OPERATIONS SECURITY (OPSEC)

1
OPERATIONS SECURITY (OPSEC)
ANNUAL REFRESHER TRAINING
2
Following the terrorist attack on September 11,
2001 the President declared a national
emergency Secretary of Defense Donald Rumsfeld
cautioned on the importance of maintaining OPSEC
as DOD Forces take part in the world-wide
effort to defeat international terrorism
3
WHAT IS OPSEC ? - OPSEC is a critical component
of U.S. Military activities - a process where
one keeps routine indicators of one's
capabilities, actions, and plans masked and away
from prying eyes - Maintaining the operations
security of plans and gaining the fullest
possible surprise are essential to maintaining
freedom of action
4
THE ORIGIN OF OPSEC - There is nothing new about
the principles underlying OPSEC. In fact, we can
trace OPSEC practices back to the colonial days
and the Revolutionary War. George Washington, our
first president, was a known OPSEC practitioner.
General Washington was quoted as saying, "Even
minutiae should have a place in our collection,
for things of a seemingly trifling nature, when
enjoined with others of a more serious cast, may
lead to valuable conclusion."
5
THE ORIGIN OF OPSEC (con't) OPSEC, as a
methodology, originated during the Vietnam
conflict when a small group of individuals were
assigned the mission of finding out how the enemy
was obtaining advance information on certain
combat operations in Southeast Asia. This team
was established by the Commander -in-Chief,
Pacific, and given the code name "PURPLE DRAGON."
6
THE ORIGIN OF OPSEC (con't) It became
apparent to the team that although traditional
security and intelligence countermeasures
programs existed, reliance solely upon them was
insufficient to deny critical information to the
enemy--especially information and indicators
relating to intentions and capabilities. The
group conceived and developed the methodology of
analyzing U.S. operations from an adversarial
viewpoint to find out how the information was
obtained. The team then recommended corrective
actions to local commanders. They were successful
in what they did, and to name what they had done,
they coined the term "operations security."
7
THE INTELLIGENCE PUZZLE - Intelligence
collection and analysis is very much like
assembling a picture puzzle. - Intelligence
collectors are fully aware of the importance of
obtaining small bits of information (or "pieces"
of a puzzle) from many sources and assembling
them to form the overall picture. -
Intelligence collectors use numerous methods and
sources to develop pieces of the intelligence
puzzle . Their collection methods range from
sophisticated surveillance using highly technical
electronic methods to simple visual observation
of activities (these activities are referred to
as "indicators").
8
THE INTELLIGENCE PUZZLE (cont'd)
Information may be collected by - monitoring
radio and telephone or email conversations -
analyzing telephone directories, financial or
purchasing documents, position or "job"
announcements -travel documents, blueprints or
drawings, distribution lists, shipping and
receiving documents, even personal information or
items found in the unclassified trash.
9
PREMISE OF OPSEC The premise of OPSEC is that
the accumulation of one or more elements of
sensitive/unclassified information or data could
damage national security by revealing classified
information
GOAL OF OPSEC The goal of OPSEC, as a
"countermeasures" program, is to deny potential
adversaries information about capabilities and/or
intentions by identifying, controlling and
protecting generally unclassified evidence of the
planning and execution of sensitive activities  
10
OPSEC A 5 STEP PROCESS 1. IDENTIFICATION OF
CRITICAL INFORMATION TO BE PROTECTED. 2. THREAT
ANALYSIS 3. VULNERABILITY ASSESSMENT 4. RISK
ASSESSMENT 5. APPLICATION OF COUNTERMEASURES
11
1. IDENTIFICATION OF CRITICAL INFORMATION Basic
to the OPSEC process is determining what
information, if available to one or more
adversaries, would harm an organization's ability
to effectively carry out the operation or
activity. This critical information constitutes
the "core secrets" of the organization, i.e., the
few nuggets of information that are central to
the organization's mission or the specific
activity. Critical information usually is, or
should be, classified or least protected as
sensitive unclassified information.
Top Secret
Top Secret
12
2. ANALYSIS OF THREATS Knowing who the
adversaries are and what information they require
to meet their objectives is essential in
determining what information is truly critical to
an organization's mission effectiveness. In any
given situation, there is likely to be more than
one adversary and each may be interested in
different types of information. The adversary's
ability to collect, process, analyze, and use
information, i.e., the threat, must also be
determined.  
13
3. ANALYSIS OF VULNERABILITIES Determining
vulnerabilities involves analysis of how our
operations and or activities are conducted.
Activities must be viewed as the adversaries will
view it, thereby providing the basis for
understanding how a unit or organization really
operates and what are the true, rather than the
hypothetical, vulnerabilities.
14
4. ASSESSMENT OF RISKS Vulnerabilities and
specific threats must be matched. Where the
vulnerabilities are great and the adversary
threat is evident, the risk of adversary
exploitation is expected. Therefore, a high
priority for protection needs to be assigned and
corrective action taken. Where the vulnerability
is slight and the adversary has a marginal
collection capability, the priority should be
low.
15
5. APPLICATION OF COUNTERMEASURES Countermeasures
are developed to eliminate the vulnerabilities,
threats, or utility of the information to the
adversaries The possible countermeasures
should include alternatives that may vary in
effectiveness and feasibility Countermeasures
may include anything that is likely to work in a
particular situation
16
OPSEC A 5 STEP PROCESS 1. IDENTIFICATION OF
CRITICAL INFORMATION TO BE PROTECTED. 2. THREAT
ANALYSIS 3. VULNERABILITY ASSESSMENT 4. RISK
ASSESSMENT 5. APPLICATION OF COUNTERMEASURES
17
The 3 Laws of OPSEC 1. If you don't know the
threat, how do you know what to protect? 2. If
you don't know what to protect, how do you know
you are protecting it? 3. If you are not
protecting it. . . .the adversary wins!
18
The First Law of OPSEC If you don't know the
threat, how do you know what to protect? If
there were no threats to Military programs,
activities, facilities, personnel, or
information, there would be no need for gates,
access control procedures, access clearances, and
classification. However, DOD/DON recognizes that
threats do exist--although specific threats may
vary from site to site or program to program.
Military personnel must be aware of the actual
and postulated threats to our command and
mission. In any given situation, there is likely
to be more than one adversary, although each may
be interested in different information.
1
19
The Second Law of OPSEC If you don't know what
to protect, how do you know you are protecting
it? The "what" is the critical and sensitive,
or target, information that adversaries require
to meet their objectives.
2
20
The Third Law of OPSEC If you are not protecting
it (the critical and sensitive information), the
adversary wins! OPSEC vulnerability
assessments, can be conducted to determine
whether or not critical information is vulnerable
to exploitation. These assessments form a
critical analysis of "what we do" and "how we do
it" from the perspective of an adversary.
Internal procedures and information sources are
also used to determine whether there is an
inadvertent release of sensitive information.
3
21
OPSEC - AN ALL HANDS EVOLUTION Each of us must
take a look at our own behavior, here are a few
suggestions - exercise caution when discussing
work - pay close attention to where you are and
who may be listening - take care when talking on
the phone or using computer systems - the "door
of potential compromise" is opened every time an
non-secure phone line is in use inside a secure
area - only discuss classified information in
authorized spaces with those having both the
proper security clearance and "need to know"
22
REMEMBER ! - Even a seemingly benign piece of
information, whether it be verbal or written, can
be used by potential adversaries to target our
people. - The one piece of harmless
information you unwittingly give away could be
the piece that "completes the puzzle".
23
10 RULES OF OPSEC DONT 1. discuss future
destinations! 2. discuss future operations or
missions ! 3. discuss dates and times of
conducting an exercises ! 4. discuss readiness
issues or numbers ! 5. discuss specific training
equipment ! 6. discuss people's names and
billets in conjunction with operations ! 7.
speculate about future operations ! 8. spread
rumors about operations ! 9. assume the enemy is
not trying to collect information on you so he
can kill you, he is ! DO 10. be smart, and
always think OPSEC when using email, or phone, or
any other medium of INTEL transfer!
24
OPSEC IN SUMMARY A process designed to disrupt
or defeat the ability of foreign intelligence or
other adversaries to exploit sensitive military
activities or information and to prevent the
inadvertent disclosure of such information.
25
REFERENCES AND SOURCES - AR 530-1 -
http//www.nv.doe.gov/ - http//www.weaponeeronli
ne.com/ - http//www.13meu.usmc.mil/ -
http//www.peleliu.navy.mil/ -
http//www.smdc.army.mil/
26
OPERATIONS SECURITY (OPSEC)
2003 ANNUAL REFRESHER TRAINING
ANY QUESTIONS ?