Physical-Cyber Convergence Outside the Perimeter - AFCEA International
2023-04-02 19:24 (EST) - James Carnall
The Cyber Edge Writing Contest 3rd-Place Winner, 2023
The challenge of converging cyber and physical security within an agency’s perimeter is nothing new for federal military and civilian organizations. Now, cyber threats taking place outside an organization’s perimeter are adding a layer of complexity that must be addressed immediately by both physical and cyber security teams.
Threats such as impersonations, doxing, swatting, cyber stalking and more are being planned online by threat actors targeting military service members or government officials intending to do physical harm to draw attention to themselves or their cause or to oppose the target’s role in government. Tragic events driven by a variety of motives are now occurring as the result of perpetrators using a digital platform to broadcast information or raise support to execute senseless physical acts. These types of attacks become a matter of national security when they target a government employee.
The complexity of protecting against such security incidents is compounded by the increasing role of information that family members, friends and even the target themselves post online. Seemingly innocent social media posts by friends and family are increasingly exploited by threat actors and are putting service members in harm’s way. Because of this, security teams are left scrambling to determine what can be done to minimize risk to a protectee’s physical safety. The solution becomes clearer by better understanding how these attacks are executed.
Threat actors have been known to track and exploit information provided by a victim’s immediate inner circle. For centuries, intelligence has been gathered by befriending or tracking a target’s family members and exploiting the connection to reach their target. As the target, those in your inner circle are the most reliable way to establish patterns of life and time-location predictability. Once verified, physical threats such as home invasions, kidnapping, extortion, etc., can be planned and executed much more efficiently.
In the era of social media, information gathering has become much easier. Those closest to you can feed threat actors an abundance of information simply by posting to social media. Unfortunately, they have very little awareness of how an innocent post translates into valuable intelligence for those seeking to do harm. Take a look at how a threat actor might translate a well-meaning post from a friend or family member and analyze it to gather intelligence on an individual:
Facebook Post: “Our grandson started at the Naval Academy today. So proud he is following in his father’s footsteps to become a Navy officer!”
Translation: This post has identified two prime targets: the grandson on track to be an officer, and his father, a high-ranking official.
Risk: Posting acceptance to a school, university, sports team or other programs that publish event dates and locations (i.e., Parent’s Day, graduation or a tournament schedule) enables a threat actor to establish time-place predictability for a target, which in this case, is a high-ranking official. The son’s time-place predictability found in the same Facebook post makes him a bonus target for possible kidnapping, extortion or further information gathering. These published events can also communicate to adversaries that family homes will be vacated for predictable amounts of time, making them an attractive target for reconnaissance, vandalism or burglary.
It’s not just military personnel who are exposed by friends, family and their own posts online. Civilian government officials, supreme court justices and federal judges have found themselves and family members in harm’s way due to social media. Content posted with good intentions has made personally identifiable information accessible, which has enabled doxing, compromise of credentials and other forms of threat tactics to be utilized. Even if sensitive information such as home addresses or executive travel plans are protected within organizational walls, that does not mean the same sensitive information is well-protected online.
To that end, the U.S. commander in chief recently stated he had given his grandchildren money for Christmas using Venmo. Inadvertently, he created a national security issue when a news outlet researched his Venmo account, exposing a network of his private social connections, including his children, grandchildren and senior White House officials.
