“OPSEC is the protection of unclassified information in both professional and personal life,” said Alan Ambrose, Information Security, Headquarters, Air Force Materiel Command. “It can protect an Airman’s life, the lives of their coworkers, their family and the mission that they are assigned to.”
OPSEC protects critical and sensitive information. It is in place to protect the lives of U.S. service members, Department of Defense employees and contractors.
OPSEC describes the process of denying critical information to an adversary. It is comprised of five steps:
Identify critical information
Examples of critical information can include deployment dates and location, military operations, schedules and travel itineraries, social security numbers, credit cards and banking information.
Identify threats
Threats can include actions by adversaries such as using the internet to collect data from social media websites, going through trash, observation of actions to detect patterns to predict behaviors and using people to collect information. These also include listening to conversations in public, social engineering and more.
Analyze vulnerabilities
Vulnerabilities can include forgetting to remove an ID badge when leaving a facility, posting sensitive information over the web, discussing sensitive information in public or over the phone, and using a device, application or services with geolocation capabilities.
Assess risks
It is imperative to assess how likely an adversary would be to collect, analyze and exploit critical information; this can negatively impact the mission and one’s safety.
Apply OPSEC countermeasures
Examples of countermeasures include knowing what an Airman’s agency considers critical information, being aware of surroundings, understanding OPSEC and data aggregation, using social media with caution by limiting the amount of personal information posted and being aware of information put out in emails, online, in phone conversations, photos and in open unsecure conversations in public.
When discussing the five-step process, Ambrose stated that OPSEC can impact both short and long-term mission success and failure.
“OPSEC is an ongoing, continuous evaluation of unclassified information that is either critical or sensitive. If there is a mission that might have somebody deploying in the future, you don’t want to advertise that this person is going to a location on this date, as that could impact the mission immediately or well into the future,” said Ambrose.
Airmen should also understand critical mission information pertaining to their organization, said Ambrose. Guidance exists to help protect email and other forms of communication, to include encryption of messages and more.
Whenever a new member joins AFMC, OPSEC training is required in their initial in-processing, and annual training ensures Airmen stay up to date on the latest guidance.
“We all have information that the adversary can use to hurt us,” said Ambrose. “We don’t want them to get it. The OPSEC process helps us to look at our world through the eyes of the bad guys and to develop measures in order to deny them that information.”
For additional information on the OPSEC Process, Airmen can visit the DOD Center for Development of Security Excellence at https://securityawareness.usalearning.gov/opsec/story.html.
About the Author