JOINT TASK FORCE - OLYMPICS
Defensive Information Operations
In Support of the
2002 WINTER OLYMPICS
JTF OLYMPICS
AGENDA
• JTF-O MISSION OVERVIEW
• INFORMATION ASSURANCE
JTF OLYMPICS
XIX OLYMPIC VII PARALYMPIC
WINTER GAMES
WINTER GAMES
(NON-NSSE EVENT)
(NSSE EVENT)
• 8- 24 February 2002 • 7 - 16 March 2002
• 2,500 Athletes • 1,100 Athletes
• 78 Nations • 40 Countries
• 70 Medal Events • 35 Medal Events
• 10 Competition Venues • 6 Venues
• 22 Sports • 5 Sports
• 3 billion TV Audience
• 15,000 Accredited Media
• 70,000 Visitors Daily
JTF OLYMPICS
TERRAIN
MOUNTAIN VALLEY
BOUNDED BY TWO
MOUNTAIN RANGES:
WASATCH
OQUIRRH
BODIES OF WATER:
GREAT SALT LAKE
UTAH LAKE
JORDAN RIVER
NUMEROUS CREEKS
OUT OF WASATCH
RANGE
JTF OLYMPICS
Military
Support
JTF OLYMPICS
DoD SUPPORT TO CIVILIAN
AGENCIES
• Salt Lake Organizing Committee (SLOC) was in
charge of operations for the Winter Games.
• The Utah Olympic Public Safety Command
(UOPSC) had the primary responsibility for public
safety and security and is comprised of local, state
and federal security agencies.
• DoD Support was certified as essential to Public
Safety by the U.S. Attorney General.
JTF OLYMPICS
DoD SUPPORT
• FIVE CERTIFIED AND APPROVED CATEGORIES:
– AVIATION
– COMMUNICATIONS
– EXPLOSIVE ORDNANCE DISPOSAL
– PHYSICAL SECURITY
– TEMPORARY FACILITIES
JTF OLYMPICS
Federal, State & Local
Integrated Support Team
• FBI and USSS were Lead Federal Agencies
– FBI for Threat Assessments
– USSS for Venue Physical Security
• Other Agencies Supporting the Olympics
– NSA, CIA, INS, Postal Inspectors, ATF, FEMA,
– USPHS, FAA, NORAD, NIMA, and many others
– State/Local Emergency Services & Health Departments
• Olympic Intelligence Center (OIC) and
Olympic Command Center (OCC)
– All agencies working side-by-side
– Some UOPSC senior staff had TS/SCI access
JTF OLYMPICS
JTF-O / UT National Guard
Bifurcated Chain of Command
TAG Security
Decision CJTF-O HAFB
UTNG
Cell
TF TF LOG TF TF TF TF TF AFFOR
MACDIS RES CELL LOG AVN PAO EOD FP
T10 T10 T10
TF AREA
T32
CMD
NON (LE) NG ACTIVE USAR/RC
T32 FORCES COMPONENT SUPPORT
FORCES FORCES
UTNG and
OTHER
STATE * KEY POLICY: BOTH UTNG + JTF-O VENUE C2 ELEMENTS
FORCES MUST PLUG INTO SAME USSS VENUE POC
JTF OLYMPICS
OTHER DOD SUPPORT
COMMUNICATIONS TEMPORARY FACILITIES
• UOPSC OCC Phones • Olympic Village - Perimeter
Fencing
• Aviation Communications
• Olympic Village - Village Arrival
• CCTV to Traffic Operations Center Gateway (USAR Building)
• Video Wall Support for JOC • Olympic Village - Security Center
• 2,000 hand held radios for UOPSC • Hangar for overflow aircraft
• FBI Fly Away Lab
• Mobile Command Posts
JTF OLYMPICS
Adjustments Post 9-11
• Increased Forces (Title 32)
– Perimeter Security
– Personnel Screening (Workers & Event Attendees)
– Vehicle Screening
– Materials Surveillance/Processing
• Additional Funds
• Greater Federal Government Concern and Commitment to
Successful and Safe Games.
JTF OLYMPICS
UTNG
COMPOSITION CONTRIBUTIONS
• Venue Vehicle Screening
• Title 32 Forces from UT • Venue Magnetometer
• Material Transfer Operations
• Title 32 Forces from
other states
• Material Transfer Inspections
• IOC Hotel Security
• Alternate Athlete Housing
Security
JTF OLYMPICS
NG OLYMPIC SUPPORT
152 314 (MA)
211
204
168 1 106 (RI)
16
50
73 300 (CT)
20 22
1,621 277
350
22
256 8
15 385 11
22
16
JTF OLYMPICS
JTF-O MISSION UPDATE
MAX PERSONNEL STATUS (Approx)
JTF-O 1600
TAG UTNG 3600
JTF-O/UTNG OTHER 150
TOTAL 5350
MAJOR ASSETS IN JOA LIFE SUPPORT AREA STATUS
HELICOPTERS QTY
(TAC LIFT) 10 UH-60A 1. Camp Williams Green
(MEDEVAC) 2 UH-60L 2. Airport #2 Green
(C2) 4 HH-60 3. Great Basin Green
(LIFT) 2 CH-47 4. VA Hospital Green
5. Rocky MTN Green
RADARS 6. Hill AFB Green
(Aircraft) 1 TPS-73 7. Ogden Green
(Aircraft) 2 Sentinel 8. Park City Green
9. Heber City Green
EDD
(DOGS) 45 Teams
JTF OLYMPICS
91
Contingency Ops
• Fifth Army planned to establish a 3-Star JTF-HQ in the event
of a CBRNE, natural disaster, or civil disturbance in the Salt
Lake City, Utah area.
• JTF-CS is JTF - Civil Support
– respond to and provide consequence mgmt in the event of a terrorist
incident
• RTF-West is DoD Response Task Force – West
– Fifth Army
– Subordinate Task Force of JTF-CS
• TF-250 is MACDIS support
JTF OLYMPICS
Operations
Defensive InformationJTF OLYMPICS
Command Information Officer
Defensive Information Operations
• OPSEC (Across JTF-O)
– Identify CCIR, EEFI & Communications Flow
– Educate all hands on protection of same
• Web Risk Assessment (CIO, PAO, J6)
– Build and manage JTF-O Web Site
– Monitor related web sites for JTF-O EEFI
• COMSEC (Across JTF-O)
– Once all hands know the processes, verify compliance
• Communications Network Defense (Primarily J6)
– Verification of network security (voice & data)
– Provide specific guidance if any vulnerabilities are found
JTF OLYMPICS
Defensive Information Operations
Defined
• “Defensive IO integrate and coordinate policies and
procedures, operations, personnel, and technology to
protect and defend information and information
systems.”
• Includes IA, OPSEC, physical security, PA
– Similar focus as Certified Information Systems Security
Professional (CISSP) criteria
• Ensure timely, accurate and relevant information access
while denying adversaries the opportunity to exploit
friendly information and information systems for their
own purposes.
JTF OLYMPICS
Sensitive Information Defined
DoD Regulation 5200.1-R
• “Any information the loss, misuse, or
unauthorized access to or modification of
which could adversely affect the national
interest…”
• Sensitive information should be protected in
transmission “whenever practical”
– Many people think “whenever practical” means
“whenever convenient”
– A major challenge in Information Assurance is
to make secure communications convenient
JTF OLYMPICS
JTF - O Organization Chart
CJTF-O
BG J.D. Johnson
Cmd Sgt Maj Aide-de-Camp
CMS Mackay 2LT Moffat
D/CJTF-O / COS
COL Bachiller
ACOS
LTC Esplin
J1 J3 J4 J6 Force Protection Medical TF LOG
LTC Blakely COL Perry COL Trede COL Goff COL Perrone LTC Davis COL White
Info Ops TF EOD
Deputy J1 Deputy J3 Deputy J4 Deputy J6 FP Planner CDR Overman LTC Reinhard
LTC Summers LTC Fotheringham CDR Gurnsey MAJ Russell CPT O'Connor
SJA TF FP
LTC Cotell LTC Baker
J2
MAJ Polk TF AVN
J8 PA Protocol
LTC Harvey LTC Bogdanski LTC Kettenring LTC McGuire
Aviation
MAJ Adams
TF PA
Budget Officer Asst PA MAJ Vincent
EOD CPT Cranford MAJ Wilson
MAJ Wirtz
JTF OLYMPICS
Commanders Critical Information Requirements
Essential Elements of Friendly Information (EEFI)
(Information to be protected through effective OPSEC & COMSEC)
Position of Forces
Friendly Forces position, movement or intended movement: Position, course, speed, altitude or destination of
any air or ground element, unit or force.
Location of ‘at risk’ delegations (coaches & athletes, officials)
Capabilities
Friendly capabilities or limitations: Force composition or identity, capabilities, limitations or significant
casualties to special equipment, units or personnel.
Operations
Friendly operations, intentions, progress or results: Operational or logistical intentions, objectives, mission
situation reports, and results of friendly operations
Personnel
Friendly Force key personnel: Movement or identity of flag officers, distinguished visitors, unit commanders;
call up rosters; and movement of key maintenance personnel indicating equipment limitations
Communications Security (COMSEC)
Friendly Forces COMSEC information: Linkage of codes and code words with plain language; compromise of
frequencies or linkage with line numbers; circuit designators; linkage of current and prior call signs;
logins and passwords
JTF OLYMPICS
Operations Security
OPSEC
How much information about yourself do you give
away, just by the way you do business?
JTF OLYMPICS
Olympic Village
Perimeter Fences
JTF OLYMPICS
Olympic Village
Perimeter Fences
OUTER PERIMETER FENCE
• 10-Foot high (total height) chain link security
fence equipped with sensors. Two types of
sensors will be utilized.
• This defines the secure outer perimeter of the
Olympic Village.
JTF OLYMPICS
Olympic Village
Perimeter Fences
INNER PERIMETER FENCE
• Minimum height of fence shall be 6-feet, and
is not sensored. Purpose of this perimeter
fence is to direct personnel/ vehicles to
controlled (manned ) entry points.
• Secondary purpose is to provide additional
standoff distance from housing areas to the
secure perimeter where feasible.
JTF OLYMPICS
Olympic Village
Perimeter Fences
OLYMPIC VILLAGE ZONES
• The Olympic Village is divided into several
zones.
• The International Zone provides an area for
athletes to meet with news media and
visitors in a secure area.
• The Olympic Village Housing zone is the
most secure zone.
JTF OLYMPICS
Olympic Village
Perimeter Fences
JTF OLYMPICS
What‟s so interesting about
the Olympic Village Fence?
• US Secret Service designed and then DoD
built the perimeter fence as part of our Routine
Support to the Olympics
• All of the preceding fence photos and info was
posted on the UTNG PUBLIC WEBSITE in
March 2001. Not removed until 6 October 01.
• See Web Activity (coming up).
JTF OLYMPICS
JTF OLYMPICS
Washington Post
June 2002 Story - Items of Interest
• Mountain View CA web site suspicious activity
• Systematic hits from ISPs in mid-east countries
• Washington Post story is based on activity seen
before the start of the Winter Olympics
• Same activity seen in other cities around the US
• Search of our router logs found same IP addresses
– One of interest, because of repeat visit pattern and the
country has no winter sports
JTF OLYMPICS
JTF-O Web Site Hits
Date Source IP Address
15 May 2001 x.x.168.244
28 May 2001 x.x.1.66
x.x.168.236
25 June 2001 x.x.1.132
02 July 2001 x.x.175.2
03 July 2001 x.x.1.68
August & September 2001 No activity
JTF OLYMPICS
JTF-O Web Site Hits
Date Source IP Address
6 October 2001 Village fence content removed
10 October 2001 x.x.1.72
x.x.1.75
x.x.1.130
x.x.168.237
x.x.168.244
22 October 2001 x.x.1.75
JTF OLYMPICS
What to do
about suspicious web activity?
• Block IP addresses
– Easily done at Firewall
– Tips off distant end that you are aware of and
concerned about activity
• They could just start using another ISP
• Review all Web content for information
sensitivity and operational details
– Leave IP address alone, and track the source
JTF OLYMPICS
Remaining Information Assurance
Methodology
• Request help from NSA & NPS
– Information Security and Operations Security Review
– Network Vulnerability Assessment
• Information Security Review
– Identify categories of information
– Availability, Integrity, Confidentiality
• High / Medium / Low
– By asking business owners, they become educated
– Use as a tool to focus effort on high value information
JTF OLYMPICS
INFOSEC Assessment
• Identify, Define, Value and Categorize
Information
• High-Level Review of then-current JTF-O
Information Security Posture
JTF OLYMPICS
Identifying and Categorizing
Information
Note that this is focused on the information itself,
not the systems used to store, process and transmit the information
J3 Section (Operations) Confidentiality Integrity Availability
Aircraft staging areas L M M
Aircraft types and number available M M M
Aircraft/EOD Team response times M M H
Briefing slides on operational plans M M H
C2 Locations (JTF-O, TF Aviation, TF EOD) M M M
CINC/NCA classified guidance & traffic H H H
Date of troop movements (arrival/departure) M M M
JTF OLYMPICS
Information Security
Areas for Improvement
• System environment – several OS versions
• Password Management
– No existing policy on Password reset frequency
– OS not enforcing strong password requirement
• System Backups
– Not consistently performed
– Backup tapes stored in same room with the servers
• No policy & procedure for hard drive disposal
• Need improved user training
JTF OLYMPICS
Network Security Assessment
• Reviewed router & firewall configurations
• Scanned devices on JTF-O internal network
• Verified configuration settings
JTF OLYMPICS
Network Security Strength
• The JTF-O network was several layers down
in DoD network
– Army.mil
• Ngb.army.mil (National Guard Bureau)
– Ut.ngb.army.mil (Utah National Guard)
» Jtfo.ut.ngb.army.mil (JTF-O network)
• Each layer had protections
– While vulnerabilities still exist, layering increases
work effort for adversaries
JTF OLYMPICS
Network Security
Areas for Improvement
• User Accounts & Groups
– User accounts with Admin rights
– Many users had local Admin rights on their WS
• FAT vs NTFS Partitions
• Several OS versions (Win98, Win2k, NT4)
• Remote Access Server (RAS) – non issue
• IIS on Domain Controller
– IIS adds vulnerabilities, Domain Controller critical
JTF OLYMPICS
IA Education
• Briefings
• INFOSEC Assessment
• OPSEC Video
• Newsletter
JTF OLYMPICS
Newsletter
JTF OLYMPICS
Newsletter Message
OPSEC & COMSEC
• Be aware of your work and „home‟ surroundings
• Consider the types of information our adversary
wants to know about our operation
– Then work to protect that information, when using
phones and email, and when out in public areas
• Don‟t let your guard down
– Remember 1996 Olympic Bombing was 8 days after
the start of the games
JTF OLYMPICS
COMSEC Monitoring
• Sample VHF Radio, phone and email content
– ONLY OF MILITARY PERSONNEL USING DoD
COMMUNICATIONS EQUIPMENT
– Look for operational details
– Verify compliance with policies on transmission of sensitive
information
• Summary of findings
– VHR Radio monitoring showed zero violations
– Phone monitoring about 10 minor violations
– Email monitoring showed daily, extensive violations
• People seem to have an assumption that since they are communicating
via a wire, that it must be secure.
JTF OLYMPICS
Information Operations
Supporting Organizations
• INFOSEC Vulnerability Assessment Service
• Interagency OPSEC Support Staff
• Joint COMSEC Monitoring Activity
• Network Security Evaluations & Tools
• Naval Postgraduate School, Monterey, CA
• JFCOM J359 Information Operations Cell
JTF OLYMPICS
JTF - OLYMPICS
A New Concept
Great Mission
Interesting Challenges
Questions?
JTF OLYMPICS