WHAT IS OPSEC?

What is OPSEC

In a world that increasingly measures national power and national security in economic terms as well as military terms; many foreign intelligence services are shifting targeting emphasis. We need to be aware that foreign intelligence and foreign competitors may attempt to collect information pertaining to our activities and technology for their own benefit. It is essential that we protect our critical and sensitive information from inadvertent compromise (i.e., disclosure).

Concerns over the inadvertent compromise of sensitive or classified U.S. Government activities, capabilities and intentions led to the development of National Security Decision Directive (NSDD) 298 establishing a National Operations Security (OPSEC) Program. NSDD 298 created a national OPSEC structure and requires each Executive Department and Agency, assigned or supporting national security missions with classified or sensitive activities, to establish an OPSEC program.

So, what is OPSEC and what does it do? The basic tenets of OPSEC are simple and easy to understand. OPSEC is an analytical process used to identify what to protect (sensitive information), whom to protect if from (the threat) , why it needs protecting (vulnerability and risk) and how to protect it (countermeasures).

Per NSDD 298: The operations security process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures. The process begins with an examination of the totality of an activity to determine what exploitable but unclassified evidence of classified activity could be acquired in light of the known collection capabilities of potential adversaries. Such evidence usually derives from openly available data. Certain indicators may be pieced together or interpreted to discern critical information. Indicators most often stem from the routine administrative, physical or technical actions taken to prepare for or execute a plan or activity. Once identified, they are analyzed against the threat to determine the extent to which they may reveal critical information. Commanders and managers then use these threat and vulnerability analyses in risk assessments to assist in the selection and adoption of countermeasures.

OPSEC thus is a systematic and proved process by which the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive Government activities.

OPSEC and the Intelligence Puzzle
Intelligence collection and analysis is very much like assembling a picture puzzle. Intelligence collectors are fully aware of the importance of obtaining small bits of information (or "pieces" of a puzzle) from many sources and assembling them to form the overall picture.

Intelligence collectors use numerous methods and sources to develop pieces of the intelligence puzzle... their collection methods range from sophisticated surveillance using highly technical electronic methods to simple visual observation of activities (these activities are referred to as "indicators").

Information may be collected by monitoring radio and telephone conversations, analyzing telephone directories, financial or purchasing documents, position or "job" announcements, travel documents, blueprints or drawings, distribution lists, shipping and receiving documents, even personal information or items found in the unclassified trash. Thus the premise of OPSEC is that the accumulation of one or more elements of sensitive/unclassified information or data could damage national security by revealing classified information.

http://www.nv.doe.gov/nationalsecurity/opsec/what.htm