DVIDS – News – World War II slogans will be key to preventing fraudulent disclosure in 2024

It’s World War II, and billboards bear the slogan “Loose lips sink ships” admonishing the military, government, industry, and the public to prevent sensitive information from being inadvertently leaked to the enemy. It spread throughout the United States, from posters to Hollywood movies.

“This is as true and vitally important today as it was during World War II,” said Andy Lobnak, director of the Defense Unauthorized Disclosure Program Management Office (UDPMO). Mr. Rovnak said the U.S. War Information Agency’s campaign to protect critical information has been linked to specific efforts established to protect strategic military planning, national security, the American people, and warfighters deployed on two fronts and around the world. He was reflecting on his focus on rules of behavior.

“Preventing, detecting and mitigating unauthorized disclosure is everyone’s responsibility, it is our military, government and citizen duty,” Rovnak said in a February 2024 interview with DCSA Gatekeeper magazine. He spoke at “We have to be very careful about what we say and do. We are not just talking on the phone. While people are trying to compromise the integrity of our networks and cyber capabilities, we are is speaking on cyber. This is where we are in the world situation right now, and we must avoid releasing classified or secure information that could compromise national security.”

Mr. Rovnak leads the UDPMO team, one of DCSA’s insider threat countermeasures teams that is part of the Department of Defense Insider Threat Management Analysis Center (DITMAC), to prevent unauthorized disclosures and leaks of non-public information critical to maintaining national security. We support efforts to prevent this. Employee safety and society’s trust.

“The ‘Loose Lips and Sink the Ship’ campaign also applies to unauthorized disclosure of unclassified classified information,” he said. “Although not classified, this sensitive information could allow adversaries and potential adversaries to identify and exploit vulnerabilities. could be used against us, increasing the risk of mission failure and potential loss of life.”

Unauthorized disclosure is when a trusted individual within an organization communicates or physically communicates national security sensitive information or controlled unclassified information (including operational security critical information or indicators) to an unauthorized recipient. Occurs when transferring.

“There are multiple threats out there, and we are losing intellectual property to unauthorized recipients,” Rovnak said, ranging from nation-state actors to the federal government, the defense industrial base, and the American public. He pointed out that this extends to external threats such as criminal organizations. “If the information that the government manages on behalf of its people to protect the country is exposed, someone will use it. The same goes for personal information. Technological innovation and digital technology since World War II Changes to society have introduced vulnerabilities in the way we operate in terms of information that did not exist at the time. Yes, they can now get information faster and get it back to us faster. If someone knows about a vulnerability, they can use ChatGPT to You can write code to exploit the vulnerability.”

This knowledge exposed through unauthorized disclosure of confidential or controlled unclassified information (CUI) can occur in a variety of ways. National security information may be disclosed intentionally, negligently, or inadvertently through breaches, data exfiltration, espionage, or inadequate protection. When sensitive information is involved, unauthorized disclosure is classified as a type of threat or security incident and is characterized as a breach or violation depending on the severity of the incident.

“My UDPMO team coordinates reporting of unauthorized disclosures within the Department of Defense and provides prompt and complete referral of cases to senior Department of Justice and Department of Defense officials for administrative litigation, civil remedies, or criminal prosecution. I guarantee you that,” Lobnak explained. “We are also responsible for facilitating cooperation and information sharing on unauthorized disclosure information across the Department of Defense and the intelligence community.”

Since arriving at DCSA in April 2023, Mr. Lobnak has been responsible for ongoing employee engagement efforts that reinforce the importance of making DoD information available to those who need it while protecting it from unauthorized access or disclosure. We have implemented UDPMO’s vision to provide more efficient interdiction and detection. Reduce instances of unauthorized disclosure.

“This includes ensuring everyone understands the importance of proper information sharing and protection across departments and their role in protecting sensitive national security information and CUI from those who do not need to properly protect it. It takes an intentional, company-wide effort,” Rovnak said. “Our goal this year is to measurably reduce fraudulent disclosures in the Department of Defense through intensive security awareness training activities that shift human behavior toward prevention. We plan to strengthen collaboration and engagement with our employees as a key element to better identify, investigate, track and report fraudulent disclosures.”

The Unauthorized Disclosure of Sensitive Information and CUI course – available on the Center for Development of Security Excellence’s (CDSE) Security Awareness Hub – provides an overview of unauthorized disclosure, including specific types of unauthorized disclosure and common misconceptions about unauthorized disclosure. I will explain. This course also explains the types of harm caused by unauthorized disclosure and the various sanctions you may face if you engage in unauthorized disclosure. CDSE also provides resources to bring security expertise directly to any organization, including around unauthorized disclosure.

In support of OPSEC Awareness Month in January 2024, the Fraud Disclosure Program Management Office held three “Fraud Disclosure 101” briefings for Department of Defense personnel, with more than 350 participants.

The UDPMO team is immediately notified of all incidents involving the release of sensitive national security information and CUI into the public domain. Notification to the UDPMO includes the disclosure or enabling theft of information related to defense operations, systems, or technology determined to be classified national security information or CUI. The team also investigates incidents where confidential information or his CUI is disclosed to unauthorized persons, resulting in administrative action against the individual, referral to criminal or counterintelligence investigation, or suspension or revocation of security clearance. I’m also cautious.

“Everyone has a civic duty to say something when they see an unauthorized disclosure,” Lobnak said. “If they report it to us, we can work to mitigate it, but you must let me know. It is important that you report any potential unauthorized disclosure to the appropriate authorities. .”

Once UDPMO receives a confirmed report of unauthorized disclosure into the public domain, the team will submit a criminal report to the Department of Justice. The report contains the results of preliminary research conducted by the affected components. Damage and impact assessment. and a media leak survey regarding unauthorized disclosures published in the media.

With respect to reporting unauthorized disclosures, the Department of Defense Whistleblower Protection System provides that the Department of Defense Whistleblower Protection System provides evidence of a violation of any law, rule, or regulation, material mismanagement, material waste of funds, abuse of authority, or material danger. Individuals are permitted to report information that they believe to be true. Contact designated public health and safety authorities through specific channels.

Additional information regarding the Department of Defense’s whistleblower protections can be found on the Department of Defense Office of the Inspector General’s website (www.dodig.mil). To make disclosures to contractors pursuant to Federal Acquisition Regulation Section 52.203-13 – Contractor Business Ethics Compliance Program and Disclosure Requirements – please see the relevant instructions at www.dodig.mil/Programs/Contractor-Disclosure-Program. can be found. The difference between unauthorized disclosure and protected whistleblowing is explained in more detail at https://www.cdse.edu/Training/Toolkits/Unauthorized-Disclosure-Toolkit/.