September 23rd, 2002, 05:05 PM
Establishing an Operations Security Program (OPSEC)
I hope this information will help you in establishing an OPERATIONS SECURITY PROGRAM (OPSEC).
For those that are not aware
And I hope everyone takes this information and puts it forth to thier work every day.
OPSEC is not a security program. It is an effective and sucessful way to ensure the sucess of a mission!
What Every OPSEC Professional Should Know.
The OPSEC Program Manager wears many hats.
-> Intelligence Liaison
-> Research Specialist
-> And yes, at times, "The Bearer of Bad News"
As you get your OPSEC program started, make a lot of friends and contacts. Start with the local security forces and offices, such as the Office of Special Investigations. Talk to your local town, county, and state police departments. Ask the different outside agencies that your organization does business with who their OPSEC Program Managers are. Get to know your communications security, emissions security, and information security experts. Don't be afraid to tap into other DoD or Government agencies for information, help, or answers.
READ AND RESEARCH CONTINUALLY. LEARN EVERYTHING YOU CAN ABOUT SPECIFIC THREATS AND VULNERABILITIES.
Identify your organization's critical information. Remember, this isn't the classified stuff. This is all the unclassified information that we put in the trash; talking shop outside the workplace; or our predictable daily actions. Now, think outside the box, looking inside. Honestly ask yourself, "If I were the enemy, how would I disrupt or stop the organizationˇ¦s operations or way of doing business?"
Answering that question should assist you in determining what information is critical to your organization. Examples of critical information: aircraft status, personnel strength, organizational relationships, deployment information, operational tactics, flying schedules, inspection results, recall roster, shortfalls, duty schedules, equipment upgrades, failure rates, contractor supportˇK the list is endless because every organization and its operation is different.
Does your organization have threats? Or an adversary/enemy? The answer is most likely YES to both.
Some potential adversaries are listed below:
-> Foreign governments and or inspectors
-> Disgruntled employees
-> Dishonest employees
One common denominator with the last two examples is that they are people within the organization. Be aware of obvious personality changes. Try to identify who is a weak security link. Ask yourself, "Who is writing bad checks? Who are the alcoholics? What individuals always withdraw from the group?"
Vulnerabilities and the OPSEC Program Manager. Remember the part about being the bearer of bad news? No one likes to be told that they can't bring their brand new Palm Pilot into the office anymore. OPSEC is very similar to risk management. Ask yourself, "Is there a better or safer way of doing business?" It is always a good think to have a recommendation or solution ahead of time. OPSEC is not a security program. It is an effective and successful way to ensure the success of a mission!
Assess the risks. Determine if they are acceptable. Develop and apply your countermeasures. About 90% of all countermeasures don't cost a penny. Is personal convenience more important than the mission?
September 23rd, 2002, 05:19 PM
Listed below are some resources and websites that I often use that may assist you in achieving your goals:
- Joint Publication 3-54
- AFI 10-1101
- AMCP 10-1101
- The Interagency OPSEC Support Staff @ www.ioss.gov
- The OPSEC Professional Society @ www.opsec.org
- AndrewsAFB OPSEC Homepage @ www.andrews.af.mil/89cg/89cs/scbsi/opsec/.html
- The Federal Bureau of Investigation @ www.infragard.net
- The National Infrastructure Protection Center @ www.nipc.gov
- The National Reconnaissance Office @ www.nro.gov
- The National Security Agency @ www.nsa.gov
- The Central Intelligence Agency @ www.cia.gov
- The Office of The National Counterintelligence Executive @www.ncix.gov
- The Center for Counterintelligence and Security Studies @ www.cicentre.com
- Jane's @ www.intelweb.janes.com
September 25th, 2002, 12:19 AM
Here is an IOSS video, to give you an idea of what we are about.