Operations security
From Wikipedia, the free encyclopedia
This article or section needs copy editing for grammar, style, cohesion, tone or spelling. You can assist by editing it now. A how-to guide is available. (March 2007) |
This article or section deals primarily with the United States and does not represent a worldwide view of the subject. Please improve this article or discuss the issue on the talk page. |
Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
OPSEC is a methodology that denies critical information to an adversary. Unlike security programs that seek to protect classified information, OPSEC measures identify, control, and protect generally unclassified evidence that is associated with sensitive operations and activities.
OPSEC is generally regarded as not only a methodology, but also a mindset, and has its roots in the Vietnam Conflict. Concerned with intelligence leaks to the enemy, Admiral Ulysses Sharp created the "purple dragon" team, which created the OPSEC process that is used today.
The OPSEC process consists of five distinct actions.
Identification of Critical Information. The identification of critical information (information that is vitally needed by an adversary) is important in that it focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.
Analysis of Threats. This action involves the research and analysis of intelligence, counterintelligence, and open source information to identify who the likely adversaries are in the planned operation.
Analysis of Vulnerabilities. This action involves examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action.
Assessment of Risk. First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Second, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff.
Application of Appropriate OPSEC Measures. The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans.
Additionally, an OPSEC assessment is an intensive application of the OPSEC process to an existing operation or activity by a multidisciplined team of experts. Assessments are essential for identifying requirements for additional OPSEC measures and for making necessary changes in existing OPSEC measures.
(Source: http://www.dtic.mil/doctrine/jel/new_pubs/jp3_13_3.pdf)
OPSEC planners, working closely with Public Affairs personnel, must develop the Essential Elements of Friendly Information (EEFI) used to preclude inadvertent public disclosure of critical or sensitive information.
Many measures impact OPSEC. These include Counter-intelligence, Information Security (INFOSEC), Transmission Security (TRANSEC), Communications Security (COMSEC), and Signal Security (SIGSEC). As more and more of the force is digitized, INFOSEC takes on an evergrowing importance.
OPSEC is also referred to as "operational security" when referring to the security of a particular operation.
[edit] See also
[edit] External links
- Bin Laden Trail 'Stone Cold' Washington Post September 10, 2006
- After a Decade at War With West, Al-Qaeda Still Impervious to Spies Washington Post March 20, 2008
[edit] References
- U.S. Government OPSEC site
- Operations Security for Public Safety Agencies Counterterrorism Training Program (OPSACTP) U.S. Government OPSEC Training site
- Operations Security (JP 3-13.3), U.S. DoD Operations Security Doctrine
- Operations Security (OPSEC) Professionals Society - Risk Management in Action (OPS) Website
- Operations Security Professionals Association website