline • Edit Comm Log entry and enter decrypted coordinates in coordinate fields ORWG Sept 2019 Communications Webinar

18. Discussion • What do you think of methods • Should limit the number of methods being used • Could use different methods between air/ground • Thoughts? ORWG Sept 2019 Communications Webinar

19. Open Discussion ORWG Sept 2019 Communications Webinar