OPSEC Terminology
Operations Security (OPSEC)
A Countermeasures program to stop foreign intelligence agents,
criminals, terrorists, or other adversaries from obtaining classified, critical, or
sensitive information about our programs and activities.
Critical Program Information (CPI)
CPI is information that requires protection from our adversaries and/or
competitors. This is the "Target" of collection efforts.
Elements of Critical Information or Indicators (ECII)
Pronounced "E-SEE". Pathways, Observables, or Open Source
information that, when collected or observed by an adversary, could reveal "TARGET"
information. Note: The term ECII applies only to the U.S. Department of
Energy, National Nuclear Security Administration Nevada Site Office OPSEC Program.
OPSEC Assessment (OA)
A critical analysis from the perspective of an adversary. Activities are assessed to
determine intelligence indicators or elements. Internal procedures and information sources
are also reviewed to determine inadvertent releases of information. OPSEC
assessments are "FACT FINDING" not "FAULT FINDING".
Intelligence Collection and Sources
Intelligence collection and analysis are very much like assembling a "picture
puzzle". Each piece of the puzzle could be an item of information that is not
classified or sensitive by itself but, when assembled with other pieces of the puzzle,
could damage national security by revealing classified or sensitive information.
Adversaries use numerous sources and methods to develop pieces of the intelligence
puzzle. Most nations utilize a wide range of intelligence-gathering resources, such as
satellites, aircraft, ships, and human agents.
However, the most potentially damaging intelligence source is "US". We
may, unknowingly, provide intelligence information to adversaries through
carelessness or a lack of concern for OPSEC measures in the workplace and in daily contact
with others. We may talk in public places about subjects best discussed only in the office
with authorized personnel. We may also relate detailed accounts of our daily activities to
family members without regard to what they might tell friends or acquaintances.
Intelligence collection may also involve monitoring our radio and telephone
conversations (including cellular telephones) and analyzing telephone directories,
financial or purchasing documents, blueprints or drawings, distribution lists, shipping
and receiving documents, or information that we carelessly discard in the unclassified
trash.
Within the advances in technology come vulnerabilities. As the twenty-first century
approaches, warfare shows every sign of becoming increasingly economic, financial, and
political rather than merely military; computer resources are highly vulnerable to
espionage and sabotage.
The internet provides intruders many opportunities to break into our computer
systems. Intruders have managed to destroy data, modify software, steal data,
shut-down hosts/networks, steal software, and modify data.
Why OPSEC?
While it is possible that almost any sensitive or classified information sought by an
adversary may be uncovered sooner or later, the goal of OPSEC is to make
intelligence-gathering more difficult and time consuming. The longer it takes for an
adversary to acquire our national secrets, the longer our nation can maintain its
defensive and technological edge.
The OPSEC program consists of identifying the threats to our programs, activities, and
information; informing employees about intelligence collection methods and techniques;
determining what information requires protection (CPILs and ECIIs); identifying
vulnerabilities (through OPSEC assessments); and recommending OPSEC measures
information.(countermeasures) to protect.
The OPSEC MAZE
The "OPSEC MAZE" illustrates the relationship between the
"THREAT" (adversaries), "PATHWAYS"
(information sources of ECIIs), the "TARGET" information
(CPILs), and the "BARRIERS" (countermeasures).
click to enlarge
Countermeasures
Actions that we, as employees, can take to protect information from intelligence
collection efforts, i.e., to "block the pathways" (see illustration above).
Basic OPSEC Countermeasures
- Properly destroy sensitive information.
- Guard against calls to obtain sensitive information. Know who you are talking to.
- Do not transmit sensitive information via telephone, fax, or radio.
- Do not discuss sensitive information in public.
- Limit distribution of sensitive information.
- Avoid posting or displaying sensitive information.
- Do not leave lap-top computers unattended in public places.
Be aware of the threats.
Know how information is gathered.
Know what information requires protection.
Know what you can do to protect the information. ^ TOP ^
|