Operations security

Operations security(OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

The term "operations security" was coined by theUnited States militaryduring theVietnam War.

History

Vietnam

In 1966, United StatesAdmiral Ulysses Sharpestablished a multidisciplinary security team to investigate the failure of certain combat operations during theVietnam War.This operation was dubbed Operation Purple Dragon, and included personnel from theNational Security Agencyand theDepartment of Defense.^[1]

When the operation concluded, the Purple Dragon team codified their recommendations. They called the process "Operations Security" in order to distinguish the process from existing processes and ensure continued inter-agency support.^[2]

NSDD 298

In 1988, PresidentRonald Reagansigned National Security Decision Directive (NSDD) 298. This document established the National Operations Security Program and named the Director of the National Security Agency as the executive agent for inter-agency OPSEC support. This document also established the Interagency OPSEC Support Staff (IOSS).^[3]

Private-sector application

The private sector has also adopted OPSEC as a defensive measure againstcompetitive intelligencecollection efforts.^[4]

IT security

NIST SP 800-53defines OPSEC as the "process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities."^[5]

References

^"PURPLE DRAGON: The Formations of OPSEC".Information Assurance Directorate.National Security Agency.RetrievedJune 15,2016.
^"The Origin of OPSEC- from the dragon's mouth".www.opsecprofessionals.org.Archived fromthe originalon 3 July 2016.Retrieved2016-06-16.
^"About the IOSS".National OPSEC Program.Interagency OPSEC Support Staff.RetrievedJune 15,2016.
^Kahaner, Larry (1997).Competitive Intelligence.Simon & Schuster.pp. 252–255.
^"SC-38. OPERATIONS SECURITY".Security and Privacy Controls for Information Systems and Organizations(Information security standard). Joint Task Force. p. 323.doi:10.6028/NIST.SP.800-53r5.

External links

[1] "PURPLE DRAGON: The Formations of OPSEC".Information Assurance Directorate.National Security Agency.RetrievedJune 15,2016.

[2] "The Origin of OPSEC- from the dragon's mouth".www.opsecprofessionals.org.Archived fromthe originalon 3 July 2016.Retrieved2016-06-16.

[3] "About the IOSS".National OPSEC Program.Interagency OPSEC Support Staff.RetrievedJune 15,2016.

[4] Kahaner, Larry (1997).Competitive Intelligence.Simon & Schuster.pp. 252–255.

[5] "SC-38. OPERATIONS SECURITY".Security and Privacy Controls for Information Systems and Organizations(Information security standard). Joint Task Force. p. 323.doi:10.6028/NIST.SP.800-53r5.

[1]

[2]

[3]

[4]

[5]