WRIGHT-PATTERSON AIR FORCE BASE, Ohio –
With adversary threats growing daily, operations security, or OPSEC, is more important than ever. OPSEC experts are heralding the call for advanced protection, both inside and out of the office, for all.
Though January was National OPSEC Awareness Month, it is imperative to understand the importance of practicing OPSEC all year. Every day is an opportunity for Airmen to refresh their understanding of what OPSEC is and how it plays a role in their day-to-day lives and the execution of their wartime mission.
“OPSEC is the protection of unclassified information in both professional and personal life,” said Alan Ambrose, Information Security, Headquarters, Air Force Materiel Command. “It can protect an Airman’s life, the lives of their coworkers, their family and the mission that they are assigned to.”
OPSEC protects critical and sensitive information. It is in place to protect the lives of U.S. service members, Department of Defense employees and contractors.
OPSEC describes the process of denying critical information to an adversary. It is comprised of five steps.
1 – Identify Critical Information: Examples of critical information can include deployment dates and location, military operations, schedules and travel itineraries, social security numbers, credit cards and banking information.
2 – Identify Threats: Threats can include actions by adversaries such as using the internet to collect data from social media websites, going through trash, observation of actions to detect patterns to predict behaviors and using people to collect information. These also include listening to conversations in public, social engineering, and more.
3 – Analyze Vulnerabilities: Vulnerabilities can include forgetting to remove an ID badge when leaving a facility, posting sensitive information over the web, discussing sensitive information in public or over the phone, and using a device, application, or services with geolocation capabilities.
4 – Assess Risks: It is imperative to assess how likely an adversary would be to collect, analyze and exploit critical information; this can negatively impact the mission and one’s safety.
5 – Apply OPSEC Countermeasures: Examples of countermeasures include knowing what an Airman’s agency considers critical information, being aware of surroundings, understanding OPSEC and data aggregation, using social media with caution by limiting the amount of personal information posted and being aware of information put out in emails, online, in phone conversations, photos, and in open unsecure conversations in public.
When discussing the five-step process, Ambrose stated that OPSEC can impact both short and long-term mission success and failure.
“OPSEC is an ongoing, continuous evaluation of unclassified information that is either critical or sensitive. If there is a mission that might have somebody deploying in the future, you don’t want to advertise that this person is going to a location on this date, as that could impact the mission immediately or well into the future,” Ambrose said.
Airmen should also understand critical mission information pertaining to their organization, said Ambrose. Guidance exists to help protect email and other forms of communication, including encryption of messages and more.
Whenever a new member joins AFMC, OPSEC training is required in their initial in-processing, and annual training ensures Airmen stay up-to-date on the latest guidance.
“We all have information that the adversary can use to hurt us,” Ambrose said. “We don’t want them to get it. The OPSEC process helps us to look at our world through the eyes of the bad guys and to develop measures in order to deny them that information.”
For additional information on the OPSEC Process, Airmen can visit the DOD Center for Development of Security Excellence (CDSE) at https://securityawareness.usalearning.gov/opsec/story.html.