Operations Security (OPSEC)

Similar documents
FACT SHEET NATIONAL OPERATIONS SECURITY PROGRAM

Joint Publication Operations Security

Department of Defense MANUAL

Department of Defense MANUAL

DEPARTMENT OF THE NAVY COMMANDER NAVY RESERVE FORCE 1915 FORRESTAL DRIVE NORFOLK, VIRGINIA

Department of Defense DIRECTIVE

Planning Terrorism Counteraction ANTITERRORISM

2D MARINE DIVISION. Unit, Personal and Family Readiness. OPSEC for Families. Presentation materials provided by OSPA (

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 7 R-1 Line #198

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #199

themes, Drupal themes, Blogger templates and DNN skins. Notice:

Joint Publication E' L THI S D E F E N D U NI TE D AME RI C S TAT. Operations Security. 06 January 2016

Department of Defense DIRECTIVE

Operations Security UNCLASSIFIED. Army Regulation Operations and Signal Security

Department of Defense DIRECTIVE. SUBJECT: Electronic Warfare (EW) and Command and Control Warfare (C2W) Countermeasures

Presented by the 62 AW OPSEC Program Manager. One Team, One Fight One Mission

INTEGRATING OPSEC INTO CONTRACTS. A Companion Guide to the OPSEC Practitioner s Toolbox

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Protecting US Military s Technical Advantage: Assessing the Impact of Compromised Unclassified Controlled Technical Information

Rapid Innovation Fund (RIF) Program

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

This publication is available digitally on the AFDPO WWW site at:

Title:F/A-18 - EA-18 Aircraft / System Program Protection Implementation Plan

Operations Security (OPSEC) Guide for Defense Contractors (Rev B)

Department of Defense INSTRUCTION

DEPARTMENT OF THE AIR FORCE UNITED STATES AIR FORCE WASHINGTON DC 20330

LN STUDY MANUAL COUNTER INTELLIGENCE LN PROLOGUE

DoD Initial Briefing

DSMA NOTICE 01. Military Operations, Plans & Capabilities

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Supply Chain Risk Management

Student Guide. Course: Integrating Counterintelligence (CI) and Threat Awareness into Your Security Program, v2

OPERATIONS SECURITY (OPSEC) GUIDE

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Chapter 8 Cultural and Situational Awareness

DoD M, March 1994

DOD STRATEGY CWMD AND THE POTENTIAL ROLE OF EOD

August Initial Security Briefing Job Aid

COUNTER-SIGNALS INTELLIGENCE TECHNIQUES AND PROCEDURES

APPENDIX E REPORTS INTRODUCTION

U.S. Department of Energy Office of Inspector General Office of Audit Services. Audit Report

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

DEPARTMENT OF THE NAVY COUNTERINTELLIGENCE

Compliance Program Updated August 2017

Joint Improvised-Threat Defeat Organization - Mission -

DEPARTMENT OF DEFENSE (DoD) INITIAL TRAINING GUIDE

The National Counterintelligence Strategy of the United States

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

Engaging the DoD Enterprise to Protect U.S. Military Technical Advantage

Department of Defense INSTRUCTION. Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE-4. Subject: National Strategy to Combat Weapons of Mass Destruction

December 21, 2004 NATIONAL SECURITY PRESIDENTIAL DIRECTIVE NSPD-41 HOMELAND SECURITY PRESIDENTIAL DIRECTIVE HSPD-13

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Development of Nuclear Security Culture. Shunsuke KONDO Chairman Japan Atomic Energy Commission

Information Operations

Export-Controlled Technology at Contractor, University, and Federally Funded Research and Development Center Facilities (D )

Office for Bombing Prevention Bomb Threat Management

For Immediate Release October 7, 2011 EXECUTIVE ORDER

FY 2014 OPSEC Training for Contractors. What You Need to Know

Cyber Attack: The Department Of Defense s Inability To Provide Cyber Indications And Warning

Counterintelligence. US Marine Corps. MCRP 2-10A.2 (Formerly MCWP 2-6)

Military Decision Making Process-Multinational (MDMP-M) Overview

The Role of Exercises in Training the Nation's Cyber First-Responders

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 7 R-1 Line #73

Department of Defense DIRECTIVE

SUBJECT: Army Directive (Installation Energy and Water Security Policy)

Procedure: 3.4.1p2. (II.D.2a.) Business Continuity Planning

Federal Supply Services Authorized Federal Supply Schedule Price List Schedule 084. Contract Number: GS07F5499R

DOH Policy on Healthcare Emergency & Disaster Management for the Emirate of Abu Dhabi

Vacancy Announcement

UNCLASSIFIED. UNCLASSIFIED Army Page 1 of 7 R-1 Line #9

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. R-1 ITEM NOMENCLATURE PE F: Requirements Analysis and Maturation. FY 2011 Total Estimate. FY 2011 OCO Estimate

Nuclear/Radiological Outreach

Statement of FBI Executive Assistant Director for Intelligence Maureen A. Baginski. Before the House Permanent Select Committee on Intelligence

RECORD VERSION STATEMENT BY DR. MIKE GRIFFIN UNDER SECRETARY OF DEFENSE FOR RESEARCH AND ENGINEERING BEFORE THE

Counter-Improvised Explosive Device Overview

DEPARTMENT OF THE ARMY HEADQUARTERS, UNITED STATES ARMY MATERIEL COMMAND 5001 EISENHOWER AVENUE, ALEXANDRIA, VA

Appendix A. Annex N Space

TECHNIQUES, AND PROCEDURES, AND OF MILITARY RULES OF ENGAGEMENT, FROM RELEASE UNDER FREEDOM OF

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Department of Defense INSTRUCTION

CHAPTER 4 MILITARY INTELLIGENCE UNIT CAPABILITIES Mission. Elements of Intelligence Support. Signals Intelligence (SIGINT) Electronic Warfare (EW)

Challenges of a New Capability-Based Defense Strategy: Transforming US Strategic Forces. J.D. Crouch II March 5, 2003

GAO ECONOMIC ESPIONAGE. Information on Threat From U.S. Allies. Testimony Before the Select Committee on Intelligence United States Senate.

ALABAMA DEPARTMENT OF HOMELAND SECURITY ADMINISTRATIVE CODE CHAPTER 375-X-2 DUTIES AND RESPONSIBILITIES OF ASSISTANT DIRECTORS TABLE OF CONTENTS

Agency Mission Assurance

UNCLASSIFIED DEFENSE HUMAN RESOURCES ACTIVITY Research, Development, Test and Evaluation Fiscal Year (FY) 2003 Budget Estimates UNCLASSIFIED

LESSON 2 INTELLIGENCE PREPARATION OF THE BATTLEFIELD OVERVIEW

Running head: OPERATIONS DEVELOPMENT IN HEALTH CARE ORGANIZATIONS 1. Operations Development in Health Care Organizations. Theodore H.

Joint Publication (Formerly JP 3-58) Military Deception

Vacancy Announcement

Department of Defense DIRECTIVE

MCWP 2-14 (Coordinating Draft -- 7 Oct 98) COUNTERINTELLIGENCE. U.S. Marine Corps

A Tool to Inject Credible Warfighter-Focused Non- Kinetic Attack Effects into the BMDS M&S Environment

CYBER SECURITY PROTECTION. Section III of the DOD Cyber Strategy

NYC Radiological Planning

Transcription:

Operations Security (OPSEC)

OPSEC. Background What is it? Why do we need it? Who should use it? Goal Key Terms The 5-Step Process OPSEC Applications

OPSEC Background National Security Decision Directive (NSDD) 298, identified and formalized the five-step OPSEC process. NSDD 298 required all executive departments and agencies, with national security operations, and the contractors that support them, to establish OPSEC programs. Interagency OPSEC Support Staff (IOSS) was established to direct and support this directive.

What is OPSEC? Definition: A systematic proven process to identify, control and protect generally sensitive but unclassified information about a mission, operation or activity and thus denying or mitigating an adversary s ability to compromise or interrupt that mission, operation or activity.

Why do we need OPSEC? To ensure mission effectiveness To protect critical information To protect the integrity of a mission To maintain an element of surprise OPSEC looks at critical information from both a friendly and adversary perspective.

Who should use OPSEC? OPSEC can be used by the military, government institutions, corporations, schools, communities and individuals. OPSEC can be used for but not limited to the following: Planning and Forecasting special events Special Training Exercises Standard Operating Procedures Methods, Sources, and Technical Tradecraft At home and on vacation Contracts/Bidding Processes Software and Source Code

OPSEC Goal To control information about your organization s capabilities and intentions in order to keep them from being exploited by your adversaries. OPSEC does not replace other security disciplines; it supplements them.

Key Terms 1. Critical Information Specific facts about friendly operations, needed by an adversary, in order to plan, act and guarantee failure of your mission. 2. Adversary An opponent who opposes your interest and who must be denied critical information of your mission (the bad guy). 3. Threat The capability and intent of an adversary to undertake actions that will be detrimental to the success of your operation. 4. Indicator Observable activities or clues that can reveal sensitive information about your operation. Indicators can be exploited by an adversary and used to their advantage.

Key Terms (cont d) 5. Vulnerability A weakness that can be exploited by an adversary to obtain critical information about your mission. 6. Risk The probability that an adversary will compromise your critical information, and the impact the act will have on your mission. 7. Countermeasure (CM) Anything that effectively negates or reduces an adversary s ability to exploit your vulnerabilities.

The 5 Steps of OPSEC The OPSEC 5-Step Process provides: a holistic picture, a systematic process for mission success and an analytical methodology for assessing critical information. 1) Identify Critical Information 2) Analyze Threats 3) Analyze Vulnerabilities 4) Assess Risk 5) Apply Countermeasures

Step 1. Identify Critical Information Critical Information is developed from analyzing both friendly and adversary strategies to achieve objectives.

Step 2. Analyze the Threat Identify the potential adversary(s) Identify intent and capabilities Identify what the adversary(s) already knows (public information) Identify what the adversary(s) needs to know Identify where the adversary(s) may look to obtain critical information of your operation

Step 3. Analyze Vulnerabilities Some examples of vulnerabilities are: Lack of training Use of non-secure communications Publishing VIP itineraries Poor system design

Step 3. Analyze Vulnerabilities (cont d) Three indicator categories that can lead to vulnerabilities or reveal critical information: 1. Patterns and daily routines can establish a profile 2. Sudden change in normal conduct; deviations 3. Tip-off indicators show an adversary where to focus attention

Step 4. Assess Risk Risk has three components: Threat x Vulnerability x Impact = Risk Adversary s intent Weakness giving adversary an opportunity Negative consequences on a mission Threat Threat Risk No Risk Vulnerability Impact Vulnerability Impact ** All Three Components Must Be Present For Risk To Exist **

Step 4. Assess Risk (cont d) Risk Assessment is the decision-making step, once a vulnerability has been detected, to determine if countermeasures should be applied. Two methods used to assess risk: 1. Intuitive Reasoning Approach gained from personal experience 2. Committee Approach (preferred method) several people look at the same problem and determine the answer collectively

Step 5. Apply Countermeasures Examples of Countermeasures: 1. Changes in standard / routine procedures. 2. Limit distribution to ONLY those who need it for operational use. 3. Cover and Deception can conceal the nature of the mission, but is difficult to implement and sustain - also very costly. 4. Accelerate the schedule. 5. Awareness training for all personnel. Know and understand the threat and how to protect critical information from potential adversaries.

Step 5. Apply CM (cont d) A combination of low-cost countermeasures are the best overall protection. ** ALWAYS weigh the Cost vs. the Benefit **

OPSEC Applications Benefit day-to-day operations by making OPSEC practices second nature to all personnel. Lessen contingencies by reducing indicators and avoiding tip-offs. Increase early detection when used in the planning phase of a task. Allows for change in procedures over time, through surveys.

The number of known adversaries conducting research on information attacks is increasing rapidly and includes intelligence services, criminals, industrial competitors, hackers and disgruntled or disloyal insiders. - George Tenet (Former Director, CIA)

REMEMBER Protecting YOUR information is YOUR responsibility!! In wartime, the truth is so precious that it must be protected by a bodyguard of lies. Winston Churchill

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback