SUBCOURSE IT 0464
EDITION B
US ARMY INTELLIGENCE CENTER OPERATIONS SECURITY
OPERATIONS SECURITY Subcourse Number IT 0464 EDITION B U.S. Army A rmy Intelligence Intelligen ce Center Fort Huachuca, AZ 85613-6000 5 Credit Hours Edition Date: June 1999 SUBCOURSE SUB COURSE OVERVIEW OVERVIEW This subcourse subcourse is i s designed to teach you the basic procedures procedu res involved with implementing implementing the US Army's operations security secur ity (OPSEC (OPSEC)) program. Contained within this subcourse is instructi ins truction on on the OPSEC OPSEC Planning Sequence, why OPSEC must be practiced by all members of the Army to include Department of the Army (DA) civilians and contractors, and how the success or failure of OPSEC directly influences the accomplishment accompl ishment of the unit's mission. There are no prerequisites for this subcourse. This subcourse reflects reflect s the doctrine doctri ne which was current at the time the subcourse was prepared. In your own work situation, always refer to the latest publications. Unless stated otherwise, masculine masculine nouns and pronouns do not refer exclusively to men. TERMINAL LEARNING OBJECTIVE ACT AC TIONS:
You You wil willl iden identi tify fy all all com compo pon nents ents of the the OPSEC Pla Plannin nning g Seq Seque uenc nce, e, cond conduc uctt anal analys ysis is of collecte c ollected d OPSEC OPSEC data, identify gaps in the OPSEC OPSEC data base, conduc t vulnerability assessment and risk analysis, develop and document OPSEC OPSEC measures, measures, implement OPSEC measures, and determine OPSEC evaluation procedures.
COND CONDIITIONS: ONS:
You You will be given given narrativ narrative e infor informati mation on and and extracts extracts from from AR 530-1 and FMs FMs 34-1 and 34-60.
STA STAND NDA ARD:
You You will will initi initiate ate an OPSE PSEC progra program m in in accord accordanc ance e with with the the provis provision ions s of AR AR 530 530-1. -1.
i
IT 0464
TABLE OF CONTENTS SECTION
PAGE
Subcourse Overview
i
Lesson 1 Operations Security Instructional Content
1- 1
Part A Introduction to OPSEC Practi ce Exercise 1 Answer Key and Feedback
1- 3 1- 6 1- 7
Part B OPSEC Planning Sequence Step 1
1- 9
Step 1: Prepare an OPSEC Estimate of the Situation Practi ce Exercise 2A Answer Key and Feedback
1- 9 1 - 19 1 - 20
OPSEC Planning Sequence Steps 2 and 3 Practi ce Exercise 2B Answer Key and Feedback
1 - 21 1 - 26 1 - 28
OPSEC Planning Sequence Steps 4 thru 7 Practi ce Exercise 2C Answer Key and Feedback
1 - 29 1 - 31 1 - 35
Appendix A: Operations Security Annex Format
A-1
Appendix B: Possible Indicators of Attack and Defense
B- 1
Appendix C: Operations Security Evaluation Checklist
C-1
Appendix D: Example Countermeasures Worksheets
D-1
Appendix E: OPSEC Plan Format
E-1
Appendix F: Operations Security Estimate
F-1
Appendix G: Acronyms
G-1
IT 0464
ii
LESSON OPERATIONS SECURITY INSTRUCTIONAL CONTENT CRITICAL CRITICAL TASKS: 301-372301- 372- 2015 301-372-2012 301-372-2017 301-372-2020 301-372-2100 301-372-2151 301-372-2200 301-372-2400 301-372-2404 301-372-3017 301-372-3019 01-3381.41-4004 01-3397.45-5002 OVERVIEW LESSON DESCRIPTION: In this lesson, you will learn how to systematically implement implement and evaluate a viable OPSEC OPSEC program that is i s relevant and pertinent at all DA echelons. echelons. TERMINA TERMINAL L LEARNIN ARNING G OBJECT OBJECTIVE IVE: TASKS:
Identif tify all all comp compon onen ents ts of the OPSEC Planning ing Sequence nce, cond conduc uctt an analys alysis is of collec ted OPSEC OPSEC data, identify gaps in the OPSE OPSEC C data base, conduct conduc t vulnerability vulnerability assessment and risk analysis, develop and document OPSEC measures, implement OPSEC measures, and determine OPSEC evaluation procedures.
COND CONDIITION:
You You will will be given given narra narrativ tive e info inform rmati ation on and and extra extracts cts from from AR 530-1 530-1 and and FMs FMs 34-1 and 34-60.
STA STAND NDA ARD:
You You will will initi initiate ate an OPSE PSEC progra program m in in accord accordanc ance e with with the the provis provision ions s of AR AR 530-1. 530-1.
1 -1
IT 0464
REFE RE FER RENC NCE ES:
The The mate material rial contain contained ed in this this lesson lesson was was deriv derived ed from from the the followi following ng publicatio publications: ns: AR 530-1, Operations Security, Securi ty, 3 Mar 95. AR 361-20, US Army Counterintelligence Activities, Activit ies, Apr 87. FM 34-10, Division Intelligence and Electronic Warfare Operations, Nov 86. FM 34-60, Counterintelligence, Oct 95. FM 100-5, Operations, Jun 93. FM 101-5, 101- 5, Staff Organization and Operations, May 97. TRADOC PAM 525-6, Operations Security, May 81. JCS Pub Pub 18, Operations Security, Securit y, Dec 82. Joint Pub 3-57, Joint Doctrine For OPSEC, 24 Jan 97
IT 0464
1 -2
INTRODUCTION The Deputy Chief of Staff for Operations (DCSOPS (DCSOPS), ), G3/S3, has primary staff responsibili ty for OPSEC OPSEC.. However, to be totally successful in denying information concerning friendly operations to the enemy's all-source intelligence collection effort, OPSEC must be a joint effort of both the operations personnel and the intelligence personnel within a command. command. It is essential that you have a good understanding and working knowledge of the OPSEC OPSEC Planning Planning Sequence Sequence and the role you will play in i n support of that process. This lesson lesson has two parts: pa rts: Part A: Introduction to OPSEC OPSEC.. Part B: B : OPSEC Planning Sequence. After each part, there there is a practice practic e exercise. Answer all the questions on each practice pract ice exercise and check your answers. Do N NOT OT go on until you answer all questions questions corre ctly. PART A: INTRODUCTION TO OPSEC Operations Security (OPSEC) as outlined in US Army doctrine is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: a. Ide Identify ntify those those actions that can be be observed observed by advers adversary ary intelligence intelligence systems. systems. b. Deter Determin mine e indicators indicators hostil hostile e intelli intelligen gence ce system systems s might might obtain obtain tha thatt could could be interpreted interpreted or pieced together to derive critical information in time to be useful to adversaries. c. Select Select and execute execute measure measures s that eliminat eliminate e or reduce to an acceptable level level the vulne vulnerabilities rabilities of friendly actions to adversary exploitation. exploitation. OPSEC OPSEC is not an overall overal l management program. prog ram. (OPSEC (OPSEC and other securit secu rity y programs pro grams such suc h as information, signals, and documents coupled with the security securit y discipl d iscipl ines such as Human IIntelligence ntelligence (HUMINT), Signals Intelligence (SIGINT), or Imagery Intelligence (IMINT) are all involved with protection of information.) However, the principal characteristics that distinguish OPSEC from other related programs are its broad scope and concern with all exploitable information, not just classified. OPSEC OPSEC is descr ibed in i n AR 530-1, as "The process of denying adversaries information in formation about friendly capabilities and intentions, by identifying, controlling, and protecting indicators associated with planning and conducting military militar y operations and activities. acti vities. Its ultimate ultimate objective is to prevent an enemy enemy from obtaining sufficient information to predict, and thus be able to degrade, friendly operations or capabilities." For you to fully understand and properly implement implement OPSEC OPSEC in your unit, or assist a supported supp orted command in developing its own OPSEC OPSEC program, you should read and have on hand the following references:
1 -3
IT 0464
•
AR 530-1, dated 3 March Marc h 1995, "Operations Security", outlines the minimum minimum standards for f or command's OPSE OPSEC C program by stating s tating the regulatory requirement requi rements s for such programs. It also outlines requirements to be fulfilled by major c ommands ommands (MACOM) (MACOM) and Department of the Army (DA) level agencies. This regulation regula tion also discus di scusses ses the relationship relation ship between OPSEC OPSEC and other US Army security programs such as physical security, electronic security, and military deception.
•
TRADO TRADOC C Pam 525-6, 525- 6, dated 1 May 1981, "Operations Security", Secur ity", provides p rovides a basic basi c "how to" for implementing implementing some of the regulatory requirements. requirements. This document document may prove useful to planning staffs. It was issued prior to the development development of FM 34-60 and was one of the documents that assisted the OPSEC OPSEC planning process. p rocess.
•
FM 34-1, dated 24 September 1994, "Intelligence and Electronic Electro nic Warfare Operations (IEW) (IEW) ", discusses some specifi c OPSEC OPSEC functions and considerations conside rations as a s they relate to IEW IEW operations.
•
FM 34-60, dated 3 October 1995, "Counterintelligence", describes counterintelligence (CI) functions to include i nclude information on the OPSEC OPSEC process. FM 34-60A(S), details specific speci fic counterHUMINT, counter- SIGINT, and counter-IMINT measures, and how these operations tie into the overall OPSEC planning cycle.
•
JCS Pub 18, dated December 1982, "Operations Security", provides joint policy and guidance for OPSEC OPSEC for use by the military departments and services. Unified and specified commands, defense agencies, and joint activities as needed in the conduct of daily activities, in preparation of their respective plans and functions.
As already stated, AR 530-1 is the basic regulatory guidance for the establishment and conduct of OPSEC OPSEC programs. Some of the basic requirements for the DA are as follows: •
All commanders will establish OPSEC as a command emphasis item.
•
All commanders will ensure that appropriate appro priate OPSEC OPSEC measures measures are implemented for all operations, exercises, and activities.
•
All commanders commanders (down to battalion ba ttalion level), level), will appoint an organizational OPSEC OPSEC officer office r (commissioned officer, warrant officer, E-6 or above, or GS-7 or above).
•
All commanders will ensure that command c ommand OPSE OPSEC C programs are examined examined during Inspector General General (IG) Inspections, or other command inspection inspecti on visits.
•
•
All commanders will institute command-wide OPSEC OPSEC training. An OPSE OPSEC C Annex is required to support suppor t plans pl ans for operations, exercises, technology, or other activities that are of interest to foreign intelligence.
As with any military program, the commander commander has overall responsibility responsibilit y for f or OPSEC within his/her command. We have already discussed dis cussed the need for the commanders emphasis emphasis so that the program will be effective. Even though the commander commander has overall overall responsibil ity, the staff responsibility responsibili ty for OPSEC OPSEC is passed down to the G3/S3. This is because OPSEC OPSEC is an operations function.
IT 0464
1-4
This does not mean that the G2/S2 has h as no OPSEC OPSEC mission. On the contra con trary, ry, most of the OPSEC OPSEC functions at Echelons Corps and Below (ECB) (ECB) will be shared equally by the G3/S3 and the G2/S2. G2/S2. As we discuss the OPSEC Planning Sequence, we will clearly define who does what along with how the two staffs staff s must work together. toge ther. The OPSEC OPSEC Management and Analysis Analysi s Section, Sectio n, under current Tables of Organization and Equipment (TO&E), has been broken down into the OPSEC staff element and CI analysis section-one working for each staff section instead of concentrating all OPSEC assets under the G2/S2. Under the Army of Excellence (AOE) TO&E, these two sections have been established at the division and corps cor ps levels. Some units, although not under AOE, AOE, have nevertheless established establ ished these two sections. sectio ns. The majority of OPSEC OPSEC related tasks at division and co rps will be performed by these eleme elements. nts. Specific Specifi c duties are as follows: 1. OPSEC Staff Element: The OPSEC OPSEC Staff Element Element is provided to assist assi st the G3 in fulfilling fulfilli ng the unit's OPSEC OPSEC responsibilities. responsibil ities. This section performs per forms the overall management management and supervision of OPSEC OPSEC within the command command.. It works closely with the CI Analy Analysis sis Section to develop develop and implemen implementt an effective OPSE OPSEC C program program.. The The OPSEC OPSEC Staff Staff Elem Elemen entt is also also respons responsible ible for preparing preparing,, upd updatin ating g and disseminating dissemin ating the unit's OPSEC Standing Standi ng Operating Operatin g Procedures (SOP). They will also al so develop, implement and super- vise OPSEC OPSEC training trai ning progr p rograms ams within the command. The chief chie f of the OPSEC OPSEC Staff Element will normally be designated as the unit's OPSEC OPSEC officer. offic er. This then becomes a primary function rather than an additional duty. 2. CI Ana Analy lysis sis Sectio Section: n: The The CI and and C-HUM C-HUMIINT mul multid tidisci isciplin pline e asse assets ts of the the analy analysis sis and control control element element (ACE) (ACE) are under the staff supervision of the G2 at theater, corps, and division d ivision levels. Theater Theater ACE staffing is provided from the operations operations battalion of the th theater eater Ml brigade. Corps ACE staffing is provided from the corps MI brigade headquart headquarters ers and operations battalion. Division Division ACE staffing if provided by personnel assigned to the headquarters company of the divisional MI battalion. In addition to CI personnel, an all-source mix of single discipline analysts is sometimes required for interpretation to produce produce the the CI analyt analytical ical products products requir required ed for interpre interpretatio tation n to produce produce the CI analytica analyticall products products required required by the commande commanderr at each echelon. echelon. CI products are also criti cal to the function of the G3 OPSEC OPSEC and deception cells as well. This section provides valuable input to the unit's OPSEC OPSEC program by working closely with the OPSEC OPSEC Staff Element Element during the OPSEC OPSEC Planning Planning Sequence. Sequence. They provide the intelligence intelligence related support to the OPSE OPSEC C program program by identifying identifying and assessing assessing the risk s that hostile foreign intelligence collection will have on the outcome of friendly unit operations. As intelligence personnel, you may find yourself assigned to either of the above sections. To perform perform efficien effi ciently, tly, you must be the expert on how the OPSEC OPSEC Planning Sequence works. As a recommended reco mmended additional resource to assist the above sections with OPSEC duties as well as providing support to OPSEC at other echelons, an OPSEC Committee should be established. 3. OPSE OPSEC C Comm Committ ittee ee:: Althou Although gh tthe he O OPS PSEC EC commit committe tee e is not a regula regulatory tory require requireme ment nt,, it is a good idea idea to set one up to assist assist in the effectiv effective e performa performance nce of OPSE OPSEC C dutie duties. s. Repre Represe senta ntativ tives es with expertise in all areas of the command should be included in all committee activities. Each primary staff and all sub-staff elements must must be represented. This allows for better coordination coord ination of OPSEC OPSEC activities activi ties throughout the the command. command. It also provides a valuable source for outside assistance. The above staff sections and personalities have certain responsibilities assigned to them, all of which we will discuss discu ss later. The key to successful su ccessful OPSEC OPSEC,, as we will soon see, is to get everybody involved. i nvolved. No matter what their job is, every person does have some responsibility for OPSEC. OPSEC.
1-5
IT 0464
LESSON PRACTICE EXERCISE The following items will test your grasp of the material covered in this lesson. There There is only one correct corre ct answer for each item. When When you have have completed the exercise, check your answers with the answer key that follows. 1.
The ulti ltimate obj objec ecttive ive of of OP OPSEC is to
2.
Nam Na me thre three e OP OPSEC requ requir irem eme ents nts as as stat stated ed in in AR AR 530-1 530-1.. A. B. C.
3.
The The ___________________________ is provide provided d to assist assist the the G3 in fulfil fulfilling ling the units units OPS OPSEC EC responsibilities.
4.
The The CI CI Ana Analys lysis is Section, Section, u und nder er the the direct direct superv supervisio ision n of the ____________, is part of the thea theater ter,, corps and division level ACE.
5.
Althou Although gh the the OPS OPSEC EC Comm Committ ittee ee is not a ______________________________, ______________________________, it is a good good idea idea to set one up to assist in the ________________ of OPSEC duties.
1 -7
IT 0464
LESSON PRACTICE EXERCISE ANSWER KEY AND FEEDBACK Item
Correct Answer Feedback
1.
To pre prevent an enemy fro from obta btaini ining suff ufficie icien nt inf infor orm matio ation n to pr predic edictt, and thus be abl able to degrade, friendly operations or capabilit capa bilities. ies. (page 1-3, para 8). 8).
2.
See page 1- 4.
3.
OPSEC Staff Element. ((p page 1- 5, para 2).
4.
G2. (page 1- 5, para 3).
5.
Regulatory re requirement; effective performance (page 1- 5, 5, para 5) 5).
IT 0464
1 -8
PART B: OPSEC PLANNING SEQUENCE STEP 1 The OPSEC OPSEC Planning Planning Sequence Sequence is a systematic process encompassing all aspects of securi ty and common sense. It involves involves continuous planning, data collec tion, analysis, reporting, and execution of orders and instructions. The planning sequence sequence is cyclic in nature, taking into consideration consi deration the changing nature of both the threat threat and friendly vulnerabilities. It should should be applied to all US Army Army operations, elements elements in garrison, field training exercises in i n peacetime, and operations in wartime. We will discuss in i n great detail the recommended steps that can be followed to provide p rovide good OPSEC. OPSEC. Although not all inclusive, inclu sive, they do serve as a point of departure. Keep in mind that these steps may be brief or o r in detail, depending on the complexity and sensitivity of the activity. STEP 1: PREPARE AN OPSEC ESTIMATE OF THE SITUATION. OPSEC OPSEC Estimates: An OPSEC OPSEC Estimate would be b e prepared prepa red as soon so on as it is known kn own that an a n operation operat ion or or activity activi ty is to be undertaken and periodically periodi cally during the planning, preparation, preparatio n, and execution phases. The general planning problem is how to gain advantage and avoid harm from inevitable adversary assessments assessments about friendly intentions i ntentions and military capabilities. capabi lities. Therefore, Therefore, an OPSEC OPSEC data base must be developed. Before a unit can implement i mplement the other 6 steps within w ithin the OPSEC OPSEC Planning Sequence and develop OPSEC OPSEC measures, it is necessar ne cessary y to develop the OPSEC OPSEC data base. ba se. It contains contai ns the hostile intelligence service (HOIS) collection collec tion threat and the friendly force for ce pro file. A comprehensive comprehensive OPSE OPSEC C data base is absolutely essential if effective analysis is to occur. We must develop detailed information on both the threat and friendly for ce. The OPSEC OPSEC data base is developed from pattern analysis of recent operations, operations orders, readiness plans, study directives, signals operating instructions (SOI) counterintelligence reports along with similar documents and details relevant to the operation or activity. Without this information, the planning sequence may as well stop because the operation or activity will only be applying OPSEC haphazardly and most likely will not be protecting the key friendly indicators. All staff elements elements contribute contrib ute to the development development of the data base. All data contained in both parts of the OPSEC data base which identify the hostile intelligence collection threat and identify the friendly force profile must be systematically organized and cross-referenced for quick access and easy use. Discussed later in the ttext ext a some methods methods for systematically organizing and cross- referencing which will assist in conducti c onducting ng OPSEC OPSEC analysis, developing effective effec tive OPSEC OPSEC measure measures, s, and ultimately protecting friendly indicators. Identify the Hostile Hosti le Intellige Intelligence nce Collection Collecti on Threat: Threat: Identifying the hostile intelligence collection threat is the first part p art of o f the OPSEC OPSEC data base. This is an intelligence function funct ion perfo rmed by the CI Analysis Section (See Figure Figure 1-1). They They are responsible for developing and maintaining maintaining the hostile intelligence collection capabilities portion of the OPSEC data base. They must coordinate with the G2, the All-Source Production Section (ASPS), and the ACE for the collection and processing of information information for inclusion in this portion of the data base. base.
1 -9
IT 0464
Figure 1-1. CI Analysis Section. Sect ion. The ASPS already maintains a threat data base which contains c ontains all information on the opposing enemy unit(s). For OPSE OPSEC C purposes, we are interested only in their their intelligence coll ection ectio n threat capability. capabil ity. So naturally, the first place counterintelligence (CI) personnel should go for this type of information is the ASPS. The ASPS will provide pr ovide the majority majorit y of the threat informatio info rmation n for the OPSEC OPSEC data base. This information can be used as a basis for developing further information from other sources. The threat data will be as detailed as possible and will not only contain in- formation on who is collecting against friendly forces and how they are doing it, but also with what types of collectors and their actual capabil ities. Once the information is collected coll ected from the various sources, the C CII Analysis Section analyzes it as it applies to OPSEC in order to form an assessment of the hostile collection capability. The intelligence collection threat facing the US Army today is all-source, multidisciplined and extremely aggressive. As you already know, the Intelligence Intelligence collecti on threat can be broken brok en down into three basic disciplines: Human Intelligence (HUMINT); Signals Intelligence (SIGINT); and Imagery Intelligence (IMINT). It is absolutely essential that the CI Analysis Section develop and maintain the data base with the threat targeted against your unit. Consider the unit’s current location loc ation and contingency conti ngency mission to determine the requirements. requirements. If the unit is facing North Korea, the data base will naturally contain the appropriate threat posed by them. In some some cases, the the data base will deal with US equipment equipment and tactics tactic s being used by former Allies. So, when when we we state that the hostile threat is multidisciplined, multidiscip lined, we mean mean that all three collection disciplines are meshed together to provide a clear picture of the units operations from all points of view. Additionally, one discipline discipli ne is used to complement complement another. The expression all-source all- source means that collection systems, ranging from highly technical overhead platforms, to less technical ground based systems, down to the human human eye, eye, are tapped to provide Intelligence information. A quick study s tudy of these disciplines will provide the unit with a basis to properly analyze this enormous threat in order to determine the nature, nature, scope, and magnitude of the enemy's intelligence collecti col lection on means targeted against against friendly forces. Human Intelligence: Human Intelligence: HUMINT HUMINT is simply the collecti col lection on of information using human sources. Hostile governments consistently utilize varied HUMINT techniques to collect information on friendly forces. Some of the methods, although completely overt in nature, nevertheles nevertheless s yield tremendous returns. Examples Examples of human sources include, i nclude, but are not limited to, t o, the following:
IT 0464
1-10
Representatives Representatives of foreign fo reign governments: These These sources include i nclude diplomats, di plomats, military attaches, other embassy personnel and United Nations employees.
Foreign students and scientists: it is i s well known that HUMINT HUMINT collectors collec tors have been inserted into countries using the above named positions. Attendance at scientific scientifi c trade tr ade shows and conferences conferences provide additional opportunities opportunities for collection activities to occur.
Merchant sailors: Soviet merchant ships literally make thousands of port calls in the US and allied countries each month. month. They They are routinely given 29 day visas at their first port of embarkation in the US, thus thus they are able to travel t ravel freely anywhere in the country without any restrictions or limitations. limitations.
Open source: The most readily available source of HUMINT HUMINT derived intelligence i nformation comes from the wide variety of open source printed material put out in the US and other allied countries. A great deal of information can be collected colle cted through the US Governme Government nt Printing Office and a number of publication clearing houses.
In time of war, CI personnel must also be concerned with the intelligence collection potential of many additional human sources. Some of these sources include: enemy enemy reconnaissance patrols, observation posts, listening posts, and special purpose forces. All of these these perform perform Intelligence collection colle ction missions, and can provide valuable information to the enemy enemy commander. commander. Line crossers and refugees provide additional means to infiltrate trained intelligence agents into friendly territory, as well as providing hostile intelligence collection services with a huge wealth of individuals to recruit from. Signals Intelligence: SIGI SIGINT NT collection collec tion encompasses four basic subcategories: subcategorie s: communications intelligence (COMINT), electronics intelligence (ELINT), and foreign instrumentation intelligence (FISINT). COMIN COMINT T is information derived deri ved from the study of intercepted intercep ted electromagnetic communications. COMINT COMINT probably has the greatest impact on our daily lives due to our dependency on telephones and radios. ELINT is electronics Intelligence derived from noncommunications electromagnetic radiations from equipment equipment such as radars and navigation beacons. beaco ns. FISIN FISINT T is derived from the intercept and analysis of electronically transmitted data containing measured parameters of performance, either mechanical or human. human. Measurement Measurement and signature intelligence (MASIN (MASINT) T) is scientific sci entific and technical intelligence obtained by quantitative and qualitative analysis of data derived from technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender and to facilitate subsequent identification identificati on or measureme measurement. nt. SIGIN SIGINT T poses a serious threat to the Department of the Army (DA). (DA). Modern technology has elevated elevated its effectiveness to a point where virtually all electromagnetic communications, including telephone and radio conversations, are highly vulnerable to hostile intelligence intercept. For OPSEC OPSEC data base purposes, it is easier to gather very specific specif ic information on the SIGIN SIGINT T threat than it is with the HUMI HUMINT NT threat because of the different types of collecto co llecto rs. In order to effectively perform the unit's OPSEC OPSEC duties, the data base must contain specific speci fics s on the hostile collection collec tion systems such as frequencies, accura cy, ranges, and so on. SIGIN SIGINT T collectors collec tors include Fishing trawlers: Many fishing trawlers are actually sophisti cated SIGINT SIGINT collectors. collec tors. They
commonly patrol waters in and around our fleet task forces.
1-11
IT 0464
same merchant fleet mentioned earlier also possesses a significant signifi cant SIGIN SIGINT T Merchant fleet: The same collec tion capabili cap abili ty. The SIGIN SIGINT T collectors collec tors can operate as these ships enter and depart the port area, as well as over a period of several days while the ship is anchored in port to load and unload cargo. Overhead Overhead platforms: Other sources of valuable SIGINT SIGINT collection collec tion include satellites, satell ites, Aeroflot,
civilian charter aircraft and even small private aircraft. Embassies: These These facilities facil ities are located, and not by accident ac cident either, in key areas where nearly Embassies: 100% of the country's microwave communications can be intercepted by SIGINT collectors. In addition to all of the above sources for SIGIN SIGINT T collection, collec tion, any enemy which we might might face in a future conflict confli ct will w ill be equipped with tacti cal di rection finding, find ing, intercept, and monitoring monitoring equipment. equipment. This equipment will also include that which is necessary to degrade or destroy command and control capabil ities of a unit, such as jamming. The wartime CI individual must obtain and use very detailed information in order to t o effectively effec tively counter counte r the hostile SIGINT SIGINT threat. Imagery Intelligence: Imagery Intelligence: IMINT IMINT is also a valuable collecti col lection on means available to hostile intelligence collectors. collec tors. IMINT IMI NT can be obtained ob tained from land, sea, air and space platforms. The most serious threat from hostile IMINT IMI NT resources at the strategic level l evel stems from photo reconnaissance satellites. At the tacti cal or field combat level, airborne airborne collection collec tion possesses the greatest MINT MINT threat. Imagery Imagery equipment equipment is constantly constan tly being improved technically and used in combination with sensors to enhance the quality and timeliness of the intelligence product. Hostile IMINT IMINT collec tion occurs occ urs on a daily basis. No friendly unit or activity is immune from hostile prying pryi ng IMINT collec tors. Sources of Information: Now that you have have a better understanding of the hostile threat, you need to know where to obtain obta in all the information for fo r the data base. Rem Remem ember ber that the data base must be sufficient in detail and periodically periodi cally updated to remain current. You must coordi nate the intelligence collection collect ion process at the tactical tactic al and strategic levels. As mentioned mentioned earlier, earlier, this is begun by going to the ASPS ASPS and getting everything available available on the hostile hostile intelligence col lection lecti on threat. It must must then be decided where the gaps in the the intelligence holding are and attempt to fill them. This can be accomplished accompl ished by tasking support units through the G2/S2 section. There There are any number number of sources available for collection collec tion of this information. Many of these these sources will be readily available in the the division or corps area to which you are assigned: For example, the Aerial Exploitation Battalion, interrogation interrog ation and CI teams, teams, ground sensors, as well as any SIGINT SIGINT and HUMINT HUMINT collec col lectio tion n elements. In addition addi tion to t o the above intelligence intelli gence assets, asse ts, there are many other other sources for f or current cu rrent information. inf ormation. These These include the Military Police (MP), (MP), artillery elements, elements, reconnaissance patrols patr ols and engineers. engineers. If tactical tactica l elements cannot collect col lect the information needed, needed, there are many strategic strategi c sources available. These These sources include: inclu de: Intelligence Intelligence and Security Command Command (INSCOM)(both local and their HQ), Defense Intelligence Agency (DIA), Central Intelligence Agency (CIA), National Security Agency (NSA), (NSA), and the Federal Federal Bureau of Investigation Investigation (FBI) along with other sister services. Daily, weekly and periodic reports repo rts generated by these agencies are available for review, usually at the the local Special Securi ty Office (SSO). (SSO). The key to the successful collection collec tion of threat data is to establish a viable liaison program with applicable agencies and individuals.
IT 0464
1-12
Management Management of the data base: A comprehensive comprehensive data base is absolutely abso lutely essential if effective analysis Is to occur. occu r. There There is an abundance of threat data available. As such, such, success success in identifying identif ying the hostile intelligence collection threat is based more on organizing and maintaining the data base than on collecting collec ting threat info rmation. There There are are a variety of methods available available which can be used by the analyst. Listed below are a few of the recommended methods methods for maintaining the threat data base. Card files: Maintain all information on 3x5 or 5x8 index cards; cross referencing all information
on collectors, names of individuals and organizations, affiliations, locations, incidents and so on. Cards will will be kept on all all types of collectors to include actual capabilities to collect. Cards can can be used for doctrina doc trinall and actual information. Individual cards should be maintained for each new piece of information obtained with the cross-referenced notations of similar or related cards. This method is time consuming but it will provide quick access to large volumes of related information. Threat book: Using much the same technique as discussed wi th the card files, maintain a threat Threat book containing con taining all of the threat information. Maintain separate sections of the book for the HUMINT, HUMIN T, SIGINT, SIGINT, and IMINT threats. threat s. The key diffe d ifference rence between the card car d file f ile system sy stem and the threat book is the added capability to include charts, graphs, and and photographs. Ensure Ensure that you include a means for updating and disposing of information. Graphic overlays: All information concerning the threat can be plotted graphically on a map
overlay. Separate overlays can be be used for each hostile intelligence collection collectio n discipline, discip line, or all three can be maintained maintained and integrated on one hostile collection collec tion overlay. If one overlay is used, different colo rs will be used to indicate indicat e the various threat disciplines. Overlays should contain all of the information required to perform analysis to determine friendly vulnerabilities and the risks to friendly operations. operat ions. To eliminate excessive clutter, graphic overlays should be used in conjuncti on with one of the above mentioned mentioned methods. methods. Overlays provide an excellent means means for briefing the decision decisio n maker on your recommendations. recommendations. The decision maker can visually see the threat and friendly vulnerabilities which will enable them to make better decisions. Automated data bases: All of the above methods methods can also be automated, when available or Automated feasible, for faster pro cessing, updating, and retrieval of information. The Army currently has the Microfi x computer in its i ts inventory. This can be maintained for the OPSE OPSEC C data base. The AllSource Analysis System (ASAS) (ASAS) is being developed developed for future fielding to the division and corps cor ps levels. The system will include an OPSEC OPSEC subsystem which will have the the capabil ity to perform per form or at least assist the analyst in most OPSEC OPSEC functions. Counterintelligence Operations, has additional add itional information on FM 34-60A(S): FM 34-60A(S), Counterintelligence developing and maintaining data bases. Identify Friendly Force Profile: The second part of the OPSEC OPSEC data base, the friendly force fo rce profile, profil e, plays just as an important importan t role in effective OPSEC analysis as does the threat portion. por tion.
1-13
IT 0464
Friendly force profile: Friendly force profiles are comprehensive, detailed studies of all of a unit's character isti cs. This includes the timing timing of actions taken ta ken by a unit as a whole and those of individual soldiers. Profiles contain all information which may be of intelligence value to potential or actual a ctual adversaries. Developme Development nt of these profiles requires a joint j oint effort effor t between the G3/S3, the G2/S2 and other staff personnel. It is primarily primaril y the responsibility responsibi lity of the OPSEC OPSEC Staff Element; Element; however however,, the CI CI Analysis section assists the OPSEC OPSEC Staff Element Element in the identification identificati on and development of these profiles. Once the unit profile profi le has been developed, it is maintained by the OPSE OPSEC C Staff Element Element for later late r use in analysis. Information to to be included in a friendly forc e profile includes in cludes the following: informati on on how we deploy and how we fight under normal Friendly doctri ne: All of the information conditi ons. You can obtain this information by reviewing regulations, regulations, FMs, FMs, and local SOPs. Equipment: Obtain information on all types of equipment equipment assigned to the unit, to include inc lude how its Equipment: deployed, unique characteristics, physical appearance, and any technical information relating to its operation. operation. Chronological after-action reports on past operations to include how things things Historical records: Chronological were done and why. Past compromises or security violations: Historical information on the types of Incidents, what
was compromised and the way it occurred. OPSEC evaluations: All information obtained as a result r esult of performing an OPSEC OPSEC evaluation OPSEC service. Probable friendly courses of action: In order to work through the OPSEC process for an
operation, it is necessary to have the probable friendly courses cour ses of action. Include the actual course of action act ion and all of those which which are being considered. This is obtained from the commander or G3 during his/her initial briefing for an operation. signatures, indicators, indica tors, vulnerabilities and Essential Elements Elements of Friendly Information Patterns, signatures, (EEFI (EEFI)) will also be included as part of the friendly force for ce profile. pro file. We will discuss discu ss these terms terms at great length shortly. Profile areas: All unit activities must be identified and included in the friendly force pr ofile. Profiles are developed in five areas. areas. These These five areas need need to be looked at overall as they pertain to unit operations op erations and then again as the unit organizes for a specific military operation. operat ion. The areas to be looked at are
Command Command posts and communications.
Intelligence.
Operations and maneuver.
Logistics.
Administrative and other support.
IT 0464
1-14
Unit profiles profil es must be developed in peacetime, using all available assets, and then periodicall y updated and revised as needed. needed. Updating occu rs when new equipment equipment is received, when casualties occur, o ccur, and so on. The three key components of a unit profile pro file (See Figure 1-2) are a re developed from integration of all available sources of information. Definitions are as follows: 1. Patt Patter erns ns:: Patt Patter erns ns are are stere stereoty otyped ped actions actions which which so habit habitua ually lly occur in a give given n set set of circumstan circumstances ces tha thatt an observ observer er can use use the them m as cues cues to det deter ermin mine e wha whatt capabilities capabilities,, vuln vulnera erabilit bilities ies or intentio intentions ns exist. exist. Basically Basically,, patt patterns erns are the the result of the way military military operations are conducted. Predictable patterns are caused by unit SOPs, SOPs, staff personalities personal ities and Army doctrine. doctr ine. An example example of a pattern established by many units units and easily detected by hostile intelligenc intelligence, e, is the the practice of going on radio silence just just prior to an operation. operation. To develop your units established patterns, you must study the unit activities as determined by Army Army doctrine, local SOPs SOPs,, comman commanders ders,, and so on. You must must also observe the the unit in action while conducting various types of mission-related activities. 2. Signatures: Signatures: Signatures Signatures are are the distinctive, unique unique characteristics characteristics of a unit which which result result from that units mere mere presence on the battlefield or in garrison. Signatures are detected detected because units differ in types of equipmen equipment, t, sizes, sizes, emission emission of electromagne electromagnetic tic signals, signals, deployment, deployment, and in noises and smells associated with them. them. Signatures fall into four general categories: categor ies: a. Imag Imagery ery signatures: signatures: Imager Imagery y signatures signatures are detected by various various systems which which have the capabil ity to pick up on visible light reflections, reflecti ons, as well well as heat heat from objects. Generally, Generally, signatures in the imagery imagery spectrum are pieces of equipme equipment, nt, personnel personnel and other other objects or activities. Theor Theoretically, etically, a target is detected by photography and identified by the analyst because of the five "S" formula:
size
shadow
shape
surroundings
shade
b. Elec Electro troma magn gnet etic ic signat signatur ures es:: Elect Electrom romag agne netic tic signa signatu ture res s are are cause caused d by elect electron ronic ic radiation from communications communications and noncommunicatio noncommunications ns emitters. emitters. In broad terms, terms, the detection of a specific electronic signature may may show the the presence presence of an entire unit or activity in the area. area. This This will normally cue other sensors to search the area. c. Olfactory Olfactory signatur signatures: es: Olfact Olfactory ory signatu signatures res deal deal with those those aspects aspects of a military military unit or activity which can be detected and possibly identified identified because of a peculiar odor associated with them. them. For example, diesel fuel smells different dif ferent than regular gasoline. d. Acoustical signatures: signatures: Acoustical Acoustical signatures signatures are the the result result of sounds sounds being emitted emitted by a unit. unit. They They are are broken down into two basic types: battle noise, noise, or those noises noises caused by gunfire gunfire and explosives; and sounds associated with military operations such as vehicles, equipment and installation activities.
1-15
IT 0464
3. Indicators: Indicators: Once the analyst analyst has develo developed ped the unit's unit's patterns and signatures signatures,, it is time to go back and look at the gathere gathered d informat information ion containe contained d in the the profile, profile, paying paying particular particular attention attention to the patterns patterns and signatures, signatures, to identify all of those bits of information information or actions which provide provide an indicator to the enemy enemy.. Ind Indicators icators are items items of information which reflect the the inten intentio tion n or capabi capability lity of a pot potent ential ial enem enemy y to ado adopt pt or rejec rejectt a cours course e of action action.. Indicators Ind icators are not abstract events. events. They They are are actual actions taken by a military unit or the direct result of military operations and activities. activities. Ide Identification ntification and interpretation interpretation of specific indicato rs are critical critic al tasks in intelligence operations. The friendly data base should contain a listing of generic indicators associated with your unit and all types of operations it might become involv involved ed in. This This listing can then be used later later to determine determine aspects aspects of friendly courses of action which could compromise compromise the missio mission. n. Generic Generic indicators of attack and defense are located in Appendix B of this subcourse. Critical Critica l Nodes. The development development of a complete friendly force for ce profile pro file takes a long time. Even then it is not really complete due to the constantly changing nature of military units and activities. Therefore, Therefore, it is absolutely essential that we prioritize our efforts and begin with the key elements and activities of the command. These These key activities activi ties and elemen elements ts are called critic cri tic al nodes. So, critic crit ical al nodes are the the key activities activi ties and elements within a command without which the command command could not operate. Within the the five areas of concentra c oncentra tion during profi le development, development, some of the key elements and activities we ne need ed to consider are shown below. Many of the items listed under each category are places where patterns develop and signatures exist. This list will wi ll serve as a guide to give you an an idea of those things which could be indicators: Command posts (CP) and communications:
a. Where Where are CPs CPs in relation relation to other elemen elements ts of the command command? ? b. What What doe does s the the CP CP look like? like? c. When When does the CP move in relation to other elements elements of the command? d. Is the CP surrounded surrounded by antennas antennas? ? e. What What types types of communications communications equipme equipment nt is used used and w where here is it located? f. What What kind of information is passed passed over the communicat communications ions net? What What is the volume volume? ? Are there secure nets? g. Are there there road road signs which assist assist the enem enemy y in locating headhead- quarters quarters and CPs? CPs?
Intelligence: a. Examin Examine e the frequency frequency and areas areas in which ground ground and air element elements s are tasked to gather information.
IT 0464
1-16
b. Where Where are collectors deployed? What What reporting reporting and security security procedures are they using? using? c. How are radars radars used? used? How How long long are they operational operational before re- locating?
Operations and maneuver: maneuver: a. Can tactical rehears rehearsals als and drills drills be easily easily observ observed? ed? b. Is specia speciall training training requir required? ed? IIs s this this fact protected protected appropriately appropriately? ? c. Are new new unit units s arriving arriving in the operation operational al area? area? d. What What actions are the same same when when preparing for offensive and and defensive defensive operations? operations? Do Do they show intentions?
Logistics: a. What What movem movement ents s indicate the the start start of an operation? operation? b. Are specia speciall equipme equipment nt or mater materials ials visibl visible? e? c. Where Where is prepositioning prepositioning and stock piling being done and why? why? d. Are shor shortag tages es in specific specific corps and divisio divisions ns sudde suddenly nly corrected? corrected?
Administrative and other support: a. Do thing things s chan change ge before before an operati operation on such such as wake wake up and me mess ss schedu schedule les, s, unit unit designators? b. Have Have personnel personnel on on leave leave or pass been been recalled? c. Is ther there e an increa increase se in outgo outgoing ing mail mail? ? d. How is litter litter and refuse refuse dispose disposed d of?
Now that the friendly force profile portion of your data base is completed, you have a compilation of information, and the analysis of that information, which shows you how how your unit looks and acts. You are now able to see your unit as the enemy enemy sees sees it. Developmen Developmentt of the friendly force fo rce profile profil e has always been the the major OPS OPSEC EC deficiency. deficien cy. Units fail to see the importance importance of o f developing a detailed picture of themselves. Usually they are more interested inter ested in looking look ing at the enemy. For effective effect ive OPSEC, OPSEC, we need to match the friendly indicator ind icators s to t o the threat in order to develop the best OPSEC OPSEC measures. measures.
1-17
IT 0464
Figure 1-2. Key Ingredients. Ingredien ts.
IT 0464
1-18
LESSON PRACTICE EXERCISE 2A The following items will test your grasp of the material covered in this lesson. There There is only one correct corre ct answer for each item. When When you have have completed the exercise, check your answers with the answer key that follows. If you answer any item incorrectl incorr ectly, y, study again that part of the lesson lesson which contains the portion involved. 1. The OPSEC OPSEC Planning Planning Sequence Sequence is a ______________________ process encompassing all aspects of ________________________ ________________________ and common c ommon sense. sense. 2.
The The two pas of the the OPSEC PSEC dat data a base base are and ______________________________________.
3.
Patterns Patterns are _____ __________ _________ ________ ________ _________ _________ ____ which which so habitually habitually occur in a given given set of circumstances that an observer can
4.
_________ ______________ __________ __________ ______ _ are the distinctive, unique unique characteristics of a unit unit wh which ich result result from the unit's mere presence on the battlefield or in garrison.
5.
Indicators Ind icators are not ________ ____________ _________ _________ ________ ________ _________ _________ _________ _________ _________ _________. ____. They They are _________ ______________ __________ __________ _________ _____ _ taken by a military unit or the direct result of _____________________________ and ___________________________________.
6.
Critical nodes are are the ___ ______ ______ ______ ______ ______ _____ _____ ____ _ within a command command without without which the the comma command nd could not __________________________________.
1-19
I T 0 46 4
LESSON 1 PRACTICE EXERCISE 2A ANSWER KEY AND FEEDBACK Item
Correct Answer and Feedback
1.
Systematic; security (page 1- 9, para 1).
2.
Identifyi ifyin ng th the hostile tile inte ntellig ligence nce c col olllecti ection on threat; frie frien ndly dly ffor orc ce pr profil ofile e (pa (pag ges 1-9 1-9, para ara 3 and 1-13, para 7).
3.
Ste Stereot eotyped yped act action ions; use them as cues to determ ermine what capa capabi bili liti tie es, vulnerabili biliti tie es or or intentions exist (page 1-15, para 3).
4.
Signatures (page 1- 15, para 4).
5.
Abstra tract ev events; ac actual ac actions; mi military op operation ions; act actiiviti ities (p (page 1-1 1-16 6, para 1) 1).
6.
Key activities; operate (page 1- 16, para 2).
IT 0464
1-20
PART 2B. 2B . OPSEC PLANNING SEQUENCE SEQUENCE STEPS 2 AND 3 STEP 2: ISSUE OPSEC PLANNING GUIDANCE. It is within this step of the OPSEC OPSEC Planning Planning Sequence that it becomes necessary to further analyze the friendly force profile in relation to the current friendly course of action to develop develop an initial initial listing of essential elements elements of friendly friend ly information informati on (EEFI) (EEFI).. EEFI EEFI are questions about fr iendly intentions intention s and military capabilities likely to be asked by the opposing planners and decision makers in competitive circumstances. circ umstances. Answers to the EEFI EEFI provide key information info rmation that adversary planners and commanders need to know about friendly frie ndly intentions and capabiliti capa bilities. es. At this point, the list of EEFI EEFI is nothing more than than a laundry list. The list is based on the commanders commanders concep t of the operation and the friendly force for ce profile. profil e. It contains all information which should should be protected, protec ted, not just just those bits of information which are critica crit icall to the success of the operation. This list will be further refined during the analysis that is performed later on, so that you end up with the true EEFI EEFI for the operation. operat ion. The key point to remember about EEFI is that they will priori p rioritize tize and identify the profiles on which the OPSEC OPSEC Planning Planning Sequence should concentrate. STEP 3: IDENTIFY PROTECTIVE MEASURES. Identify Friendly Force Vulnerabilities: Vulnerabilities: The CI Analysis Analysis Section, Sect ion, with assistance from the OPSEC OPSEC Staff Element, has the primary responsibility far performing the vulnerability assessment to identify the friendly force vulnerabiliti vulnerabilities. es. The vulnerabilit vulnerability y assessment is performed to determine which friendly indicators indica tors are most vulnerable to hostile collection efforts. Vulnerabilities are those profiles which disclose indicators of a unit's planning or operational procedures which, unless adequate adequate OPSEC OPSEC measur measures es are impleme i mplemented, nted, will be detected by hostile collectio col lectio n resources. If collected, collect ed, these vulnerabilities vulnerabilities could compromise c ompromise the commanders commanders EEFI, EEFI, thus jeopardizing the success of the planned operation or mission. A vulnerability exists whenever the enemy has the capability to collect information on our forces (date, time, location, and type of unit or activity), and process the information in time to react in a manner which could affec t the outcome of the operation or mission. During the vulnerability assessment, you will compare the the friendly force profile to the hostile hostile intelligence intelligence collection capabili ties to identify unit vulnerabilities. Depending Depending upon the the current situation, situa tion, you may may compare the entire friendly pro file to the threat, as it is done during peacetime, in garrison; or you may only compare that portion of the profile concerned with w ith the current c ombat operation. No ma matter tter how much much of the profile is used, the comparison is still s till completed. c ompleted. The area where the two overlap are the the friendly vulnerabilities. To break the vulnerability assessment process down a little farther, there are a number of things to look at in order to identify vulnerabilities. vulnerabilitie s. Normally, you will begin by comparing the date and time of an operation and the the location of the hostile hostile collector to the friendly profile or that portion of the profile relating to the operation. Eliminating those collectors collector s that do not initially initiall y match up, you will next look at each remaining remaining collector to determine if they can actually collec t the displayed indicator. Once you have determined that you still have a vulnerability, take a look l ook at the amount of time it takes take s for the enemy enemy to process the information and react to it. i t. Identified vulnerabilities vulnerabilities that are essential to the success of the operation and those which must be protected will become part of the commanders EEF EEFI. I. All identified vulnerabilities may not become EEFI EEFIs. s. It will depend upon their importance to the mission. This list of of EEFI is a reduced version of the one you dealt
1-21
IT 0464
with during the previous step to the OPSE OPSEC C Planning Planning Sequence. Sequence. This list is no longer a generic laundry l aundry list. It is very specific to the current operation. operat ion. As you identify each vulnerability, vulnerability, lit it on the OPS OPSEC EC measures measures worksheet, which is the exact same thing thing as the countermeasur c ountermeasure e worksheet located lo cated in Appendix D. When When listing these vulnerabilities, the OPSEC OPSEC Staff Element Element ranks them according accord ing to their importance to the operation and the CI Analysis Section contributes by ranking them according to susceptibility to collection (the more collectors, the higher the susceptibility). Perform Risk Risk Analysis and Select EEFI EEFI: Risk analysis is i s the act of determining the risks to operations operat ions when no OPS OPSEC EC measures measures are applied to protect p rotect friendly vulnerabilities from enemy enemy intelligence collection; collec tion; and then comparing the costs cost s of implementing implementing identified OPSEC OPSEC measures measures to their probable pr obable effectiveness. Costs are measured measured in terms of time, equipment, equipment, funds, and/or manpower. manpower. Determining Determining the risks to an operation when no OPSEC measures are applied is the first task to be accomplished during risk analysis. The OPSEC OPSEC Staff Element Element performs this task with whatever assistance is needed from the CI Analysis Section and other operations personnel. Each ranked vulnerability on the OPSEC OPSEC measures measures worksheet is looked at a t closely clo sely to determine the impact that hostile collecti col lection on would have on the outcome outcome of the operation. There There are many many factors which can effect the risks to an operation, but basically risks are increased when:
Enemy force lethality increases.
Warning time decreases.
Num Number ber of enemy options increases. i ncreases.
Number of friendly options decreases.
Enemy's Enemy's knowledge of the area increases. incr eases.
On the other hand, hand, risks are decreased when:
Enemy force lethality decreases.
Warning time is extended.
Enemy has fewer options.
Friendly options increase.
Friendly force knowledge of area increases.
Once the risks have been identified, we begin to systematically develop OPSE OPSEC C measures measures to protect p rotect each vulnerable vulnerable friendly indicator, indic ator, thereby reducing or eliminating the risk levels. Some OPSEC OPSEC measures measures are designed to defeat more than than one collector, collecto r, if properly p roperly applied. The threat and vulnerable indicato r will be the determining factors facto rs for choosing the best OPSEC measures. measures.
IT 0464
1-22
OPSEC OPSEC measures measures fall into three inter- related categories. catego ries. These These categories categorie s are: Countersurveillance measures: measures: These These are routine security secu rity measures measures which are designed and Countersurveillance implemented to prevent hostile collection of friendly indicators to operations or activities. They They are designed to protect the true status of friendly operations. operati ons. Countersurveillance measures am normally listed in the unit’s OPSEC and security SOPs, as well as in Army Regulations. Reg ulations. Units use countersurveillance measures measures all of the time, for every operation operati on or activity. activi ty. These These measures measures include the following: Camouflage. Noise and Light Discipline. Information Security. Physical Security. Personnel Personnel Security. Securit y. Signals Security. Countermeasures: They are actions taken to offset a specific hostile intelligence collection
operation. Countermeasures Countermeasures employ devices devices or techniques with the objective of impairing the operational effectiveness effect iveness of enemy enemy collection colle ction activities. ac tivities. Countermeasures Countermeasures fall into four basic subcategories: subcategories: 1.
Destr Destruction uction of the the h host ostile ile collector collector:: Once located, located, a hostil hostile e collector collector is targeted targeted by by one or more destructi destructi on means. means. This action actio n must be taken swiftly to prevent further intelligence intelligence collection from taking place.
2.
Counter-HUMI Counter-HU MINT NT me measur asures: es: Measur Measures es that that am taken to deny deny information information to the the huma human n source. sourc e. Examples are: SAEDA training. Restricted areas. Surveillance.
3.
Signal Signal activity or counter-SIGIN counter-SIGINT: T: Coun Counter-SI ter-SIGI GINT NT me measur asures es am am those those actions actions taken to counter hostile signal collector s, whether whether communications or noncommunications. noncommunications. The objective of o f counter-SIGIN counte r-SIGINT T is to ensure that all friendly use of the electromagnetic spectrum is unexploitable by the enemy enemy.. Signal security is bro ken down to include COMSEC and ELSEC techniques. techn iques. These measures include: incl ude:
1-23
IT 0464
Proper training of operators. Secure voice. Moving the emitter. Jamming. Transmission Transmission brevity. b revity. 4.
Counter-IMIN Counter-IM INT T me measur asures: es: The They y are those those measur measures es which which are implemen implemented ted to deny the the enemy enemy from obtaining imagery of friendly frien dly operation. operati on. All counter- IMI IMINT NT measures measures are designed to conceal the friendly force from enemy observation.
Deception: Deception consists of all actions acti ons designed and taken to mislead the the enemy. enemy. It
may include manipulation, distortion or falsification of information to cause the enemy to act in a way prejudicial to his best interests. Once all of the OPSEC OPSEC measures measures which will protect protec t each indicator indic ator have been been identified, the OPSEC OPSEC Staff Element Element and the CI CI Analysis Analysis Section coordinate coord inate their efforts to determine the costs involved in implementing implementing the measure measures s as compared to the expected benefit to be derived. Benefit is measured measured in terms of reduction of risk. And as stated earlier, costs are measured measured in time, manpower, manpower, equipment, equipment, money and even loss of effectiveness. effect iveness. The primary reason for doing this costs versus benefit benefit analysis is to identify identif y the best OPSEC measures measures (the cheapest and most effective). All of the information resulting from the complete risk analysis is added to the OPSEC OPSEC measures measures worksheet. You now have have in a single place, the friendly indicato i ndicato r, the threat, risks to the operation, OPSEC OPSEC measures, measures, and and the costs and benefits associated with implementing those OPSEC measures (see Figure 1-3). The risk analysis process will also result in the final selection of the EEFI which are critical enough to warrant the appli cation of OPSEC OPSEC measures. measures. This selection, selection, accomplished ac complished by the commander commander or the G3, will be based on those critical indicators which are vulnerable, and if detected, would result in high risks to the operation. operati on. These are true EEFI. EEFI. Recommend and Select OPSEC Measures: At this point in the sequence, the CI Analysis Analys is Section Secti on and the OPSEC Staff Element provide the decision maker, whether it be the commander or his G3, with the OPSEC OPSEC estimate. This can be done orally or in writing. wri ting. The estimate consists of the results results of the vulnerability assessme a ssessment nt and the risk analysis, to include in clude identified identifie d OPSEC OPSEC measures. measures. Once the OPSEC Staff Element and the CI Analysis Section make their recommendations of OPSEC measures, the decision decis ion maker will wi ll select selec t the OPSEC OPSEC measures to be implemented. The selection select ion of of OPSEC OPSEC measures measures will be based on the commanders percepti on of the operation, the risks involved, the cost of implementing OPS OPSEC EC and the likelihood of success. suc cess. When When going through through the selection selection process, proces s, the decision maker has basically only two real options: No OPSEC measure is necessary. Apply one or more OPSEC measures.
IT 0464
1-24
So, the opti ons exist exis t to ether select selec t and implement an OPSEC OPSEC measure(s), or don't. don' t. The next three options listed here are basically basicall y OPSEC OPSEC measures measures in themselves themselves and therefore they are add- ons rather than real options: Stop the activity. Change the operation. Implemen Implementt a deception decep tion plan. If the first option, no OPSEC OPSEC measure measure is necessary, if chosen, then one one of the following fol lowing conditio c onditions ns should exist: No vulnerability exists. If detected by the enemy, the indicator would support the deception plan. The commander is willing to accept the risks.
Figure 1-3. OPSEC OPSEC Measures.
1-25
IT 0464
LESSON PRACTICE EXERCISE 2B The following items will test your grasp of the material covered in this lesson. There There is only one correct corre ct answer for each item. When When you have have completed the exercise, check your answers with the answer key that follows. If you answer any item incorrectl incorr ectly, y, study again that part of the lesson lesson which contains the portion involved. 1.
EEFI EEFI are questions questions about ___________ ________________ _________ _________ _________ ________ ________ ________ ________ ________ _________ _________ _____. _. and__________ and________________ ____________ ____________ ___________ ___________likely ______likely to be asked by the opposing planners and decision makers in ___________ _________________ ___________ ____________ _____________ _______ _ circumstances. circ umstances.
2.
EEFI EEFI will _________ ____________ ______ ______ _______ _______ ______ ___ and ________ ___________ _______ _______ ______ ______ ______ _____ __ the profiles on which the__________________ the_______________________________ __________________________ _________________________ _________________________ ________________ ___ should concentrate.
3.
A vulne vulnerability rability exists whenev whenever er the the enem enemy y has has ________ _____________ __________ __________ __________ _________ __________ __________ ____
4.
Risk analysis analysis is the act of determ determining ining ___________ ________________ ___________ ___________ __________ __________ __________ __________ ______ _ when no OPSEC measures are applied to protect friendly__________________________________ ________________ ________________________ _________________ ________________ ____________from _____from enemy intelligence collec tion; and then _______________________ ____________________________________ _________________________of ___________of ineffectiveness.
5.
Costs are meas measured ured in terms terms of ________ ____________ ________ _______ _______ ________ _______ _______ ________ ________ _______ _______ ________ _____, _, ______________________,and/or ___________________________.
6.
OPSE OPSEC C measure measures s fall into three inter-related categories. These These categories are: a. b. c.
7.
The The risk analysis process will will also result result in the final selection selection of _____ ________ ______ ______ _______ _______ ______ ______ ____ _ which are criti cr iti cal enough to warrant war rant the application applicat ion of _____________ __________________ __________ __________ __________ ________. ___.
IT 0464
1-26
LESSON PRACTICE EXERCISE 2B ANSWER KEY AND FEEDBACK Ite Item
Curr Cu rren entt An Answer swer and and Fe Feedba edback ck
1.
Frie Friend ndly ly inten intenti tion ons; s; milit military ary capabil capabilitie ities; s; compe competit titiv ive e (pag (page e 1-21, 1-21, para para 1). 1).
2.
Prior Prioritiz itize; e; iden identif tify; y; OPS OPSE EC Plan Planni ning ng Sequ Sequen ence ce (pag (page e 1-21 1-21,, para para 1). 1).
3.
The The capabi capability lity to coll collect ect infor informa matio tion n on our our forces forces (da (date te,, time time,, locatio location n and and type type o off unit unit or activity)(page 1-21, para 4).
4.
The The risks risks to ope opera ratio tions; ns; vuln vulner erabi abilit lities ies;; comp compari aring ng the the costs costs (pag (page e 1-22, 1-22, para para 2). 2).
5.
Time Time,, equi equipm pmen ent, t, funds funds,, and and man manpo powe werr (pa (page ge 1-22, 1-22, para para 2). 2).
6.
a. Counters Countersurv urveil eillanc lance e me meas asur ures; es; b. counter counterme meas asure ures; s; c. deception deception (pages (pages 1-23, para 2; 1-23 para 3; and 1-24, para 2).
7.
EEFI; OPSEC measur asures es (pag (page e 1-24 1-24, para para 4). 4).
IT0464
1-28
PART 2C. 2C. OPSEC OPSE C PLANNING PLANNING SEQUENCE SEQ UENCE STEPS STEP S 4 THRU THRU 7 STEP 4: PREPARE AN OPSEC ANNEX OR PLAN. During the planning and selection select ion process for OPSEC OPSEC measures, measures, the countermeasures countermeasures worksheet is completed. The worksheet describes descri bes OPSEC OPSEC measures measures for the force as a whole and specific specifi c OPSEC OPSEC measures measures to be employed by the subordinate subordina te maneuver maneuver and support units. The worksheet becomes a part of the OPSEC annex to the Operations Order (OPORD). Plans for operations, exercises, technology, or other activities to include acquisition and research programs that are of interest to foreign f oreign intelligence will be supported suppor ted by the OPSEC OPSEC annex or plan. A model outline of the OPSEC OPSEC annex is provided provi ded in Appendix Appendi x A and AR 530- 1. The format forma t and content conten t of the OPSEC annex will be tailored to meet the specific needs of the project, activity, operation, or function concern con cerned. ed. It may be disseminated disseminat ed by any of the following foll owing means: as an annex to the OPORD, OPORD, as a fragmentary order (FRAGO) or as written instructions. Tasking for OPSEC measures implementation is accomplished through the use of the OPSEC annex or the OPSEC OPSEC measures worksheet. Fragmentary orders or ders or amendments to the initi al OPSEC annex can also be used to update or change the implementation implementation process. STEP 5: BRIEFING PARTICIPANTS. OPSEC OPSEC measures measures will be executed as command c ommand directed actions ac tions and as individual responsibiliti responsib ilities. es. OPSEC briefings will be provided to planners, participants, and those supporting operations, exercises, materiel acquisition acquisit ion and other other activities. The briefings will be directed specifi cally call y at the responsibili ties of the group addressed. These These briefings are given not only by OPSEC OPSEC officers, office rs, but also by other cognizant planners, project managers, and security and support personnel. STEP 6: EXECUTE PROTECTIVE MEASURES AND MONITOR RESULTS. At this point, po int, the primary function of the OPSEC OPSEC Staff Element Element and the CI Analysis Section is to ensure that all elements el ements of the command are knowledgeable knowledg eable of the OPSEC measures to be implemented. This is accomplished accompl ished using one of the methods methods mentioned mentioned earlier. Once each element element knows what to do, the OPSEC Staff Element and the CI Analysis Section will further ensure that the OPSEC measures are implemented implemented correc tly- -when and where needed. needed. The friendly force must establish procedures for a periodic evaluation of the overall effectiveness of the OPSEC OPSEC measures that they have implemented. Unevaluated OPSEC OPSEC measures can lead lea d to a false fa lse and very dangerous sense of security. secur ity. Units are lulled into believing beli eving that since they have applied OPSEC, OPSEC, the enemy enemy cannot detect information concerning con cerning their operations. operatio ns. Therefore, Therefore, they tend to let their guard down somewhat. OPSEC OPSEC evaluations evaluation s are nothing more than the monitor monitoring ing of applie ap plied d OPSEC OPSEC measures to determine their their effectiveness. effecti veness. In other words, we are looking for strengths to recognize and weaknesses to correct. It is during this point of the Planning Sequence Sequence that all planning requirements for evaluating applied OPSEC OPSEC measures will be completed. compl eted. In additio addi tion n to determining determin ing the scope, the OPSEC OPSEC Staff Staf f Element and CI Analysis Section will also determine when when the evaluation will be conducted, condu cted, how it will be conducted, the kind of evaluation to be conducted, condu cted, and who will conduct it. The OPSEC OPSEC measures measures worksheet will be used to assist in identifying the scope and methods to be used.
1-29
IT 0464
Wartime evaluations. Evaluations Evaluations conducted conducte d during hostilities are usually initiated when critic cri tical al vulnerabilities and threats are identified. Trained OPSE OPSEC C and unit personnel then responded to immediate taskings to resolve specific problems rather than performing generalized unit evaluations. Peacetime Peacetime evaluations: evaluations: In this type of environment, environment, it is i s possible possi ble to examine examine the entire OPSEC program of a unit. Special teams from outside-the unit are usually the best way to perform these peacetime evaluations, but it is not necessary. Outside teams teams increase objectivity objectivi ty and allow the unit's OPSEC OPSEC personnel to continue to carry car ry on their normal duties. If possible, an evaluation of the entire OPSEC OPSEC program should be completed at least annually. It is important importan t for you, the team, team, and the unit personnel to realize real ize that OPSEC OPSEC evaluations are not inspections. They are designed and aimed at identifying shortfal ls or problem prob lem areas areas with the applica tion of OPSEC, OPSEC, so that those problems can be correcte cor rected. d. The evaluator is looking at the unit from an enemy enemy point of view, using his/her methods of intelligence collection, to determine if the applied OPSEC measures measures are working as intended. intended. They They will attempt to identify friendly indicators indi cators which are supposed to be protected. OPSEC OPSEC evaluation reports, either orally or in writing, wri ting, are provided to the commander c ommander,, OPSEC OPSEC Staff Element Element and the CI CI Analysis Analysis Section. Copies of the report are provided for fo r inclusion i nclusion in the OPSEC OPSEC data base. Recommend Adjustments to OPSEC measures: Based on the information reported by the OPSEC evaluators, evaluators , adjustments are made to the OPSEC OPSEC measures. The OPSEC OPSEC Staff Element and CI Analysis Analysi s Section will analyze the evaluation evaluation results to determine where corrective corre ctive a ction is needed. Once identified, corrections or adjustments will be implemented as quickly as possible. STEP 7: PROVIDE OPSEC FOLLOW-UP AND IDENTIFY LESSONS LEARNED. The majority of lessons learned can normally be identified during the monitoring proce ss. The others can be identified during an evaluation of the completed operation, plan or program. progr am. Lessons learned are the basis to t o integrate improvements improvements into the command's overall OPSEC OPSEC planning process. proc ess. Improveme Improvements nts include briefing key participants on the success or failure of OPSEC efforts and sharing information with nonparticipants through lessons learned. Continuous nature of OPSEC: The last step of the OPSEC Planning Sequence can lead you back up to where the selection selec tion of OPSEC measures were made. Changes identifie ident ified d to either the threat or friendly fri endly profile, profil e, due to the battle, necessitate going bac k to t o the OPSEC OPSEC data base. This in turn requires redoing the vulnerability vulnerabili ty assessment ass essment and risk analysi an alysis. s. So, as you can see, the OPSEC OPSEC Planning Sequence is a continuous cycle cyc le which is applied before, during and after an operation. We must protect protec t all phases of an operation with effective effect ive OPSEC. OPSEC. THINK OPSEC!
IT 0464
1-30
LESSON PRACTICE EXERCISE 2C The following items will test your grasp of the material covered in this lesson. There There is only one correct corre ct answer for each item. When When you have have completed the exercise, check your answers with the answer key that follows. If you answer any item incorrectl incorr ectly, y, study again that part of the lesson lesson which contains the portion involved. 1.
A model model outline outline of the OPSE OPSEC C annex annex is provided in _____ _______ ____ ____ ____ ___ _ and______ and_________ ______ ____. _.
2.
The The OPSE OPSEC C ann annex ex may may be disseminat disseminated ed by any any of these these mean means: s: a. b. c.
3.
Uneval Une valuate uated d OPSE OPSEC C me measur asures es can lead to a ________ ___________ _______ ________ ________ _______ ___ and very very dangerous dangerous _________________________.
4.
OPSE OPSEC C evaluation evaluations s are nothing nothing more more than than th the e _________ _______________ ___________ __________ ___________ ____________ ___________ _____ to determine their their effectiveness. effect iveness. In other words, we are looking for _____________________________to recognize, and ____________________________ to correct.
5.
The __________ ________________ ___________ ___________ ___________ _____ and the ______________ ______________________ _______________ _______________ _________ _ will analyze the evaluation results to determine where corrective action is needed.
1-31
IT 0464
LESSON PRACTICE EXERCISE 2C ANSWER KEY AND FEEDBACK Item
Correc t Answer and Feedback
1.
AR 530- 1; Appendix A (page 1- 29, para 2).
2.
a. Anne Annex x to the the OPORD; b. FRA FRAGO; c. writ writte ten n inst instru ructi ction ons s (pag (page e 1-29, 1-29, para para 2). 2).
3.
False; sense of s se ecurity (p (page 1- 29, para 6) 6).
4.
Moni Mo nito tori ring ng of appl applie ied d OP OPSEC measur asures es;; stre streng ngth ths; s; we weak akne ness sses es (pag (page e 1-29, 1-29, para para 6). 6).
5.
OPSEC Staf Stafff El Element; CI Analysis Secti ectio on (p (page 1-3 1-30 0, para ara 5) 5).
IT 0464
1-32