Operational security ( OPSEC ) is a process that identifies important information to determine whether friendly actions can be observed by enemy intelligence, determines whether the information obtained by an opponent can be interpreted to be useful to them , and then executes the selected steps that eliminate or reduce the enemy's exploitation of the friendly critical information.
In a more general sense, OPSEC is the process of protecting every piece of data that can be grouped together to give a bigger picture (called aggregation). OPSEC is an important information protection that is considered important from military commanders, senior leaders, management or other decision-making bodies. This process results in the development of countermeasures, which include technical and non-technical measures such as the use of email encryption software, taking precautions against tapping, noticing the images you have taken (such as items in the background), or not speaking openly at social media sites about information on Units, Activities or Critical Information Lists of organizations.
The term "operating security" was created by the United States military during the Vietnam War.
Video Operations security
Process
OPSEC is a five-step iterative process that assists organizations in identifying specific pieces of information that require protection and use measures to protect them.
- Critical information identification: Important information is information about intentions, abilities, and friendly activities that enable the enemy to plan effectively to disrupt their operations. The US Army Regulation 530-1 has redefined Critical Information into four broad categories, using the CALI acronym - Ability, Activity, Restrictions (including vulnerability), and Intent. This step results in the creation of a Critical Information List (CIL). This allows organizations to focus resources on important information, rather than trying to protect all classified or insensitive classified information. Important information may include, but is not limited to, military placement schedules, internal organizational information, details of security measures, etc.
- Threat Analysis: Threats come from enemies - any individual or group that may attempt to interfere or interfere with friendly activities. The next threat is divided into enemies with intentions and abilities. The greater the combined intent and ability of the enemy, the greater the threat. It uses various sources, such as intelligence activities, law enforcement, and open source information to identify possible enemies against planned operations and prioritize their threat levels.
- Vulnerability Analysis: Checks every aspect of the planned operation to identify the OPSEC indicator that can reveal important information and then compares those indicators with enemy intelligence gathering capabilities identified in previous actions. Threats can be regarded as enemy forces, while vulnerability can be regarded as a weakness of a friendly organization.
- Risk Assessment: First, the planner analyzes the vulnerabilities identified in the previous action and identifies possible OPSEC actions for each vulnerability. Second, specific OPSEC actions are selected for implementation based on risk assessment performed by the commander and staff. Risk is calculated based on the possible release of Critical Information and its impact if such a release occurs. Probability is subdivided into the level of threat and vulnerability level. The core premise of subdivisions is that the likelihood of compromise is greatest when the threats are very capable and dedicated, while friendly organizations are simultaneously exposed.
- Appropriate OPSEC Action Implementation: The order implements selected OPSEC measures in the assessment of risk action or, in the case of future planned operations and activities, including steps in the specific OPSEC plan. Countermeasures should continue to be monitored to ensure that they continue to protect current information against relevant threats. US Army Regulation 530-1 refers to "Size" as a comprehensive term, under the category "Action Control" (self-control); "Countermeasures" (against enemy intelligence gathering); and "Counteranalysis" (creating difficulties for opponent analysts who want to predict friendly intent) as a tool to help OPSEC professionals protect Critical Information.
The OPSEC assessment is a formal application of this process to operations or existing activities by a team of multidisciplinary experts. This assessment identifies requirements for additional OPSEC actions and necessary changes to existing ones. In addition, OPSEC planners, working closely with Public Affairs personnel, should develop the Elements of Friendly Information (EEFI) used to prevent unintentional disclosure of critical or sensitive information. The term "EEFI" is being removed for "Critical Information", so all affected agencies use the same term, minimizing confusion.
Maps Operations security
History
Vietnamese
In 1966, the United States Admiral Ulysses Sharp formed a multidisciplinary security team to investigate the failure of certain combat operations in the Vietnam War. The operation is dubbed Operation Purple Dragon, and includes personnel from the National Security Agency and the Department of Defense.
When the operation ended, the team of Purple Dragon codified their recommendations. They call the "Operations Safety" process to differentiate processes from existing processes and ensure ongoing inter-agency support.
NSDD 298
In 1988, President Ronald Reagan signed the National Security Decision Directive (NSDD) 298. This document establishes the National Operational Safety Program and appoints the Director of the National Security Agency as the executive agent for inter-agency OPSEC support. This document also establishes the Inter-agency Support Staff OPSEC (IOSS).
Private and international business applications
Although originally developed as a US Military methodology, Security Operations has been adopted worldwide for military and private sector operations. In 1992, the North Atlantic Treaty Organization (NATO) added OPSEC to its glossary and definition.
The private sector has also adopted OPSEC as a defensive measure against competitive intelligence gathering efforts Military and private sector security and information firms often require OPSEC professionals. Certifications are often obtained from military or government organizations, such as:
- U.S. Army, First Information Operation Command.
- OPSEC Support Staff Interagency.
- Shared OPSEC Support Elements.
Other sizes affecting OPSEC
- Communications security (COMSEC)
- Counter-intelligence (CI)
- Information security (INFOSEC)
- Signal security (SIGSEC)
- Transmission security (TRANSEC)
- Cybersecurity
See also
- For Official Use Only - FOUO
- Information security
- Security intelligence cycle
- Security
- Security Culture
- Sensitive but not starred - SBU
- Controlled Controlled Information - CUI
- Social engineering
References
External links
- Your Spying Target - DoD Movies in Operational Security on YouTube
- US. Government OPSEC site
- Professional Association of Security Operations
- National Security Decision Instruction 298
- Purple Dragon , Origin & amp; Development of OPSEC Program United States, NSA, 1993.
- Operating Safety (JP 3-13.3) US PDF Doctrine of Operation Safety DoD.
- ' ". Washington Post . September 10, 2006.
- "After the Decade in War With the West, Al-Qaeda Still Resists Against Spies". Washington Post . March 20, 2008.
- How to Perform an OPSEC Rating
Source of the article : Wikipedia
0 Comments