Department_of_Internautics/field_guide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
144ade04d7
field_guide/_site/chapters/chapter-2/index.html
Sparticus 144ade04d7 adding headers
2025-09-01 02:23:51 -04:00

1032 lines
42 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Chapter 2: Threat Assessment and Operational Environment - Field Manual for Resistance Operations</title>
<meta name="description" content="Systematic approaches to understanding and responding to threats in resistance operations">
<!-- Favicon -->
<link rel="icon" type="image/x-icon" href="/assets/images/favicon.ico">
<!-- Stylesheets -->
<link rel="stylesheet" href="/assets/css/main.css">
<!-- Security headers -->
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta http-equiv="X-Frame-Options" content="DENY">
<meta http-equiv="X-XSS-Protection" content="1; mode=block">
<!-- No tracking -->
<meta name="robots" content="noindex, nofollow">
<!-- Matomo -->
<script>
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//stats.resist.is/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '4']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
</head>
<body>
<header class="header">
<div class="container">
<div class="header-content">
<div class="logo">
<span class="omega">Ω</span>
<span>FM-R1</span>
</div>
<button class="nav-toggle" id="nav-toggle" aria-label="Toggle navigation">
</button>
</div>
</div>
</header>
<div class="main-layout">
<nav class="sidebar" id="sidebar">
<nav class="main-navigation">
<!-- <div class="nav-header">
<div class="nav-subtitle">Field Manual for Resistance Operations</div>
</div>
-->
<div class="nav-sections">
<!-- Front Matter -->
<div class="nav-section">
<h3>Field Manual</h3>
<ul>
<li><a href="/" >Table of Contents</a></li>
<li><a href="/preface/" >Preface</a></li>
<li><a href="/introduction/" >Introduction</a></li>
</ul>
</div>
<!-- Part I: Foundations -->
<div class="nav-section">
<h3>Part I: Foundations</h3>
<ul>
<li>
<a href="/parts/part-1/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-1/" >Ch 1: Core Security Principles</a></li>
<li><a href="/chapters/chapter-2/" class="active">Ch 2: Threat Assessment</a></li>
</ul>
</li>
</ul>
</div>
<!-- Part II: Communication -->
<div class="nav-section">
<h3>Part II: Communication</h3>
<ul>
<li>
<a href="/parts/part-2/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-3/" >Ch 3: Communication Architecture</a></li>
<li><a href="/chapters/chapter-4/" >Ch 4: Secure Messaging</a></li>
<li><a href="/chapters/chapter-5/" >Ch 5: File Sharing</a></li>
</ul>
</li>
</ul>
</div>
<!-- Part III: OpSec -->
<div class="nav-section">
<h3>Part III: OpSec</h3>
<ul>
<li>
<a href="/parts/part-3/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-6/" >Ch 6: Hardware Security</a></li>
<li><a href="/chapters/chapter-7/" >Ch 7: Digital Hygiene</a></li>
<li><a href="/chapters/chapter-8/" >Ch 8: Operational Procedures</a></li>
</ul>
</li>
</ul>
</div>
<!-- Part IV: Advanced -->
<div class="nav-section">
<h3>Part IV: Advanced</h3>
<ul>
<li>
<a href="/parts/part-4/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-9/" >Ch 9: Intelligence Gathering</a></li>
<li><a href="/chapters/chapter-10/" >Ch 10: Counter-Intelligence</a></li>
</ul>
</li>
</ul>
</div>
<!-- Appendices
<div class="nav-section">
<h3>Appendices</h3>
<ul>
<li><a href="/appendices/" >Appendices Overview</a></li>
<li><a href="/appendices/appendix-a/" >Appendix A: Essential Tools</a></li>
<li><a href="/appendices/appendix-b/" >Appendix B: Legal Considerations</a></li>
<li><a href="/appendices/appendix-c/" >Appendix C: Emergency Procedures</a></li>
<li><a href="/appendices/appendix-d/" >Appendix D: Glossary & References</a></li>
</ul>
</div>
-->
<!-- Quick Access -->
<div class="nav-section nav-quick-access">
<h3>Quick Access</h3>
<ul>
<li><a href="/appendices/appendix-a/" class="nav-emergency">Essential Tools</a></li>
<li><a href="/appendices/appendix-b/" class="nav-emergency">Legal Rights</a></li>
<li><a href="/appendices/appendix-c/" class="nav-emergency">Emergency Procedures</a></li>
<li><a href="/appendices/appendix-d/" class="nav-emergency">Glossary & References</a></li>
</ul>
</div>
<!-- External Links -->
<div class="nav-section">
<h3>External Links</h3>
<ul>
<li><a href="https://resist.is" target="_blank">resist.is</a></li>
<li><a href="https://activistchecklist.org" target="_blank">Activist Checklist</a></li>
<li><a href="https://signal.org" target="_blank">Signal</a></li>
<li><a href="https://briarproject.org" target="_blank">Briar</a></li>
<li><a href="https://element.io" target="_blank">Element</a></li>
<li><a href="https://tails.boum.org" target="_blank">Tails OS</a></li>
<li><a href="https://onionshare.org" target="_blank">OnionShare</a></li>
</ul>
</div>
</div>
<!-- Security Notice
<div class="nav-security-notice">
<div class="security-warning">
<strong>OPERATIONAL SECURITY REMINDER</strong><br>
This manual contains sensitive information. Ensure secure handling and storage. Practice compartmentalization and need-to-know principles.
</div>
</div> -->
<!-- Footer -->
<div class="nav-footer">
<div class="manual-info">
<div class="classification">FOR RESISTANCE USE ONLY</div>
<div class="version">Version 1.0 | FM-R1</div>
<div class="date">2025</div>
</div>
</div>
</nav>
</nav>
<main class="content">
<div class="content-header">
<div class="manual-designation">FM-R1: FM-R1: Secure Communication Networks for Decentralized Resistance</div>
<div class="classification">UNCLASSIFIED</div>
<div class="section-number">Section 2-1 to 2-4</div>
</div>
<h1 id="chapter-2-threat-assessment-and-operational-environment">Chapter 2: Threat Assessment and Operational Environment</h1>
<h2 id="chapter-overview">Chapter Overview</h2>
<p>This chapter provides systematic methodologies for understanding and responding to threats in resistance operations. Effective threat assessment is the foundation of all security planning, enabling resistance practitioners to allocate resources appropriately and design countermeasures that address actual rather than imagined risks.</p>
<p><strong>Sections in this chapter:</strong></p>
<ul>
<li>2-1: Understanding Your Adversary</li>
<li>2-2: Threat Model Development</li>
<li>2-3: Risk Assessment Framework</li>
<li>2-4: Operational Security (OpSec) Fundamentals</li>
</ul>
<hr />
<h2 id="section-2-1-understanding-your-adversary">Section 2-1: Understanding Your Adversary</h2>
<h3 id="definition">Definition</h3>
<p>Adversary analysis is the systematic study of hostile forces to understand their capabilities, motivations, limitations, and likely courses of action. In resistance operations, this analysis must encompass both state and non-state actors who pose threats to operational security and participant safety.</p>
<h3 id="adversary-categories">Adversary Categories</h3>
<h4 id="state-security-services">State Security Services</h4>
<p><strong>Capabilities:</strong></p>
<ul>
<li>Mass surveillance infrastructure and legal authorities</li>
<li>Advanced technical capabilities including cyber operations</li>
<li>Extensive human intelligence networks and informant recruitment</li>
<li>Legal powers including arrest, detention, and asset seizure</li>
<li>International cooperation and intelligence sharing agreements</li>
</ul>
<p><strong>Motivations:</strong></p>
<ul>
<li>Maintaining regime stability and suppressing dissent</li>
<li>Protecting state secrets and critical infrastructure</li>
<li>Demonstrating effectiveness to political leadership</li>
<li>Career advancement and institutional prestige</li>
</ul>
<p><strong>Limitations:</strong></p>
<ul>
<li>Bureaucratic constraints and inter-agency competition</li>
<li>Resource limitations and competing priorities</li>
<li>Legal and political constraints (even in authoritarian systems)</li>
<li>Technical limitations and skill gaps</li>
<li>Public scrutiny and accountability mechanisms</li>
</ul>
<h4 id="law-enforcement-agencies">Law Enforcement Agencies</h4>
<p><strong>Capabilities:</strong></p>
<ul>
<li>Local surveillance and investigation resources</li>
<li>Access to criminal justice system and prosecution powers</li>
<li>Community informant networks and public cooperation</li>
<li>Specialized units for cybercrime and domestic terrorism</li>
<li>Coordination with federal and international agencies</li>
</ul>
<p><strong>Motivations:</strong></p>
<ul>
<li>Enforcing existing laws and maintaining public order</li>
<li>Responding to political pressure and public concerns</li>
<li>Protecting institutional reputation and effectiveness</li>
<li>Career advancement and performance metrics</li>
</ul>
<p><strong>Limitations:</strong></p>
<ul>
<li>Legal constraints and constitutional protections</li>
<li>Resource limitations and competing priorities</li>
<li>Training gaps in technical and political areas</li>
<li>Public accountability and oversight mechanisms</li>
<li>Jurisdictional limitations and coordination challenges</li>
</ul>
<h4 id="private-intelligence-contractors">Private Intelligence Contractors</h4>
<p><strong>Capabilities:</strong></p>
<ul>
<li>Specialized technical capabilities and cutting-edge tools</li>
<li>Flexibility and rapid response capabilities</li>
<li>Access to commercial data sources and partnerships</li>
<li>International operations with minimal oversight</li>
<li>Experienced personnel recruited from government agencies</li>
</ul>
<p><strong>Motivations:</strong></p>
<ul>
<li>Financial profit and contract renewal</li>
<li>Demonstrating value to government and corporate clients</li>
<li>Expanding market share and capabilities</li>
<li>Maintaining competitive advantage</li>
</ul>
<p><strong>Limitations:</strong></p>
<ul>
<li>Profit motive may conflict with thoroughness</li>
<li>Limited legal authorities and powers</li>
<li>Dependence on client relationships and contracts</li>
<li>Potential for exposure and public scrutiny</li>
<li>Competition with other contractors and agencies</li>
</ul>
<h4 id="hostile-political-organizations">Hostile Political Organizations</h4>
<p><strong>Capabilities:</strong></p>
<ul>
<li>Grassroots networks and community presence</li>
<li>Media access and propaganda capabilities</li>
<li>Political influence and institutional connections</li>
<li>Volunteer networks and ideological motivation</li>
<li>Potential for violence and intimidation</li>
</ul>
<p><strong>Motivations:</strong></p>
<ul>
<li>Advancing political ideology and agenda</li>
<li>Suppressing opposition movements and activities</li>
<li>Demonstrating power and influence</li>
<li>Protecting organizational interests and reputation</li>
</ul>
<p><strong>Limitations:</strong></p>
<ul>
<li>Limited resources compared to state actors</li>
<li>Legal constraints and public scrutiny</li>
<li>Internal divisions and competing priorities</li>
<li>Dependence on volunteer networks and public support</li>
<li>Vulnerability to infiltration and disruption</li>
</ul>
<h3 id="capability-assessment-framework">Capability Assessment Framework</h3>
<h4 id="technical-capabilities">Technical Capabilities</h4>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Assessment Matrix:
1. Surveillance Infrastructure
- Mass data collection capabilities
- Real-time monitoring systems
- Data analysis and correlation tools
- International cooperation agreements
2. Cyber Operations
- Offensive cyber capabilities
- Defensive monitoring systems
- Technical expertise and resources
- Legal authorities and constraints
3. Human Intelligence
- Informant recruitment and management
- Infiltration capabilities
- Social engineering expertise
- Community presence and influence
</code></pre></div></div>
<h4 id="operational-capabilities">Operational Capabilities</h4>
<ul>
<li><strong>Geographic reach</strong> and jurisdictional authority</li>
<li><strong>Response time</strong> and deployment capabilities</li>
<li><strong>Coordination mechanisms</strong> between different agencies</li>
<li><strong>Resource allocation</strong> and priority setting processes</li>
<li><strong>Legal authorities</strong> and operational constraints</li>
</ul>
<h4 id="intelligence-capabilities">Intelligence Capabilities</h4>
<ul>
<li><strong>Collection methods</strong> and information sources</li>
<li><strong>Analysis capabilities</strong> and expertise levels</li>
<li><strong>Dissemination networks</strong> and information sharing</li>
<li><strong>Retention policies</strong> and data management systems</li>
<li><strong>Quality control</strong> and verification processes</li>
</ul>
<h3 id="motivation-analysis">Motivation Analysis</h3>
<h4 id="primary-motivations">Primary Motivations</h4>
<p>Understanding what drives adversary actions helps predict their behavior and identify potential vulnerabilities:</p>
<p><strong>Institutional Interests:</strong></p>
<ul>
<li>Organizational survival and growth</li>
<li>Budget allocation and resource competition</li>
<li>Performance metrics and success measures</li>
<li>Reputation and public perception</li>
</ul>
<p><strong>Individual Motivations:</strong></p>
<ul>
<li>Career advancement and professional recognition</li>
<li>Financial incentives and job security</li>
<li>Ideological commitment and personal beliefs</li>
<li>Social pressure and peer expectations</li>
</ul>
<p><strong>Political Factors:</strong></p>
<ul>
<li>Electoral considerations and public opinion</li>
<li>Policy priorities and resource allocation</li>
<li>International relationships and obligations</li>
<li>Crisis response and emergency authorities</li>
</ul>
<h3 id="limitation-assessment">Limitation Assessment</h3>
<h4 id="resource-constraints">Resource Constraints</h4>
<ul>
<li><strong>Budget limitations</strong> and competing priorities</li>
<li><strong>Personnel shortages</strong> and skill gaps</li>
<li><strong>Technical limitations</strong> and equipment constraints</li>
<li><strong>Time pressures</strong> and operational demands</li>
</ul>
<h4 id="legal-and-political-constraints">Legal and Political Constraints</h4>
<ul>
<li><strong>Constitutional protections</strong> and legal precedents</li>
<li><strong>Oversight mechanisms</strong> and accountability requirements</li>
<li><strong>Public scrutiny</strong> and media attention</li>
<li><strong>Political considerations</strong> and policy constraints</li>
</ul>
<h4 id="operational-constraints">Operational Constraints</h4>
<ul>
<li><strong>Bureaucratic processes</strong> and approval requirements</li>
<li><strong>Coordination challenges</strong> between agencies</li>
<li><strong>Information sharing</strong> limitations and restrictions</li>
<li><strong>Geographic limitations</strong> and jurisdictional boundaries</li>
</ul>
<div class="info-box">
<div class="info-title">Intelligence Gathering</div>
<p>Adversary analysis requires ongoing intelligence collection through open sources, operational observation, and network reporting. This information must be systematically collected, analyzed, and updated to maintain accuracy and relevance.</p>
</div>
<hr />
<h2 id="section-2-2-threat-model-development">Section 2-2: Threat Model Development</h2>
<h3 id="definition-1">Definition</h3>
<p>A threat model is a structured representation of potential threats to an organization, operation, or individual, including the assets being protected, potential attackers, attack vectors, and consequences of successful attacks. Threat modeling provides the analytical foundation for security planning and resource allocation.</p>
<h3 id="threat-modeling-process">Threat Modeling Process</h3>
<h4 id="step-1-asset-identification">Step 1: Asset Identification</h4>
<p><strong>Information Assets:</strong></p>
<ul>
<li>Operational plans and strategic documents</li>
<li>Communication records and contact information</li>
<li>Financial records and resource information</li>
<li>Technical documentation and system configurations</li>
<li>Personal information about participants and supporters</li>
</ul>
<p><strong>Physical Assets:</strong></p>
<ul>
<li>Personnel safety and freedom</li>
<li>Equipment and technology resources</li>
<li>Financial resources and funding sources</li>
<li>Safe houses and meeting locations</li>
<li>Communication infrastructure and networks</li>
</ul>
<p><strong>Operational Assets:</strong></p>
<ul>
<li>Network relationships and trust connections</li>
<li>Operational capabilities and expertise</li>
<li>Reputation and public support</li>
<li>Legal protections and political cover</li>
<li>Time and opportunity windows</li>
</ul>
<h4 id="step-2-threat-actor-identification">Step 2: Threat Actor Identification</h4>
<p>For each asset category, identify potential threat actors:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Threat Actor Analysis Template:
Actor: [Name/Type]
Motivation: [Why they would target this asset]
Capability: [What they can do to compromise it]
Opportunity: [When/how they could act]
Impact: [Consequences of successful attack]
Likelihood: [Probability assessment]
</code></pre></div></div>
<h4 id="step-3-attack-vector-analysis">Step 3: Attack Vector Analysis</h4>
<p><strong>Technical Attack Vectors:</strong></p>
<ul>
<li>Network intrusion and system compromise</li>
<li>Communication interception and analysis</li>
<li>Device compromise and malware deployment</li>
<li>Data theft and information exfiltration</li>
<li>Service disruption and denial of service</li>
</ul>
<p><strong>Human Attack Vectors:</strong></p>
<ul>
<li>Social engineering and manipulation</li>
<li>Infiltration and insider threats</li>
<li>Coercion and blackmail</li>
<li>Recruitment and turning of participants</li>
<li>Information gathering through relationships</li>
</ul>
<p><strong>Physical Attack Vectors:</strong></p>
<ul>
<li>Surveillance and tracking</li>
<li>Search and seizure operations</li>
<li>Physical intimidation and violence</li>
<li>Asset seizure and resource disruption</li>
<li>Location compromise and raid operations</li>
</ul>
<h4 id="step-4-impact-assessment">Step 4: Impact Assessment</h4>
<p><strong>Immediate Impacts:</strong></p>
<ul>
<li>Operational disruption and mission failure</li>
<li>Personnel safety and security compromise</li>
<li>Resource loss and financial damage</li>
<li>Information disclosure and intelligence loss</li>
<li>Legal consequences and prosecution</li>
</ul>
<p><strong>Long-term Impacts:</strong></p>
<ul>
<li>Network compromise and relationship damage</li>
<li>Reputation loss and public support erosion</li>
<li>Capability degradation and skill loss</li>
<li>Strategic disadvantage and position weakness</li>
<li>Movement suppression and broader impact</li>
</ul>
<h3 id="threat-modeling-methodologies">Threat Modeling Methodologies</h3>
<h4 id="stride-framework">STRIDE Framework</h4>
<p><strong>Spoofing:</strong> Impersonating legitimate users or systems
<strong>Tampering:</strong> Modifying data or systems without authorization
<strong>Repudiation:</strong> Denying actions or transactions
<strong>Information Disclosure:</strong> Exposing sensitive information
<strong>Denial of Service:</strong> Preventing legitimate access to resources
<strong>Elevation of Privilege:</strong> Gaining unauthorized access or permissions</p>
<h4 id="pasta-process-for-attack-simulation-and-threat-analysis">PASTA (Process for Attack Simulation and Threat Analysis)</h4>
<ol>
<li><strong>Define Objectives:</strong> Establish scope and goals</li>
<li><strong>Define Technical Scope:</strong> Identify systems and components</li>
<li><strong>Application Decomposition:</strong> Break down into components</li>
<li><strong>Threat Analysis:</strong> Identify potential threats</li>
<li><strong>Weakness and Vulnerability Analysis:</strong> Find security gaps</li>
<li><strong>Attack Modeling:</strong> Simulate attack scenarios</li>
<li><strong>Risk and Impact Analysis:</strong> Assess consequences</li>
</ol>
<h4 id="octave-operationally-critical-threat-asset-and-vulnerability-evaluation">OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)</h4>
<ul>
<li><strong>Organizational View:</strong> Internal security practices and policies</li>
<li><strong>Technological View:</strong> Technical vulnerabilities and weaknesses</li>
<li><strong>Strategy and Plan View:</strong> Risk mitigation and security strategy</li>
</ul>
<h3 id="threat-scenario-development">Threat Scenario Development</h3>
<h4 id="scenario-template">Scenario Template</h4>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Threat Scenario: [Descriptive Name]
Background:
- Current operational context
- Recent events and triggers
- Adversary capabilities and motivations
Attack Sequence:
1. Initial access or opportunity
2. Escalation and exploitation
3. Impact and consequences
4. Potential responses and countermeasures
Indicators:
- Early warning signs
- Detection opportunities
- Confirmation methods
Mitigation:
- Preventive measures
- Response procedures
- Recovery plans
</code></pre></div></div>
<h4 id="example-scenarios">Example Scenarios</h4>
<p><strong>Scenario 1: Communication Compromise</strong></p>
<ul>
<li>Adversary intercepts encrypted communications</li>
<li>Traffic analysis reveals network structure</li>
<li>Key participants identified and targeted</li>
<li>Operational plans exposed and disrupted</li>
</ul>
<p><strong>Scenario 2: Infiltration Operation</strong></p>
<ul>
<li>Hostile agent joins resistance network</li>
<li>Gains trust and access over time</li>
<li>Collects intelligence on operations and participants</li>
<li>Provides information for coordinated arrests</li>
</ul>
<p><strong>Scenario 3: Technical Surveillance</strong></p>
<ul>
<li>Mass surveillance system deployed</li>
<li>Communication metadata collected and analyzed</li>
<li>Behavioral patterns identified and tracked</li>
<li>Predictive analysis enables preemptive action</li>
</ul>
<div class="warning-box">
<div class="warning-title">Scenario Planning</div>
<p>Threat scenarios should be realistic and based on actual adversary capabilities and historical precedents. Avoid both underestimating threats (leading to inadequate security) and overestimating them (leading to paralysis and ineffective operations).</p>
</div>
<hr />
<h2 id="section-2-3-risk-assessment-framework">Section 2-3: Risk Assessment Framework</h2>
<h3 id="definition-2">Definition</h3>
<p>Risk assessment is the systematic evaluation of potential threats to determine their likelihood and impact, enabling informed decisions about security investments and operational procedures. Risk assessment translates threat models into actionable priorities for security planning.</p>
<h3 id="risk-calculation-methodology">Risk Calculation Methodology</h3>
<h4 id="basic-risk-formula">Basic Risk Formula</h4>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Risk = Threat × Vulnerability × Impact
Where:
- Threat = Likelihood of attack occurring
- Vulnerability = Probability of attack succeeding
- Impact = Consequences of successful attack
</code></pre></div></div>
<h4 id="qualitative-risk-assessment">Qualitative Risk Assessment</h4>
<p><strong>Likelihood Scale:</strong></p>
<ul>
<li><strong>Very High (5):</strong> Almost certain to occur within 1 month</li>
<li><strong>High (4):</strong> Likely to occur within 6 months</li>
<li><strong>Medium (3):</strong> Possible within 1 year</li>
<li><strong>Low (2):</strong> Unlikely within 2 years</li>
<li><strong>Very Low (1):</strong> Rare or theoretical</li>
</ul>
<p><strong>Impact Scale:</strong></p>
<ul>
<li><strong>Critical (5):</strong> Mission failure, life-threatening consequences</li>
<li><strong>High (4):</strong> Major operational disruption, serious legal consequences</li>
<li><strong>Medium (3):</strong> Moderate disruption, manageable consequences</li>
<li><strong>Low (2):</strong> Minor inconvenience, limited impact</li>
<li><strong>Very Low (1):</strong> Negligible impact</li>
</ul>
<p><strong>Risk Matrix:</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Impact → VL L M H C
Likelihood ↓
Very High M H H C C
High L M H H C
Medium L L M H H
Low VL L L M H
Very Low VL VL L L M
Legend: VL=Very Low, L=Low, M=Medium, H=High, C=Critical
</code></pre></div></div>
<h3 id="risk-assessment-process">Risk Assessment Process</h3>
<h4 id="step-1-threat-inventory">Step 1: Threat Inventory</h4>
<p>Create comprehensive list of identified threats from threat modeling process:</p>
<ul>
<li>Categorize by threat actor and attack vector</li>
<li>Document current intelligence and evidence</li>
<li>Assess threat actor capabilities and motivations</li>
<li>Identify information gaps and uncertainties</li>
</ul>
<h4 id="step-2-vulnerability-assessment">Step 2: Vulnerability Assessment</h4>
<p>For each threat, assess organizational vulnerabilities:</p>
<p><strong>Technical Vulnerabilities:</strong></p>
<ul>
<li>Unpatched software and system weaknesses</li>
<li>Insecure configurations and default settings</li>
<li>Weak encryption and authentication mechanisms</li>
<li>Inadequate monitoring and detection capabilities</li>
</ul>
<p><strong>Procedural Vulnerabilities:</strong></p>
<ul>
<li>Inadequate security policies and procedures</li>
<li>Insufficient training and awareness programs</li>
<li>Poor access control and permission management</li>
<li>Weak incident response and recovery capabilities</li>
</ul>
<p><strong>Human Vulnerabilities:</strong></p>
<ul>
<li>Social engineering susceptibility</li>
<li>Insider threat potential</li>
<li>Security culture weaknesses</li>
<li>Stress and pressure responses</li>
</ul>
<h4 id="step-3-impact-analysis">Step 3: Impact Analysis</h4>
<p>Assess potential consequences of successful attacks:</p>
<p><strong>Operational Impact:</strong></p>
<ul>
<li>Mission disruption and failure</li>
<li>Capability loss and degradation</li>
<li>Resource depletion and damage</li>
<li>Timeline delays and setbacks</li>
</ul>
<p><strong>Security Impact:</strong></p>
<ul>
<li>Personnel safety and freedom</li>
<li>Information disclosure and intelligence loss</li>
<li>Network compromise and relationship damage</li>
<li>Legal consequences and prosecution</li>
</ul>
<p><strong>Strategic Impact:</strong></p>
<ul>
<li>Movement effectiveness and credibility</li>
<li>Public support and political position</li>
<li>Long-term viability and sustainability</li>
<li>Broader resistance movement impact</li>
</ul>
<h4 id="step-4-risk-prioritization">Step 4: Risk Prioritization</h4>
<p>Rank risks based on calculated scores and strategic importance:</p>
<p><strong>Priority Categories:</strong></p>
<ul>
<li><strong>Critical Risks:</strong> Immediate attention required</li>
<li><strong>High Risks:</strong> Address within 30 days</li>
<li><strong>Medium Risks:</strong> Address within 90 days</li>
<li><strong>Low Risks:</strong> Address as resources permit</li>
<li><strong>Accepted Risks:</strong> Monitor but no immediate action</li>
</ul>
<h3 id="risk-treatment-strategies">Risk Treatment Strategies</h3>
<h4 id="risk-mitigation">Risk Mitigation</h4>
<p>Reduce likelihood or impact through security controls:</p>
<ul>
<li><strong>Preventive Controls:</strong> Block or deter attacks</li>
<li><strong>Detective Controls:</strong> Identify attacks in progress</li>
<li><strong>Corrective Controls:</strong> Respond to and recover from attacks</li>
<li><strong>Compensating Controls:</strong> Alternative measures when primary controls fail</li>
</ul>
<h4 id="risk-transfer">Risk Transfer</h4>
<p>Shift risk to other parties or systems:</p>
<ul>
<li><strong>Insurance:</strong> Financial protection against losses</li>
<li><strong>Outsourcing:</strong> Transfer operational risks to service providers</li>
<li><strong>Partnerships:</strong> Share risks with allied organizations</li>
<li><strong>Legal Protections:</strong> Use legal mechanisms to limit exposure</li>
</ul>
<h4 id="risk-acceptance">Risk Acceptance</h4>
<p>Consciously accept certain risks:</p>
<ul>
<li><strong>Residual Risk:</strong> Remaining risk after mitigation measures</li>
<li><strong>Strategic Risk:</strong> Risks necessary for mission accomplishment</li>
<li><strong>Resource Constraints:</strong> Risks that cannot be addressed with available resources</li>
<li><strong>Temporary Acceptance:</strong> Short-term acceptance pending future mitigation</li>
</ul>
<h4 id="risk-avoidance">Risk Avoidance</h4>
<p>Eliminate risk by avoiding the activity:</p>
<ul>
<li><strong>Operational Changes:</strong> Modify operations to eliminate risk</li>
<li><strong>Technology Alternatives:</strong> Use different tools or methods</li>
<li><strong>Geographic Relocation:</strong> Move operations to safer locations</li>
<li><strong>Timing Adjustments:</strong> Delay operations until risks decrease</li>
</ul>
<div class="success-box">
<div class="success-title">Risk Management</div>
<p>Effective risk management is an ongoing process that requires regular review and updates. Risk assessments should be updated whenever significant changes occur in the threat environment, organizational capabilities, or operational requirements.</p>
</div>
<hr />
<h2 id="section-2-4-operational-security-opsec-fundamentals">Section 2-4: Operational Security (OpSec) Fundamentals</h2>
<h3 id="definition-3">Definition</h3>
<p>Operational Security (OpSec) is the process of protecting critical information and activities from adversary intelligence collection and analysis. OpSec focuses on identifying and controlling information that could be used to compromise operations, rather than just protecting classified information.</p>
<h3 id="opsec-process">OpSec Process</h3>
<h4 id="step-1-identify-critical-information">Step 1: Identify Critical Information</h4>
<p><strong>Critical Information Categories:</strong></p>
<ul>
<li><strong>Who:</strong> Personnel identities, roles, and relationships</li>
<li><strong>What:</strong> Operational objectives, methods, and capabilities</li>
<li><strong>When:</strong> Timing, schedules, and deadlines</li>
<li><strong>Where:</strong> Locations, routes, and geographic areas</li>
<li><strong>Why:</strong> Motivations, strategies, and decision-making processes</li>
<li><strong>How:</strong> Methods, procedures, and technical details</li>
</ul>
<p><strong>Critical Information Examples:</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Personnel Information:
- Real names and personal details
- Communication addresses and identifiers
- Role assignments and responsibilities
- Skill sets and expertise areas
- Personal vulnerabilities and pressure points
Operational Information:
- Mission objectives and success criteria
- Operational timelines and milestones
- Resource requirements and allocations
- Coordination mechanisms and protocols
- Contingency plans and alternatives
Technical Information:
- Communication methods and frequencies
- Security procedures and protocols
- Equipment specifications and capabilities
- Software configurations and vulnerabilities
- Network architecture and access points
</code></pre></div></div>
<h4 id="step-2-analyze-threats">Step 2: Analyze Threats</h4>
<p>Apply threat modeling to identify how adversaries might collect and use critical information:</p>
<p><strong>Collection Methods:</strong></p>
<ul>
<li><strong>Technical Collection:</strong> Electronic surveillance and monitoring</li>
<li><strong>Human Collection:</strong> Informants, infiltration, and social engineering</li>
<li><strong>Open Source Collection:</strong> Public information and social media</li>
<li><strong>Physical Collection:</strong> Surveillance and document recovery</li>
</ul>
<p><strong>Analysis Capabilities:</strong></p>
<ul>
<li><strong>Pattern Analysis:</strong> Identifying trends and behaviors</li>
<li><strong>Network Analysis:</strong> Mapping relationships and structures</li>
<li><strong>Predictive Analysis:</strong> Forecasting future activities</li>
<li><strong>Correlation Analysis:</strong> Connecting disparate information sources</li>
</ul>
<h4 id="step-3-analyze-vulnerabilities">Step 3: Analyze Vulnerabilities</h4>
<p>Identify how critical information might be exposed:</p>
<p><strong>Information Leakage Points:</strong></p>
<ul>
<li><strong>Communication Channels:</strong> Insecure or monitored communications</li>
<li><strong>Behavioral Patterns:</strong> Predictable activities and routines</li>
<li><strong>Physical Evidence:</strong> Documents, equipment, and traces</li>
<li><strong>Social Interactions:</strong> Casual conversations and relationships</li>
<li><strong>Digital Footprints:</strong> Online activities and data trails</li>
</ul>
<p><strong>Vulnerability Assessment Questions:</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>For each piece of critical information:
1. Who has access to this information?
2. How is this information stored and transmitted?
3. What activities might reveal this information?
4. What patterns might indicate this information?
5. How could an adversary collect this information?
6. What would an adversary do with this information?
</code></pre></div></div>
<h4 id="step-4-assess-risk">Step 4: Assess Risk</h4>
<p>Evaluate the likelihood and impact of information compromise:</p>
<p><strong>Risk Factors:</strong></p>
<ul>
<li><strong>Information Value:</strong> How useful is this to adversaries?</li>
<li><strong>Collection Difficulty:</strong> How hard is it for adversaries to obtain?</li>
<li><strong>Analysis Complexity:</strong> How difficult is it to interpret and use?</li>
<li><strong>Operational Impact:</strong> What happens if this is compromised?</li>
<li><strong>Mitigation Cost:</strong> How expensive is it to protect?</li>
</ul>
<h4 id="step-5-apply-countermeasures">Step 5: Apply Countermeasures</h4>
<p>Implement measures to protect critical information:</p>
<p><strong>Information Control Measures:</strong></p>
<ul>
<li><strong>Classification:</strong> Formal information protection levels</li>
<li><strong>Compartmentalization:</strong> Limiting access on need-to-know basis</li>
<li><strong>Sanitization:</strong> Removing sensitive details from communications</li>
<li><strong>Disinformation:</strong> Providing false information to confuse adversaries</li>
</ul>
<p><strong>Activity Control Measures:</strong></p>
<ul>
<li><strong>Pattern Breaking:</strong> Varying routines and procedures</li>
<li><strong>Timing Control:</strong> Coordinating activities to minimize exposure</li>
<li><strong>Location Security:</strong> Protecting meeting places and safe houses</li>
<li><strong>Communication Security:</strong> Using secure channels and protocols</li>
</ul>
<h3 id="opsec-planning">OpSec Planning</h3>
<h4 id="opsec-plan-template">OpSec Plan Template</h4>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>1. Mission Overview
- Objectives and scope
- Timeline and milestones
- Success criteria
2. Critical Information List
- Information categories
- Sensitivity levels
- Access requirements
3. Threat Assessment
- Adversary capabilities
- Collection methods
- Analysis capabilities
4. Vulnerability Analysis
- Exposure points
- Risk factors
- Mitigation priorities
5. Countermeasure Plan
- Protective measures
- Implementation timeline
- Responsibility assignments
6. Monitoring and Review
- Effectiveness metrics
- Review schedule
- Update procedures
</code></pre></div></div>
<h4 id="implementation-guidelines">Implementation Guidelines</h4>
<p><strong>Training and Awareness:</strong></p>
<ul>
<li><strong>OpSec Education:</strong> Understanding principles and importance</li>
<li><strong>Threat Briefings:</strong> Current adversary capabilities and methods</li>
<li><strong>Procedure Training:</strong> Specific protective measures and protocols</li>
<li><strong>Regular Updates:</strong> Ongoing education and reinforcement</li>
</ul>
<p><strong>Monitoring and Enforcement:</strong></p>
<ul>
<li><strong>Compliance Monitoring:</strong> Checking adherence to OpSec procedures</li>
<li><strong>Incident Reporting:</strong> Documenting OpSec failures and near-misses</li>
<li><strong>Corrective Action:</strong> Addressing violations and weaknesses</li>
<li><strong>Continuous Improvement:</strong> Updating procedures based on experience</li>
</ul>
<p><strong>Integration with Operations:</strong></p>
<ul>
<li><strong>Planning Integration:</strong> OpSec considerations in all operational planning</li>
<li><strong>Execution Monitoring:</strong> Real-time OpSec awareness during operations</li>
<li><strong>Post-Operation Review:</strong> Analyzing OpSec effectiveness and lessons learned</li>
<li><strong>Feedback Loop:</strong> Incorporating lessons into future planning</li>
</ul>
<div class="warning-box">
<div class="warning-title">OpSec Discipline</div>
<p>OpSec is only as strong as its weakest link. All participants must understand and consistently apply OpSec principles. A single careless action can compromise an entire operation and endanger all participants.</p>
</div>
<hr />
<h2 id="chapter-summary">Chapter Summary</h2>
<p>Chapter 2 has provided the analytical framework necessary for understanding and responding to threats in resistance operations:</p>
<p><strong>Section 2-1</strong> established methodologies for analyzing adversary capabilities, motivations, and limitations across different threat actor categories.</p>
<p><strong>Section 2-2</strong> introduced systematic threat modeling approaches for identifying and analyzing potential attacks against resistance operations.</p>
<p><strong>Section 2-3</strong> provided risk assessment frameworks for prioritizing threats and allocating security resources effectively.</p>
<p><strong>Section 2-4</strong> covered operational security fundamentals for protecting critical information and activities from adversary intelligence collection.</p>
<h3 id="integration-with-security-planning">Integration with Security Planning</h3>
<p>The threat assessment and OpSec methodologies covered in this chapter provide the analytical foundation for all subsequent security planning and implementation. The communication systems, operational procedures, and advanced techniques covered in later parts of this manual should be selected and configured based on the threat assessment and risk analysis conducted using these frameworks.</p>
<h3 id="continuous-process">Continuous Process</h3>
<p>Threat assessment and OpSec are not one-time activities but ongoing processes that must be regularly updated as the operational environment changes. New threats emerge, adversary capabilities evolve, and operational requirements shift, requiring continuous monitoring and adaptation of security measures.</p>
<hr />
<p><strong>Next:</strong> <a href="/parts/part-2/">Part II: Secure Communication Systems →</a></p>
<nav class="section-nav">
<a href="/chapters/chapter-1/" class="nav-link">
<span class="arrow"></span>
<span>Chapter 1: Core Security Principles</span>
</a>
<a href="/parts/part-2/" class="nav-link">
<span>Part II: Communication Systems</span>
<span class="arrow"></span>
</a>
</nav>
</main>
</div>
<footer class="footer">
<div class="container">
<div class="footer-content">
<div class="organization">Department of Internautics</div>
<div>Bureau of Decentralized Resistance</div>
<div>FM-R1 - Version 1.0 - 2025-08-28</div>
<div style="margin-top: 1rem;">
<a href="https://resist.is" target="_blank">resist.is</a> |
<a href="https://git.hacker.supply/Department_of_Internautics/field_guide" target="_blank">Source Code</a>
</div>
</div>
</div>
</footer>
<!-- JavaScript -->
<script src="/assets/js/main.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink