SITREP 007 - Upping your Digital Hygiene game
18 Series Bag Company SITREP 007 01 January 2022
I hope that everyone had a great Christmas holiday and a safe New Year. I felt no need to clog everyone’s inbox with this newsletter as I hoped that you were focusing on your family and friends. I chose to unplug for a couple of days to concentrate on my wife and boys.
I think that we begin 2022 by not stating any resolutions. Rather, I’d like to go over some 18 Series goals and introduce a new product. Our primary goal for 2022 is to lock in military sales for each line of bags. I won’t get into each line’s sales projections, but I will say that we’ve done a couple of sales calls locally (Colorado Springs) and had some success. It is important to differentiate what will sell in the military world and what will sell in the civilian world. We think that our Faraday laptop bag is right where it needs to be, right in between the two.
In the military, we do a great job of compartmentalizing information. For the most part, we think that because we operate on systems like NIPR and SIPR, we are safe from digital intrusions. I personally think that both systems are compromised and it’s not the system, it’s the people using it that are the weak link. Folks in the J2 will write you courier orders when traveling with classified data (if you give the customary six-month notice), however, that memo will not protect your classified data while you travel.
So, you planned your trip accordingly and are on your way. You have courier orders in hand and were smart enough to put your SIPR/JWICS data (double-wrapped of course) in your standard carry-on bag beside your snacks, iPhone, and wallet, just in case the TSA agents open your bag to get a sniff of your drawers.
Walkthrough a pre-determined choke point anywhere during your travels and adversaries will slurp your data using items purchased on Amazon. They’ve now got your super-secret pin code for your bank access and market trading platforms (financial), texts and pictures, your Google/Apple maps history and location of your home and work, and access to your Google drive and PDF scanner. All of which is valuable information and can be exploited.
How serious is the DoD taking this? Search LinkedIn during our Military Service Academy graduation dates and you’ll see scores of young Second Lieutenants posting where and what unit they are going to. It’s not their fault! They haven’t received any training about the dangers of Operational Security (OPSEC), and frankly, neither have a lot of people carrying sensitive data. The annual cyber awareness training is focused almost exclusively on physical security (thanks to Jeff and his baby blue sweater vest).
This isn’t limited to just governments. The private sector is ripe with industrial espionage. If I were a Goldman Sachs banker, I would be petrified using a ‘protected or encrypted’ phone. If I was a man of unscrupulous morals, I would place a digital chokepoint at the first three subway entrances surrounding Wall Street, maybe even place a device in a cab or two. I would target only the most unsecure brokers with the fanciest suits. I would know everything that they did. Every trade they made on their phone and every account they manage. I would even know where the Hampton beach house was and how often they went there. I am positive that GS has systems in place to prevent data hacks, but again, It’s not the system, it’s the person. Industry leaders, tech giants, financial gurus, and senior government officials don’t know what they don’t know, which makes them targets. What we do in the military is identify weaknesses and then exploit those weaknesses to dominate our enemy. This is already happening. Ask Jeff Bezos how he was compromised. I wonder if the security firm that protected Bezos kept the contract after he was compromised? The days of face masked armed robberies are a 20th-century problem.
I’ve made the point that this isn’t solely limited to the US military. While the US Constitution prevents law enforcement from collecting on US citizens without probable cause and a warrant, the FISA Amendments Act, section 702, allows Federal Agencies the ability to monitor certain data transmission while overseas (https://www.heritage.org/defense/report/foreign-intelligence-surveillance-amendments-act-2008. The US Constitution provides additional protection to US citizens while in the US but does not protect you when traveling through friendly countries. Make connecting flights through Heathrow, Charles De Gaul, or Stuttgart and you’re likely being digitally surveilled. It’s not that they are specifically looking for you, it’s that your data is being bulk collected as you walk through what you think is an airport breezeway, but in actuality, it’s a passive surveillance checkpoint. The UK has some of the most sophisticated public surveillance running across the country in real-time. Did you see the protests in Hong Kong and how the Chinese were combating them? Other countries do not afford their citizens the same protection that the US Constitution provides. If you’re naturally suspicious like me, read about the powers granted to British law enforcement in 2016. (https://www.theverge.com/2016/11/23/13718768/uk-surveillance-laws-explained-investigatory-powers-bill).
How do you defend against these tactics? Practice OPSEC and lower your digital exposure. I created a Faraday Laptop bag because I think I’ve identified a serious weakness in OPSEC and a gap in the market. Faraday fabric is a flexible metallic material that blocks the transmission of signals. Working with fabric experts, we have lined a laptop bag, cell phone, and tablet pouch with this material to create digitally secure compartments. Place your electronics inside my laptop bag and creepers won’t be able to see your weird late-night texts to your buddies. Nor will savvy Eastern European gangsters be able to get the password to your crypto account, or foreign governments be able to rip your electronics while you walk through a normal airport breezeway. If the DoD is serious about playing at the Strategic Competition arena, it carries the burden of protecting its data and personnel.
We realize that designing a complete line of purpose-built bags in 2021 was a bold move. I’m back-sliding into retirement and want to put almost two decades as a Green Beret to work. I really believe in what we’re creating. I believe in the bags that we’ve built. We are creating solutions to problems experienced throughout the two wars. We are all in.
Suiting that my Faraday Bag falls on SITREP 007. Happy New Year.
Always forward. - Matt
Next SITREP - This SITREP is devoted to all of you.