Whether you’re a government contractor or service member, operations security is a term you’re likely well aware of. And for good reason.
Years ago, the government learned that they were chasing spies when all they really needed to do was tighten up on unauthorized releases of information. These releases were done innocently enough. For instance, film loops were shown at conferences that had not been reviewed by security personnel. Photos were published which suggested new technologies in the works. Company briefers were not themselves advised what they could and could not reveal. Questions from legitimate sources such as newspapers, radio, and television unearthed items which should not have been told. The failure to check on supply systems gave away information which intrepid observers could call into news reporters. Not a single spy was involved. As the little possum Pogo said, “We have met the enemy, and it is us!”
So what is an OPSEC Plan? The answer is in the word. It you are part of a government operation, be it making something or planning something, be sure critical information is protected. Simple as that.
What Falls Under OPSEC?
If you have critical information which, if compromised, would cause your cleared mission to fail, you must protect it. But wait, you ask, isn’t that what all the security disciplines, such as industrial, personnel, and foreign disclosure are all for? In part, yes. But what about all those other unclassified revelations which your company will pour out? Unclassified? Yes! Consider any Sherlock Holmes story. An aggregate of trifles leads the great detective to the solution of the crime. Isn’t this what OPSEC hopes to protect? Doesn’t a good OPSEC plan protect our critical information, which could compromise our classified mission, by protecting unclassified details which might lead to that unwitting betrayal? For instance, if I have published an unclassified bus schedule for my personnel in a dangerous area, doesn’t this give the adversary a chance to plan an ambush? What if I show our future plans in a well-drawn poster displayed at a trade show? Who cleared this? Has someone taken the time to see whether this gives away something we don’t want the world to know about our current research? And what about those badges? Do they reveal something the layman might find of interest when worn to a restaurant? Simple revelations, all unclassified, but all potentially dangerous which might compromise our mission.
Writing an OPSEC plan takes time, expertise, and money. Companies can include the costs for plans in their bid for the government contract. This future planning is critical to be compliant with new Trusted Workforce 2.0 initiatives, because while there are relatively few spies, there are myriad ways to compromise critical program information innocently.