Be aware of information you provide; OPSEC is a state of mind

by Josh Nichols
673d ABW Plans and Programs

2/19/2015 - JOINT BASE ELMENDORF-RICHARDSON, Alaska -- We have all seen the posters with the big purple dragon plastered across the walls throughout our units, and hopefully we are all aware of operations security concepts.

But for some, especially in the comfortable, military-friendly town of Anchorage, the consequences of poor OPSEC practices seem vague, unlikely and incredibly distant.

OPSEC is not a process that can be oversimplified through regulation. It is a consistent, subtle check on a person's habits regarding the information he might publicize.

According to Air Force Instruction 10-701, "OPSEC is a process of identifying, analyzing and controlling critical information indicating friendly actions associated with military operations."

This also includes the need to "identify those actions that can be observed ... determine what could be collected, analyzed, and interpreted to derive critical information ...  and execute measures that eliminate or reduce the vulnerabilities."

In other words, we are all responsible for identifying what information can be collected and pieced together by adversaries into something useful.
Furthermore, we are responsible for figuring out what actions to take to minimize our adversaries' accessibility to such critical and sensitive information. This does not come without challenges.

One of the main obstacles to good OPSEC is complacency. This is compounded by the handling of particularly sensitive information throughout the day. Mishandled unclassified information can very easily become significant to an adversary. Unfortunately, we are all susceptible to complacency that can lead to breaches.

Here are some common examples of poor OPSEC:

-Throwing away anything with personally identifiable information - such as bank statements, names and addresses, social security numbers and medical information

-Throwing away any "for official use only" information

-Flags hanging in windows for deployed family members, which can identify a spouse home alone

-Decals or license plate frames displaying branch of service or unit

-Secure-area badges left in vehicles in plain view

-Wearing t-shirts in town which advertise military units, installations or technical expertise

-Social media profiles identifying military service, job series, where you are stationed, deployment info, etc.

Some information, if divulged, could put everyone at risk for being socially engineered. Social engineering happens when adversaries befriend individuals and collect information over the course of time - sometimes for years. Staying focused 24/7 is the ever-present challenge to maintaining good OPSEC.

Seemingly unimportant information or actions become much more significant when pieced together and placed into context. Regulations governing OPSEC can be written, and training can be mandated, but ultimately, good OPSEC is a matter of consistently monitoring the information we allow others to see, and creating good habits consistent with the military lifestyle we have all chosen to live.

In other words, you should always be in an OPSEC frame of mind - whether you are on or off duty, on or off base, or at home on your computer.

Family members are vital to the success of our OPSEC program. They are privy to certain sensitive information, such as deployment times and locations or recalls. They assist in creating, focusing and monitoring their families' OPSEC frame of mind. Family members are just as important as active duty, civilians and contractors in protecting JBER, the Army, the Air Force, and the Department of Defense.