Operational Security (OPSEC) represents a term used in the military sphere referring to the protection of unclassified information of various types. In other words, OPSEC describes how to prevent misuse by attackers and cybercriminals’ public information, which could put an object at risk (Fragkos, n.d.). In addition, OPSEC assumes using an attacker’s perspective to manage risk most effectively (Zhang, 2018). As a consequence, to prevent information attacks and protect data from falling into unwanted hands, Sifers-Grayson needs OPSEC, especially at the test range.
One of the issues is the possibility of a loss of information during data transfer. It is explained by the fact that communications with the test robots and drones can be via radio frequency transmission (RF) using the medical, scientific, and industrial radio bands within the 2.4-2.5 GHz range. Anyone can use these bands for the specified goals since it does not require the presence of licenses. The countermeasure includes creating access control for all communications to and from the robots and drones (Rouse, n.d.). In particular, it contains complex passwords, multi-authentication requirements for access, cryptographic methods based on mathematical ways for transforming information.
Another threat is malware infection of transmitted data in the process of its transfer. It is explained by the fact that at the test range the drones and robots are controlled via portable devices, which are linked to the Internet with a Wireless Access Point. As a consequence, the suggestion to improve information protection is to provide antivirus security of files (Zhang, 2018). Such programs, in case of detection of malware, will take actions to neutralize their negative impact.
The issue is also the probability of hacking into the system, as a result of the Wi-Fi connection, which makes the test vehicle more accessible for hackers to attack. It may lead to the risk of the manipulation of data being relayed to and from the test range (Fragkos, n.d.). In addition, it can translate to vulnerabilities to the test vehicle, which communicates with the test range (Zhang, 2018). To prevent the threat associated with possible penetration of the hackers into the RF transmission streams and tracking over the company’s test vehicle, it is necessary to apply firewalls (Zhang, 2018). In particular, with the help of hardware or software designed to validate the data exchanged between information systems, firewalls either let this data pass or reject it based on customizable criteria.
To summarize, Sifers-Grayson needs OPSEC since it ensures confidential communication between the engineering R&D center and Test Range. Suggested countermeasures include creating access controls for all communications to and from the robots and drones, particularly complex passwords, multi-authentication requirements for access, cryptographic techniques. In addition, the improvements comprise providing anti-virus protection and firewalls. These OPSEC techniques will ensure the security of RF transmission and prevent hacking into the network and manipulation of test data. As a consequence, it will allow avoiding the possibility of hackers bypassing the company’s system and the sabotage of the intellectual property of Sifers-Grayson. Sifers-Grayson needs to maintain OPSEC protocols during the testing of the propriety of drones and robots’ work to prevent future attacks from being as successful as the Red Team’s efforts were. Through various changes to R&D equipment testing methods, Sifers-Grayson will improve safety not only at the test site but throughout the entire network.
References
Fragkos, G. (n.d.). Understanding the significance of Operations Security (OPSEC) in a fast evolving threat landscape. Sysnet Global Solutions.
Rouse, M. (n.d.). OPSEC (operational security). SearchCompliance.
Zhang, E. (2018). What is Operational Security? The five-step process, best practices, and more. Digital Guardian.