What Is OPSEC?

What Is OPSEC? Short for Operation Security, also referred to as Operations Security and occasionally as “operational security,” OPSEC sounds like it might pertain to classified data–and it often does. OPSEC is military jargon, but the concept is not limited to the Army, Navy, Space Force, Air Force, Marine Corps, or Coast Guard. Any entity can use the principles of OPSEC to protect its interests.

Protecting classified information or activities is the goal of measures like OPSEC, but one of the primary focuses of OPSEC training for men and women in uniform involves how to control non-classified information so as to deny telegraphing future or current plans, projects, or actions to an enemy. What does this mean?

Intelligence gathering does not happen in a limited fashion–things that seem like the most innocuous details can be observed by an enemy; when added to a list of other details also under close scrutiny those innocuous details can reveal a lot about a military unit, what it is currently up to, and when things might “get real” in terms of a real-world deployment versus a military exercise or wargame.

Always Watching, Always Listening

Songwriter and guitar hero Neil Young once wrote an album called “Rust Never Sleeps”, and that is an excellent way to think about espionage, enemy spy activity, and intelligence gathering by both friends and foes of the United States.

An enemy might not be able to learn much from watching the typical comings and goings of traffic from the front gate of a military base. But what happens if that front gate is under observation and one day there is a significant uptick in activity?

More vehicles coming and going, more military hardware being positioned or repositioned, or even a change in the dress and appearance of the front gate guards could be enough to provide clues to the watchers that “something is happening”, or about to.

One Of The Most Basic OPSEC Considerations

A great example of “OPSEC for the common person”? The old World War Two expression, “Loose lips sink ships.” This was a catchphrase used during the war to remind people not to talk about anything related to troop movements, base activities, deployments, or even preparation for deployments.

It’s the same principle as described above–the enemy knows very little about a given military community and starts to pay attention to it in any number of ways; electronically, by sending spies into the community to listen in on conversations, take photographs, and note any unusual or atypical talk or activities.

One Piece Of Information Gets Tied To Others

Imagine that a sailor calls his significant other to say he won’t be home that evening because of a duty commitment. That in and of itself doesn’t reveal much and the sailor may think that little nugget of information doesn’t mean much.

But an enemy eavesdropping on cell phone calls to and from the area where the base is located may hear this conversation repeated by dozens or even hundreds of other sailors who are preparing for the same mission. “Honey, I won’t be home tonight” sounds innocuous, but it can tell a tech-savvy enemy a great deal.

Add to that the enemy’s potential ability to pull satellite imagery of Navy ships and the activities that surround them and when you add up increased activity detected by satellite with the phone calls we’ve just been discussing, and you can see where OPSEC begins to get compromised when people aren’t as vigilant as they ought to be.

Now add social media into the mix as a complicating factor and it’s easy to see why the military puts such a premium on good OPSEC procedures and best practices.

Here’s another example–pick a town that you suspect might be having problems dealing with the coronavirus pandemic. At a glance, the town seems to be fine, except the three hospitals there suddenly have cancelled elective surgeries and have shifted operations to be more responsive to emergency room admissions.

Now consider that the observation of this town also includes taking note of which grocery stores are currently running out of toilet paper or that have restricted the purchase of toilet paper to x number of rolls per person.

Now add to that a sudden decrease in dining out, nightlife, and concerts. None of these factors by themselves may tell an untrained observer much. But add all these incongruous details together and you have usable intelligence. None of this information is classified, but it tells a skilled observer all she needs to know.

How Does An Enemy Do It?

Gathering and processing a large volume of seemingly unconnected information requires a process. This process may include some or all of the following but is definitely not limited to:

• Observation of actions to observe patterns and when those patterns get broken
• Harvesting data online from social media
• Intercepting unsecured cell phone, email, and other communications
• Using observers, spies, moles, or other agents to listen in on public conversations, socially engineer gatekeepers such as base operators or administrative staff
• Dumpster diving and trash theft
• Tracking the movements of troops, families, and friends using geolocation data

What You Need To Know About OPSEC

Civilians who are not affiliated with the military and/or are not under DoD jurisdiction (unless they work for the federal government, of course) can help secure or defeat good OPSEC with their behavior.

The military can’t punish an unaffiliated civilian for talking about things on the telephone, social media, or even in person, but they CAN take steps in cases where a military member is responsible in whole or in part for violating OPSEC best practices. The behavior of a friend could in this context result in the military member getting a talking-to about best practices.

That’s why it is crucial for military members to maintain OPSEC as much as possible even with their own families.

That does not necessarily mean not telling a spouse or girlfriend about having to train or deploy. But what it DOES mean is choosing very carefully how, when, and how much to say. Military members should discuss OPSEC with their civilian family members and impress upon them the importance of respecting best practices even with information they don’t think means very much.

Being up front about OPSEC issues with family and friends is the best way to mitigate some of the unintended harm civilians may cause with casual discussion of military matters related to a deployment, exercise, or even new technology on the job and other issues.

Both military members and family members need to know some essentials about OPSEC.

Operations security is practiced all the time in varying degrees of severity, but when a situation arises where OPSEC measures are being ramped up and the need to clamp down on the “loose lips sink ships” factor, you won’t be taken by surprise–your chain of command will indicate when enhanced operations security measures are required.

You will likely be told to brief your family members and in some cases there may be briefings for those in the military community with respect to any enhanced awareness required.

Assume you are a target–especially in the months and weeks leading up to a military exercise, deployment, classified or sensitive training, or other issues. The entire family should assume they are being recorded, monitored, or otherwise observed if there is an event or activity that requires a heightened awareness of operation security.

Report unusual events, situations, contacts, or other issues that don’t seem quite right ahead of any event or activity requiring enhanced operational security measures. If you get a strange request for official documents or other items from sources you do not recognize, report them right away.

The same is true if you notice people photographing a military base, hardware, troops, etc. You should report that or any other suspicious activity noted.

Joe Wallace is a 13-year veteran of the United States Air Force and a former reporter for Air Force Television News