Thursday, June 4, 2015
Thinking Like The Wolf: U.S. Navy OPSEC Of The Future
April Grant at the U.S. Navy's Office of the Chief of Information offers the below piece:
WASHINGTON (NNS) -- With continuous advances in technology and unlimited access to information, the Naval OPSEC Support Team (NOST) is putting forth an effort to bring Operations Security, or OPSEC, standards into the 21st Century U.S. Navy.
OPSEC, as a methodology was developed during the Vietnam War to determine how the enemy was able to obtain advanced information on military operations.
Under that idea Admiral Ulysses Sharp, then Commander-in-chief, Pacific, established the "Purple Dragon" team which conceived of and utilized the methodology of "Thinking like the wolf," or looking at your own organization from an adversarial viewpoint.
Since, the OPSEC systematic process, has proven to be successful in identifying, controlling and protecting generally sensitive but unclassified information by mitigating the adversary's ability to compromise a mission, operation or activity.
As a whole, OPSEC works through proper understanding of each of the five steps within the OPSEC process:
1. Identify critical information. The information you have that could assist an adversary in any way.
2. Analyze the threat to that information. Does an adversary have the capability to collect or use the information, and if so, how?
3. Analyze the vulnerabilities. How is the critical information relayed in the course of your daily duties and how is it protected?
4. Assess the risk. How likely is it that the information could be compromised?
5. Develop countermeasures. What can you do to protect the information from being disclosed?
NOST wants to stress the fact that everyone, including service members and family members, have a duty to protect your command, your shipmates and your family by always maintaining operations security. So the next time you send your friends a comment or post a tweet, think about who else may be seeing it.
Each month NOST will be sharing new resources on different OPSEC topics. You can also visit the Navy.mil graphics gallery, http://www.navy.mil/view_ggphotos.asp, to find more resources.
Don't forget to like the OPSEC Facebook page at https://www.facebook.com/NavalOPSEC.
Note: As the administrative officer for a Defense Department command in Philadelphia, I oversaw all security programs, including OPSEC. I was our command's OPSEC instructor.
I attended the annual OPSEC conferences in Washington D.C. for many years. We received classified CIA and FBI briefings and other briefings on national security threats, as well as briefings on OPSEC practices. I enjoyed the interesting and informative conferences, where I met a good number of interesting people.
OPSEC can and should be practiced at home as well. One example of "Bad" OPSEC is when you still have the daily newspaper delivered to your home while you are away on vacation. A thief can clearly see the pile of newspapers in front of your home and assume that you are not home, making it safe for him to burglarize your home.
"Good" OPSEC is canceling your daily newspaper while you are away on vacation. Simple, but effective.