Operations security
- "OPSEC" redirects here. OPSEC may also refer to the 501(c)(4) group calling itself Special Operations OPSEC Education Fund.
Operations security (OPSEC) is a term originating in U.S. military jargon, as a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
Though the above statement is true in its official military format, OPSEC is the process of protecting little pieces of data that could be grouped together to give the bigger picture. OPSEC is the protecting of critical information deemed mission essential from military commanders. Protecting this critical information is through the use of email encryption software, being careful of who may be listening to you (like in a hotel bar), paying close attention to a picture you have taken (back ground), or not talking openly on social media sites about information on the unit's critical information list (military deployments, shortages of equipment or movement of VIPs).
In more modern usage, the term has come to have a similar meaning including protecting information from unfriendly eyes, including industrial espionage, hackers, law enforcement, social engineering, and (since the revelations of Edward Snowden) mass surveillance. It has been opined regarding highly adversarial environments that "If your secure communications platform isn’t being used by terrorists and pedophiles, you’re probably doing it wrong." [1]
Process
- Identification of Critical Information: Identifying information needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.
- Analysis of Threats: the research and analysis of intelligence, counterintelligence, and open source information to identify likely adversaries to a planned operation.
- Analysis of Vulnerabilities: examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action.
- Assessment of Risk: First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Second, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.
- Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.[2]
Uses
An OPSEC assessment is an intensive application of the OPSEC process to an existing operation or activity by a multidisciplinary team of experts. Assessments are essential for identifying requirements for additional OPSEC measures and for making necessary changes in existing OPSEC measures. Additionally, OPSEC planners, working closely with Public Affairs personnel, must develop the Essential Elements of Friendly Information (EEFI) used to preclude inadvertent public disclosure of critical or sensitive information.
Other measures that impact OPSEC
- Communications security (COMSEC)
- Counter-intelligence
- Information security (INFOSEC)
- Signal Security (SIGSEC)
- Transmission security (TRANSEC)
See also
Wikimedia Commons has media related to Anti-rumor propaganda. |
- For Official Use Only – FOUO
- Information security
- Intelligence cycle security
- Security
- Security Culture
- Sensitive but unclassified – SBU
- Social engineering
References
- ↑ the grugq. "Yardbird's Effective Usenet Tradecraft". grugq.github.io.
- ↑ "The OPSEC Process". The Operations Security Professional's Association. Retrieved April 12, 2011.
External links
- U.S. Government OPSEC site
- The OPSEC Professionals Society, Recognized OPSEC Certifications
- Purple Dragon, The Origin & Development of the United States OPSEC Program, NSA, 1993.
- Operations Security (JP 3-13.3) PDF U.S. DoD Operations Security Doctrine.
- "Bin Laden Trail 'Stone Cold'". Washington Post. September 10, 2006.
- "After a Decade at War With West, Al-Qaeda Still Impervious to Spies". Washington Post. March 20, 2008.
- Operations Security Professionals
- How to Conduct an OPSEC Assessment
- CISCO: Understanding Operational Security
- Bruce Schneier's "Schneier on Security" blog articles tagged "Operational Security"
- Top Ten Ways to Blow Your Operational Security (opsec security)