TOP SECRET – U.S. Joint Chiefs of Staff new Doc about Operations Security

Executive Summary:

Commanders ensure operational security (OPSEC) is practiced during all phases of operations. OPSEC is a capability that identifies and controls critical information, indicators of friendly force actions attendant to military operations, and incorporates countermeasures to reduce the risk of an adversary exploiting vulnerabilities. As adversary analysts apply more information to an analytical model, the likelihood increases that the analytical model will replicate the observed force. Thus, current and future capabilities and courses of action can be revealed and compromised.

2. Operational Context

a. Joint forces often display personnel, organizations, assets, and actions to public view and to a variety of adversary intelligence collection activities, including sensors and systems. Joint forces can be under observation at their peacetime bases and locations, in training or exercises, while moving, or when deployed conducting actual operations. The actions or behavior of military family members and businesses associated with or supporting military operations are also subject to observation by adversaries, which could equally be associated with activities or operations of the joint force. Frequently, when a force performs a particular activity or operation a number of times, it establishes a pattern of behavior. Within this pattern, certain unique, particular, or special types of information might be associated with an activity or operation. Even though this information may be unclassified, it can expose US military operations to observation and/or attack. Commanders ensure OPSEC is practiced during all phases of operations. OPSEC is a capability that identifies and controls critical information, indicators of friendly force actions attendant to military operations, and incorporates countermeasures to reduce the risk of an adversary exploiting vulnerabilities. In addition, the adversary could compile and correlate enough information to predict and counter US operations.

b. Commanders cannot limit their protection efforts to a particular operational area or threat. With continuing rapid advancement and global use of communications systems and information technology, easily obtainable technical collection tools, and the growing use of the Internet and various social and mass media outlets, the ability to collect critical information virtually from anywhere in the world and threaten US military operations continues to expand. To prevent or reduce successful adversary collection and exploitation of US critical information, the commander should formulate a prudent, practical, timely, and effective OPSEC program. Additionally, the commander’s OPSEC program must establish, resource, and maintain formal OPSEC programs. The commander should formulate these OPSEC programs to be prudent, practical, timely, and effective.

c. In OPSEC usage, an indicator is data derived from friendly detectable actions and open-source information that adversaries can interpret and piece together to reach conclusions or estimates of friendly intentions, capabilities, or activities. Selected indicators can be developed into an analytical model or profile of how a force prepares and how it operates. An indication is an observed specific occurrence or instance of an indicator. OPSEC indicators are friendly detectable actions and open-source information that can be interpreted or pieced together by an adversary to derive critical information.

d. Adversary intelligence personnel continuously analyze and interpret collected information to validate and/or refine the model. As adversary analysts apply more information to the analytical model, the likelihood increases that the analytical model will replicate the observed force. Thus, current and future capabilities and courses of action (COAs) can be revealed and compromised. Critical information consists of specific facts about friendly intentions, capabilities, and activities needed by adversaries to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment. Critical information can be either classified or unclassified.

e. OPSEC considerations must also be observed while working with interagency partners.