#fakenewsWhile the threat of lethal force is certainly not an option for businesses, there are other cautionary lessons for businesses to learn from the less lethal tactics used by black ops programmes. Sharing fake stories on social media, for instance, to protect their secrets is an obvious and well-known tactic used by many intelligence agencies. The conspiracy theories that swirl around Area 51, and other covert programmes, make it hard for anyone to write about these stories without sounding like a conspiracy theorist themselves. The CIA is widely believed to have organised misinformation campaigns during the 1950s and 1960s to disguise the goings on at Area 51 and other air bases. The CIA itself has admitted that flights by the U2 spy plane “accounted for more than one-half of all UFO reports during the late 1950s and most of the 1960s.” While it’s not a good idea for an SME to deliberately spread misinformation about themselves – as if they had the time or money (!) – it’s worth remembering that not everyone plays by the same rules. Keeping an eye out for fake news, possibly spread by competitors, is something to be mindful of. If a news item appears that contains inaccurate, fake or disparaging information about a business, like it or not, the falsely accused business may need to respond before things spiral out of control.
On the next page, find out how black ops tactics fit into remote working and more.
Remote workingIf that is still too extreme then there may be lessons in the physical isolation of AWE in Aldermaston (and, Los Alamos, birth place of the atomic bomb, and in England, of Bletchley Park, which was the precursor of GCHQ).
- Seclusion and isolation make it hard for information to leak about projects you are working on.
Thinking inside the boxIf careless talk can cost lives – as it were – then keeping knowledge about your innovative new product compartmentalised might just work. This is the classic black programme technique of keeping information disintegrated and on a strictly need-to-know basis. While this has been parodied in many movies, the principle is sound. If you have no knowledge about the project beyond what you are working on (and you may not even know that you are part of a bigger project) then information can’t leak out, or at least it can’t easily be pieced together. At Area 51, the use of contractors helps to reinforce these compartments – by restricting the information each contractor has access to – and the weight of non-disclosure orders. Having said that, Edward Snowdon was a contractor, so no solution comes without its risks.
More easily applied black ops tacticsMany of us will have witnessed the scene in Rogue One: A Star Wars Story where Cassian Andor and Jyn have to try and guess which filename hides the plans of the Death Star: well, that is a classic black programme technique. You never use the real name of the project as filenames or even in documents. You just use code words – and never the nickname of your daughter. However, some of the most effective tactics used by black programmes to prevent being hacked in addition to conventional cyber security measures may be the easiest to copy but the hardest to stick to. It is rumoured that the USB ports on employees’ computers are super glued up. Too far? Bradley Manning and Edward Snowden were able to just plug in a USB stick and download all the files.
No home workAnother tactic is banning staff from taking work home. Then they can’t leave their laptop – or the latest iPhone prototype – in a bar by mistake. The most effective though is reported to be simply pulling the plug and disconnecting all its computer systems from the interconnected world. But the weakest link in any company are the employees. Finding a member of staff that can be manipulated for some reason makes an easy target, much simpler than hacking. “For small and medium businesses – who may have very limited budgets, time and resource – principles and simple tactics can be borrowed from the intelligence services: from restricting who can access files and data with which device and from what location, to disabling USB ports and disconnecting devices entirely from a network,” said Tony Anscombe, senior security evangelist, AVG Business. “Applied consistently through a company of any size, these tactics can keep your most confidential projects and data confidential.”
If it ain’t broke…Physical isolation, building silos rather than breaking them down, and even working from home all go against what we are told are the best ways to encourage creativity, but they have helped to keep black ops black.
Tony Anscombe is senior security evangelist from AVG BusinessImage: Shutterstock
Share this story