Operational security (OPSEC) is a form of risk management that challenges managers in an organization to think
Question:
Operational security (OPSEC) is a form of risk management that challenges managers in an organization to think like an adversary (Zhang, 2020). OPSEC is used to protect organizational assets, employees, and the over-all well-being of business operations. The test range in the organization has many shortcomings when it comes to security. There is no type of encryption standards in place for wireless communications between the test range and R&D center, satellite communication, and radio frequencies. Encryption protects the confidentiality and integrity of data and assets in the organization. Confidentiality ensures that critical secret information is protected from disclosure to unauthorized sources. Integrity makes sure data isn't intercepted, modified, or deleted by an adversary to the organization. OPSEC helps complete the security triad through the means of encryption. Without the organization having an operational security mindset; assets, employees, and the entire organization is vulnerable.
The first concern regarding OPSEC is mobile security. Employees at the test range communicate to the R&D center using mobile devices. Cell phones can be exploited by attackers to intercept communications and install malware; they should be held to high security standards and monitoring. Mobile devices should regularly be checked for software updates. Android phones are subject to an increasing amount of smartphone hacks; it's vital to install software updates to prevent mobile attacks (Vojinovic, 2022). In addition, it is a good idea to install anti-virus software on corporate used mobile devices to prevent intrusion of viruses.
The drone systems and remote controls connect to the internet through a wireless access point. Not having encryption standards is a serious security concern when dealing with wireless connections. Data that travels over the wireless network is subject to a cyber-attack affecting the confidentiality and integrity of the data. Attackers can capture sensitive data and corrupt the relay data to the organization. Cyber criminals can also attack the software components of the drone system, planting viruses over wireless or satellite links. This can affect the availability of services the drone is used for (DeLaOsa, 2017). The remote control for the drone uses wireless connectivity and radio waves to give the drone commands and control the system. The frequencies the company uses (2.4-.2.5GHz) can be used by anyone and require no authorization. There is usually a legal process and a confirmation phase to get authorization to encrypt certain frequencies. Anyone who uses these frequencies without being encrypted can intercept communication. In addition, it is possible for attackers to take control and steal the entire drone system with a controller that uses similar frequencies if the wireless network is compromised. Once a robot or drone has been compromised a hacker could gain control for use in cyber espionage, turn the system into an insider threat, use the system to expose unwanted information, and make the system preform unwanted actions (Wash, 2017).
In conclusion, OPSEC allows the organization to think like the attacker and prepare in advance for security incidents. It's vital to the well-being of the organization. Encryption standards for communication for mobile devices, wireless connections, and radio frequencies can mitigate the risk of falling victim to a cyber-attack with far-reaching consequences.
Understanding Business Ethics
ISBN: 9781506303239
3rd Edition
Authors: Peter A. Stanwick, Sarah D. Stanwick