Operations Security (OPSEC)

Slides:



Advertisements
Similar presentations
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Advertisements

Risk Management Introduction Risk Management Fundamentals
Topic 10 Intro to IO Enabling Objectives 10.1 STATE the definition of Information Operations (IO) LIST five (5) Core Information Operations capabilities.
Unified Land Operations
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Introduction to Information Operations Attaché Corps- SEP 09
TLO 2: Action: Plan operational security. Intermediate-level training.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
TSM: Safety Management in a Quality Management Setting
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Army Doctrine Publication (ADP) 3-37; and Army
Introduction to Network Defense
Commander’s Intent & Guidance
SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
Campaign Planning Process Step 3B – System Center of Gravity Analysis
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Following the terrorist attack on September 11, 2001 the President declared a national emergency … Secretary of Defense Donald Rumsfeld cautioned on the.
PROJECT RISK MANAGEMENT Presentation by: Jennifer Freeman & Carlee Rosenblatt
Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Operational Security PCC. VII-F.1.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Monitoring and Evaluation Management of a Training Program.
Air Force Doctrine Document 2-5.4: Public Affairs Operations.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
Section Topics Risk and control terminology Risk elements
Guidance Training (F520) §483.75(o) Quality Assessment and Assurance.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
COMMANDER’S INTENT & GUIDANCE
Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.
Basic Security Concepts University of Sunderland CIT304 Harry R Erwin, PhD.
 The benefits of interior lines could be gained either by central position or superior lateral communications.
TSP 310-C , Phase II, OCS TSP 310-C , Phase II, OCS Implement OPSEC.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
ICS Area Managers Training 2010 ITIL V3 Overview April 1, 2010.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
OPERATIONS SECURITY 16 August August 2004.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
UNCLASSIFIED 6/24/2016 8:12:34 PM Szymanski UNCLASSIFIED Page 1 of 15 Pages Space Policy Issues - Space Principles of War - 14 June, 2010.
Planning Planning is considered the most important element of the administrative process. The higher the level of administration, the more the involvement.
Overall Classification of this Briefing is UNCLASSIFIED//FOUO
Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.
Strategic Planning Strategic planning : Set priorities Focus energy and resources Strengthen operations Ensure that stakeholders are working toward.
Headquarters U.S. Air Force
Headquarters U.S. Air Force
Chapter 33 Introduction to the Nursing Process
Organisation Control KPI’s & an industry Review
Campaign Planning Process Working Overview Slides
Operations Security (OPSEC) For New Hires
While there is no absolute panacea for crisis prevention
AF NL Force Integration
Critical Infrastructure Protection Policy Priorities
HUMAN RESOURCE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE
ERASMUS+ PROJECT Project management & Project writing
Air Carrier Continuing Analysis and Surveillance System (CASS)
The MDMP Process MDMP Inputs MDMP Outputs Step 1 MDMP Inputs Step 5
Cyber defense management
Command Indoctrination Operations Security DD MMM YY
Mission Command Conference 2013
Objectives 1. A definition of planning and an understanding of the purposes of planning 2. Insights into how the major steps of the planning process are.
ERASMUS+ PROJECT Project management, Ethics, Project writing
Overall Classification of this Briefing is UNCLASSIFIED
Provided by OSPA ( OPSEC for Families Presented by: (Presenter’s Name) Provided by OSPA (
Operations Security (OPSEC): A Force Multiplier
Command Indoctrination Operations Security DD MMM YY
Presentation transcript:

Operations Security (OPSEC)

DEFENSE-SENSITIVE INFORMATION Summer cruises Required training OPNAVINST 3432.1

DEFINITIONS & BACKGROUND OPSEC is one of three components used to maintain the secrecy needed to achieve surprise. OPSEC is not a security function, but an operations function. Security programs and OPSEC are mutually supportive.

DEFINITIONS & BACKGROUND OPSEC identifies & controls information that indicates our: Friendly Intentions; Friendly Capabilities; Friendly Activities.

DEFINITIONS & BACKGROUND Security programs: Deny classified information to adversaries. Physical security Personal security Information security Information systems security

DEFINITIONS & BACKGROUND Counterintelligence programs: Support both security and OPSEC programs by identifying intelligence threats and methods of an adversary.

FREEDOM OF ACTION By maintaining operational security of plans, we gain the fullest possible surprise. This, in turn, gives us freedom of action.

GOOD OPSEC OPSEC, properly applied: Contributes to operational effectiveness. Enhances probability of surprise. Causes adversaries to make bad decisions due to lack of critical information about our forces and equipment.

WHEN OPSEC IS REQUIRED OPSEC measures are required for: Operations and activities relating to the equipping, preparing, deploying, sustaining, & employment of the Navy and Marine Corps team in time of war, crisis, or peace. To protect the information in our plans and orders.

OPSEC MEASURES Inadequate OPSEC degrades operational effectiveness by hindering surprise. Conversely, excessive OPSEC can degrade operational effectiveness by interfering with required activities.

SUMMATION OPSEC is the control of info by: Knowing the threat; Knowing what to protect; Determining risks; Knowing how to protect information.

OPSEC PROCESS OPSEC planning is accomplished via the OPSEC process. The OPSEC process consists of 5 distinct actions applied in a sequential manner during OPSEC planning: Identification of Critical Information; Analysis of Threats; Analysis of Vulnerability; Assessment of Risk; and Application of Appropriate OPSEC Measures.

OPSEC TERMINOLOGY CRITICAL INFORMATION: Specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively to guarantee failure or unacceptable consequences for friendly mission accomplishment.

OPSEC TERMINOLOGY OPSEC INDICATORS: Friendly detectable actions and open-source information that can be interpreted or pieced together by an adversary to derive critical information.

OPSEC TERMINOLOGY OPSEC VULNERABILITY: A condition in which friendly actions provide OPSEC indicators that may be obtained and accurately evaluated by an adversary in time to provide a basis for effective adversary decision making.

OPSEC ACTION #1 Identification of critical information What will our adversary want to know about our intentions, capabilities, and activities? Essential Elements of Friendly Information (EEFI) - What we protect from exposure to an adversary.

OPSEC ACTION #1 (con’t) Critical information is a subset of EEFI. Only the information that is vitally needed by an adversary Identifying critical information allows us to focus efforts on protecting it, instead of trying to protect all classified or sensitive information.

OPSEC ACTION #2 Analysis of threats Researching & analyzing intelligence information, counterintelligence, reports, and open source information to identify who the likely adversaries are to the planned operation.

OPSEC ACTION #2 (con’t) Through this analysis, we seek answers to the following questions: Who is the adversary? What are the adversary’s goals? What is the adversary’s strategy for opposing the planned operation? What critical information does the adversary already know about the operation What are the adversary’s intelligence collection capabilities?

OPSEC ACTION #3 Analysis of vulnerability Friendly actions/activities provide OPSEC indicators to an adversary that may be obtained and accurately evaluated in time to provide a basis for effective decision- making and action against us.

OPSEC ACTION #3 (con’t) Questions when analyzing vulnerability: What indicators of critical information not known to the adversary will be created by the friendly activities in preparation for the operation? What indicators can the adversary actually collect? What indicators will the adversary be able to use to the disadvantage of friendly forces?

OPSEC ACTION #4 Assessment of risk Two components: Analyze OPSEC vulnerabilities identified in the previous action and consider OPSEC measures to erase or counter each vulnerability Select specific OPSEC measures for execution based on a risk assessment.

OPSEC ACTION #4 (con’t) Assessment of risk These OPSEC measures reduce the adversary’s capability to analyze our actions.

OPSEC ACTION #4 (con’t) OPSEC measures can be used to: Prevent the adversary from detecting an indicator. Provide an alternative analysis of an indicator. Attack the adversary’s collection system.

OPSEC ACTION #4 (con’t) OPSEC measures include: Cover; Concealment; Camouflage; Deception; Intentional deviations from normal patterns; Direct strikes against the adversary’s intelligence system.

OPSEC ACTION #4 (con’t) Goal of OPSEC measures: Highest possible protection with the least impact on operational effectiveness.

OPSEC ACTION #4 (con’t) Risk assessment: Requires comparing the estimated cost of implementing particular OPSEC measures to the potentially harmful effects on mission accomplishment resulting from an adversary’s exploitation of an OPSEC vulnerability. In the end, can the adversary do much damage if we don’t implement an OPSEC measure?

OPSEC ACTION #4 (con’t) Costs of implementing OPSEC measures: Resources (funding/time/personnel); Interference with normal operations. Do costs outweigh the harmful effect?

OPSEC ACTION #4 (con’t) Typical questions for analysis: What is the risk to our operational effectiveness if we implement? What is the risk to mission success if we don’t implement an OPSEC measure? What is the risk to mission success if an OPSEC measure fails to be effective?

OPSEC ACTION #4 (con’t) The interaction of OPSEC measures must be analyzed. Certain OPSEC measures may actually create indicators of critical information. Example: Camouflaging of previously unprotected facilities could be an indicator of preparations for military actions.

OPSEC ACTION #4 (con’t) Selection of measures must be coordinated with other command and control components to ensure actions do not compromise security. Conversely, deception and PsyOp plans may require that OPSEC measures not be applied to certain indicators in order to project a specific message to the adversary.

OPSEC ACTION #5 Application of appropriate OPSEC measures: The command implements the OPSEC measures selected in Assessment of Risk. The reaction of adversaries to OPSEC measures is monitored to determine effectiveness and to provide feedback. Feedback is used to adjust OPSEC measures and for future OPSEC planning.

OPSEC & THE PUBLIC The military is held accountable for their OPSEC actions. OPSEC is not an excuse to deny the public access to non-critical information.

Review Questions & Summary