THE OPSEC PROCESS
1. General
The OPSEC process consists of five distinct actions. These
actions are applied in a sequential manner during OPSEC planning.
In dynamic situations, however, individual actions may be revisited
at any time. New information about the adversary's intelligence
collection capabilities, for instance, would require a new analysis
of threats.
An understanding of the following terms is required before the
process can be explained:
(2) OPSEC Indicators: Friendly detectable actions and open-
source information that can be interpreted or pieced together
by an adversary to derive critical information.
(3) OPSEC Vulnerability: A condition in which friendly
actions provide OPSEC indicators that may be obtained and
accurately evaluated by an adversary in time to provide a
basis for effective adversary decisionmaking.
(2) Critical information is a subset of EEFI. It is only
that information that is vitally needed by an adversary. The
identification of critical information is important in that it
focuses the remainder of the OPSEC process on protecting vital
information rather than attempting to protect all classified
or sensitive information.
(3) Critical information is listed in the OPSEC portion of an
operation plan or order. Some general categories of critical
information are provided in Appendix A.
(2) The operations planners, working with the intelligence
and counterintelligence staffs and assisted by the OPSEC
program personnel, seek answers to the following questions:
(b) What are the adversary's goals? (What does the
adversary want to accomplish?)
(c) What is the adversary's strategy for opposing the
planned operation? (What actions might the adversary
take?)
(d) What critical information does the adversary already
know about the operation? (What information is it too
late to protect?)
(e) What are the adversary's intelligence collection
capabilities?
(2) Continuing to work with the intelligence and
counterintelligence staffs, the operations planners seek
answers to the following questions:
(b) What indicators can the adversary actually collect?
(c) What indicators will the adversary be able to use to
the disadvantage of friendly forces? (Can the adversary
analyze the information, make a decision, and take
appropriate action in time to interfere with the planned
operation?)
(2) OPSEC measures reduce the probability of the adversary
either collecting the indicators or being able to correctly
analyze their meaning.
2. Provide an alternative analysis of an indicator.
3. Attack the adversary's collection system.
(c) More than one possible measure may be identified
for each vulnerability. Conversely, a single measure may
be used for more than one vulnerability. The most
desirable OPSEC measures are those that combine the
highest possible protection with the least effect on
operational effectiveness.
Appendix D provides examples of OPSEC measures.
(b) Typical questions that might be asked when making
this analysis include:
2. What risk to mission success is likely to occur
if an OPSEC measure is not implemented?
3. What risk to mission success is likely if an
OPSEC measure fails to be effective?
(2) During the execution of OPSEC measures, the reaction of
adversaries to the measures is monitored to determine their
effectiveness and to provide feedback. Planners use that
feedback to adjust ongoing activities and for future OPSEC
planning. Provisions for feedback must be coordinated with
the command's intelligence and counterintelligence staffs to
ensure the requirements to support OPSEC receive the
appropriate priority. In addition to intelligence sources
providing feedback, OPSEC surveys can provide useful
information relating to the success of OPSEC measures.
OPSEC planning is accomplished through the use of the OPSEC
process. This process, when used in conjunction with the joint
planning processes, provides the information required to write the
OPSEC section of any plan or order. OPSEC planning is done in
close coordination with the overall C2W planning effort and with
the planning of the other C2W components.
2. The OPSEC Process
(1) Critical Information: Specific facts about friendly
intentions, capabilities, and activities vitally needed by
adversaries for them to plan and act effectively so as to
guarantee failure or unacceptable consequences for friendly
mission accomplishment.
OPSEC Action 1--Identification of Critical Information
(1) While assessing and comparing friendly versus adversary
capabilities during the planning process for a specific
operation or activity, the commander and staff seek to
identify the questions that they believe the adversary will
ask about friendly intentions, capabilities, and activities.
These questions are the essential elements of friendly
information (EEFI). In an operation plan or order, the EEFI
are listed in Appendix 3 (Counterintelligence) to Annex B
(Intelligence).
OPSEC Action 2--Analysis of Threats
(1) This action involves the research and analysis of
intelligence information, counterintelligence, reports, and
open source information to identify who the likely adversaries
are to the planned operation.
OPSEC Action 3--Analysis of Vulnerabilities
(a) Who is the adversary? (Who has the intent and
capability to take action against the planned operation?)
(3) Detailed information about the adversary's intelligence
collection capabilities can be obtained from the command's
counterintelligence and intelligence organizations. In
addition to knowing about the adversary's capabilities, it is
important to understand how the intelligence system processes
the information that it gathers. Appendix B discusses the
general characteristics of intelligence systems.
(1) The purpose of this action is to identify an operation's
or activity's OPSEC vulnerabilities. It requires examining
each aspect of the planned operation to identify any OPSEC
indicators that could reveal critical information and then
comparing those indicators with the adversary's intelligence
collection capabilities identified in the previous action. A
vulnerability exists when the adversary is capable of
collecting an OPSEC indicator, correctly analyzing it, and
then taking timely action.
OPSEC Action 4--Assessment of Risk
(a) What indicators (friendly actions and open source
information) of critical information not known to the
adversary will be created by the friendly activities that
will result from the planned operation?
(3) See Appendix C for a detailed discussion of OPSEC
indicators.
(1) This action has two components. First, planners analyze
the OPSEC vulnerabilities identified in the previous action
and identify possible OPSEC measures for each vulnerability.
Second, specific OPSEC measures are selected for execution
based upon a risk assessment done by the commander and staff.
OPSEC Action 5--Application of Appropriate OPSEC Measures
(a) OPSEC measures can be used to:
(3) Risk assessment requires comparing the estimated cost
associated with implementing each possible OPSEC measure to
the potential harmful effects on mission accomplishment
resulting from an adversary's exploitation of a particular
vulnerability.
1. Prevent the adversary from detecting an
indicator.
(b) OPSEC measures include, among other actions, cover,
concealment, camouflage, deception, intentional
deviations from normal patterns, and direct strikes
against the adversary's intelligence system.
(a) OPSEC measures usually entail some cost in time,
resources, personnel, or interference with normal
operations. If the cost to mission effectiveness exceeds
the harm that an adversary could inflict, then the
application of the measure is inappropriate. Because the
decision not to implement a particular OPSEC measure
entails risks, this step requires command involvement.
(4) The selection of measures must be coordinated with the
other components of C2W. Actions such as jamming of
intelligence nets or the physical destruction of critical
intelligence centers can be used as OPSEC measures.
Conversely, deception and
PSYOP plans may require that OPSEC measures not be applied to
certain indicators in order to project a specific message to
the adversary.
1. What risk to effectiveness is likely to occur if
a particular OPSEC measure is implemented?
(c) The interaction of OPSEC measures must be analyzed.
In some situations, certain OPSEC measures may actually
create indicators of critical information. For example,
the camouflaging of previously unprotected facilities
could be an indicator of preparations for military
action.
(1) In this step, the command implements the OPSEC measures
selected in Step 4 or, in the case of planned future
operations and activities, includes the measures in specific
OPSEC plans.
12-20-1996; 16:59:34