Operations Security = OPSEC

Operations Security or OPSEC is about identifying critical information that can be used against you by an opponent and minimizing access to that information. This is a sub process of risk assessment and follows the same basic process flow:

  • Characterization and scope determination
  • Assessment of threats
  • Assessment of vulnerabilities
  • Likelihood and impact analysis
  • Determine risk level
  • Mitigate risk

Some differences are that OPSEC begins with identification of critical information. (this is a subset of characterization) The assessment of vulnerabilities should also include an inventory of where and how critical information is stored and who can access it.

Classical INFOSEC deals with critical information as an indicator of military operations. But today, information can also be a target by itself and OPSEC can be applied to many different areas, not just military operations.

Information that might be a target = intellectual property, identity and financial info, national security info, political and economic info.

Information as an indicator (might help reach the target) = patterns, schedules, maps, actions and reactions, communications activity, inventory, defenses, provisioning, positioning, passwords, vulnerabilities, configurations, social engineering info.

Insider access and insider threat must also be considered.

Countermeasures are any measures, actions, functions or processes designed to minimize exposure and damage. For OPSEC, countermeasures focus on denying critical information to an adversary.

Here are some countermeasure techniques to consider:

  • Deny access – shut down the access channel
  • Camouflage – make the information look like something not as valuable
  • Distract – create a diversion, offer something that appears more interesting (usually for the purpose of buying time)
  • Discredit – create doubt that the information is valid
  • Confuse – combinations of the other techniques

Assess Risk
Situation Awareness
Knowns and Unknowns
OODA Loops


Comments are closed.