Chapter 1: Core Security Principles
Chapter Overview
This chapter establishes the five fundamental principles that must guide all resistance security decisions. These principles, derived from decades of resistance experience and modern security research, provide the conceptual framework for evaluating threats, designing countermeasures, and making operational decisions under pressure.
Sections in this chapter:
- 1-1: Principle of Least Privilege
- 1-2: Need-to-Know Basis
- 1-3: Compartmentalization and Cell Structure
- 1-4: Zero Trust Verification
- 1-5: Metadata Minimization
Section 1-1: Principle of Least Privilege
Definition
The Principle of Least Privilege states that every person, process, and system should have access only to the minimum resources necessary to perform their legitimate function. In resistance operations, this means limiting access to information, tools, and capabilities to the smallest set required for operational effectiveness.
Application in Resistance Operations
Information Access
- Operational details are shared only with those who need them for their specific role
- Contact information is limited to direct operational relationships
- Strategic plans are known only to leadership and those implementing specific components
- Technical details are restricted to those responsible for implementation and maintenance
System Access
- Communication platforms grant access only to relevant channels and groups
- File repositories provide access only to documents needed for specific roles
- Administrative privileges are limited to the minimum number of trusted individuals
- Backup systems are accessible only to designated recovery personnel
Physical Access
- Meeting locations are known only to attendees and necessary support personnel
- Safe houses are accessed only by those with operational need
- Equipment storage is limited to those responsible for specific tools or supplies
- Document storage is restricted to those who create, maintain, or use specific materials
Implementation Guidelines
DO
- Regularly review and audit access permissions
- Remove access immediately when roles change
- Document access decisions and their justifications
- Use role-based access control when possible
- Implement time-limited access for temporary needs
DON'T
- Grant access "just in case" it might be needed
- Share credentials or allow access sharing
- Assume that trust equals need for access
- Delay removing access when it's no longer needed
- Grant broad access to avoid managing specific permissions
Common Violations and Consequences
Violation: Sharing operational plans with all cell members regardless of their role Consequence: Compromise of one member leads to exposure of entire operation
Violation: Using shared accounts for multiple purposes Consequence: Inability to track access or revoke permissions for specific individuals
Violation: Granting administrative access to avoid permission requests Consequence: Accidental or malicious damage to critical systems
Section 1-2: Need-to-Know Basis
Definition
Need-to-Know is an information security principle that restricts access to sensitive information to only those individuals who require it to perform their duties. Unlike Least Privilege, which focuses on access controls, Need-to-Know addresses the content and scope of information sharing.
Information Classification
Operational Classifications
CRITICAL - Information whose compromise would cause immediate operational failure
- Real names and personal details of participants
- Specific operational plans and timelines
- Location and access details for safe houses
- Technical vulnerabilities and exploitation methods
SENSITIVE - Information whose compromise would significantly impact operations
- Communication protocols and procedures
- General operational capabilities and resources
- Training materials and educational content
- Historical operational data and lessons learned
RESTRICTED - Information whose compromise would cause limited damage
- General security guidelines and best practices
- Public-facing materials and propaganda
- Non-sensitive logistical information
- Educational resources available from public sources
UNCLASSIFIED - Information that can be shared without operational impact
- Publicly available tools and software
- General security awareness materials
- Historical information about resistance movements
- Legal and political analysis available from public sources
Information Sharing Protocols
Vertical Information Flow
- Upward reporting includes only information necessary for decision-making
- Downward direction provides only information necessary for task execution
- Status updates focus on operational requirements rather than comprehensive briefings
- Emergency communications may temporarily bypass normal restrictions
Horizontal Information Flow
- Peer coordination shares only information necessary for joint operations
- Cross-cell communication is limited to specific operational requirements
- Resource sharing includes only information necessary for effective utilization
- Mutual support provides assistance without unnecessary information disclosure
Implementation in Practice
Meeting Protocols
Before sharing information in any meeting:
1. Identify who needs this specific information
2. Determine the minimum detail level required
3. Consider whether the information can be compartmentalized
4. Verify that all attendees have operational need for the information
5. Document what was shared and with whom
Communication Guidelines
- Use coded language for sensitive topics even in secure channels
- Separate conversations by topic and participant need
- Time-limit access to sensitive information when possible
- Verify recipient identity before sharing sensitive information
The natural human tendency is to share information to build trust and demonstrate competence. In resistance operations, this tendency must be consciously overcome. Information discipline requires constant vigilance and may feel antisocial, but it is essential for operational security.
Section 1-3: Compartmentalization and Cell Structure
Definition
Compartmentalization is the practice of isolating information, people, and operations into discrete units (cells) that can function independently and have limited knowledge of other units. This structure prevents the compromise of one element from cascading through the entire organization.
Cell Structure Design
Basic Cell Characteristics
- Size limitation: 3-7 members for optimal security and effectiveness
- Functional focus: Each cell has a specific operational purpose
- Limited connectivity: Minimal connections to other cells
- Independent capability: Can operate without external support for extended periods
- Redundant skills: Multiple members can perform critical functions
Cell Types
Operational Cells
- Execute specific resistance activities
- Have detailed knowledge of their operations only
- Receive direction through secure channels
- Report results through established protocols
Support Cells
- Provide specialized services (technical, logistical, financial)
- Have broad knowledge of capabilities but limited operational details
- Serve multiple operational cells without knowing their specific activities
- Maintain strict separation between different support functions
Communication Cells
- Facilitate secure communication between other cells
- Know communication protocols but not operational content
- Provide technical infrastructure and training
- Maintain multiple redundant communication channels
Leadership Cells
- Coordinate strategic direction and resource allocation
- Have broad operational awareness but limited tactical details
- Make decisions based on summarized reports rather than raw intelligence
- Maintain multiple independent communication channels
Inter-Cell Communication
Communication Protocols
- Scheduled contacts at predetermined intervals
- Emergency procedures for urgent communication needs
- Authentication methods to verify identity and message integrity
- Fallback procedures when primary communication channels fail
Information Flow Management
Standard Communication Flow:
Operational Cell → Support Cell → Leadership Cell
Emergency Communication Flow:
Any Cell → Emergency Contact → Leadership Cell
Cross-Cell Coordination:
Cell A → Leadership Cell → Cell B
(Direct cell-to-cell communication only for specific authorized operations)
Security Measures
- Unique communication methods for each cell relationship
- Time-delayed communication to prevent real-time tracking
- Multiple authentication factors for sensitive communications
- Regular communication schedule changes to prevent pattern analysis
Compromise Response
Isolation Procedures
When a cell is compromised:
- Immediate isolation - Cut all communication with compromised cell
- Damage assessment - Determine what information was exposed
- Notification protocol - Alert affected cells through secure channels
- Operational adjustment - Modify plans based on exposed information
- Recovery planning - Develop procedures for reconstituting capabilities
Continuity Planning
- Redundant capabilities across multiple cells
- Succession planning for key roles and functions
- Resource distribution to prevent single points of failure
- Alternative communication channels for emergency coordination
Effective compartmentalization requires strict discipline from all participants. The temptation to share information across cell boundaries for efficiency or social reasons must be resisted. Remember: the inconvenience of compartmentalization is far less than the consequences of cascade compromise.
Section 1-4: Zero Trust Verification
Definition
Zero Trust is a security model that assumes no user, device, or communication can be trusted by default, even if they are inside the organization’s network or have been previously verified. Every access request must be authenticated, authorized, and continuously validated.
Core Zero Trust Principles
Never Trust, Always Verify
- Identity verification required for every access request
- Device authentication before allowing network access
- Continuous monitoring of user and system behavior
- Regular re-authentication for ongoing access
Assume Breach
- Design systems to function even when partially compromised
- Limit blast radius of any potential compromise
- Monitor for indicators of compromise continuously
- Plan response procedures for various compromise scenarios
Verify Explicitly
- Multi-factor authentication for all sensitive access
- Behavioral analysis to detect anomalous activity
- Contextual verification based on location, time, and access patterns
- Cryptographic verification of message and file integrity
Implementation in Resistance Operations
Identity Verification
Standard Verification Process:
1. Something you know (password, passphrase, coded response)
2. Something you have (device, token, physical key)
3. Something you are (biometric, behavioral pattern)
4. Somewhere you are (location verification, network analysis)
5. Someone you know (trusted introducer, mutual contact)
Communication Verification
- Message authentication codes to verify sender identity
- Forward secrecy to limit damage from key compromise
- Out-of-band verification for critical communications
- Regular key rotation to limit exposure windows
Device Trust
- Device registration and authentication before network access
- Regular security updates and vulnerability patching
- Behavioral monitoring for signs of compromise
- Remote wipe capabilities for lost or stolen devices
Network Segmentation
- Micro-segmentation to limit lateral movement
- Encrypted communications for all network traffic
- Access logging and monitoring for all network activity
- Regular network topology changes to prevent mapping
Continuous Verification
Behavioral Monitoring
- Baseline establishment for normal user behavior
- Anomaly detection for unusual access patterns
- Risk scoring based on multiple behavioral factors
- Adaptive authentication based on risk assessment
Regular Re-authentication
- Time-based re-authentication for ongoing access
- Activity-based verification for sensitive operations
- Location-based challenges for access from new locations
- Privilege escalation verification for administrative functions
Zero Trust may seem paranoid, but it reflects the reality of operating in a hostile environment where compromise is not a matter of if, but when. The goal is not to prevent all compromise, but to limit its impact and maintain operational capability even under adverse conditions.
Section 1-5: Metadata Minimization
Definition
Metadata is “data about data” - information that describes the characteristics of communications and activities without revealing their content. In resistance operations, metadata analysis can reveal operational patterns, network structures, and behavioral indicators even when all content is encrypted.
Types of Metadata
Communication Metadata
- Sender and recipient identities and addresses
- Timestamps of message creation, transmission, and receipt
- Message size and format information
- Routing information including intermediate servers and networks
- Device information including hardware and software details
Location Metadata
- GPS coordinates from mobile devices and applications
- Network location data from Wi-Fi and cellular connections
- Movement patterns derived from sequential location data
- Association patterns based on co-location with other devices
Behavioral Metadata
- Usage patterns including timing and frequency of activities
- Application usage and feature utilization patterns
- Network traffic patterns including volume and timing
- Device interaction patterns including typing and usage behaviors
Financial Metadata
- Transaction timing and frequency patterns
- Payment methods and account relationships
- Geographic patterns of financial activity
- Association patterns with other financial accounts
Metadata Analysis Capabilities
Pattern Recognition
Modern data analysis can identify:
- Communication networks and hierarchical structures
- Operational cycles and planning timelines
- Geographic patterns and safe house locations
- Behavioral signatures unique to specific individuals
Predictive Analysis
Metadata can be used to:
- Predict future activities based on historical patterns
- Identify key individuals based on network centrality
- Detect operational planning through communication pattern changes
- Locate physical meetings through device co-location analysis
Minimization Strategies
Communication Minimization
DO
- Use different communication methods for different purposes
- Vary timing and frequency of communications
- Use intermediary systems to break direct connections
- Employ time-delayed communication when possible
- Use broadcast methods for one-to-many communication
DON'T
- Use the same communication channel for all purposes
- Maintain regular communication schedules
- Allow direct communication between all network members
- Use personal devices for resistance communications
- Ignore the metadata implications of communication choices
Location Minimization
- Disable location services on all devices used for resistance activities
- Use public Wi-Fi from locations unconnected to your identity
- Vary locations for different types of activities
- Avoid patterns in movement and location choices
- Use transportation methods that don’t create digital records
Temporal Minimization
- Randomize timing of communications and activities
- Use time delays to break real-time correlation
- Avoid regular schedules that create predictable patterns
- Coordinate timing to create false patterns when beneficial
- Use automated systems to decouple activity timing from human schedules
Technical Minimization
Technical Metadata Reduction:
1. Use Tor or similar anonymization networks
2. Employ VPNs with no-logging policies
3. Use disposable email addresses and accounts
4. Regularly change device identifiers when possible
5. Use different devices for different operational purposes
Metadata-Aware Operational Planning
Communication Planning
- Map metadata exposure for all planned communications
- Design communication flows to minimize revealing patterns
- Plan for metadata analysis by adversaries
- Develop cover stories for unavoidable metadata patterns
Activity Planning
- Consider metadata implications of all operational activities
- Design operations to create misleading metadata when possible
- Plan timing to minimize correlation opportunities
- Coordinate activities to distribute metadata across multiple participants
Effective metadata minimization requires thinking about the digital traces of every action before taking it. This becomes second nature with practice, but initially requires conscious effort and planning. The investment in metadata discipline pays dividends in operational security and longevity.
Chapter Summary
The five core security principles covered in this chapter provide the foundation for all resistance security operations:
- Least Privilege limits access to the minimum necessary for operational effectiveness
- Need-to-Know restricts information sharing to operational requirements
- Compartmentalization isolates operations to prevent cascade compromise
- Zero Trust assumes compromise and requires continuous verification
- Metadata Minimization reduces digital traces that reveal operational patterns
These principles must be applied consistently across all aspects of resistance operations, from technical tool selection to operational planning to daily security practices. They are not merely guidelines but operational requirements for survival in a hostile environment.
Integration and Balance
While each principle is important individually, their real power comes from integrated application. Effective resistance security requires balancing these principles against operational requirements and human limitations. Perfect adherence to all principles simultaneously may be impossible, but conscious application of each principle to every security decision will dramatically improve operational security.
Next Steps
Chapter 2 builds on these foundational principles by providing systematic approaches to threat assessment and operational environment analysis. Understanding these principles is essential preparation for the practical threat modeling exercises that follow.
Next: Chapter 2: Threat Assessment and Operational Environment →