Operations Security OPSEC DEFENSESENSITIVE INFORMATION SUMMER CRUISES REQUIRED

  • Slides: 37
Download presentation
Operations Security (OPSEC)

Operations Security (OPSEC)

DEFENSE-SENSITIVE INFORMATION • SUMMER CRUISES • REQUIRED TRAINING –OPNAVINST 3432

DEFENSE-SENSITIVE INFORMATION • SUMMER CRUISES • REQUIRED TRAINING –OPNAVINST 3432

DEFINITIONS & BACKGROUND • OPSEC IS: – ONE OF THREE COMPONENTS USED TO MAINTAIN

DEFINITIONS & BACKGROUND • OPSEC IS: – ONE OF THREE COMPONENTS USED TO MAINTAIN THE SECRECY NEEDED TO ACHIEVE SURPRISE • OPSEC IS NOT A SECURITY FUNCTION, BUT AN OPERATIONS FUNCTION – SECURITY PROGRAMS AND OPSEC MUTUALLY SUPPORT EACH OTHER

DEFINITIONS & BACKGROUND • OPSEC IDENTIFIES & CONTROLS INFORMATION THAT INDICATES – OUR •

DEFINITIONS & BACKGROUND • OPSEC IDENTIFIES & CONTROLS INFORMATION THAT INDICATES – OUR • FRIENDLY (U. S. ) INTENTIONS • FRIENDLY (U. S. ) CAPABILITIES • FRIENDLY (U. S. ) ACTIVITIES

DEFINITIONS & BACKGROUND • SECURITY PROGRAMS – DENY CLASSIFIED INFORMATION TO ADVERSARIES • PHYSICAL

DEFINITIONS & BACKGROUND • SECURITY PROGRAMS – DENY CLASSIFIED INFORMATION TO ADVERSARIES • PHYSICAL SECURITY • PERSONAL SECURITY • INFORMATION SYSTEMS SECURITY

DEFINITIONS & BACKGROUND • COUNTERINTELLIGENCE PROGRAMS – SUPPORT BOTH SECURITY AND OPSEC PROGRAMS •

DEFINITIONS & BACKGROUND • COUNTERINTELLIGENCE PROGRAMS – SUPPORT BOTH SECURITY AND OPSEC PROGRAMS • IDENTITY INTELLIGENCE THREATS AND METHODS OF AN ADVERSARY

FREEDOM OF ACTION • BY MAINTAINING OPERATIONAL SECURITY OF PLANS WE GAIN THE FULLEST

FREEDOM OF ACTION • BY MAINTAINING OPERATIONAL SECURITY OF PLANS WE GAIN THE FULLEST POSSIBLE SURPRISE • THIS IN TURN GIVES US FREEDOM OF ACTION

GOOD OPSEC • OPSEC, PROPERLY APPLIED, CONTRIBUTES TO: – OPERATIONAL EFFECTIVENESS – ENHANCES PROBABILITY

GOOD OPSEC • OPSEC, PROPERLY APPLIED, CONTRIBUTES TO: – OPERATIONAL EFFECTIVENESS – ENHANCES PROBABILITY OF SURPRISE – CAUSES ADVERSARIES TO MAKE BAD DECISIONS DUE TO: • LACK OF CRITICAL INFORMATION ABOUT OUR FORCES AND EQUIPMENT

OPSEC REQUIRED FOR • OPSEC MEASURES ARE REQUIRED FOR OPERATIONS AND ACTIVITIES RELATING TO

OPSEC REQUIRED FOR • OPSEC MEASURES ARE REQUIRED FOR OPERATIONS AND ACTIVITIES RELATING TO THE…: • • • EQUIPPING PREPARING DEPLOYING SUSTAINING EMPLOYMENT – …OF THE NAVY AND MARINE CORPS TEAM IN TIME OF WAR, CRISIS, OR PEACE – ALSO, PROTECT THE PLANS

INADEQUATE OPSEC • DEGRADES OPERATIONAL EFFECTIVENESS BY HINDERING SURPRISE • CONVERSELY, EXCESSIVE OPSEC CAN

INADEQUATE OPSEC • DEGRADES OPERATIONAL EFFECTIVENESS BY HINDERING SURPRISE • CONVERSELY, EXCESSIVE OPSEC CAN INTERFERE WITH: – COORDINATION – TRAINING – LOGISTICAL SUPPORT

SUMMATION • OPSEC IS THE CONTROL OF INFORMATION BY: – KNOWING THE THREAT –

SUMMATION • OPSEC IS THE CONTROL OF INFORMATION BY: – KNOWING THE THREAT – KNOWING WHAT TO PROTECT – DETERMINING RISKS – KNOWING HOW TO PROTECT INFORMATION

OPSEC PROCESS • OPSEC PLANNING IS ACCOMPLISHED VIA THE OPSEC PROCESS • THE OPSEC

OPSEC PROCESS • OPSEC PLANNING IS ACCOMPLISHED VIA THE OPSEC PROCESS • THE OPSEC PROCESS CONSISTS OF FIVE DISTINCT ACTIONS APPLIED IN A SEQUENTIAL MANNER DURING OPSEC PLANNING • BEFORE WE DISCUSS, YOU MUST KNOW SOME TERMINOLOGY

OPSEC TERMINOLOGY • CRITICAL INFORMATION: Specific facts about friendly intentions, capabilities, and activities vitally

OPSEC TERMINOLOGY • CRITICAL INFORMATION: Specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively to guarantee failure or unacceptable consequences for friendly mission accomplishment.

OPSEC TERMINOLOGY • OPSEC INDICATORS: Friendly detectable actions and opensource information that can be

OPSEC TERMINOLOGY • OPSEC INDICATORS: Friendly detectable actions and opensource information that can be interpreted or pieced together by an adversary to derive critical information.

OPSEC TERMINOLOGY • OPSEC VULNERABILITY: A condition in which friendly actions provide OPSEC indicators

OPSEC TERMINOLOGY • OPSEC VULNERABILITY: A condition in which friendly actions provide OPSEC indicators that may be obtained and accurately evaluated by an adversary in time to provide a basis for effective adversary decision making.

OPSEC ACTION #1 • IDENTIFICATION OF CRITICAL INFORMATION – What will our adversary want

OPSEC ACTION #1 • IDENTIFICATION OF CRITICAL INFORMATION – What will our adversary want to know about our intentions, capabilities, and activities? – The answers to these three questions are known as Essential Elements of Friendly Information (EEFI). • EEFIs are what we protect from exposure to an adversary.

OPSEC ACTION #1 (CONT. ) • • • CRITICAL INFORMATION IS A SUBSET OF

OPSEC ACTION #1 (CONT. ) • • • CRITICAL INFORMATION IS A SUBSET OF EEFI IT IS ONLY THAT INFORMATION THAT IS VITALLY NEEDED BY AN ADVERSARY IDENTIFYING CRITICAL INFORMATION ALLOWS US TO FOCUS OUR EFFORTS ON PROTECTING IT, INSTEAD OF TRYING TO PROTECT ALL CLASSIFIED OR SENSITIVE INFORMATION

OPSEC ACTION #2 • ANALYSIS OF THREATS – RESEARCHING & ANALYZING INTELLIGENCE INFORMATION, COUNTERINTELLIGENCE,

OPSEC ACTION #2 • ANALYSIS OF THREATS – RESEARCHING & ANALYZING INTELLIGENCE INFORMATION, COUNTERINTELLIGENCE, REPORTS, AND OPEN SOURCE INFORMATION TO IDENTIFY WHO THE LIKELY ADVERSARIES ARE TO THE PLANNED OPERATION – THROUGH THIS ANALYSIS WE SEEK ANSWERS TO THE FOLLOWING QUESTIONS:

OPSEC ACTION #2 (CONT. ) • WHO IS THE ADVERSARY? • WHAT ARE THE

OPSEC ACTION #2 (CONT. ) • WHO IS THE ADVERSARY? • WHAT ARE THE ADVERSARY’S GOALS? • What IS THE ADVERSARY’S STRATEGY FOR OPPOSING THE PLANNED OPERATION?

OPSEC ACTION #2 (CONT. ) • WHAT CRITICAL INFORMATION DOES THE ADVERSARY ALREADY KNOW

OPSEC ACTION #2 (CONT. ) • WHAT CRITICAL INFORMATION DOES THE ADVERSARY ALREADY KNOW ABOUT THE OPERATION – WHAT INFORMATION IS IT TOO LATE TO PROTECT? • WHAT ARE THE ADVERSARY’S INTELLIGENCE COLLECTION CAPABILITIES?

OPSEC ACTION #3 • ANALYSIS OF VULNERABILITY – FRIENDLY ACTIONS/ACTIVITIES PROVIDE OPSEC INDICATORS TO

OPSEC ACTION #3 • ANALYSIS OF VULNERABILITY – FRIENDLY ACTIONS/ACTIVITIES PROVIDE OPSEC INDICATORS TO AN ADVERSARY THAT MAY BE OBTAINED AND ACCURATELY EVALUATED IN TIME TO PROVIDE A BASIS FOR EFFECTIVE DECISION MAKING AND ACTION AGAINST US

OPSEC ACTION #3 (CONT. ) • OPERATIONS PLANNERS SEEK ANSWER TO THE FOLLOWING WHEN

OPSEC ACTION #3 (CONT. ) • OPERATIONS PLANNERS SEEK ANSWER TO THE FOLLOWING WHEN ANALYZING VULNERABILITY: • WHAT INDICATORS OF CRITICAL INFORMATION NOT KNOWN TO THE ADVERSARY WILL BE CREATED BY THE FRIENDLY ACTIVITIES IN PREPARATION FOR THE OPERATION?

OPSEC ACTION #3 (CONT. ) – WHAT INDICATORS CAN THE ADVERSARY ACTUALLY COLLECT? –

OPSEC ACTION #3 (CONT. ) – WHAT INDICATORS CAN THE ADVERSARY ACTUALLY COLLECT? – WHAT INDICATORS WILL THE ADVERSARY BE ABLE TO USE TO THE DISADVANTAGE OF FRIENDLY FORCES? • CAN THE ADVERSARY ANALYZE THE INFORMATION, MAKE A DECISION, AND TAKE APPROPRIATE ACTION IN TIME TO INTERFERE WITH THE PLANNED OPERATION?

OPSEC ACTION #4 • ASSESSMENT OF RISK – TWO COMPONENTS: • ANALYZE OPSEC VULNERABILITIES

OPSEC ACTION #4 • ASSESSMENT OF RISK – TWO COMPONENTS: • ANALYZE OPSEC VULNERABILITIES IDENTIFIED IN THE PREVIOUS ACTION AND CONSIDER OPSEC MEASURES TO ERASE OR COUNTER EACH VULNERABILITY • SPECIFIC OPSEC MEASURES ARE SELECTED FOR EXECUTION BASED UPON A RISK ASSESSMENT DONE BY THE COMMANDER AND STAFF

OPSEC ACTION #4 (CONT. ) • THESE OPSEC MEASURES SPECIFICALLY REDUCE THE ADVERSARY’S CAPABILITY

OPSEC ACTION #4 (CONT. ) • THESE OPSEC MEASURES SPECIFICALLY REDUCE THE ADVERSARY’S CAPABILITY TO ANALYZE OUR ACTIONS

OPSEC ACTION #4 (CONT. ) • OPSEC MEASURES CAN BE USED TO: – PREVENT

OPSEC ACTION #4 (CONT. ) • OPSEC MEASURES CAN BE USED TO: – PREVENT THE ADVERSARY FROM DETECTING AN INDICATOR – PROVIDE AN ALTERNATIVE ANALYSIS OF AN INDICTOR • DECEIVE THE ADVERSARY – ATTACK THE ADVERSARY’S COLLECTION SYSTEM

OPSEC ACTION #4 (CONT. ) • OPSEC MEASURES INCLUDE, AMONG OTHER ACTIONS: – COVER

OPSEC ACTION #4 (CONT. ) • OPSEC MEASURES INCLUDE, AMONG OTHER ACTIONS: – COVER – CONCEALMENT – CAMOUFLAGE – DECEPTION – INTENTIONAL DEVIATIONS FROM NORMAL PATTERNS – DIRECT STRIKES AGAINST THE ADVERSARY’S INTELLIGENCE SYSTEM

OPSEC ACTION #4 (CONT. ) • GOAL OF OPSEC MEASURES: – HIGHEST POSSIBLE PROTECTION

OPSEC ACTION #4 (CONT. ) • GOAL OF OPSEC MEASURES: – HIGHEST POSSIBLE PROTECTION WITH THE LEAST IMPACT ON OPERATIONAL EFFECTIVENESS

OPSEC ACTION #4 (CONT. ) • RISK ASSESSMENT: – THIS REQUIRES COMPARING THE ESTIMATED

OPSEC ACTION #4 (CONT. ) • RISK ASSESSMENT: – THIS REQUIRES COMPARING THE ESTIMATED COST WITH IMPLEMENTING PARTICULAR OPSEC MEASURES TO THE POTENTALLY HARMFUL EFFECTS ON MISSION ACCOMPLISHMENT RESULTING FROM AN ADVERSARY’S EXPLOITATION OF AN OPSEC VULNERABILITY – IN THE END, CAN THE ADVERSARY DO MUCH DAMAGE IF WE DON’T IMPLEMENT AN OPSEC MEASURE?

OPSEC ACTION #4 (CONT. ) • IMPLEMENTING OPSEC MESURES COSTS: – RESOURCES: • TIME

OPSEC ACTION #4 (CONT. ) • IMPLEMENTING OPSEC MESURES COSTS: – RESOURCES: • TIME • PERSONNEL – INTERFERES WITH NORMAL OPERATIONS • IF COST > HARMFUL EFFECT, IT IS NOT WORTH IT

OPSEC ACTION #4 (CONT. ) • TYPICAL QUESTIONS FOR ANALYSIS – WHAT IS THE

OPSEC ACTION #4 (CONT. ) • TYPICAL QUESTIONS FOR ANALYSIS – WHAT IS THE RISK TO OUR OPERATIONAL EFFECTIVENESS? – WHAT IS THE RISK TO MISSION SUCCESS IF WE DON’T IMPLEMENT AN OPSEC MEASURE? – WHAT RISK TO MISSION SUCCESS IS LIKELY IF AN OPSEC MEASURE FAILS TO BE EFFECTIVE?

OPSEC ACTION #4 (CONT. ) • THE INTERACTION OF OPSEC MEASURES MUST BE ANALYZED

OPSEC ACTION #4 (CONT. ) • THE INTERACTION OF OPSEC MEASURES MUST BE ANALYZED IN SOME SITUATIONS, CERTAIN OPSEC MEASURES MAY ACTUALLY CREATE INDICATORS OF CRITICAL INFORMATION • – EXAMPLE: CAMOUFLAGING OF PREVIOUSLY UNPROTECTED FACILITIES COULD BE AN INDICATOR OF PREPARATIONS FOR MILITARY ACTIONS

OPSEC ACTION #4 (CONT. ) • COORDINATE OPSEC ACTIONS WITH OTHER COMMAND CONTROL COMPONENTS

OPSEC ACTION #4 (CONT. ) • COORDINATE OPSEC ACTIONS WITH OTHER COMMAND CONTROL COMPONENTS TO ENSURE ACTIONS DO NOT COMPROMISE SECURITY • ACTIONS SUCH AS JAMMING OF INTELLIGENCE NETS OR THE PHYSICAL DESTRUCTION OF CRITICAL INTELLIGENCE CENTERS CAN BE USED AS OPSEC • CONVERSELY, DECEPTION AND PSYOP PLANS MAY REQUIRE THAT OPSEC MEASURES NOT BE APPLIED TO CERTAIN INDICATORS IN ORDER TO PROJECT A SPECIFIC MESSAGE TO THE ADVERSARY

OPSEC ACTION #5 • APPLICATION OF APPROPRIATE OPSEC MEASURES – THE COMMAND IMPLEMENTS THE

OPSEC ACTION #5 • APPLICATION OF APPROPRIATE OPSEC MEASURES – THE COMMAND IMPLEMENTS THE OPSEC MEASURES SELECTED IN STEP #4 – THE REACTION OF ADVERSARIES TO OPSEC MEASURES IS MONITORED TO DETERMINE EFFECTIVENESS AND TO PROVIDE FEEDBACK – FEEDBACK IS USED TO ADJUST OPSEC MEASURES AND FOR FUTURE OPSEC PLANNING

OPSEC & THE PUBLIC • OPSEC ACTIONS ARE HELD ACCOUNTABLE BY THE AMERICAN PUBLIC

OPSEC & THE PUBLIC • OPSEC ACTIONS ARE HELD ACCOUNTABLE BY THE AMERICAN PUBLIC • OPSEC IS NOT AN EXCUSE TO DENY THE PUBLIC ACCESS TO NONCRITICAL INFORMATION

QUESTIONS

QUESTIONS

SUMMARY

SUMMARY

Operations Security OPSEC 301 371 1050 Introduction StandardOperations Security OPSEC 301 371 1050 Introduction Standard
OPSEC Awareness Briefing MultiFunction Printer MFP Security WhatOPSEC Awareness Briefing MultiFunction Printer MFP Security What
OPSEC Awareness Briefing MultiFunction Printer MFP Security WhatOPSEC Awareness Briefing MultiFunction Printer MFP Security What
Social Media Operational Security OPSEC Crypto Party LondonSocial Media Operational Security OPSEC Crypto Party London
OPSEC Operational Security Capabilities for IP Network InfrastructureOPSEC Operational Security Capabilities for IP Network Infrastructure
Information Security Information security Information Security describes allInformation Security Information security Information Security describes all
Information Security Information security Information Security describes allInformation Security Information security Information Security describes all
OPSEC A process of identifying critical information andOPSEC A process of identifying critical information and
OPERATIONS SECURITY 16 August 2004 OPERATIONS SECURITY 31OPERATIONS SECURITY 16 August 2004 OPERATIONS SECURITY 31
From Agorism to OPSEC Dark Web Markets andFrom Agorism to OPSEC Dark Web Markets and
OPSEC Awareness Briefing ManInTheMiddle Attacks MITM What isOPSEC Awareness Briefing ManInTheMiddle Attacks MITM What is
David Groep Nikhef PDP Trust Policy Coordination OpsecDavid Groep Nikhef PDP Trust Policy Coordination Opsec
Cyber OPSEC An F 22 Case Study ThisCyber OPSEC An F 22 Case Study This
Civil Air Patrol COMSEC OPSEC Lt Col EdCivil Air Patrol COMSEC OPSEC Lt Col Ed
SOCIAL MEDIA OPSEC TRAINING Delaware National Guard PublicSOCIAL MEDIA OPSEC TRAINING Delaware National Guard Public
OPSEC and Children Presented by Presenters Name ProvidedOPSEC and Children Presented by Presenters Name Provided
OPSEC Kiran Kumar Chitimaneni Warren Kumari Gunter VanOPSEC Kiran Kumar Chitimaneni Warren Kumari Gunter Van
NSASB FRG Training Code of Conduct OPSEC CodeNSASB FRG Training Code of Conduct OPSEC Code
History Of Cruise Ships Cruise ships and cruisesHistory Of Cruise Ships Cruise ships and cruises
MSC CRUISES DESTINATII America de Nord Europa deMSC CRUISES DESTINATII America de Nord Europa de
MEDITERRANEAN SHIPPING COMPANY History p MSC Cruises wasMEDITERRANEAN SHIPPING COMPANY History p MSC Cruises was
Celebrity Cruises welcomes Celebrity Journey and Celebrity QuestCelebrity Cruises welcomes Celebrity Journey and Celebrity Quest
The enterprise CYCLADIC CRUISES MARITIME COMPANY OF PLEASUREThe enterprise CYCLADIC CRUISES MARITIME COMPANY OF PLEASURE
The Cruise Industry Focusing on Caribbean cruises TheThe Cruise Industry Focusing on Caribbean cruises The