operational security on:
[Wikipedia]
[Google]
[Amazon]
Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
The term "operations security" was coined by the
National Security Decision Directive 298Purple Dragon: The Origin & Development of the United States OPSEC Program
NSA, 1993.
Operations Security (JP 3-13.3)
PDF U.S. DoD Operations Security Doctrine. * *
U.S. Government OPSEC siteOperation Security Professional's OrganizationHow to Conduct an OPSEC Assessment
Information operations and warfare Espionage Cybersecurity engineering
Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
The term "operations security" was coined by the United States military
The United States Armed Forces are the Military, military forces of the United States. U.S. United States Code, federal law names six armed forces: the United States Army, Army, United States Marine Corps, Marine Corps, United States Navy, Na ...
during the Vietnam War
The Vietnam War (1 November 1955 – 30 April 1975) was an armed conflict in Vietnam, Laos, and Cambodia fought between North Vietnam (Democratic Republic of Vietnam) and South Vietnam (Republic of Vietnam) and their allies. North Vietnam w ...
.
History
Vietnam
In 1966, United States Admiral Ulysses Sharp established a multidisciplinary security team to investigate the failure of certain combat operations during theVietnam War
The Vietnam War (1 November 1955 – 30 April 1975) was an armed conflict in Vietnam, Laos, and Cambodia fought between North Vietnam (Democratic Republic of Vietnam) and South Vietnam (Republic of Vietnam) and their allies. North Vietnam w ...
. This operation was dubbed Operation Purple Dragon, and included personnel from the National Security Agency
The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
and the Department of Defense
The United States Department of Defense (DoD, USDOD, or DOD) is an executive department of the U.S. federal government charged with coordinating and supervising the six U.S. armed services: the Army, Navy, Marines, Air Force, Space Force, ...
.
When the operation concluded, the Purple Dragon team codified their recommendations. They called the process "Operations Security" in order to distinguish the process from existing processes and ensure continued inter-agency support.
NSDD 298
In 1988, PresidentRonald Reagan
Ronald Wilson Reagan (February 6, 1911 – June 5, 2004) was an American politician and actor who served as the 40th president of the United States from 1981 to 1989. He was a member of the Republican Party (United States), Republican Party a ...
signed National Security Decision Directive (NSDD) 298. This document established the National Operations Security Program and named the Director of the National Security Agency as the executive agent for inter-agency OPSEC support. This document also established the Interagency OPSEC Support Staff (IOSS).
Private-sector application
The private sector has also adopted OPSEC as a defensive measure againstcompetitive intelligence
Competitive intelligence (CI) is the process and forward-looking practices used in producing knowledge about the competitive environment to improve organizational performance. Competitive intelligence involves systematically collecting and anal ...
collection efforts.
IT security
NIST SP 800-53 defines OPSEC as the "process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities."See also
* For Official Use Only – FOUO *Information security
Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
* Intelligence cycle security
*Security
Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...
* Security culture
* Sensitive but unclassified – SBU
* Controlled Unclassified Information - CUI
* Social engineering
References
Further reading
National Security Decision Directive 298
NSA, 1993.
Operations Security (JP 3-13.3)
PDF U.S. DoD Operations Security Doctrine. * *
External links
*{{YouTube, id=6dw-4eCo0o8, title=Espionage Target You - DoD Film on Operational SecurityU.S. Government OPSEC site
Information operations and warfare Espionage Cybersecurity engineering