Marine Corps Base Quantico -- The following presentation is a collection of questions and answers focused on security of information. Perspectives from the MCINCR-MCB Quantico public affairs officer, the security manager, the operational security manager and the family readiness officers are presented as an informational look at the importance of information security.

=============================================================================

Maj. A.J. Bormann; MCINCR-MCB Quantico, Public Affairs Officer

Q. How important is the social media environment?

A. The social media environment will get bigger, faster and more abundant. It will also continue to be the primary source of news and information for the vast majority of users. The best form of communication has always been face-to-face and word-of-mouth. With social media, this connection is multiplied exponentially through a number of ‘real-time’ features offered today, making our ability to engage one another better than ever.

As social media becomes more interactive and integrated, the responsibility for accurate and timely information will require a greater obligation by content generators and those who share information to exercise due diligence with content. There is also a risk that being first with the information will become more important than being accurate and truthful with said information.

The velocity of information, and the ever-increasing touchpoints to access information, will require users and readers of information to double check their sources. People must also question the credibility of what they are reading by reviewing multiple sources and exercising informational patience. Leaders and Marines who understand that this environment is complex and decentralized will be able to recognize the value of sharing their experiences via social media. While the Marine Corps encourages its men and women to engage in social media communities, it stresses the importance of remaining mindful of propriety, personal privacy and operational security.

As the social mediasphere continues to blossom, Marines must remain vigilant and use sound judgement and common sense, coupled with an understanding of ethical self-expression, as tenants to sharing in the Marine Corps story.

Commanders, in particularly, will continue to have increasing responsibility to ensure their Marines understand the responsibility that comes with the ability to speak one’s mind. What will remain non-negotiable are compromises in personal character or operational security. The social media environment is asymmetrical. The warfighter who can think asymmetrically is a better warfighter. The leader who leverages social media deliberately and asymmetrically is probably going to be a better leader.

Q. How should leaders look at social media?

A. There is a tendency by some leaders, at all levels, to presume that greater control over their Marines who engage in social media will equal greater security. This is a flawed concept. The leader who understands that the social media environment is dynamic, and seeks to be agile, responsive, and engaged, will be better able to adapt to the social media space with credible, timely, and accurate information. The media matrix of today’s communication environment is infinitely broader and deeper than most leaders realize.

There is no such thing as the traditional approach to the now-antiquated, institutional assumptions of media management. It is through the empowerment of Marines and employees to engage in the information space, that leaders are able to embrace the principles of transparency as a leadership multiplier.

The nature of real-time information and commentary is not a threat; it is an opportunity. Leaders who are cognizant of this opportunity can compete effectively if they engage honestly and with the understanding that empowering their Marines is a key to meeting the scale of change that is underway, and the power now available to them through social media.

Q. How do leaders at MCINCR-MCB Quantico use social media?

A. Leaders here value social media. The Quantico community is fortunate its leaders understand social media is the primary space where information is being produced and consumed. They see it as a way to communicate general news and information that affects the community, but more importantly, they see it as the means to communicate critical information that may affect the health and welfare of the community.

Fundamentally, the success of social media engagement depends first upon the trust established between decision-makers and communicators. Some great examples of this open, trusting relationship are the use of social media to inform the community of base operating status changes, publicizing policy changes, notifying the community of active shooter training exercises, maintaining updates on unexploded ordnance disposal operations, publicizing information on the Zika Virus and other heath related issues. Also important, is the issuing of weekly noise advisories that lets the public know when scheduled live-fire training may be heard in the region.

Perhaps just as critical to this type of information is the awareness by leaders that the social media environment is also an actionable early warning system. There have been occasions when the interaction by the public on social media has informed leaders when problems may be developing in the community that they were unaware of. Because this early warning capability is part of the social media environment, leaders can respond promptly with a greater understanding of emerging issues or events.

===================================================================================

Timothy Roy; MCINCR-MCB Quantico, Security Manager

Q. Is security more important today than it has been in the past? Why?

A. Security programs have never been more important than they are in today’s environment. With the heightened risk associated with home grown threats, anti-terrorism efforts and the overall national security concerns for system breaches that our nation faces today, security programs should be expanding. Security Managers must be vigilant and focused on educating personnel throughout their areas of influence. Reiterating the importance for every individual working with the federal government to clearly understand their inherent responsibility to protect sensitive information as well as to report suspicious activity. When systems are compromised and sensitive information falls into the wrong hands it raises the level of threat to citizens, government property, and national security itself.

Q. What security concerns are there? Is social media a big concern?

A. The insider threat or someone familiar with the work environment is certainly one of our greatest concerns as it deals with those least expected to compromise our organization. Negative influences can contribute to an individual changing sides or loyalties and becoming focused on extracting information or even doing harm to others under unseen pressures. When someone thinks of security they commonly visualized a security guard standing post to protect an entry/exit point. Security however, crosses over into multiple disciplines to include material, systems, personnel, National Security, operations, and almost every aspect of security revolves around technology. Social media can certainly be a threat when it is used to obtain information which under normal conditions would not have been released to the public. It is also a risk/concern from an OPSEC perspective. Social media can lead to radicalization and targeting of service members by those with radical ideologies.

Q. When does a security manager get involved if there is a breach? What is the threshold?

A. When we think of a breach we would be concerned directly with a spillage or compromise that identifies a loss of control of sensitive or classified information or potentially misplaced information which could be considered careless handling. Either of which leading to loss of accountability of files or materials which are considered sensitive or classified. As a Security Manager, our role is predominately preventative. We strive to educate and inform our perspective bodies of personnel on how to avoid security incidents or ‘breaches’ from occurring. However, in the case of a negative event, Security Managers work with other subject matter experts (SMEs) to isolate, contain, safeguard, support investigation efforts, and report to appropriate stakeholders. Our involvement in these matters varies on a case by case basis. Our office stands ready to assist and support as requested by the Commander. The threshold is the fact that something that was being protected has been compromised at the point it has been identified as such.

Q. If you suspect someone is being sloppy with information what do you do?

A. As Security Managers we strive to constantly educate and evaluate those personnel we have cognizance over. Proper indoctrination of security procedures sets the standard; annual training reinforces the appropriate handling, marking, storage, and protection of sensitive and classified information. As Security Managers, we cannot be everywhere, but we can develop an educated workforce with acumen for upholding and maintaining sound security procedures. Excuse the catchphrase, but security really is everyone’s responsibility. If you see something that is not correct, you need to bring it to your local security office’s attention. Based on the nature of the issue, additional training may be necessary. In more serious instances, administrative or punitive action may be required.

Q. Is security training required and/or available to service members and civilian employees?

A. Security training is a requirement for all service members and civilian employees. Your unit will establish the exact training required, but all personnel are annually required to take the Cyber Security Training, PII Awareness, AT level 3, and OPSEC awareness training at a minimum. These courses are offered on TWMS or MarineNet. Additionally, all service members and civilian employees are required to report plans of foreign travel to their local security manager for a brief on things to be aware of while traveling and report upon return.

Those service members and civilian employees that have been granted access to classified information as part of their regular duties are also required to take part in their unit’s annual security refresher training and annually attend the Counter Intelligence briefing provided by NCIS. For those looking for additional training to strengthen their security awareness, the Defense Security Services has a library of excellent training that personnel can access after registering for an account in their Security Training Education and Professionalization Portal (STEPP). Lastly, unit Security Managers are generally able to provide briefings on specific security disciplines or concerns upon request.

==================================================================================

Orvel Ronk; MCINCR-MCB Quantico, Operational Security Manager

Q. Who has the responsibility to practice security in social media?

A. Social media has made all Marines public affairs officers. The power of a tweet is profound; the message sent through a photo is indelible; the impact of video is undeniable. It is everyone’s responsibility to use social media responsibly. Before you post or tweet something, stop and ask yourself, “Could this endanger me or anyone else?” It is your social media account, take responsibility for what is posted/sent on it.

Q. Who monitors social media interactions?

A. The MCINCR-MCBQ OPSEC coordinator and the Public Affairs Office.

Q. What kind of information should be/should not be put on social media?

A. If you think that the information would pose a risk or bring harm to an individual or your unit then you should not post it.

Social media is a great tool for informing people of events taking place or for passing information quickly to a large mass of people, but someone’s personal information, for example, if you live alone (temporary or permanent), or when you are going on vacation should not be posted on social media.

Consider this, would you post a sign in your front yard saying that you are going on vacation and will be gone these dates? Of course not, so it shouldn’t be on social media either.

Q. If someone sees something on social media that shouldn’t be there, what should they do?

A. Notify their unit OPSEC coordinator or the MCINCR-MCBQ OPSEC coordinator.

===================================================================================

Katie Mello and Stephanie Taber; MCINCR-MCB Quantico, Family Readiness Officers (FROs)

Q. How are family members educated on the importance of operations security (OPSEC)? Do you believe family members understand the importance?

A. In many units, family members receive OPSEC helpful hints via newsletters, social media posts, and even briefs from unit personnel. Family members care and firmly respect OPSEC, but too often it is not simply one person that creates a vulnerability, it is pieces of a puzzle that are put together. Even within a family, pieces of information can be gathered on social media from members of a family and it can create a much clearer view of what is going on with that family or the missions they support. Maybe a deployment has just begun or a family is excited because dad is coming home. Those are clues that create a picture and direct adversaries to look for more clues. The next challenge for protecting OPSEC is making it a family affair and minimizing all the clues. Make sure grandma and grandpa do not share clues and that our social teenagers understand what information should be protected as well.

While it is believed that the majority of Marines, sailors and family members understand the importance of OPSEC, it is important to continue educating them on the risks associated with sharing too much information and how to protect their personal, financial and unit information.

Family members, registered in DEERS, have the opportunity create an account and complete courses on MarineNet, a USMC web based distance learning system that offers PII, OPSEC and other important family readiness courses. Visit https://www.marinenet.usmc.mil/marinenet/

Q. What is the procedure if a FRO or other member of the unit sees information posted on social media that is not appropriate or suspects someone is being “sloppy” with information that should be secured?

A. If FROs are made aware of a social media blunder/mishap, it is reported directly to our intel, OPSEC and security sections, who then contact the Marine/sailor and or family member about what has just been found. The situation is then handled appropriately at the command level.

FROs may also coordinate training and quick tips to share with families. OPSEC videos are available that parents can share with their kids about what OPSEC means and the clues we may unintentionally share with the world. Oftentimes, on unit social media pages spouses and Marines will remind each other to protect clues too. The FRO is ever vigilant in ensuring that information is reliable, timely and provided to those who have a need to know and sometimes that information is not for social media . Having a connection to the unit FRO ensures that each family has the best resources.

Q. What security challenges and trends are you seeing most?

A. The biggest issue we are seeing is lack of concern or judgement for posts on social media.

Military families want to protect their service member and have been trained to protect troop movement information and unit names and dates. Additionally, we also need to remember to protect the entire family unit. Personal security clues such as posting pictures of a vacation while you are far from home can clue in adversaries to the fact that a family is away from home. Stickers on a car that reflect a service member being on a deployment such as “Half My Heart is in Afghanistan” can be a dangerous clue and brings attention to information that should be protected. In a time where so many people share details of their day, their family and their lunch online, we have to be diligent to protect clues.

Q. What types of OPSEC training is required for FROs to complete?

A. The FRO serves as the hub of communication for the command’s Unit Personal and Family Readiness Program and is required to complete extensive training in OPSEC provided by Interagency OPSEC Support Staff. This training is beyond the basic annual requirement for all uniformed and civilian personnel. Family Readiness Volunteers must also complete PII, and OPSEC “Uncle Sam” training.

FROs meet with their command’s OPSEC team on a regular basis for refresher trainings, often discussing the most recent mishap or trends.

Plans are made to ensure that service members and their families understand that unit security and the information surrounding the mission is a critical component to success.