This file is available on a Cryptome DVD offered by Cryptome. Donate $25 for a DVD of the Cryptome 10-year archives of 35,000 files from June 1996 to June 2006 (~3.5 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost.

8 May 2000. Thanks to LG.
Source: http://www.ioss.gov/html/Sessions.htm

National OPSEC Conference & Exhibition
Monterey, CA
6-9 Jun 2000

Conference Sessions (Alphabetical by Title)

Plenary Session: Information Security in the 21st Century

In the last half of the 20th Century, information security within the government consisted of the security classification system, personnel security clearances and rigid physical security controls, including point-to-point encryption - all designed to protect the national security. By contrast, the protection of commercial proprietary information in industry relied upon intellectual property laws, which emphasized the legal ownership of information, and focused security on the perimeter of the company, using fences and firewalls. The information age and the globalization of business have required new ways of thinking about security in industry. Specifically, the advent of the Internet and electronic commerce on the world wide web has forced industry to adopt many government security concepts and methodologies for the security protection of its commercially sensitive information. Given the volume of information in existence on computers today, it is now understood that such concepts as classification management and marking are necessary to specifically identify and control data and information requiring protection. It is also necessary to make affirmative decisions regarding employees who are specifically authorized to access controlled data, and that firewalls, like fences, are no longer sufficient to protect data and information from theft or unauthorized disclosure. Sophisticated physical security measures are now supplemented by encryption of information in storage as well as in transmission. Moreover, just as industry has adopted competitive intelligence practices to discover the intentions and strategies of its competition, industry has also begun to employ counterintelligence practices to defeat such collection activities. In other words, we can expect that industry will continue to adapt the best practices of traditional government information security to its commercial requirements, recognizing that success in a global business environment requires thinking and acting more like a nation-state than an isolated organ of commerce. My speech will provide insight and overview of the information security operations of the world's largest aerospace company - The Boeing Company - as it faces the challenges of global commerce in the new millennium.

Analytical Risk Management (ARM) Process Overview

The concept of security risk management is not new. While many government organizations recognize the value of applying risk management, many security managers are wrestling with how to institute this process at the program level. The speaker has been applying analytical risk management (ARM) to both CIA and NSA security programs and in the development of national-level security policies. In his discussion of the ARM process, he will provide an understanding of the risk management concepts and principles, show how risk management is being applied, and discuss challenges and issues related to application of the risk management process in government security programs. The examples used by the speaker will demonstrate how ARM is being used to prioritize limited resources, identify gaps in security programs, and apply cost-benefit analysis to the countermeasure selection process.

Competitive Intelligence & Economic Espionage: The Games People Play for Big Money

This presentation hones in on the tactics, techniques, and procedures utilized by individuals, corporations, national and global organizations wishing to get the jump on their competition. It talks to the "legal" methods of corporate intelligence gathering as well as the questionable methods that may fall under the category of corporate espionage. This program includes a working demonstration of intelligence-gathering devices purchased via the Internet. This presentation is designed to enlighten the work force as to the ease and speed with which competitors can collect against their targets, thus threatening growth and stability, profits, personal and job security

Cyber Threat to the Critical Infrastructure

This threat briefing is an overview of the threat to the nation's critical infrastructures, the U.S. Senate's activities regarding these threats, and recommendations for protective actions.

Critical Program Information (CPI) as an OPSEC and Security Tool

This briefing grew out of a need to assist users in understanding what CPI is and how to properly identify and use CPI. In addition to identifying responsibilities, this briefing will discuss rationale for developing CPI, the process, and the impact of a viable CPI process. For example, our experience with CPIs strongly suggests program personnel are more attuned to sensitivities after going through the process and frequently find their security classification guides are inadequate. This briefing is intended to aid the security professional in understanding how CPI will assist in both managing security of classified activities as well as its application to the OPSEC process.

Economic Espionage - the ANSIR Program

Theft of proprietary information is a huge problem, and growing, both in government and private industry. Economic Espionage has a serious effect on our economy. What are the methods used to commit these crimes, and what can be done to prevent them? The Awareness of National Security Issues and Response (ANSIR ) Program is national in scope, and is the FBI's "public voice" for espionage, counterintelligence, cyber protection, and all national security issues. Two agents will present these issues as they relate to today's hot topics of economic espionage and theft of trade secrets. As you will learn, it is not the "hostile foreign governments" that present the greatest threat. Instead, it is the trusted insider that poses the most immediate danger. Come hear the message and sign up for e-mail distribution of national threat and warning messages.

Extranet For Security Professionals

Created in direct response to the challenge of Presidential Decision Directive (PPD) 29, the Extranet for Security Professional (ESP) is a U.S. Policy Board initiative to create a collaborative environment for the national security community. The ESP brings the security community (both government and industry) on-line in a trusted link using secure Internet technologies. The ESP provides security professionals one stop shopping for sharing critical information, offering virtual meeting rooms for fast exchange of information, creating collaborative document building tools to speed policy development, innovating the automation of tasks now carried out via fax and phone, and providing critical information messaging services. Our latest project is the ESP Visit Cert System that provides a secure, paperless and more efficient way of passing clearance information form organization to organization. This system allows designated profile managers to monitor and keep track of all incoming and outgoing certs while maintaining complete control over the Visit Cert Process. It also provides an emergency search option, automated reports, workflow capability and instant notification between profile managers and travelers.

FinCEN (FBI's Financial Crimes Enforcement Network)

This briefing will show the Financial Crimes Enforcement Network mission, and how it's databases can be used to ferret out information on SUBJECT's and business. While the major mission of FinCEN is following money, you can also learn a lot about those hiding the money, identifying people, and other OPSEC opportunities. Most of the information is from commercially available sources that everyone has access to.

The FUNdamentals of Running a Successful OPSEC Program

OPSEC fun? No, it isn't an oxymoron. What could be more fun than running a program that makes a difference in the overall protection strategies where you work, through innovation and involvement? Kind of makes you ashamed to pick up that paycheck, doesn't it? OK, perhaps that is going a bit too far. This workshop will be an opportunity to share ideas with others in the trenches, but it will be more successful if you come prepared to contribute either a problem or a solution (or hopefully both!) Please come with three lists: I am having problems with my (awareness/management support/employee buy-in) efforts. Do you have any suggestions or resources? Hey! I have been successful by doing (assessments/awareness/program support), and I want to share it with others Here are some resources I use and they have helped me. Perhaps they can help you as well.

The Future of OPSEC Roundtable

Each member of the panel will offer his perspective of the issues guiding the future of OPSEC. Issues include where OPSEC fits in the larger perspective of security and resource protection, OPSEC contributions to National Security, implementation of OPSEC in both Federal and corporate organizations, and fiscal issues facing OPSEC professionals in these environments

Information Assurance: Implications for OPSEC

Information Assurance (IA) rests on many pillars, one of which is OPSEC. Most IA advocates, however, do not discuss the role of OPSEC or how it fits within the IA framework. With the proliferation of search tools and vulnerability information, OPSEC becomes more and more important in identifying new issues and in reinforcing established issues that must not be overlooked by the IA community. IA is about information, not just about technology. The speaker will provide insights into directions for the future, and how OPSEC will fit into the IA community, based on current work with the Government Accounting Office.

Infrastructure Surety Program

The NRO's Infrastructure Surety Program is part of their response to PDD 63. The program itself takes a holistic approach to security, cutting across traditional security lines of just protection classified systems and facilities. It considers the traditional security processes and then factors in the entire infrastructure within a facility. It accounts for new technologies and approaches to systems and their interrelationships. Ultimately, almost all of the systems built into a modern office space are computer automated and permit remote/electronic access. These systems permit untold remote capabilities and are relied upon to provide critical mission-related activities, and if left unprotected, can result in outrages.

Intellectual Property Questions and Answers

Dr. Chandler will be available Tuesday afternoon following his luncheon speech to answer questions and engage in dialogue with conference participants on intellectual property issues and related areas of concern.

IOSS and OPS Update and Conference Debrief

Mr. Mauriello and Mr. Stark will provide brief comments on current programs and plans of the IOSS and the OPSEC Professionals Society. Following this discussion, Mr. Mauriello, Mr. Stark, and the Conference Committee will be available for your comments on this year's conference, and suggestions for future events

Law and Disorder…..OPSEC On Trial

Long renowned as our premier presentation team, the DOE Nevada thespians return with a groundbreaking courtroom drama to acquaint audiences with the OPSEC discipline. This creatively choreographed presentation is a mock trial that illustrates how the various components of a national classified project can be inadvertently compromised if common OPSEC practices are ignored or are not supported by top management. The delivery vehicle also demonstrates how a novel approach, coupled with the creative use of multi-media, can win-over any audience. This is neither an extemporaneous presentation nor an interactive workshop….it's infotainment!

Lessons From The Past - Challenges For The Future

The speaker will discuss his personal experience with OPSEC successes and failures over a 40-year period and provide his views on OPSEC challenges in the future. Highlighted will be lessons learned from his involvement in counterintelligence, special operations, combating terrorism, and nuclear security. He will include OPSEC insights from the 1980 Iran Hostage Rescue attempt, Insider and Nuclear Security studies, the investigation of the 1993 Branch Davidian incident in Waco, Texas, the 1996 Khobar Towers bombing, and the Joint Staff Integrated Vulnerability Assessment process. He will share OPSEC insights on topic areas like media relations (friend or foe), OPSEC in Coalition operations, OPSEC education and training, and organizing for OPSEC.

The Mind Has No Firewall

Several years ago an obscure Russian staff officer coined the phrase, "The mind has no firewall". In general, he was right. Most people are highly susceptible to social engineering, or as it is called in the competitive intelligence field, elicitation. OPSEC, when properly applied, is an effective antidote to social engineering. The presentation provides a quick overview of how OPSEC frustrates overall information collection efforts and decision-making processes. It uses the OODA (Observe, Orient, Decide and Act) Loop to illustrate that point. It then discusses various elicitation methods and how they are employed. Then, it concentrates on how OPSEC can effectively combat them

Motivation Through Communications - A Briefing Skills Presentation

Aristotle once said, "It is not enough to know what to say … One must know how to say it." With that in mind, how we communicate and get the OPSEC message out to our customers is vital to the success of our programs. Tom Mauriello, the Director of the Interagency OPSEC Support Staff (IOSS), will present an entertaining outlook on "…how to say it." He will present his Motivation Through Communications - Briefing Skills Seminar, where he will provide over 55 briefing tools that you can immediately add to your briefing repertoire to increase your success with any of your oral presentations. Mr. Mauriello's seminar was originally developed for security awareness professionals in the intelligence community. Over the years, Mr. Mauriello has presented this course to hundreds of security professionals world-wide, as well as members of the academic community and private industry.

OPSEC and the DD254

Well, I just got my DoD contract, and the DD254 says I need an OPSEC plan. What do I do? This session will offer some approaches to this dilemma, and provide some formats and resources for fulfilling this requirement. Students will receive National Cryptologic School credit. It is designed to familiarize students with the five-step OPSEC process, and provide a basic understanding of common vulnerabilities and associated risks.

OPSEC Case Studies - An Eye-Opening Examination of Real World Events

Pick up a newspaper, watch the TV news or scan the headlines on your palm pilot and you will find examples of good and (mostly) bad OPSEC practices. Stolen PIN numbers, cell phone eavesdropping, industrial espionage, identity theft, and mishandled nuclear secrets are but the tip of the iceberg. OPSEC practitioners/professionals need to take a close look at what is going on around them to understand how to apply the OPSEC process. This dramatic and entertaining discussion will detail a (in) famous real world event and examine how OPSEC played a key role in determining success or ultimate failure

OPSEC in Contracts

This briefing will focus on Operations Security (OPSEC) from a contractor's perspective. We will share some techniques and tools which have made our OPSEC program more effective. The presentation will provide some very simple and practical approaches to aid in the preparation of useful OPSEC plans and awareness programs. Finally we will provide some lesions learned and challenges facing the contractor community.

OPSEC Planning: Systems Acquisitions and Military Operations

Policy and directions abound on OPSEC planning for both systems acquisitions and military operations, yet this is one of the most asked questions the IOSS is asked to deal with. Recent military operations demonstrate the problems of implementing planning policies at the national levels for quick-reaction contingency operations. The purpose of this workshop is two-fold. First, the presenters will provide suggestions on how to practically implement OPSEC into both acquisitions programs and military specific problems participants have faced and potential solutions for those problems.

Program Manager's Workshop

The purpose of the workshop is to address vital issues facing those working as OPSEC managers and/or coordinators in government and industry. The workshop will benefit and OPSEC manager or coordinator interested in discussing issues important in developing and managing OPSEC programs within their organization. Topics such as: barriers in program development, selling the program, how to establish an OPSEC working group, and other topics will be discussed.     The initial conference offering will also serve as a course review and critique for individuals attending the January offering of OP-390. If interested participants did not attend the OP-390, the workshop may be beneficial not only in obtaining information concerning the OP-390 course but also to participate in a dialogue with colleagues tasked with similar organization responsibilities.     The workshop coordinators will accept suggested topics of discussion. It is planned to make the workshop a part of future conference for OPSEC managers and coordinators.

Situational Awareness Training - A valuable concept to optimize your OPSEC and Risk Management Programs

There is a truth in the world today. And that truth is that no location or organization is completely safe from the efforts of terrorists or the effects of Mother Nature. Because of the impact of these actions on your effectiveness it is necessary to consider a fresh approach to providing important lessons to the appropriate personnel. This session will provide information to the OPSEC practitioner concerning the benefits of using Situational Awareness Training as an integral portion of an OPSEC and/or Risk Management program. It can be designed to educate all levels of personnel. Web Security Round Table. The web provides information at a greater rate to more people than we could have ever imagined even a few years ago. Communities throughout the government and industry are wrestling with the conflicting issues of how much is too much, versus the public's right to information. Each panel member will offer their department's approach to this problem, including current practice, problem areas, and emerging policies. The session will allow time for questions and discussion

Web Security Round Table

The web provides information at a greater rate to more people than we could have ever imagined even a few years ago. Communities throughout the government and industry are wrestling with the conflicting issues of how much is too much, versus the public's right to information. Each panel member will offer their department's approach to this problem, including current practice, problem areas, and emerging policies. The session will allow time for questions and discussion.

What's A Pound of Your Information Worth?

As we race from the Information Age toward the Knowledge Age, an essential element is missing: the value of information and knowledge. Do you value these as intangible or tangible assets? Perhaps their value is not overtly considered. How much are information, information infrastructure, and information-based processes really worth? If there's no value, either perceived or mathematically derived, then managers cannot appropriately allocate resources-people, money, and time. Different approaches to valuing information will be presented in light of information environment constructs and challenges. Three practical applications for information valuation will be offered. These are a rational letdown of products and services using the "To What Extent" model, information superiority, and coherent knowledge-based operations.

Classified Sessions

Chinese Intelligence Threat

Counterintelligence in America

DICE 2000

Foreign Denial and Deception

Foreign Interest in Your Website: The Value of OPSEC

Personal Wireless Communications Device Vulnerabilities

Trends in Adversary Denial & Deception

Back to Conferences Page

Last Update on May 2, 2000, 11:48AM

Preliminary National OPSEC Conference & Exhibition 2000 Schedule Monday: PRE-CONFERENCE Seminars; 5 June 2000   Engineer’s Auditorium, NPGS Windjammer Spyglass Big Sur Cypress 0800 - 1430 Threat Research OP-300: OPSEC Web Security Targeting of Open Source 1445-1630 Mining the Internet Fundamentals   America Research Tuesday: Conference & Exhibition; 6 June 2000   Regency Grand Ballroom 0800-0815 DIRNSA Welcome 0815 – 0900 Plenary Speaker: Protecting Commercially Sensitive Information in the World’s Largest Aerospace Company Mr. Greg Gwash, Director of Security & Fire Protection, The Boeing Company   Monterey Grand Ballroom 0930-1100 National OPSEC Awards Ceremony 1100-1200 Awards Luncheon 1215-1315 Awards Luncheon Speaker: Dr. James P. Chandler   Big Sur Cypress Regency IV-VI Windjammer II-IV Spyglass 1345-1445 Critical Information: The Last Mile ¬ Anti-Terrorism Proprietary Issues Round Table ¬ See schedule key next page for prerequisite info Program Manager’s Workshop v What’s a Pound of Your Information Worth? 1500-1630 Web Security Round Table ¬ Technology Collection Trends   Intellectual Property Question & Answer ¬ The Truth About OPSEC   Analytical Risk Management   1630 – 1830 Reception/ Exhibits Grand Opening Wednesday: Conference & Exhibition; 7 June 2000   Big Sur Cypress Regency IV-VI Windjammer II-IV Spyglass 0800-0900 Law & Disorder … OPSEC on Trial National Infrastructure Protection Center What’s a Pound of Your Information Worth? L The FUNdamentals of Running a Successful OPSEC Program Motivation Through Communication… A Briefing ¬ 0915-1045 Technology Collection Trends Analytical Risk Management   Competitive Intelligence & Corporate Espionage L   Skills Presentation   1100-1200 OPSEC & Industry   Economic Espionage – ANSIR Program Anti-Terrorism L Managed Access Procedures   IOSS & OPS Update ¬ 1200-1330 Lunch (Box lunches in the Regency Main Ballroom) 1330-1430 Extranet for Security Professionals The Mind Has No Firewall Information Assurance: Implications for OPSEC Military Contingency OPSEC Planning ¬ Computer Security 1445-1545 FINCEN Situational Awareness Training OPSEC & Law Enforcement in U.S. Border Patrol         Thursday: Conference; 8 June 2000   This column is classified sessions. Preregistration is required.   Big Sur Cypress Regency IV-VI Spyglass NPGS 0800-0900 Law & Disorder … OPSEC on Trial Information Assurance: Implications for OPSEC The Future of OPSEC Roundtable L ¬ Managed Access Procedures   0800-0900 Chinese Intelligence Threat 0915-1015 OPSEC & Law Enforcement in U.S. Border Patrol Situational Awareness Training OPSEC & Industry L Computer Security   0930-1115 Commercial Communications 1030-1130 National Infrastructure Protection Center Extranet for Security Professionals FINCEN   L   Vulnerabilities 1130-1300 Lunch (Box lunches in the Regency Main Ballroom) 1200-1245 Working Lunch: Conference Debrief in Regency IV-VI 1300-1400 OPSEC and the DD254   ¬ Prerequisite: See Schedule Key Program Manager’s Workshop v Economic Espionage – ANSIR Program The FUNdamentals of Running a Successful OPSEC Program 1300-1400 Chinese Intelligence Threat 1415-1545 Competitive Intelligence & Corporate Espionage The Truth About OPSEC   The Mind Has No Firewall   1430-1545 Commercial Communications Vulnerabilities Friday: Classified Sessions; 9 June 2000   Naval Post Graduate School 0800 – 0900 Chinese Intelligence Collection 0915 – 1015 Foreign Interest in Your Website: The Value of OPSEC 1030 - 1200 Counterintelligence in America 1200 – 1245 Lunch 1245 - 1345 Foreign Denial & Deception: Security and the Effectiveness of U.S. Intelligence 1400 - 1530 DICE 2000 Schedule Key: v Participants must currently be OPSEC Program Managers, their assistants/alternates, or OPSEC Coordinators ¬ Appears once in the schedule L Transmitted via VTC to Greenbelt 1.5 hour time blocks