Department_of_Internautics/field_guide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55bf439dcc
field_guide/_site/parts/part-3/index.html
Sparticus c897797227 Part 3
2025-08-29 12:17:48 -04:00

546 lines
23 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Part III: Operational Security Procedures - Field Manual for Resistance Operations</title>
<meta name="description" content="Hardware security, digital hygiene, and operational procedures for resistance operations">
<!-- Favicon -->
<link rel="icon" type="image/x-icon" href="/assets/images/favicon.ico">
<!-- Stylesheets -->
<link rel="stylesheet" href="/assets/css/main.css">
<!-- Security headers -->
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta http-equiv="X-Frame-Options" content="DENY">
<meta http-equiv="X-XSS-Protection" content="1; mode=block">
<!-- No tracking -->
<meta name="robots" content="noindex, nofollow">
</head>
<body>
<header class="header">
<div class="container">
<div class="header-content">
<div class="logo">
<span class="omega">Ω</span>
<span>FM-R1</span>
</div>
<button class="nav-toggle" id="nav-toggle" aria-label="Toggle navigation">
</button>
</div>
</div>
</header>
<div class="main-layout">
<nav class="sidebar" id="sidebar">
<div class="nav-section">
<h3>Field Manual</h3>
<ul>
<li><a href="/" >Table of Contents</a></li>
<li><a href="/preface/" >Preface</a></li>
<li><a href="/introduction/" >Introduction</a></li>
</ul>
</div>
<div class="nav-section">
<h3>Part I: Foundations</h3>
<ul>
<li>
<a href="/parts/part-1/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-1/" >Ch 1: Core Security Principles</a></li>
<li><a href="/chapters/chapter-2/" >Ch 2: Threat Assessment</a></li>
</ul>
</li>
</ul>
</div>
<div class="nav-section">
<h3>Part II: Communication</h3>
<ul>
<li>
<a href="/parts/part-2/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-3/" >Ch 3: Communication Architecture</a></li>
<li><a href="/chapters/chapter-4/" >Ch 4: Secure Messaging</a></li>
<li><a href="/chapters/chapter-5/" >Ch 5: File Sharing</a></li>
</ul>
</li>
</ul>
</div>
<div class="nav-section">
<h3>Part III: OpSec</h3>
<ul>
<li>
<a href="/parts/part-3/" class="active">Part Overview</a>
<ul>
<li><a href="/chapters/chapter-6/" >Ch 6: Hardware Security</a></li>
<li><a href="/chapters/chapter-7/" >Ch 7: Digital Hygiene</a></li>
<li><a href="/chapters/chapter-8/" >Ch 8: Operational Procedures</a></li>
</ul>
</li>
</ul>
</div>
<div class="nav-section">
<h3>Part IV: Advanced</h3>
<ul>
<li>
<a href="/parts/part-4/" >Part Overview</a>
<ul>
<li><a href="/chapters/chapter-9/" >Ch 9: Network Resilience</a></li>
<li><a href="/chapters/chapter-10/" >Ch 10: Counter-Intelligence</a></li>
</ul>
</li>
</ul>
</div>
<div class="nav-section">
<h3>Appendices</h3>
<ul>
<li><a href="/appendices/" >Quick Reference</a></li>
<li><a href="/appendices/tools/" >Tool Guides</a></li>
<li><a href="/appendices/resources/" >External Resources</a></li>
<li><a href="/appendices/glossary/" >Glossary</a></li>
</ul>
</div>
<div class="nav-section">
<h3>External Links</h3>
<ul>
<li><a href="https://resist.is" target="_blank">resist.is</a></li>
<li><a href="https://activistchecklist.org" target="_blank">Activist Checklist</a></li>
<li><a href="https://signal.org" target="_blank">Signal</a></li>
<li><a href="https://briarproject.org" target="_blank">Briar</a></li>
<li><a href="https://element.io" target="_blank">Element</a></li>
<li><a href="https://tails.boum.org" target="_blank">Tails OS</a></li>
<li><a href="https://onionshare.org" target="_blank">OnionShare</a></li>
</ul>
</div>
</nav>
<main class="content">
<div class="content-header">
<div class="manual-designation">FM-R1: FM-R1: Secure Communication Networks for Decentralized Resistance</div>
<div class="classification">UNCLASSIFIED</div>
</div>
<h1 id="part-iii-operational-security-procedures">Part III: Operational Security Procedures</h1>
<h2 id="overview">Overview</h2>
<p>Part III addresses the critical operational security (OpSec) procedures that protect resistance operations from detection, infiltration, and compromise. This part moves beyond communication systems to cover the broader operational environment, including hardware security, digital hygiene, and operational procedures that ensure resistance activities remain secure and effective.</p>
<p>Operational security is the discipline of protecting critical information and activities through systematic procedures and practices. Unlike technical security measures that rely on cryptography and secure systems, operational security focuses on human behavior, physical security, and procedural controls that prevent adversaries from gathering intelligence about resistance operations.</p>
<h2 id="learning-objectives">Learning Objectives</h2>
<p>Upon completing Part III, you will be able to:</p>
<ul>
<li>Implement comprehensive hardware security measures including untraceable acquisition and secure disposal</li>
<li>Configure and operate Tails OS and other security-focused operating systems</li>
<li>Establish device compartmentalization strategies for different operational roles</li>
<li>Implement physical security measures for equipment, locations, and operations</li>
<li>Practice effective digital hygiene to minimize online exposure and tracking</li>
<li>Execute operational procedures that maintain security throughout resistance activities</li>
</ul>
<h2 id="the-operational-security-challenge">The Operational Security Challenge</h2>
<h3 id="the-human-factor">The Human Factor</h3>
<p>Technical security systems are only as strong as the humans who operate them. The most sophisticated encryption and anonymity tools can be rendered useless by poor operational security practices. Common operational security failures include:</p>
<ul>
<li><strong>Behavioral Patterns</strong>: Predictable activities that reveal operational timing and locations</li>
<li><strong>Physical Evidence</strong>: Documents, devices, and traces left behind after operations</li>
<li><strong>Social Engineering</strong>: Manipulation of human psychology to extract information</li>
<li><strong>Procedural Violations</strong>: Failure to follow established security protocols</li>
<li><strong>Emergency Responses</strong>: Poor decision-making under pressure or crisis conditions</li>
</ul>
<h3 id="the-surveillance-environment">The Surveillance Environment</h3>
<p>Modern resistance operations occur within a comprehensive surveillance environment that includes:</p>
<p><strong>Technical Surveillance:</strong></p>
<ul>
<li>Mass data collection from internet and telecommunications</li>
<li>Automated analysis of behavioral patterns and anomalies</li>
<li>Facial recognition and biometric identification systems</li>
<li>Location tracking through mobile devices and vehicles</li>
<li>Financial surveillance through banking and payment systems</li>
</ul>
<p><strong>Human Surveillance:</strong></p>
<ul>
<li>Informant networks and community monitoring</li>
<li>Undercover operations and infiltration attempts</li>
<li>Social media monitoring and analysis</li>
<li>Professional surveillance teams and techniques</li>
<li>Crowd-sourced surveillance through public reporting</li>
</ul>
<p><strong>Physical Surveillance:</strong></p>
<ul>
<li>CCTV networks and automated monitoring systems</li>
<li>License plate readers and vehicle tracking</li>
<li>Access control systems and entry monitoring</li>
<li>Search and seizure operations</li>
<li>Physical infiltration and monitoring</li>
</ul>
<h3 id="the-compartmentalization-imperative">The Compartmentalization Imperative</h3>
<p>Effective operational security requires strict compartmentalization of information, activities, and identities. This includes:</p>
<p><strong>Information Compartmentalization:</strong></p>
<ul>
<li>Need-to-know basis for all sensitive information</li>
<li>Separation of different operational activities</li>
<li>Protection of sources and methods</li>
<li>Isolation of compromise to minimize damage</li>
</ul>
<p><strong>Identity Compartmentalization:</strong></p>
<ul>
<li>Separate identities for different operational roles</li>
<li>Physical and digital separation of identities</li>
<li>Consistent maintenance of identity boundaries</li>
<li>Emergency procedures for identity compromise</li>
</ul>
<p><strong>Activity Compartmentalization:</strong></p>
<ul>
<li>Separation of operational and personal activities</li>
<li>Different locations for different types of operations</li>
<li>Temporal separation of related activities</li>
<li>Independent resource allocation and management</li>
</ul>
<h2 id="multi-domain-security-strategy">Multi-Domain Security Strategy</h2>
<p>Part III is organized around a three-domain security strategy that addresses different aspects of operational security:</p>
<h3 id="domain-1-hardware-and-infrastructure-security">Domain 1: Hardware and Infrastructure Security</h3>
<p><strong>Focus:</strong> Physical devices, systems, and infrastructure
<strong>Security Level:</strong> Foundation-level security for all operations
<strong>Tools:</strong> Tails OS, hardware compartmentalization, secure disposal
<strong>Characteristics:</strong></p>
<ul>
<li>Untraceable hardware acquisition and management</li>
<li>Secure operating systems and configurations</li>
<li>Physical security measures and protocols</li>
<li>Proper disposal and sanitization procedures</li>
</ul>
<h3 id="domain-2-digital-hygiene-and-privacy">Domain 2: Digital Hygiene and Privacy</h3>
<p><strong>Focus:</strong> Online activities and digital footprint management
<strong>Security Level:</strong> Comprehensive privacy protection
<strong>Tools:</strong> Tor Browser, VPNs, anonymous accounts, search privacy
<strong>Characteristics:</strong></p>
<ul>
<li>Browser security and privacy configuration</li>
<li>Anonymous account creation and management</li>
<li>Search engine privacy and information gathering</li>
<li>Social media operational security</li>
</ul>
<h3 id="domain-3-operational-procedures">Domain 3: Operational Procedures</h3>
<p><strong>Focus:</strong> Human behavior and procedural controls
<strong>Security Level:</strong> Comprehensive operational discipline
<strong>Tools:</strong> Cell organization, meeting protocols, surveillance detection
<strong>Characteristics:</strong></p>
<ul>
<li>Cell organization and management structures</li>
<li>Secure meeting and coordination protocols</li>
<li>Surveillance detection and evasion techniques</li>
<li>Emergency procedures and crisis response</li>
</ul>
<h2 id="chapter-overview">Chapter Overview</h2>
<h3 id="chapter-6-hardware-and-infrastructure-security-6-1-to-6-8">Chapter 6: Hardware and Infrastructure Security (6-1 to 6-8)</h3>
<p>Establishes the foundation of physical security for resistance operations:</p>
<p><strong>6-1: Untraceable Hardware Acquisition</strong> - Methods for obtaining devices without creating paper trails</p>
<p><strong>6-2: Tails OS Installation and Configuration</strong> - Complete setup guide for the amnesic operating system</p>
<p><strong>6-3: Device Compartmentalization</strong> - Strategies for separating different operational roles across devices</p>
<p><strong>6-4: Physical Security Measures</strong> - Protecting devices, locations, and operations from physical compromise</p>
<p><strong>6-5: Network Access Security</strong> - Secure methods for accessing internet and communication networks</p>
<p><strong>6-6: Hardware Disposal and Sanitization</strong> - Proper destruction and disposal of compromised or obsolete equipment</p>
<p><strong>6-7: Faraday Cage and Signal Blocking</strong> - Techniques for preventing electronic surveillance and tracking</p>
<p><strong>6-8: Power and Charging Security</strong> - Secure power management and charging procedures</p>
<h3 id="chapter-7-digital-hygiene-and-privacy-7-1-to-7-6">Chapter 7: Digital Hygiene and Privacy (7-1 to 7-6)</h3>
<p>Covers comprehensive digital privacy and footprint management:</p>
<p><strong>7-1: Browser Security Configuration</strong> - Hardening browsers for maximum privacy and security</p>
<p><strong>7-2: Search Engine Privacy</strong> - Anonymous information gathering and research techniques</p>
<p><strong>7-3: VPN and Tor Usage</strong> - Comprehensive guide to anonymity networks and VPN services</p>
<p><strong>7-4: Social Media Operational Security</strong> - Managing online presence and social media security</p>
<p><strong>7-5: Email Security and Anonymous Accounts</strong> - Creating and managing secure email and online accounts</p>
<p><strong>7-6: Digital Footprint Minimization</strong> - Reducing and managing online traces and data exposure</p>
<h3 id="chapter-8-operational-procedures-8-1-to-8-8">Chapter 8: Operational Procedures (8-1 to 8-8)</h3>
<p>Provides comprehensive operational discipline and procedures:</p>
<p><strong>8-1: Cell Organization and Management</strong> - Structures and procedures for resistance cell operations</p>
<p><strong>8-2: Meeting Security Protocols</strong> - Secure procedures for in-person and virtual meetings</p>
<p><strong>8-3: Coded Language and Communication</strong> - Development and use of coded communication systems</p>
<p><strong>8-4: Surveillance Detection and Evasion</strong> - Techniques for detecting and avoiding surveillance</p>
<p><strong>8-5: Emergency Procedures and Protocols</strong> - Crisis response and emergency security procedures</p>
<p><strong>8-6: Information Sanitization</strong> - Procedures for protecting and sanitizing sensitive information</p>
<p><strong>8-7: Operational Planning Security</strong> - Secure planning and coordination procedures</p>
<p><strong>8-8: Post-Operation Security Review</strong> - Assessment and improvement procedures after operations</p>
<h2 id="implementation-approach">Implementation Approach</h2>
<h3 id="progressive-implementation">Progressive Implementation</h3>
<p>Part III is designed for progressive implementation, building operational security capabilities systematically:</p>
<p><strong>Phase 1: Hardware Foundation</strong></p>
<ul>
<li>Acquire and configure secure hardware and operating systems</li>
<li>Implement basic physical security measures</li>
<li>Establish device compartmentalization strategies</li>
</ul>
<p><strong>Phase 2: Digital Hygiene</strong></p>
<ul>
<li>Configure secure browsers and privacy tools</li>
<li>Establish anonymous online presence and accounts</li>
<li>Implement comprehensive digital privacy practices</li>
</ul>
<p><strong>Phase 3: Operational Procedures</strong></p>
<ul>
<li>Develop cell organization and management procedures</li>
<li>Implement meeting security and communication protocols</li>
<li>Establish surveillance detection and evasion capabilities</li>
</ul>
<p><strong>Phase 4: Advanced Operations</strong></p>
<ul>
<li>Integrate all operational security domains</li>
<li>Implement advanced procedures and techniques</li>
<li>Establish training and assessment programs</li>
</ul>
<h3 id="security-integration">Security Integration</h3>
<p>Each operational security domain integrates with the communication systems from Part II:</p>
<p><strong>Hardware Security Integration:</strong></p>
<ul>
<li>Secure devices for communication system operation</li>
<li>Physical protection for communication infrastructure</li>
<li>Proper disposal of compromised communication equipment</li>
</ul>
<p><strong>Digital Hygiene Integration:</strong></p>
<ul>
<li>Anonymous accounts for communication services</li>
<li>Privacy protection for communication activities</li>
<li>Footprint minimization for communication metadata</li>
</ul>
<p><strong>Operational Procedures Integration:</strong></p>
<ul>
<li>Communication protocols within cell structures</li>
<li>Meeting security for communication planning</li>
<li>Emergency procedures for communication compromise</li>
</ul>
<h2 id="risk-management-framework">Risk Management Framework</h2>
<p>Part III employs a comprehensive risk management framework that addresses operational security risks:</p>
<h3 id="risk-categories">Risk Categories</h3>
<p><strong>Technical Risks:</strong></p>
<ul>
<li>Device compromise and malware infection</li>
<li>Network monitoring and traffic analysis</li>
<li>Data recovery from disposed devices</li>
<li>Electronic surveillance and tracking</li>
</ul>
<p><strong>Physical Risks:</strong></p>
<ul>
<li>Device theft or seizure</li>
<li>Physical surveillance and tracking</li>
<li>Location compromise and raids</li>
<li>Evidence discovery and analysis</li>
</ul>
<p><strong>Human Risks:</strong></p>
<ul>
<li>Social engineering and manipulation</li>
<li>Infiltration and informant recruitment</li>
<li>Procedural violations and mistakes</li>
<li>Stress and pressure responses</li>
</ul>
<p><strong>Operational Risks:</strong></p>
<ul>
<li>Pattern analysis and behavioral profiling</li>
<li>Timing correlation and activity mapping</li>
<li>Resource allocation and logistics exposure</li>
<li>Emergency response and crisis management</li>
</ul>
<h3 id="risk-mitigation-strategies">Risk Mitigation Strategies</h3>
<p><strong>Preventive Measures:</strong></p>
<ul>
<li>Proactive security measures to prevent compromise</li>
<li>Training and awareness programs</li>
<li>Regular security assessments and updates</li>
<li>Redundant systems and backup procedures</li>
</ul>
<p><strong>Detective Measures:</strong></p>
<ul>
<li>Monitoring and alerting systems</li>
<li>Regular security audits and reviews</li>
<li>Incident detection and analysis</li>
<li>Behavioral anomaly detection</li>
</ul>
<p><strong>Corrective Measures:</strong></p>
<ul>
<li>Incident response and recovery procedures</li>
<li>Damage assessment and containment</li>
<li>System restoration and improvement</li>
<li>Lessons learned and process updates</li>
</ul>
<div class="warning-box">
<div class="warning-title">Operational Security Discipline</div>
<p>Operational security requires consistent discipline and attention to detail. A single procedural violation can compromise an entire operation and endanger all participants. All resistance practitioners must understand and consistently apply operational security principles.</p>
</div>
<h2 id="integration-with-other-parts">Integration with Other Parts</h2>
<p>Part III builds directly on the foundational principles from Part I and the communication systems from Part II:</p>
<ul>
<li><strong>Core Security Principles</strong> provide the theoretical foundation for all operational procedures</li>
<li><strong>Threat Assessment</strong> informs the selection and implementation of operational security measures</li>
<li><strong>Communication Systems</strong> require operational security procedures for secure implementation and use</li>
<li><strong>Advanced Operations</strong> (Part IV) depend on the operational security foundation established in Part III</li>
</ul>
<h2 id="getting-started">Getting Started</h2>
<h3 id="for-new-practitioners">For New Practitioners</h3>
<ol>
<li><strong>Begin with hardware security</strong> to establish a secure operational foundation</li>
<li><strong>Implement basic digital hygiene</strong> practices before engaging in resistance activities</li>
<li><strong>Study operational procedures</strong> thoroughly before participating in resistance operations</li>
<li><strong>Practice all procedures</strong> in safe environments before operational implementation</li>
</ol>
<h3 id="for-experienced-practitioners">For Experienced Practitioners</h3>
<ol>
<li><strong>Assess current operational security</strong> practices against the standards in this part</li>
<li><strong>Identify gaps and vulnerabilities</strong> in existing procedures and practices</li>
<li><strong>Implement improvements systematically</strong> with proper training and support</li>
<li><strong>Establish ongoing assessment</strong> and improvement procedures</li>
</ol>
<h3 id="for-network-leadership">For Network Leadership</h3>
<ol>
<li><strong>Develop comprehensive operational security</strong> policies and procedures</li>
<li><strong>Establish training programs</strong> for all operational security domains</li>
<li><strong>Implement assessment and compliance</strong> monitoring systems</li>
<li><strong>Plan for continuous improvement</strong> and adaptation to evolving threats</li>
</ol>
<div class="info-box">
<div class="info-title">Implementation Priority</div>
<p>Focus first on hardware security (Chapter 6) as the foundation for all other operational security measures. Secure hardware and operating systems are prerequisites for effective digital hygiene and operational procedures.</p>
</div>
<hr />
<p><strong>Ready to begin?</strong> Start with <a href="/chapters/chapter-6/">Chapter 6: Hardware and Infrastructure Security →</a></p>
<nav class="section-nav">
<a href="/chapters/chapter-5/" class="nav-link">
<span class="arrow"></span>
<span>Chapter 5: File Sharing</span>
</a>
<a href="/chapters/chapter-6/" class="nav-link">
<span>Chapter 6: Hardware Security</span>
<span class="arrow"></span>
</a>
</nav>
</main>
</div>
<footer class="footer">
<div class="container">
<div class="footer-content">
<div class="organization">Department of Internautics</div>
<div>Bureau of Decentralized Resistance</div>
<div>FM-R1 - Version 1.0 - 2025-08-28</div>
<div style="margin-top: 1rem;">
<a href="https://resist.is" target="_blank">resist.is</a> |
<a href="https://git.hacker.supply/Department_of_Internautics/field_guide" target="_blank">Source Code</a>
</div>
</div>
</div>
</footer>
<!-- JavaScript -->
<script src="/assets/js/main.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink