Post on 11-Jan-2016
Operations Security (OPSEC)
301-371-1050
Introduction
Standard Application Objectives Regulations and Guidance OPSEC Definition Indicators Definition Identify Threat Capabilities The OPSEC Process Define OPSEC Review, Assessment, and Survey
Standard
Implement OPSEC measures based on unit indicators and vulnerabilities; protect unit essential elements of friendly information against threat collection efforts and prevented compromise. .
Application
Operations security awareness and execution is crucial to Army success. OPSEC is applicable to all personnel and all Army missions and supporting activities on a daily basis.
Objectives
• Understand the OPSEC concept, process, and analytical methodology
• Apply OPSEC to establish and maintain Essential Secrecy concerning Command Capabilities, Intentions and Activities
• Define OPSEC review, assessment, & survey
Regulations & Guidance
Operations Security is a national program. Regulatory guidance for OPSEC is contained
in: NSDD 298 DOD Dir 5205.2 CJCS Inst 3213.01 and JOPES CJCS MOP 30 AR 530-1
OPSEC Definition
OPSEC is a process of analyzing friendly actions pursuant to military operations and other activities to—
1. Identify those friendly actions that can be observed by the threat.
2. Determine indicators that the threat might obtain that could be interpreted or pieced together to derive critical information in time to be useful.
3. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to the threat exploitation.
Indicators - Definition
Indicators are data derived from open sources or from detectable actions that the threat can piece together or interpret to reach conclusions or official estimates concerning friendly intentions, capabilities, or activities. They are also activities that result from military operations.
3 Types of Indicators
1. Profile - show how activities are normally conducted. Profiles are developed by looking at all aspects of friendly operations from the viewpoint of the threat.
2. Deviation - highlight contrasts to normal activity, help the threat gain appreciation about intentions, preparations, time, and place.
3. Tip-Off - draws attention to information that otherwise might pass unnoticed.
Identify Threat Capabilities
The threat consists of multiple and overlapping collection efforts targeted against all sources of Army information.
The OPSEC process
1. Identify Critical Information2. Threat Analysis3. Vulnerability Analysis 4. Risk Assessment 5. Implement OPSEC Countermeasures
1. Identify Critical Information
Determine what needs protection Identify critical information in a variety of
situations (ask “If known by the threat, what would be the mission impact”
Identify friendly force profiles Avoid setting patterns
Critical Information can be......
Information or data Comm, Verbal, Printed, Non-Verbal,
Detectable & Observable Activities An activity, event or operation
Logistics, Movement, Training & Testing Classified or unclassified
Anything that could hinder or prevent mission accomplishment
Facts about our protective measures
The Essential Elements of Friendly Information (EEFI)
“What key questions about friendly intentions and military capabilities are likely to be asked by adversary officials and intelligence systems”
Answers to the EEFI are critical information EXAMPLE: What specific network security
procedures are used by the command? Anything that will answer this question is
critical information
2. Analysis of Threat
Identify OPSEC vulnerabilities. Identify OPSEC indicators.
Threat Characteristics
Capabilities Motivation Intent History of Action (Probability)
Information Collection
All nations collect Groups collect All sources are exploited Increasing collection sophistication Increasing collection capability
Increasing lethality is the result
How is the information collected? It is Multi-disciplined.
HUMINT (Human Intelligence) SIGINT (Signals Intelligence) IMINT (Imagery Intelligence) MASINT (Measurement and
Signatures Intelligence) OSINT (Open Source)
3. Vulnerability Analysis
Identify and discuss Indicators Identify and discuss vulnerabilities Describe the elements of a
vulnerability
Vulnerabilities
Visualize the Operation Identify Critical Information &
location in your operation/systems
Compare threat capabilities to Critical Information
Select Possible Protective Measures
Action Control - Indicator Countermeasures - Collection System Counter Analysis - Analyst
4. Risk Assessment
Understand the concept of risk. Assess the degree of risk. Understand the difference between
Risk management vice risk avoidance
Concept
RISK
Assets
Threats
Vulnerabilities
Process
AssessAssets
AssessThreat
AssessVulnerabilities
AssessRisks
Determine Countermeasure
Options
Cost Analysis
Benefit Analysis
THE COMMANDER CONSIDERS...
Mission Accomplishment Combat Effectiveness Effectiveness vs Efficiency
•Cannot avoid all risksCannot avoid all risks•Military activities have inherent risksMilitary activities have inherent risks•Must manage the risks that cannot be avoidedMust manage the risks that cannot be avoided
•Cannot avoid all risksCannot avoid all risks•Military activities have inherent risksMilitary activities have inherent risks•Must manage the risks that cannot be avoidedMust manage the risks that cannot be avoided
5. Implement OPSEC Measures
Identify means to implement countermeasures
Evaluate the effectiveness of OPSEC program
Orders Annexes Plans The Commander
OPSEC is Implemented via...
OPSEC Review, Assessment, and Survey
OPSEC Review
OPSEC review is an evaluation of a document to ensure protection of sensitive or critical information.
OPSEC Assessment
OPSEC assessment is an analysis of an operation, activity, exercise, or support function to determine the overall OPSEC posture and to evaluate the degree of compliance of subordinate organizations with the published OPSEC plan or OPSEC program.
OPSEC Survey
OPSEC survey is a method to determine if there is adequate protection of critical information during planning, preparations, execution, and post-execution phases of any operation or activity. It analyzes all associated functions to identify sources of information, what they disclose, and what can be derived from the information.
REMAIN ALERT
Summary Standard Application Objectives Regulations and Guidance OPSEC Definition Indicators Definition Identify Threat Capabilities The OPSEC Process Define OPSEC Review, Assessment, and Survey