Hi Folks!
 



As the OPSEC manager, I felt that this was necessary to post. I know, this is quite lengthy, but this is very important information that everyone needs to understand, including all military personel, from all branches of the service, from all countries. Please take note, I am only one person, OPSEC is not just my responsibility. It is EVERYONE'S. Please, if you find something on the site that you feel violates OPSEC, then bring it to the attention of myself, or a staff member immediately so we can deal with the issue ASAP. You know the saying, "Loose Lips May Sink Ships", there is also a new one, "Careless Keystrokes Can Kill"
 



This information came from Fort Monmouth, NJ
 



*An OPSEC Primer*
 



In a world that increasingly measures national power and national security in economic terms as well as military terms, many foreign intelligence services are shifting targeting emphasis. We need to be aware that foreign intelligence and foreign competitors may attempt to collect information pertaining to our activities and technology for their own benefit. It is essential that we protect our critical and sensitive information from inadvertent compromise (i.e., disclosure).
 



Concerns over the inadvertent compromise of sensitive or classified U.S. Government activities, capabilities, and intentions led to the development of National Security Decision Directive (NSDD) 298 establishing a National Operations Security (OPSEC) Program. NSDD 298 creates a national OPSEC structure and requires each Executive Department and Agency, assigned or supporting national security missions with classified or sensitive activities, to establish an OPSEC program.
 



*What is OPSEC?*
 



The Intelligence Puzzle
 



Intelligence collection and analysis is very much like assembling a picture puzzle. Intelligence collectors are fully aware of the importance of obtaining small bits of information (or "pieces" of a puzzle) from many sources and assembling them to form the overall picture.
 



Intelligence collectors use numerous methods and sources to develop pieces of the intelligence puzzle . . .their collection methods range from sophisticated surveillance using highly technical electronic methods to simple visual observation of activities (these activities are referred to as "indicators").
 



Information may be collected by monitoring radio and telephone conversations, analyzing telephone directories, financial or purchasing documents, position or "job" announcements, travel documents, blueprints or drawings, distribution lists, shipping and receiving documents, even personal information or items found in the unclassified trash.
 



The Premise of OPSEC The premise of OPSEC is that the accumulation of one or more elements of sensitive/unclassified information or data could damage national security by revealing classified information.
 



*The Goal of OPSEC*
 



The goal of OPSEC, as a "countermeasures" program, is to deny an adversary pieces of the intelligence puzzle.
 



*Sensitive Activities*
 



Sensitive activities" refers to classified and unclassified operations, inquiries, investigations, tests, research, training, exercises, and other functions the disclosure of which could reasonably be expected to adversely affect national security objectives (if a piece of the "intelligence puzzle" is an item of information that is not itself classified, when assembled, could an adversary discover a classified or sensitive unclassified program, activity, or project?).
 



*The Origin of OPSEC*
 



There is nothing new about the principles underlying OPSEC. In fact, we can trace OPSEC practices back to the colonial days and the Revolutionary War.
 



George Washington, our first president, was a known OPSEC practitioner. General Washington was quoted as saying, "Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion."
 



However, OPSEC, as a methodology, originated during the Vietnam conflict when a small group of individuals were assigned the mission of finding out how the enemy was obtaining advance information on certain combat operations in Southeast Asia. This team was established by the Commander-in-Chief, Pacific, and given the code name "PURPLE DRAGON."
 



It became apparent to the team that although traditional security and intelligence countermeasures programs existed, reliance solely upon them was insufficient to deny critical information to the enemy--especially information and indicators relating to intentions and capabilities. The group conceived and developed the methodology of analyzing U.S. operations from an adversarial viewpoint to find out how the information was obtained.
 



The team then recommended corrective actions to local commanders. They were successful in what they did, and to name what they had done, they coined the term "operations security."
 



*OPSEC and Government Activities*
 



Over the years it became increasingly apparent that OPSEC had uses in virtually every government program that needed to protect information to ensure program effectiveness. OPSEC professionals modified and improved techniques based on experience gained with many different organizations and in areas far afield from military combat operations.
 



Today, OPSEC is as equally applicable to an administrative or research and development activity as it is to a combat operation. If OPSEC is not integrated into sensitive and classified activities, chances are that our adversaries will acquire significant information about our capabilities and limitations.
 



It probably would have been difficult for the "Purple Dragon" team to foresee that, 20 years later, the methodology they developed would become a national program.
 



*OPSEC at Home*
 



You have probably been practicing OPSEC in your personal life without knowing it! When you are getting ready to go on a trip have you ever:
 



Stopped the delivery of the newspaper so that they would not pile up outside and send a signal that you are not home?
 



Asked your neighbor to pick up your mail so the mailbox would not fill up, also indicating that you are away?
 



Connected your porch lights and inside lights to a timer so they would go on at preset times to make it look like someone is home?
 



Left a vehicle parked in the driveway?
 



Connected a radio to a timer so that it comes on at various times to make it sound like that someone is inside?
 



Well, guess what you did? You practiced OPSEC!
 



The critical information here is obvious - we do not want anyone to know the house is unoccupied. None of the actions (countermeasures) listed above directly conceal the fact that your residence is unoccupied. A newspaper on the lawn or driveway does not necessarily mean no one is at home. Newspapers in the yard or driveway are only an indicator to the adversary. That indicator, combined with other indicators, (no internal lights at night, mail stuffed in the mailbox, etc.) will provide the adversary with the information needed to reach a conclusion with an acceptable level of confidence. In this case, the more indicators that the adversary is able to observe, the greater the level of confidence in his/her conclusion. When you eliminate these indicators, you have a much better chance of ensuring that your home is not burglarized while you are away.
 



The same holds true at your place of work. We must protect our critical information and eliminate indicators available to the adversary.
 



*The Five-Step OPSEC Process*
 



OPSEC is a five-step process:
 



*Identification of the critical information to be protected

*Analysis of the threats

*Analysis of the vulnerabilities

*Assessment of the risks

*Application of the countermeasures
 



The OPSEC process must be tailored to the specific organization and activity being analyzed. Most importantly, the process is a cycle where, after countermeasures are implemented, evaluation must continue.
 



*Identification of Critical Information*
 



Basic to the OPSEC process is determining what information, if available to one or more adversaries, would harm an organization's ability to effectively carry out the operation or activity. This critical information constitutes the "core secrets" of the organization, i.e., the few nuggets of information that are central to the organization's mission or the specific activity. Critical information usually is, or should be, classified or least protected as sensitive unclassified information.
 



*Analysis of Threats*
 





Knowing who the adversaries are and what information they require to meet their objectives is essential in determining what information is truly critical to an organization's mission effectiveness. In any given situation, there is likely to be more than one adversary and each may be interested in different types of information. The adversary's ability to collect, process, analyze, and use information, i.e., the threat, must also be determined.
 





The Dragon represents the Adversary
 





*Analysis of the Vulnerabilities*
 





Determining the organization's vulnerabilities involves systems analysis of how the operation or activity is actually conducted by the organization. The organization and the activity must be viewed as the adversaries will view it, thereby providing the basis for understanding how the organization really operates and what are the true, rather than the hypothetical, vulnerabilities.
 



*Assessment of Risks*
 



Vulnerabilities and specific threats must be matched. Where the vulnerabilities are great and the adversary threat is evident, the risk of adversary exploitation is expected. Therefore, a high priority for protection needs to be assigned and corrective action taken. Where the vulnerability is slight and the adversary has a marginal collection capability, the priority should be low.
 



*Application of the Countermeasures*
 



Countermeasures need to be developed that eliminate the vulnerabilities, threats, or utility of the information to the adversaries. The possible countermeasures should include alternatives that may vary in effectiveness, feasibility, and cost. Countermeasures may include anything that is likely to work in a particular situation. The decision of whether to implement countermeasures must be based on cost/benefit analysis and an evaluation of the overall program objectives.
 



*Understanding the OPSEC Process*
 



In order to provide a more simplified understanding of the OPSEC process, you must know the basic fundamentals:
 



*Understanding the threat*
 



Identifying what information is to be protected

Protecting information from exploitation
 





*The Laws of OPSEC*
 



If you don't know the threat, how do you know what to protect?
 



If you don't know what to protect, how do you know you are protecting it?
 



If you are not protecting it. . . .the adversary (dragon) wins!
 



**The First Law of OPSEC**
 





If you don't know the threat, how do you know what to protect? If there were no threats to DoD programs, activities, facilities, personnel, or information, there would be no need for gates, access control procedures, security clearances, and classification. However, DoD recognizes that threats do exist--although specific threats may vary from site to site or program to program. Employees must be aware of the actual and postulated threats to DoD. In any given situation, there is likely to be more than one adversary, although each may be interested in different information.
 



**The Second Law of OPSEC**
 



If you don't know what to protect, how do you know you are protecting it? The "what" is the critical and sensitive, or target, information that adversaries require to meet their objectives.
 



**The Third Law of OPSEC**
 



If you are not protecting it (the critical and sensitive information), the adversary (dragon) wins! OPSEC vulnerability assessments, (referred to as "OPSEC assessments" - OA's - or sometimes as "Surveys") are conducted to determine whether or not critical information is vulnerable to exploitation. An OA is a critical analysis of "what we do" and "how we do it" from the perspective of an adversary. Internal procedures and information sources are also reviewed to determine whether there is an inadvertent release of sensitive information.
 



If, as a result of an OA, it is determined that one or more Essential Elements of Friendly Information(EEFI), are exploitable by an adversary, the assessment has identified an OPSEC "concern" or "vulnerability." Once an OPSEC concern or vulnerability is identified, countermeasures must be developed and implemented to protect the information from exploitation, or at least to make the collection capability more difficult for the adversary.
 



Also as an addendum to below, There are a lot of Surveys being circulated. BE CAREFUL. The answers you give may seem trivial, but in the bigger sense, a lot of info SHOULDN'T be given in a public domain(For Their Safety)...Doc Killian

OPSEC = OPerational SECurity. You never know who is reading your bulletins or comments (or messages, for that matter).

During World War II, the saying was "Loose Lips Sink Ships", and that's still true, especially in the Internet Age.

Today, we also face the prospect of identity theft, the precautions below help to address some of that. To combat identity theft, never release your name + SSN + DOB. That's all the information needed to open an account in your name, and surprise, you've a clone now.

Back to OPSEC - it is no secret that bad people out there want to hurt our troops. Please be mindful of what you say so that you don't inadvertently help to make that happen.

The KGB used to reassemble shredded documents - the potential for gaining OPSEC justified the time and the cost. Today's conflicts are more openly deadly, and OPSEC remains as important as it ever was.




 



~~~~~~~~~~~~~~~






I have noticed more often than not people posting dates, maybe not exact, but for example in X months and will be gone for X months. Myspace has such a vast array of people that it's important to remember the safety our those that are deployed or who will deploy, or even when they are returning! Terrorist can use this information to plan their attacks. Below are the OPSEC rules we use at HOOAH!!!! Radio, please review them and pass this on, we want to keep our men and women and the USA safe!!

OPerational SECurity is very important to understand when dealing with the government. OPSEC helps to protect classified and unclassified information that our government has. It Is very important for everyone to understand. There are many key points of OPSEC that will be pointed out below in this briefing.

For us it is important to keep the information of the military person we know safe. In the wrong hands, the unclassified information YOU possess could cause potentially grave harm to the United States or your military service member.

What is the Threat?

The threat is harm to the United States or your military service member. If there were no threats, there would be no reason to protect anything. These threats are what your men and woman are fighting against.

What are you protecting?

Any and all unclassified/classified information. Hopefully if you do not possess a security clearance, you do not know any classified information. But all informations need to remain safe.

..

Last names.
All Dates (Returning/Leaving/R&R;, etc.)
Exact Unit numbers or Unit Names.
Exact locations (Bases, Posts, Forts, Ports)
Addresses, email, phone numbers.

All information Trusted to You should remain in your brain, do not SHARE this information. If it's questionable as to whether or not you should say the information, ask a Station Manager/Station Owner or keep it to yourself.

Need To Know

Need to know is an important concept to understand. Stop, think and decide whether or not another person needs to know this information. Does Person A need to know Private John's last name? In most cases NO! Addresses, phone numbers, email addresses, dates, unit numbers, locations or bases/ports etc., and all other "sensitive" information are all examples of things "strangers" do not need to know.

Even between two people who hold a Top Secret security clearance. One person may not tell the other a classified number if that person does not have a need to know.

Before you give away any information to another person, decide if they have the need to know. This is a very important concept.

Basic OPSEC Countermeasures
Properly destroy sensitive information.
Avoid posting or displaying sensitive information.
Do not leave laptop computers unattended in public places.
Be aware of the threats.
Know how information is gathered.
Know what information requires protection.
Know what you can do to protect the information.

..

Sensitive information can be anything. Usually sensitive information is any place of unclassified (or classified) information that can help the enemy put the missing pieces of the puzzle together. Sensitive information can be anything from a last name to a bank account number. Be practicing need to know, you should be effective in minimizing the amount of sensitive information you give out. The most important concepts is to stay aware of the information you know, and be sure that you keep it safe.

The Intelligence Puzzle

When the enemy collects enough sensitive UNCLASSIFIED information he may be able to find out what the big picture is. With enough unclassified information, it is significantly easier to piece together what the CLASSIFIED information would be. This is a huge security risk.

OPSEC is so much more than this, but this is a general idea of it. Please check out the link below for more information. OPSEC is a great tool that we all use, but should be more aware of, especially when our country could be at stake.