Operational Security Part 3: Document Control

Documents now come with damnable meta-data that can identify the authors and contain every change to the document. The servers on which sensitive documents reside might be illegally accessed from outside. Today, hackers are as common as potential spies within your organization. Use computers to create the reports if you must, then eliminate the digital copy or at least the word processing files. Keep a properly sanitized copy on paper and tightly control who has access to it until it is no longer needed. Once its usefulness has expired, destroy it — do not keep it or it may be leaked or otherwise become a millstone around your neck.

Maintain all intelligence source material on a secure server outside of your normal networks. This isolated network should not be identifiable as belonging to your organization and it should not share anything with any other network. It is for source material only. Encrypt all source material  and purge and cleanse the network machines  of any possible malicious code and irrelevant data on a regular basis.

The ‘Old School’ Solution

To maintain OPSEC, intelligence reports are prepared in a singular manner. Print reports on a printer that does not cache the documents. It is best to create reports on a computer that is not connected to any network. To print a report, use a printer only connected to that computer. A motivated hacker can sometimes exploit a corporate printer to gain access to critical intelligence reports that it prints.

Once printed from the word processing file, scan these reports to produce clean PDF documents that do not include any meta-data and securely delete the word processing file. Ensure that the printer and scanner do not cache copies of the document.

Tightly control printing and access to these reports. Keep the PDF files encrypted on a separate, obscure, and secure network separated from the working intelligence and analysis network. Losing raw intelligence data is bad, but losing your analysis of that data is a disaster. Losing a report’s word processing file that is then altered and made public can create chaos. Always eliminate the word processing file.

Documents created in Word, Excel, Power Point, etc. may reveal enough information to identify you. MS Office saves document properties such as the author, subject, title, the date created, date of the last modification, and length of time spent working on the document. It will also contain the name of the template used and email headers, and other related information. Office documents also contain specific identifiers of the computer used to create the document. Losing an MS Office document file gives a creative forger everything he needs to create an authentic-looking forgery.

Some security-conscious organizations even avoid PDF for critical material and go straight to paper. They recognize that doing so requires the opposition to have a well-placed spy who can make photocopies. These same organizations also use paper that prevents photocopying and they prohibit electronic devices in certain areas to thwart efforts to the photograph crucial documents.

It is best to have intelligence staff control all report printing and have them hand deliver hard-copy reports to individuals on the distribution list. Instruct everybody on the distribution list in the proper handling of these reports. The intelligence staff should be responsible for accounting for every physical report.

Every company needs to know at all times the location of its sensitive documents and have a clear policy for the destruction of its documents. In an age where documents shredded into confetti are reconstructed and viewed on a computer screen, shredding and then burning is probably the only safe option.
The next article will deal specifically with OPSEC considerations for computer networks and online research.

Richard B. McEachin is the principal of McEachin & Associates Ltd. (at ConfidentialResource.com).