by Josh Nichols
673d ABW Plans and Programs
2/19/2015 - JOINT BASE ELMENDORF-RICHARDSON, Alaska -- We
have all seen the posters with the big purple dragon plastered across
the walls throughout our units, and hopefully we are all aware of
operations security concepts.
But for some, especially in the comfortable, military-friendly town of
Anchorage, the consequences of poor OPSEC practices seem vague, unlikely
and incredibly distant.
OPSEC is not a process that can be oversimplified through regulation. It
is a consistent, subtle check on a person's habits regarding the
information he might publicize.
According to Air Force Instruction 10-701, "OPSEC is a process of
identifying, analyzing and controlling critical information indicating
friendly actions associated with military operations."
This also includes the need to "identify those actions that can be
observed ... determine what could be collected, analyzed, and
interpreted to derive critical information ... and execute measures
that eliminate or reduce the vulnerabilities."
In other words, we are all responsible for identifying what information
can be collected and pieced together by adversaries into something
Furthermore, we are responsible for figuring out what actions to take to
minimize our adversaries' accessibility to such critical and sensitive
information. This does not come without challenges.
One of the main obstacles to good OPSEC is complacency. This is
compounded by the handling of particularly sensitive information
throughout the day. Mishandled unclassified information can very easily
become significant to an adversary. Unfortunately, we are all
susceptible to complacency that can lead to breaches.
Here are some common examples of poor OPSEC:
-Throwing away anything with personally identifiable information - such
as bank statements, names and addresses, social security numbers and
-Throwing away any "for official use only" information
-Flags hanging in windows for deployed family members, which can identify a spouse home alone
-Decals or license plate frames displaying branch of service or unit
-Secure-area badges left in vehicles in plain view
-Wearing t-shirts in town which advertise military units, installations or technical expertise
-Social media profiles identifying military service, job series, where you are stationed, deployment info, etc.
Some information, if divulged, could put everyone at risk for being
socially engineered. Social engineering happens when adversaries
befriend individuals and collect information over the course of time -
sometimes for years. Staying focused 24/7 is the ever-present challenge
to maintaining good OPSEC.
Seemingly unimportant information or actions become much more
significant when pieced together and placed into context. Regulations
governing OPSEC can be written, and training can be mandated, but
ultimately, good OPSEC is a matter of consistently monitoring the
information we allow others to see, and creating good habits consistent
with the military lifestyle we have all chosen to live.
In other words, you should always be in an OPSEC frame of mind - whether
you are on or off duty, on or off base, or at home on your computer.
Family members are vital to the success of our OPSEC program. They are
privy to certain sensitive information, such as deployment times and
locations or recalls. They assist in creating, focusing and monitoring
their families' OPSEC frame of mind. Family members are just as
important as active duty, civilians and contractors in protecting JBER,
the Army, the Air Force, and the Department of Defense.