A recent rollout of new Operations Security (OPSEC) training requirements for all DoD personnel has been met with a high degree of uncertainty, with many personnel unsure if they need to take it and one module already withdrawn from the training website for updates.
In a July 20 memo, Secretary of Defense Mark Esper announced new OPSEC training requirements for all DoD personnel, including service members, DoD civilians and DoD contractors working on site. The updated training requirements followed Senate testimony where Esper told lawmakers he’d launched an investigation into a recent unauthorized disclosure of information to the New York Times.
The training, which is publicly available through the DoD’s Center for the Development of Security Excellence (CDSE), consists of four web modules and a video of Secretary Esper. The memo directs employees to watch the video and complete the four modules within 60 days.
But many security officers report they’re unclear which DoD contractors are required to take the training – particularly with many who may previously have been ‘on-site’ now working remotely.
The other issue came with criticism of the first module, OPSEC Awareness for Military Members, DoD Employees and Contractors. Because the training is publicly available, critics quickly honed in on a section which seems to refer to members of the press as ‘adversaries.’ While in initial requests for public comment, the DoD doubled down on the language. Esper later directed the term adversaries be changed to ‘unauthorized recipients.’ The training module has since been removed from the CDSE website, and as of August 1, remains unavailable for completion.
OPSEC Training for Who?
The initial training announcement was met with confusion as to who was considered an ‘on-site contractor,’ particularly in pandemic working environments where contractors who may typically be on site are now temporarily working remotely. Facility Security Officers with contract companies are largely reporting they’ve received no notification about the training from their government security representatives, but have been told the management of the training will trickle down from Cognizant Security Officers (CSO) with the government, and only be required for individuals currently on-site.
The training itself is not new. It consists of training modules that have been around since 2010. While some of the modules were required for certain personnel, the July 20 memo expands the requirement to all DoD personnel. If you’re a DoD civilian or military personnel, your CSO should be providing accountability for those training requirements. It’s worth noting personnel will need to keep and save a copy of the certificate of completion because completion is not tracked by the CDSE website.
More Training Hours…really
Government personnel are already sacked with significant amounts of required training. According to the 2018 Training Industry Report by Training Magazine, government and military organizations spend the most per learner, at $1,433 per learner. The same survey found that large employers (which includes the federal government) averaged 49.3 hours of training per year – that’s more than one week every year spent just in required training.