NOSCINST 3070.1
172/JR:sn
30 July 1990
NOSC INSTRUCTION 3070.1
From: Commander, Naval Ocean Systems Center
To: All Codes
Subj: NOSC OPERATIONS SECURITY PLAN
Ref: (a) OPNAVINST 3070.1A, Operations Security
(b) SPAWARINST 5510.3H, Space and Naval Warfare Systems Command Secu-
rity Manual, chapter VIII
Encl: (1) Sample OPSEC Coordinator Designation Letter
1. Purpose. To provide policy, responsibilities, management structure, and
guidance for the NOSC Operations Security (OPSEC) Program as directed by ref-
erences (a) and (b). The mission of the Naval Ocean Systems Center is to be
the principal NAVY RDT&E Center for command, control, communications, ocean
surveillance, surface- and air-launched undersea weapons systems, and subma-
rine arctic warfare.
2. Scope. The provisions of this plan apply to all activities located at
NOSC San Diego, the Hawaii Laboratory, Morris Dam, San Clemente Island,
Alaska facilities, and at any temporary activity location established by NOSC
project personnel.
3. Background. Operations security is the process that denies our adver-
saries information about our capabilities and intentions by protecting rele-
vant indicators and observables. The National OPSEC Program was established
coincident with the signing of National Security Decision Directive 298 in
January 1988. This decision was based on the recognition that, even though
security programs and procedures to protect classified matters exist, unclas-
sified information and certain detectable activities can reveal the existence
of, and sometimes details about, classified or sensitive unclassified informa-
tion or activities. What may have once been considered innocuous activities
outside the scope of traditional security programs are now recognized to pro-
vide detectable indicators of friendly intentions and other critical informa-
tion. OPSEC ties together all the elements of a comprehensive security
program and forms the basis for effective, overall security program manage-
ment. OPSEC measures will be used to protect classified and sensitive unclas-
sified efforts from multisource intelligence collection activities. The OPSEC
strategy is concerned with finding the best protection at the least cost by
preventing detection, impairing observation, and thwarting interpretation by
known or potential adversaries.
4. OPSEC Process. The OPSEC process involves the following steps:
a. Identification of critical information.
b. Analysis of threats.
NOSCINST 3070.1
30 July 1990
c. Analysis of vulnerabilities.
d. Assessment of risks.
e. Application of countermeasures.
Each program/project has unique characteristics which may provide critical
information to unauthorized personnel if safeguards are not implemented.
Further amplification of the OPSEC process is provided in the NOSC OPSEC Hand-
book.
5. Policy. Each program and project will be assessed for OPSEC requirements.
OPSEC assessments will be coordinated among sponsors, program managers, pro-
ject leaders, department/major staff office heads, supporting contractors, and
executing agencies. The OPSEC Handbook provides background, procedures, stan-
dard formats, and checklists to provide assistance in this regard.
6. OPSEC Committee. The OPSEC Committee is established. It is composed of
senior program and staff members appointed as element OPSEC coordinators by
each department/major staff office head. The committee meets quarterly.
a. Members. The OPSEC Committee is chaired by the Center OPSEC Officer
and is composed of permanent representatives of the following department/major
office staff codes:
17 - Planning, Intelligence, and Analysis Office (represented by Cen-
ter OPSEC Officer) (chairperson)
09 - Central Staff
15 - Security Office (alternate chairperson)
19 - Arctic Submarine Laboratory
20 - Supply Department
30 - Military Support Department
40 - Command and Control Department
50 - Marine Sciences and Technology Department
60 - Antisubmarine Warfare Department
70 - Surveillance Department
80 - Communications Department
90 - Engineering and Computer Sciences Department
Additionally, program or project managers may designate an individual to act
as the respective program/project OPSEC coordinator in support of the element
OPSEC coordinator.
b. Responsibilities
(1) Center OPSEC Officer. The Center OPSEC Officer will:
(a) Provide guidance and assistance on OPSEC issues to program
managers, project leaders, and contractors as it applies to their Center-
related efforts.
(b) Chair the OPSEC Committee ensuring that the committee's activities
are reported to Center management.
(c) Establish a formal OPSEC Training Program.
2
NOSCINST 3070.1
30 July 1990
(d) Prepare, issue, and maintain the Command OPSEC Plan and supporting
OPSEC Handbook.
(e) Assist in the development and review of all OPSEC plans.
(f) Keep abreast of all relevant threat assessment information avail-
able from security, law enforcement, and intelligence agencies and provide
that information to requiring program/project managers.
(2) Department/Major Staff Office Heads. Department/major staff office
heads will:
(a) Appoint, in writing, a senior program or staff member to serve as
the element OPSEC coordinator and standing representative to the OPSEC Commit-
tee. Enclosure (1) provides a sample letter format for this designation.
(b) Require that OPSEC measures are included in all programs and
activities within the department/major staff office.
(c) Support the Center OPSEC Officer in ensuring that all department/
major staff office personnel are provided adequate OPSEC training and aware-
ness briefings.
(3) Element OPSEC Coordinators/OPSEC Committee Members. Element OPSEC
coordinators/OPSEC Committee members will:
(a) Assist the OPSEC Team in ensuring the accomplishment of all OPSEC
analysis, planning, and continuing OPSEC action within respective departments/
major staff offices.
(b) Provide necessary liaison between the Code 172 OPSEC Team and
respective department/major staff office program/project management personnel
to ensure a timely and supportive OPSEC effort to Center programs and pro-
jects.
(c) Assist the Code 172 OPSEC Team in scheduling effective and appro-
priate training within respective departments/major staff offices.
(d) Act as a member of the OPSEC Committee and assist the Center OPSEC
Officer in addressing issues, reviewing program progress and procedures, and
providing recommendations where appropriate.
(4) Program/Project OPSEC Coordinators. Program/project OPSEC coordi-
nators will:
(a) Ensure that OPSEC measures are included in their own programs or
projects from initial tasking to post event analysis.
(b) Act as primary points of contact in formulation of program/project
OPSEC plans.
(c) Ensure supporting contractors are provided adequate OPSEC guidance
in the Contract Security Classification Specification (DD Form 254).
(d) Ensure that OPSEC measures and issues are addressed in all pro-
gram/project reviews.
3
NOSCINST 3070.1
30 July 1990
(e) Ensure that essential elements of friendly information (EEFI)
lists have been prepared and reviewed by program managers and the OPSEC Team
for their own programs or activities.
7. Training. The following OPSEC training will be done at the Center:
a. Orientation. Each new NOSC employee will receive an initial OPSEC
briefing as a part of the orientation/check-in procedure. This briefing will
cover the following topics:
(1) The definition and purpose of OPSEC.
(2) The history of the OPSEC concept.
(3) The advantages of secrecy and the harm likely to occur from a lack
of secrecy in the Center's mission accomplishment.
(4) The intelligence gathering capabilities and methods of hostile
intelligence agencies.
(5) The OPSEC measures available to counter threats.
(6) The employee's role in OPSEC.
b. Continuing Awareness. Ongoing OPSEC awareness programs will be pro-
vided for all personnel. These programs will be updated on a continual basis
to assure the most current information is available on OPSEC-related issues.
The Continuing Awareness Program will use a multimedia approach incorporating:
(1) Formal lectures including audiovisual material, visiting speakers,
and case history reviews. The goal is to have every NOSC employee attend at
least annually.
(2) Informal group discussions on an ad hoc basis normally coincident
with program/project OPSEC Plan formulation.
(3) Notices/bulletins, posters, and articles in the NOSC Outlook.
c. Planning Skills. Project/program managers and others who are involved
in preparing and executing plans for research, exploratory development, test-
ing, systems acquisition, and strategic and operational planning will receive
formal training covering:
(1) Appreciation of essential secrecy and the need for protection of
sensitive information as they apply to the planning function.
(2) Appreciation of pertinent hostile intelligence threats and OPSEC
measures applicable to the formulation of strategy and the planning function.
(3) Applying the anticipatory OPSEC planning process to systems acqui-
sitions and in evaluating cost of executing or not executing OPSEC measures.
(4) The OPSEC planning sequence and how to prepare OPSEC planning
guidance for systems and annexes of test plans.
4
NOSCINST 3070.1
30 July 1990
(5) OPSEC measures pertinent to protecting systems during testing.
(6) The need to provide for OPSEC in the design of systems and the
varied approaches that can be used.
(7) Developing essential elements of information for the applicable
systems.
8. OPSEC Planning Guidance. The following are relevant concerns in proper
OPSEC planning:
a. Requirements for Secrecy. During the Center's performance of its
mission, information associated with the research, development, testing, and
evaluation of military devices and systems is acquired, processed, and dis-
tributed. Much of this information is vulnerable to unauthorized collection.
This collection of military data can permit foreign governments to devise
similar capabilities at much reduced cost and/or develop defensive systems and
devices to nullify the effectiveness of our new weapons even before they
become operational. The protection of information about Center capabilities,
operations, and other activities from collection by unauthorized agencies is
essential for preservation of our military advantage. Specific requirements
for secrecy include:
(1) Reduction of NOSC vulnerability to sensitive information loss.
(2) Development of countermeasures to prevent foreign exploitation of
NOSC projects and programs.
(3) Cooperation with other Department of Defense/Navy organizations in
safeguarding sensitive information.
b. OPSEC Plan Requirements. OPSEC plans should provide guidance for the
period before, during, and after operations and activities addressed by the
plan. OPSEC plans shall be formulated for all RDT&E and acquisition efforts
that involve classified or sensitive unclassified information. These plans
will be developed by appropriate program and technical managers using the
OPSEC Handbook as a guide with substantial involvement and assistance of the
Code 172 OPSEC Team. The inclusion of contractors into OPSEC planning is
essential. The potential use of, and amount of involvement by, contractors
must be considered in the initial OPSEC planning efforts and before issuance
of a request for proposal (RFP) or contract involving classified information
or activity. OPSEC guidance will be included with RFP's or basic contracts
and a contractor OPSEC Plan may be required for activities which will occur at
contractor-controlled facilities. Further, NOSC-developed OPSEC plans will
include requirements to be met by other external participating commands and
activities or a positive determination made as to the sufficiency of an OPSEC
Plan developed by those organizations before beginning operations or activi-
ties with them.
9. OPSEC Posture Evaluation. The OPSEC posture at NOSC shall be evaluated as
described below:
a. The Center OPSEC posture will be formally surveyed triennially as
directed by reference (a) and inspected as part of the triennial Command
Inspector General (IG) Inspection.
5
NOSCINST 3070.1
30 July 1990
b. Given the nonconcurrent cycles of those two formal inspections, the
Center OPSEC posture will be informally evaluated during the off-years using
established check-off lists formulated by higher authority but administered by
an in-house survey team.
c. These periodic surveys and evaluations of the Center OPSEC posture
will serve to identify OPSEC vulnerabilities and program deficiencies. Iden-
tification of said vulnerabilities and deficiencies is the initial step to
establishing corrective actions necessary to reduce, and ultimately eliminate,
indicators that may result in harmful disclosures.
10. Action. All NOSC personnel will become familiar with and adhere to OPSEC
policies, procedures, and plans. Recommendations for improvement should be
forwarded to the Intelligence Group, Code 172.
11. Directive Responsibility. The Planning, Intelligence, and Analysis
Office, Code 17, is responsible for keeping this instruction current.
/s/ J. D. FONTANA
Distribution:
C
6
NOSCINST 3070.1
30 July 1990
SAMPLE OPSEC COORDINATOR DESIGNATION LETTER
From: Head, Department, Code
To: (Dr/Mr/Ms)
Subj: DEPARTMENT OPERATIONS SECURITY
COORDINATOR
Ref: (a) NOSCINST 3070.1, NOSC Operations Security Plan
(b) NOSC OPSEC Handbook
1. In accordance with reference (a), you are hereby designated the
Department OPSEC Coordinator.
2. You are to become thoroughly familiar with references (a) and (b) in
carrying out your assigned duties.
(signature)
Head, Department
Copy to:
Code 172
Enclosure (1)