

















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
The Operations Security (OPSEC) program for protecting critical information in military operations. It includes references to DOD Directives and Marine Corps Operations Security Programs, as well as instructions for developing OPSEC education and training programs. The document emphasizes the importance of identifying critical information and vulnerabilities, and implementing OPSEC measures to prevent enemy access.
Typology: Study Guides, Projects, Research
1 / 25
This page cannot be seen from the preview
Don't miss anything!
MARINE CORPS LOGISTICS BASE 814 RADFORD BOULEVARDALBANY, GEORGIA 31704
From: To:
Subj:
Ref:
Encl:
Commanding Officer Distribution List
OPERATIONS SECURITY (OPSEC)
(a) DOD Directive 5205.2, DOD Operations Security Program (b) Joint Pub 3-13.3, Joint Doctrine for Operations Security (c) MCO 3070.2_, The Marine Corps Operations Security Program (d) MARFORCOMO 3070.1, Operations Security
(1) OPSEC Terms and Definitions (2) The OPSEC Process (3) The OPSEC Assessment (4) Example Format for Final OPSEC Assessment Report (5) Examples of Critical Information
a. The current security environment has evolved from one with identifiable adversarial nation-states to one with less identifiable non-state actors and terrorists. Regardless of status, these adversaries have the will and the means to harm U.S. interests at home and abroad. Rapid advances in available, affordable information technology as well as the development of sophisticated, aggressive collection organizations demand that we reconsider what information can be used to compromise on- going military operations.
b. The protection of classified information remains a priority, but the protection of unclassified open source material must be considered. Methods of collecting critical pieces of information may include Signals Intelligence (SIGINT) , Human Intelligence (HUMINT) , and Open Source Intelligence (OSINT), to name a few. Today, 80 percent of collection efforts by adversaries are directed toward open source, unclassified information.
c. In many cases, classified information is neither essential nor necessary to build an accurate intelligence
picture of what our military forces are doing. Using the assortment of easily obtained, unprotected information, our objectives can be determined and a plan can be developed to deny us those objectives. Now, more than ever, each Marine, Sailor, and civilian Marine must be aware of his or her responsibility to protect unclassified, but potentially useful, information from those who would harm this nation and its military forces.
a. Commander's Intent and Concept of Operations
(1) Commander's Intent. To deny potential adversaries access to information that could be useful in developing actions intended to be disruptive to military operations. This will be accomplished by:
(a) Implementing OPSEC programs and policies for MCLBA;
(b) Educating Marines, Sailors, civilian Marines, and contractors at all levels in order to raise awareness and increase control over available information;
(c) Requiring both military and civilian directors, managers and supervisors at all levels, to reinforce the importance of good OPSEC practices with their subordinates. All personnel must adhere to the OPSEC policies designed and implemented to protect our information from exploitation. End state: deny potential adversaries access to critical information by eliminating or mitigating existing vulnerabilities.
(2) Concept of Operations. References (a) through (d), provide specific guidance for OPSEC plans, program development and establishment. MCLBA will achieve the Commanding Officer's intent by developing and implementing OPSEC programs based on the references listed. MCLBA will also share their OPSEC concerns with Public Affairs and family members to reduce inadvertent disclosures. An annual OPSEC assessment will ensure that the MCLBA program receives regular command attention and is continually evaluated in order to remain relevant to command needs. By implementing
(m) Conduct assessment annually of OPSEC program effectiveness utilizing the CGRI checklist (to be distributed via separate correspondence) as well as references (a) through (d).
(2) Command Inspector General
(a) In conjunction with the OPSEC Program Manager, create an OPSEC Inspection Checklist utilizing the inspection checklist found in reference (c) as a guide.
(b) Incorporate OPSEC as a functional area to be inspected during Commanding General's Readiness Inspections (CGRI).
(3) Directors and Special Staff Sections
(a) Serve as a member of OPSEC Assessment Team when required.
(b) Provide representation to the OPSEC working group as required by the OPSEC Program Manager.
c. Coordinating Instructions
(1) At a minimum, the following will be included as part of MCLBA OPSEC education programs:
(a) Navy OPSEC Course; http://www.nioc- norfolk.navy.mil/
(b) DoD 2400 Course; http://www.dss.mil/
(c) OPSE 2380-2390 Course; http://www.ioss.gov/
(d) Army OPSEC Planner's Course; https://www.1stiocmd.army.mil/
APR 1 s 70! (2) MCLBA Program Manager will attend a resident course within 90 days of appointment.
(3) OPSEC Program Manager and Coordinators will complete an OPSEC Fundamentals Course within 30 days of appointment. The course is available on-line. It is listed as "CBT 1301" and is available at the Navy Information Operations Command website; https://www.nioc-norfolk.navy.mil/operations/opsec/main.shtml. Copies of this course can be obtained by emailing the following organizational mailbox, opsec@navy.mil or by mailing a request to: Navy Information Operations Command, ATTN: OPSEC, 2555 Amphibious Drive, Norfolk, VA 23521
(4) Minimum annual OPSEC training requirements for all personnel are:
(5) Enclosure (1) is provided as a list of common OPSEC definitions.
(6) Enclosure (2) is provided as an explanation and outline of the OPSEC Process.
(7) Enclosure (3) describes how assessments may be conducted.
(8) Enclosure (4) is provided as an example format of a Final OPSEC Assessment Report.
(9) Enclosure (5) is provided as examples of Critical Information.
(10) MCLBA will submit an annual report, based on fiscal-year time period, detailing their OPSEC program. Guidance on the format and submission date for this report will be released via separate correspondence.
OPSEC Terms and Definitions
15 Apr 10
a. Critical Information. These are specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment.
b. Excessive OPSEC. Excessive OPSEC can degrade operational effectiveness by interfering with activities such as coordination, training, and logistical support. Military operations are inherently risky, and the commander must evaluate each activity and operation, and then balance required OPSEC measures against operational needs. Using the OPSEC process will help commanders assess the risk and apply appropriate OPSEC measures.
c. Essential Elements of Friendly Information(EEFI). EEFI is a term used extensively throughout the Marine Corps and is defined as "Key questions likely to be asked by adversary officials and intelligence systems about specific friendly intentions, capabilities, and activities, so they can obtain answers critical to their operational effectiveness."
d. OPSEC Assessments. An OPSEC assessment is an examination of an operation or activity to determine if adequate protection from adversary intelligence exploitation exists. The OPSEC assessment is used to verify the effectiveness of OPSEC measures and determine if critical information is being protected. An assessment cannot be conducted until after critical information has been identified. Without understanding critical information which should be protected, there can be no specific determination that OPSEC vulnerabilities exist.
e. OPSEC Measures. These are actions taken to reduce the probability of an enemy from either collecting OPSEC indicators or to correctly analyze their meaning.
f. OPSEC Process. OPSEC planning is accomplished through the OPSEC Process. This has five steps which are usually applied in a sequential order. In dynamic situations, the steps
Enclosure (1)
15 Apr 10
may be revisited at any time to adjust to new threats or information. Enclosure (2) provides a detailed explanation of the OPSEC Process.
g. OPSEC Program Managers and Coordinators. Program Managers are personnel who have OPSEC duties as their primary job. Coordinators are personnel who perform OPSEC functions as an additional duty. Commanders will use their discretion in determining whether they require OPSEC Program Managers or Coordinators to fulfill their responsibilities.
h. OPSEC Working Groups. These are teams of personnel with representatives from the different elements of the command's organization designed to assist the command with OPSEC matters and its program.
i. Threat. A threat is any individual or organization that seeks to do harm by interrupting ongoing military operations or activities. In order to be classified a threat two conditions must be satisfied:
(1) An intent to do harm must exist.
(2) A capability to do harm must exist.
If both conditions cannot be met than a threat does not exist.
j. Vulnerability. This is a condition in which friendly actions provide OPSEC indicators that may be obtained and accurately evaluated by an adversary in time to provide for a basis for effective adversary decision-making.
k. Indicator. These are friendly detectable actions and open sources of information that adversary intelligence systems can potentially detect or obtain and then interpret to derive friendly critical information.
15 Apr 10
(5) What critical information does the enemy already know?
(6) What critical information is it too late to protect?
(7) What are the enemy's intelligence collection capabilities?
(8) How does the enemy process and disseminate their collected data?
c. Step 3: Analysis of Vulnerabilities. This action identifies an operation's or activity's vulnerabilities. This requires examining the parts of the planned operation and identifying OPSEC indicators that could reveal critical information. Vulnerabilities exist when the enemy is capable (with the available collection and processing assets) of observing an OPSEC indicator, correctly analyzing it, and then taking appropriate and timely action. The commander will need answers to questions such as these:
(1) What OPSEC indicators of critical information not known to the enemy will be created by friendly actions that result from the planned operation or activity?
(2) What OPSEC indicators can the enemy actually collect?
(3) What OPSEC indicators can the enemy actually use to our disadvantage?
d. Step 4: Assessment of Risk. This step essentially has two components. First, planners analyze the identified vulnerabilities and then identify possible OPSEC measures against them. Second, specific OPSEC measures are selected for execution based on the risk assessment done by the commander and staff.
(1) OPSEC Measures can be used to:
(a) Prevent the enemy from detecting an OPSEC indicator.
(b) Provide an alternate analysis of an indicator from the enemy viewpoint (deception).
(c) Directly attack the enemy's collection system(s).
include:
15 Apr 10
(2) Besides physical destruction, OPSEC measures can
(a) Concealment and camouflage.
(b) Deception (across all aspects of operations and Information Operations).
(c) Intentional deviations from normal patterns; and conversely, providing a sense of normality.
(d) Practicing sound information security, physical security, and personnel security.
(3) More than one OPSEC measure may be identified for each vulnerability and one OPSEC measure can be identified for multiple vulnerabilities. Primary and secondary OPSEC measures can be identified for single or multiple OPSEC indicators. OPSEC measures are most effective when they provide the maximum protection while minimally effecting operational effectiveness.
(4) Risk assessment involves comparing the estimated cost (time, effort, resource allocation, and money) of implementing an OPSEC measure to the potential effects on mission accomplishment resulting from an enemy exploiting a particular vulnerability. Questions to ask include:
(a) What is the risk to mission effectiveness if an OPSEC measure is taken?
(b) What is the risk to mission effectiveness if an OPSEC measure is not taken?
(c) What is the risk to mission effectiveness if an OPSEC measure fails to be effective?
(d) Will the cost of implementing an OPSEC measure be too much as compared to the enemy's exploitation of the vulnerability?
(e) Will implementing a particular OPSEC measure create an OPSEC indicator? Will it create an OPSEC indicator that you want the enemy to see (e.g., deception)?
(f) Do we even have the capability to implement the OPSEC measure? If we do, can the assets under our control
15 Apr 10
(g) Do we need to devise new OPSEC measures to replace ineffective OPSEC measures?
(h) Have we identified new requirements, or unforeseen OPSEC indicators that will need new OPSEC measures? Again, this is dynamic process, and previous steps may have to be revisited.
(2) In addition to ongoing operations, feedback provides information for OPSEC planning for future operations through lessons learned.
(3) The OPSEC Assessment is an excellent method and tool for providing feedback on the effectiveness of OPSEC measures.
The OPSEC Assessment
a. At a minimum, each command will conduct an annual Command Assessment using the Inspector General's Checklist criteria.
b. Any command may request a Formal Assessment after they have completed their internal assessment.
a. Command Assessment. Concentrates on events within the command and is normally performed by using only personnel assigned to the command being reviewed. The majority of assessments will be this type. The scope of these assessments can vary depending on the commander's guidance. Recognizing that an all-encompassing assessment would levy a high burden on a typical command, commanders are encouraged to develop an approach in which functions are routinely evaluated, but done so over a period of time. For example, a commander could evaluate administrative OPSEC during one period, while evaluating website OPSEC on the next period.
b. Formal Assessment. Is composed and conducted by members from within and outside the command. The formal assessment will often cross command lines and needs to be coordinated appropriately. Formal assessment are normally directed by higher headquarters to subordinate echelons, but may be requested by subordinate commands. These formal assessments are typically large scale endeavors requiring large amounts of personnel (25+) and lead times in excess of four months.
Enclosure (3)
15 Apr 10
e. Conduct Empirical Studies (if possible). An example would be to review results of preparations (workups) for a major operation or activity such as support operations for tenant operating forces, computer simulations, war games, sand table exercises, field exercises, and command post exercises. This may already be available from information used to complete step 3 of the OPSEC Process. These reviews can help the team identify vulnerabilities that cannot be determined through observation of the operation and interviews of personnel.
f. Develop a Functional Outline. Functional outlines for each functional area to be surveyed will be completed.
(1) Start by developing a timetable of events to occur. Comparing the event chronology with the known or projected threat intelligence collection capabilities can often identify vulnerabilities not previously identified. All of the functional chronologies can later be correlated to build the big picture of the operation.
(2) Next, use the chronology to build a functional outline. An example is provided on the next page. The functional outlines project a time-phased picture of events associated with the planning, preparation, execution, and conclusion of the operation. The outline provides an analytical basis for identifying events and activities that are vulnerable to enemy exploitation.
g. Determine the Vulnerabilities. Review of the OPSEC Plan, the projected enemy intelligence threat, the chronology of events, and any empirical studies will identify the potential OPSEC indicators. Friendly vulnerabilities can now be confirmed or identified.
h. Determine Procedures to Conduct the Assessment. Develop any SOP needed, including coordinating for free access to units and personnel. Determine if any training is required, or if members need familiarization with a particular functional area (if they do not have expertise in that area).
i. Announce the Assessment. Announce the assessment far enough in advance to allow the command to prepare for the assessment, and to support the assessment team. Include in the announcement:
(1) Assessment purpose and scope.
(2) List of team members and clearances.
(3) List of required briefing and orientations.
(4) Timeframe involved.
15 Apr 10
(5) Administrative or logistical support requirements.
(6) Any other details deemed pertinent.
a. Planned Event Sequence. The OPSEC Program or OPLAN and command/staff briefs form the basis for this timeline. This can be formulated using a lineal listing, a matrix, or another suitable method as required.
b. Actual Event Sequence. Observe and record events as they actually occur while surveying activities. Be especially cognizant of the information listed in paragraphs 10c(3) through 10c(5)of this enclosure.
c. Critical Information. List critical information that the command has identified in their OPSEC Program or OPLAN.
d. OPSEC Indicators. List OPSEC indicators of critical information that you expect to see based on review of the OPSEC Program or OPLAN and command/staff briefs prior to field assessment commencing.
e. OPSEC Measures. List the OPSEC measures developed in the OPSEC Program or OPLAN that you can expect to see during the assessment.
f. Analysis. Determine any OPSEC vulnerabilities through review of OPSEC Program, command/staff briefs, and actual activities/operations observed. You are looking for OPSEC indicators that can reveal critical information. This condition creates a vulnerability that can be exploited by the enemy. Are the identified OPSEC measures effective in protecting the critical information by preventing the enemy from collecting and accurately interpreting the OPSEC indicators?
15 Apr 10
(5) Conduct a daily post brief among the assessment team. This is a chance to compare and correlate data, assess the functional outlines and refine as needed, and redirect team efforts or members as needed.
a. During this phase, the assessment team correlates and assesses the data collected in the field assessment phase.
b. Identify Vulnerabilities. Correlate and assess the data to identify vulnerabilities, those that were previously developed, and those that were identified during the field assessment. OPSEC indicators that were observed are identified as potential vulnerabilities. Again, vulnerabilities are conditions that the threat may be able to exploit to reveal critical information. The key characteristics of vulnerabilities are observable OPSEC indicators, and the threat's ability to collect or observe the indicators. The ability of the threat to effectively exploit the vulnerability in a timely manner indicates the actual risk to friendly forces.
c. OPSEC Assessment Report. The report is generated, addressed, and delivered to the Commander of the operation/activity surveyed. A suggested format is included in enclosure (4). Format for findings can be presented in chronological order, order of significance, or grouped into the different functional areas. The report should discuss:
(1) Observed OPSEC indicators.
(2) Ability of the enemy to collect and process the indicators.
(3) Vulnerabilities identified.
(4) Analysis of the vulnerability's risk to the command's operations. (5) Recommended OPSEC measures or modification to existing OPSEC measures.
(6) Answer the question: Is the critical information being protected?
(7) Care must be taken to ensure the appropriate level of classification is given to discussions of vulnerabilities, and recommended OPSEC measures.
15 Apr 10
Example Format for Final OPSEC Assessment Report
a. Background. Address the purpose and scope of the OPSEC assessment.
b. Conduct of Assessment. Brief discussion of team composition, procedures used, units or commands visited, timeframes involved, and any problems encountered.
c. Critical Information. List the critical information identified in the OPSEC Program or OPLAN.
d. Threat. List the enemy intelligence collection capabilities.
a. Observation. List the observed OPSEC indicators that could reveal identified information. This will include previously identified indicators (from the OPSEC Program or OPLAN and briefs); and indicators not previously identified but observed during the assessment.
b. Analysis. Discuss the vulnerabilities observed. The key here is whether or not the enemy has the intelligence collection capability to observe and process the OPSEC indicators. If the command or other types of units (not involved in the operation) can reasonably expect to face future threats that will have the collection capability, include this in the discussion. This information can be important to future operations and can be disseminated appropriately. The main points of your analysis will be whether or not the indicator revealed critical information. If so, then the OPSEC measure is not working. Did the OPSEC indicator even have an OPSEC measure applied to protect the critical information? If the OPSEC indicator revealed or can be inferred to have revealed critical information, then this condition is a vulnerability.
Enclosure (4)