Operations Security (OPSEC)

301-371-1050

Introduction

Standard Application Objectives Regulations and Guidance OPSEC Definition Indicators Definition Identify Threat Capabilities The OPSEC Process Define OPSEC Review, Assessment, and Survey

Standard

Implement OPSEC measures based on unit indicators and vulnerabilities; protect unit essential elements of friendly information against threat collection efforts and prevented compromise. .

Application

Operations security awareness and execution is crucial to Army success. OPSEC is applicable to all personnel and all Army missions and supporting activities on a daily basis.

Objectives

• Understand the OPSEC concept, process, and analytical methodology

• Apply OPSEC to establish and maintain Essential Secrecy concerning Command Capabilities, Intentions and Activities

• Define OPSEC review, assessment, & survey

Regulations & Guidance

Operations Security is a national program. Regulatory guidance for OPSEC is contained

in: NSDD 298 DOD Dir 5205.2 CJCS Inst 3213.01 and JOPES CJCS MOP 30 AR 530-1

OPSEC Definition

OPSEC is a process of analyzing friendly actions pursuant to military operations and other activities to—

1. Identify those friendly actions that can be observed by the threat.

2. Determine indicators that the threat might obtain that could be interpreted or pieced together to derive critical information in time to be useful.

3. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to the threat exploitation.

Indicators - Definition

Indicators are data derived from open sources or from detectable actions that the threat can piece together or interpret to reach conclusions or official estimates concerning friendly intentions, capabilities, or activities. They are also activities that result from military operations.

3 Types of Indicators

1. Profile - show how activities are normally conducted. Profiles are developed by looking at all aspects of friendly operations from the viewpoint of the threat.

2. Deviation - highlight contrasts to normal activity, help the threat gain appreciation about intentions, preparations, time, and place.

3. Tip-Off - draws attention to information that otherwise might pass unnoticed.

Identify Threat Capabilities

The threat consists of multiple and overlapping collection efforts targeted against all sources of Army information.

The OPSEC process

1. Identify Critical Information2. Threat Analysis3. Vulnerability Analysis 4. Risk Assessment 5. Implement OPSEC Countermeasures

1. Identify Critical Information

Determine what needs protection Identify critical information in a variety of

situations (ask “If known by the threat, what would be the mission impact”

Identify friendly force profiles Avoid setting patterns

Critical Information can be......

Information or data Comm, Verbal, Printed, Non-Verbal,

Detectable & Observable Activities An activity, event or operation

Logistics, Movement, Training & Testing Classified or unclassified

Anything that could hinder or prevent mission accomplishment

Facts about our protective measures

The Essential Elements of Friendly Information (EEFI)

“What key questions about friendly intentions and military capabilities are likely to be asked by adversary officials and intelligence systems”

Answers to the EEFI are critical information EXAMPLE: What specific network security

procedures are used by the command? Anything that will answer this question is

critical information

2. Analysis of Threat

Identify OPSEC vulnerabilities. Identify OPSEC indicators.

Threat Characteristics

Capabilities Motivation Intent History of Action (Probability)

Information Collection

All nations collect Groups collect All sources are exploited Increasing collection sophistication Increasing collection capability

Increasing lethality is the result

How is the information collected? It is Multi-disciplined.

HUMINT (Human Intelligence) SIGINT (Signals Intelligence) IMINT (Imagery Intelligence) MASINT (Measurement and

Signatures Intelligence) OSINT (Open Source)

3. Vulnerability Analysis

Identify and discuss Indicators Identify and discuss vulnerabilities Describe the elements of a

vulnerability

Vulnerabilities

Visualize the Operation Identify Critical Information &

location in your operation/systems

Compare threat capabilities to Critical Information

Select Possible Protective Measures

Action Control - Indicator Countermeasures - Collection System Counter Analysis - Analyst

4. Risk Assessment

Understand the concept of risk. Assess the degree of risk. Understand the difference between

Risk management vice risk avoidance

Concept

RISK

Assets

Threats

Vulnerabilities

Process

AssessAssets

AssessThreat

AssessVulnerabilities

AssessRisks

Determine Countermeasure

Options

Cost Analysis

Benefit Analysis

THE COMMANDER CONSIDERS...

Mission Accomplishment Combat Effectiveness Effectiveness vs Efficiency

•Cannot avoid all risksCannot avoid all risks•Military activities have inherent risksMilitary activities have inherent risks•Must manage the risks that cannot be avoidedMust manage the risks that cannot be avoided

•Cannot avoid all risksCannot avoid all risks•Military activities have inherent risksMilitary activities have inherent risks•Must manage the risks that cannot be avoidedMust manage the risks that cannot be avoided

5. Implement OPSEC Measures

Identify means to implement countermeasures

Evaluate the effectiveness of OPSEC program

Orders Annexes Plans The Commander

OPSEC is Implemented via...

OPSEC Review, Assessment, and Survey

OPSEC Review

OPSEC review is an evaluation of a document to ensure protection of sensitive or critical information.

OPSEC Assessment

OPSEC assessment is an analysis of an operation, activity, exercise, or support function to determine the overall OPSEC posture and to evaluate the degree of compliance of subordinate organizations with the published OPSEC plan or OPSEC program.

OPSEC Survey

OPSEC survey is a method to determine if there is adequate protection of critical information during planning, preparations, execution, and post-execution phases of any operation or activity. It analyzes all associated functions to identify sources of information, what they disclose, and what can be derived from the information.

REMAIN ALERT

Summary Standard Application Objectives Regulations and Guidance OPSEC Definition Indicators Definition Identify Threat Capabilities The OPSEC Process Define OPSEC Review, Assessment, and Survey