Insider Threat

In the end, not everything is at it seems — not even this post.

A Story in Three Acts

Act One

The Army’s medical way for handling a back injury at the time was to issue a medical profile containing a particular trifecta of restrictions:

No Riffle ~ No Helmet ~ No Load-Bearing Equipment

These three effectively removed a soldier from heading out to the “Back 40” with the unit and participating in those lengthy field exercises. Hell, under ordinary conditions, even the “no helmet” restriction was enough to keep you out of the woods during an exercise! It would take a particularly clever First Sargent to give such a soldier the opportunity to pull whatever weight he or she could…

Enter the OPFOR — the “Opposing Forces.” Every good FTX needs an OPFOR! The larger exercises have U.S. units particularly trained in the enemy’s tactics who play the OPFOR for a living. In other cases, the OPFOR consists of small units from the regular forces that have been volunteered to be the bad guys. At least one of the perks of OPFOR duty was irregular uniform wear — for instance, no helmet, no load-bearing equipment, …

Uh oh… 🙂

Act Two

I was part of a jammer squad for this round, a signals intelligence unit tasked with harassing the “good guy’s” radio transmissions and occasionally listening in and reporting back. We made quick friends with a colocated Ranger unit who were going out on patrols, setting booby-traps in the woods, and so forth, in addition to their duties of giving us some protection. The icebreaker was their obvious terror on finally seeing our large antenna hoisted up above our shielded hut; they’d heard to stay clear lest they be irradiated and not be able to ever father any children…

It was a lot of fun giving a class of sorts to the Rangers, telling them about our jobs, showing them the equipment, etc. There was nothing quite like the amazement in putting the headphones on them and letting them listen to their peers’ communications… except the laughter when I’d hit that Morse code key just when they were trying to report map coordinates. It opened some eyes for sure — hopefully making them better soldiers knowing what the enemy could do.

Act Three

The Rangers returned the favor many times over. They took us on patrols, they taught us to set sensors and booby-traps, etc. The culmination, though, was a special invitation near the end of the FTX: In essence, “We have a few Blackhawks at our disposal tonight and we’re thinking of an assault on their HQ. Want to play?”

Just after nightfall, the Rangers cracked an IR glow-stick and signaled the birds in. We sprinted in from the treeline, found our seats, and buckled in. A few moments later, it was lights out, doors open, and wild nap-of-the-earth maneuvers skimming the treetops.

In short order we were deposited in another clearing and began our hike in the dark. In time, we were at a loosely guarded entry through the perimeter and were able to tailgate others coming and going without challenge. Once inside, we were free to roam without challenge.

Finding the generators, the antennas and wires, and watching the flow of officers, we found the command tent in short order.

We walked in and we killed everyone inside ~ everyone.

Finally, in the chaos and confusion, we left the camp back into the woods, found our extraction point, and we were whisked away — lights out, doors open, skimming the treetops.

Mission accomplished.

How does it apply?

I’ve taken a lot of space in setting the stage with the story, so for now I’ll leave some points to prompt thought and discussion:

  1. How are your external defenses? Can they withstand the pros? Would it actually take professionals to gain entry?
  2. How is security inside your perimeter? Is every person and every device inside trusted?
  3. How can you better convey security awareness to your crew, across roles, responsibilities, job functions, etc., so they can better do their jobs? How can you better keep your security personnel up-to-date on the organization’s other functions, aware of what they’re protecting, so they can better do their jobs? How well-integrated are the team operations across the functions?
  4. Do you test yourselves? Do you have “red team” or “purple team” exercises? Is that effort typically “showboating”and demoralizing, or is it informative and educational?
  5. Think about those “invisible injuries” like the back injuries: The person sitting beside you in the office may be suffering unbeknownst to anyone. Now extend that notion: Any number of things may be quietly affecting an individual’s life. Which ones might compromise an individual and put your operation at risk?
  6. What other lessons can we draw from the story?
  7. Do you have a story to tell?

In the end, not everything is at it seems — not even this post. TCM Labs finds that (1) the best security professionals are always finding security-related inspiration in all of their activities and experience, and (2) the most effective security programs inspire everyone in the organization to do the same. In that way, the organization remains in tune and aware, eyes always open. If you might benefit from a cup of coffee or tea and a chat with peers for commiseration or inspiration, office hours might be right for you! For additional information, drop us a line via our contact page.