“Operations security (OPSEC) is an analytic process used to deny an adversary information – generally unclassified – concerning friendly intentions and capabilities by identifying, controlling, and protecting indicators associated with planning processes or operations. OPSEC does not replace other security disciplines – it supplements them.” (Wikipedia)
OPSEC is simply denying an adversary information that could harm you or benefit them. OPSEC is a process, but it is also a mindset. By educating oneself on OPSEC risks and methodologies, protecting sensitive information becomes second nature.
OPSEC is unique as a discipline, because it is understood that the OPSEC manager must make certain decisions when implementing OPSEC measures. Most of these measures will involve a certain expenditure of resources, so an estimate must be made as to whether the assumed gain in secrecy is worth the cost in those resources. If the decision is made not to implement a measure, then the organization assumes a certain risk. This is why both OPSEC managers and leaders at all levels must be educated on and aware of the OPSEC process.
OPSEC is not only for Military or Government entities. More individuals and Corporations are realizing the importance of protecting trade secrets, personal security and intentions. Whatever the organization and purpose, OPSEC can, and will, increase the overall security posture.
Why use OPSEC?
We are in a world increasingly dependent on information. In this world, pieces of information (internet postings, work schedules, phone directories and more) may be assembled in order to form the “big picture” of an organization or operation.
Your adversaries in a military or business sense practice OPSEC to varying degrees, and it would be unwise to discount the capabilities of your adversary. Your adversary will constantly probe your organization, so the importance of a solid understanding of OPSEC cannot be understated.
What are OPSEC indicators?
An indicator is a “piece of the puzzle”. In other words, an indicator is any piece of information that can be exploited to gain further information, or be combined with other indicators to build a more complete profile of your operations.
For example, an OPSEC indicator could be when you go to work, what you do at work, large group or troop movements or financial transactions such as life insurance appointments. Before releasing information, consider the potential value to your adversaries. What are the capabilities of your adversary?
The unfortunate fact is that you don’t know. Your adversary may have internal spies, skilled photographers or any other manner of resources at their disposal. You may never be able to determine the full capability of your adversary, so you can only protect your information on your end.