General George Washington knew that “upon secrecy, success depends in most enterprises… and for want of it, they are generally defeated.” In World War II posters, this was summed up as “loose lips sink ships.” Although the term Operational Security (OPSEC) is recent, its principles have always been essential to protecting American freedom. Although we all know that classified information needs protection, we need to think how unclassified information can provide the intelligence that our adversaries need for a successful attack. OPSEC calls this “critical information” and provides a process to deny it of our enemies.
The five steps in this OPSEC Process are:
1. Identify Critical Information
2. Analyze the Threat
3. Analyze the Vulnerabilities
4. Assess the Risks
5. Apply the Countermeasures
President Ronald Reagan signed National Security Decision Directive 298 (NSDD 298) in 1988 establishing the National Operations Security Program. Its goal is to identify, control and protect unclassified information that our adversaries could exploit to harm us. This act established the Interagency OPSEC Support Staff (IOSS) to guide and train US government agencies to establish their own OPSEC programs. More information is available on their website at http://www.ioss.gov/