Identify critical information
Examples of critical information can include deployment dates and location, military operations, schedules and travel itineraries, social security numbers, credit cards and banking information.
Threats can include actions by adversaries such as using the internet to collect data from social media websites, going through trash, observation of actions to detect patterns to predict behaviors and using people to collect information. These also include listening to conversations in public, social engineering and more.
Vulnerabilities can include forgetting to remove an ID badge when leaving a facility, posting sensitive information over the web, discussing sensitive information in public or over the phone, and using a device, application or services with geolocation capabilities.
It is imperative to assess how likely an adversary would be to collect, analyze and exploit critical information; this can negatively impact the mission and one’s safety.
Apply OPSEC countermeasures
Examples of countermeasures include knowing what an Airman’s agency considers critical information, being aware of surroundings, understanding OPSEC and data aggregation, using social media with caution by limiting the amount of personal information posted and being aware of information put out in emails, online, in phone conversations, photos and in open unsecure conversations in public.
When discussing the five-step process, Ambrose stated that OPSEC can impact both short and long-term mission success and failure.
“OPSEC is an ongoing, continuous evaluation of unclassified information that is either critical or sensitive. If there is a mission that might have somebody deploying in the future, you don’t want to advertise that this person is going to a location on this date, as that could impact the mission immediately or well into the future,” said Ambrose.
Airmen should also understand critical mission information pertaining to their organization, said Ambrose. Guidance exists to help protect email and other forms of communication, to include encryption of messages and more.
Whenever a new member joins AFMC, OPSEC training is required in their initial in-processing, and annual training ensures Airmen stay up to date on the latest guidance.
“We all have information that the adversary can use to hurt us,” said Ambrose. “We don’t want them to get it. The OPSEC process helps us to look at our world through the eyes of the bad guys and to develop measures in order to deny them that information.”
For additional information on the OPSEC Process, Airmen can visit the DOD Center for Development of Security Excellence at https://securityawareness.usalearning.gov/opsec/story.html.