Introduction to Operations Security
The following presentation on
OPSEC is primarily used throughout the military, it can be applied to
all government agencies as well as high threat civilian companies.
- The following presentation on OPSEC is primarily used throughout
the military, it can be applied to all government agencies as well as
high threat civilian companies.
Objective
- Understand the core of Operations Security (OPSEC)
- Define & identify targets and threats
- Establish countermeasures
- Identify the Critical Information Commandments
- Decipher the value of information
What is OPSEC…?
- Have you ever taken precautions against Someone…
- …breaking into your house while you’re on vacation?
- …stealing your purse?
- …stealing packages from your car while your shopping?
- …fraudulently using your credit card?
- Then you have used OPSEC!
What is OPSEC…?
- OPSEC is a risk management instrument that enables a manager or
commander to view an operation or activity from the perspective of an
adversary. It is a process of identifying, analyzing and controlling
critical information.
What is OPSEC…?
- Identify Critical Information
- Analyze Threats
- Discover Vulnerabilities
- Assess Risks
- Develop
- Countermeasures
What is OPSEC…?
- Identify Critical Information:
- Credit card numbers, travel dates, itineraries, passwords,
patterns, changes in patterns, inspection results, information base
systems, etc..
- Hardware Failure and Human Error is the major risk.
Analyze Threat:
- Adversaries, Intelligence agencies – Open source information,
corporate/state sponsored spies, eavesdropping, photographing, etc…
What is OPSEC…?
- Discover Vulnerabilities:
- Flow of information, operations, timing of events, how an adversary would acquire the information, etc…
- How would the loss of such data impact the organization?
Assess Risks:
- Estimated Loss of $ X impact of Risk X likelihood of Risk = $
- Does the Solution outweigh the Loss?
What is OPSEC…?
- Develop Countermeasures:
- are based on the vulnerabilities and inherent risks.
- Are dictated by cost, timing, feasibility, and imagination of
involved personnel. Simplicity, straightforwardness, and
inexpensiveness are key to the most effective countermeasure solutions.
- OPSEC is a DIFFERENT WAY of SEEING
How Do I Identify Threats & Vulnerabilities…?
- Take note of suspicious behavior
- HUMINT- “Task our students in the US with collecting information on
the security of the facility where they are doing research. Then we’ll
use one of our special teams to steal the chip.”
- If you see something, say something
- Be consistent with the testing of systems
- There is always room for improvement
Critical Information Commandments…
- Thou must protect the information that the adversary needs to accomplish his mission.
- Thou shall not try to protect everything.
- Consider who thy adversaries are and what information they require to inflict harm to you.
Critical Information Commandments…
- Thou shall consult all sources of information to determine what thine enemies know about you.
Critical Information Commandments
- Once thou has determined what information is critical, thou shall
determine if that information is associated with thine activities.
- PIR
- What the Commander needs to know about the enemy
- FFIR
- What the Commander needs to know about the Friendly forces.
What Information Should I Protect…?
- Information that the adversary needs to accomplish their mission.
- Intelligence information on programs associations
- Technical information on communications
What Information Should I Protect…?
- Tactical information concerning intentions
- Scientific information regarding new technologies
- Military capabilities
- Commercial information on new technologies
What Information Should I Protect…?
- Military weapons’ information:
- Capabilities, manufactures, purpose, vulnerabilities, effectiveness, type, testing details, etc…
- Scientific Industrial Information
- Technology & Research
- Technical specifications
- Marketing plans
- Key personnel
- Breakthroughs
What Information Should I Protect…?
- Law Enforcement plans & information sources
- Warrants, Witnesses, Evidence, Capabilities, Raids, Who, What, Where, How, etc…
Conclusion…
- OPSEC is critical to our National Security
- Contact your Regional Security Officer for more information: