OPSEC: Is the Juice Worth the Squeeze?

Thursday, September 06, 2012

Joel Harding

94ae16c30d35ee7345f3235dfb11113c

A good friend gave me a compliment today, which troubles me.  No, not that he gave me a compliment, but what he said as a part of the compliment.

I disclosed that I am hesitant to write about many things in which I am involved.  I recently received a list of topics I was asked to write about. One of the topics dealt with Social Media and how it might be used to degrade a government. 

I was excited to write about that subject, because it approaches what I consider the distilled essence of information operations.  But it grieved me at the same time because I believe I might be providing a road map to a possible insurgent, guerrilla or revolutionary wanting to overthrow a good government, such as my own. 

As much as I disagree with many of the practices of my own government, I inherently believe, no, I know, it’s a good government.  Well, except for that one office I recently mentioned. *grin*

I am also in discussions about an article I am co-authoring, which deals with a very sensitive topic:  providing uncensored internet access to denied areas.  Yes, there are ways to get around the ‘Great Firewall of China‘.  Yes, there are ways to get information in and out of Iran (equipment too).  Yes, there are ways to communicate with people inside North Korea

There are all kinds of techniques, all kinds of equipment, all kinds of knowledge, all kinds of people, all working on this particular subject.  My concern is if I write about it I may be giving a road map to China, to Iran and to North Korea on how to stop it. 

I might cause people to be arrested or worse.  I might limit the effectiveness of a government program designed to promote freedom, freedom of speech and democracy.

His compliment to me was this:

"…anything you write is of more advantage to the good guys than the bad – the idea that we could introduce knowledge they don’t have the ability to synthesize on their own is moot – aside from actual malicious code that is."

I constantly ask if what I am writing must or even should be disclosed.  Classification guidance generally deals with one issue and that is ‘damage to national security‘.  I disagree with that concept, it’s not national security, it is about human lives. 

The CIA often chooses not to declassify documents because of what they term “sources and methods”.  Sources is a euphemism for a human.  If I ever disclose information which results in a human life being taken I would feel terrible.  If I reveal a technique I have learned or one I invented that would aid a terrorist and might take the life of one person, I would probably grieve.

In the cyber world there is a process called IGL or Intelligence Gain-Loss.  Sometimes deploying a new cyber tool would disclose a capability that the US has to gather intelligence, but sometimes the gain by its use outweighs the loss of an intelligence source.

Ya gotta ask yourself:  “Is the Juice worth the Squeeze?”

Cross-posted from To Inform is to Influence

Possibly Related Articles:
10575
Network->General
Information Security
Disclosure Data Classification Tools Cyberwar National Security Cyber Intelligence OpSec Cyber Espionage
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.