1. Purpose. To publish an implementing instruction for the OPSEC program throughout the Naval Computer and Telecommunications Command (NAVCOMTELCOM).
2. Scope. References (a) and (b) delineate Department of the Navy (DON) guidelines for operations security, operations security measures, and minimum criteria for operations security programs.
3. Discussion. An effective OPSEC program is essential to the proper protection of personnel, critical assets, and the effective accomplishment of the mission. This program must be managed by highly motivated individuals and supported by all members in the command.
4. Responsibilities
a. NAVCOMTELCOM will direct the OPSEC program and be responsible for overall program coordination.
b. Commanding officers/officers-in-charge are responsible for the establishment and implementation of an effective and comprehensive OPSEC program within their commands.
5. Policy. OPSEC is a command responsibility. Essential secrecy for DON intentions, capabilities, and current activities shall be preserved by using OPSEC measures prior to, during, and after service operations with other activities. The principal focus of effort shall be on anticipating and using to advantage, or eliminating OPSEC vulnerabilities. The OPSEC goal is to ensure the way we do business in NAVCOMTELCOM enhances our security posture while denying to the adversary useful information.
6. Action. Commanding officers/officers-in-charge shall evaluate their operations security program and ensure compliance with references (a) and (b) and this instruction. Chapters III NAVCOMTELCOMINST 3070.1 and IV to reference (b) provide general guidelines for training and planning. OPSEC surveys will be accomplished in accordance with Chapter V of reference (b).
7. Annual Reporting Requirements. Reference (b) requires each activity to complete an annual review and evaluation of OPSEC procedures. Enclosure (1) provides format and guidance. Report must be provided to NAVCOMTELCOM by 1 August of each calendar year, reflecting the command's OPSEC posture as of 30 June of that year.
/s/K. L. LAUGHTON
Distribution:
SNDL | FG2 | Naval Computer and Telecommunications Stations and NAVCOMMSTA Stockton |
FG6 | Naval Computer and Telecommunications Area Master Stations | |
FE4 | Security Group Activity (Adak only) | |
FG3 | Communication Unit, Marquette only | |
FL4 | NARDAC (San Francisco only) | |
NAVEMSCEN | ||
NAVTELSYSIC |
1. Overview. Summarize the overall OPSEC posture of the command. Highlight strengths and weaknesses that will be addressed in greater detail in following paragraphs.
a. OPSEC plans and activities conducted during the reporting period. Focus on how the OPSEC process was applied within the command. Avoid emphasizing traditional security measures (e.g., visits to cryptographic materials security custodians, telephone monitoring, procuring secure telephones, or improving access control to sensitive areas). Appropriate activities to report include: OPSEC annexes to plans, OPSEC plans for systems acquisition programs (to include wartime reserve modes or special access), or contractor OPSEC guidance; using OPSEC measures (to include cover and deception and countermeasure) during the planning and execution of contingency operations, exercises, tests, etc.; conducting OPSEC surveys; conducting training about OPSEC; and status of establishing command OPSEC programs per reference (b).
b. Miscellaneous problems and recommendations. Address problems not specifically related to matters reported under paragraph a, but which impact the command's OPSEC posture (e.g., designs and operating procedures that hinder effective OPSEC when units or systems are operated, and deficiencies in the OPSEC awareness of personnel before they report to the command). Recommend Chief of Naval Operations (CNO) actions needed to correct problems.
c. Forecast of OPSEC activities and objectives for the next reporting period. Emphasize activities such as those reported in paragraph a.
d. OPSEC Officer. Name, rank, organizational element, DSN telephone number, and secure telephone number.
e. OPSEC lessons learned. Present concise case studies in the following format (as appropriate, "sanitize" information to allow wide dissemination).
(1) Title.
(2) Observation. Concisely state the problem.
(3) Discussion. Answer the "who," "what," "where," "when," "why," and "how" questions about the problem. If the problem could not be solved, explain why.
(4) Lesson learned. State what positive action was taken to avoid or alleviate the problem.
(5) Recommended action. State how to permanently correct the problem, or enter "none required."
(6) Comments.
Enclosure (1)