OPSEC is everyone’s responsibility

  • Published
  • By Master Sgt. Brian S. Bosse
  • 355th FW Plans and Programs
DAVIS-MONTHAN AIR FORCE BASE, Ariz. --  What we do in the military is important, and we should all be proud of our service to the nation. Whether we are commanding a squadron, flying an aircraft or delivering parts; we are all contributing to the mission and to accomplish this mission, we all deal with information on a daily basis.

Some of this information can be trivial correspondence about the snack bar, but other information can be important details about unit capabilities or upcoming deployments. The important information is called Critical Information, because of its sensitivity and potential to be collected by an adversary. Practicing OPSEC prevents the adversary from gaining information that can disrupt our military operations. Practicing good OPSEC is a responsibility that is shared by all, because of the Critical Information we work with daily.

Military members are not the only people that must safeguard our Critical Information; our civil service employees, contractors and dependents also share the responsibility to protect our this information. What we throw in the trash and discuss in the open can provide an adversary Critical Information necessary to defeat our objectives. Never forget that we are a nation at war, and all of us must do our part to protect our this information from being used against us.

During World War II a common saying was "Loose Lips, Sink Ships." This saying is as true today as it was then, and it takes each one of us to protect our Critical Information.

So, what is the purpose of OPSEC, and what exactly is Critical Information? The purpose of OPSEC is to reduce the vulnerability of Air Force missions from successful adversary collection and exploitation of Critical Information. OPSEC applies to any activities that prepare, sustain, or employ forces during all phases of operations. Simply put, it is preventing our information from being used against us. Critical Information is the specifics about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively, so as to guarantee failure or unacceptable consequences for friendly mission accomplishment. OPSEC indicators are friendly detectable actions and open-source information that can be collected, interpreted or pieced together by an adversary to derive Critical Information. More simply, Critical Information is the pieces of the puzzle that add up to complete the picture. What does Davis-Monthan consider Critical Information? Below is the Critical Information list for D-M. Please safeguard any information that may relate to this list, and your Unit Critical Information listing.

1. Personal Information (Privacy Act) - SSNs, Home Addresses, Family Member and
Dependent Information, Personnel Information Files and Photos Violating Accident Victims Privacy
2. Rosters - Recall, Alpha, JPAS, Social and Access Rosters and Detailed Information on Force Structure
3. Information About Key Personnel - VIP and DV Schedules/Itineraries, Movement, Location, Phone Numbers, Call Signs and Addresses of Key Personnel
4. Personnel Training and Qualifications - Skill levels, Special Experience Identifiers,
Special Qualifications, Aircrew Combat Mission Ready/Basic Mission Capable Ratings and Personnel Status Reports
5. Force Readiness - Identification and Role of Personnel and Equipment, Manning Strength, War Reserve Material (WRM) Stock Levels, Location, Vulnerabilities and Control Procedures, Mission Capability Rates, Status of Unit Conversions, Medical Preparations and Preparedness, Reaction Times to Worldwide Crisis Situations and Contingency Operations
6. Deployment, Mobilization, Employment and TDY Details - Staging Areas,
Chalk Times, Recall Procedures, Processing Areas, Planning Procedures, Leave Cancellations, Mission Objectives or Purpose, Deployed Locations, Personnel and Equipment Involved, Dates and Times of Execution Phases, Duration of Operations, Type/Number of Aircraft, Timing Criteria for High Priority Aircraft, Altitudes, Times, Frequencies, Call Signs, Routes, Maps, Target Materials, Attack/Air Employment Concepts, Deployment and Employment Plans
7. AEF Cycle Information - Association of Units with AEF Number and Deployment Schedule
8. Schedules - Daily Flying Schedules, Range, Deployment and Exercise
9. Exercise Information - Details Concerning Simulated Deployed Location(s),
Simulated Adversarial Country, Units Involved, Overall Scenario, Daily Scripts, Final
Exercise Report, SPINs and BSDs
10. Capabilities and Limitations - Aircraft, Weapons, Personnel, Logistics, Supplies,
Communication Networks, Sensors, Weather, Intelligence and Military Technologies
11. Security Measures - Antiterrorism, FPCON, FPCON Measures, NBC Attack Preparedness, Random Antiterrorism Measures, DEFCON levels, Force Protection, Information, Systems, Communications and Infrastructure Security Measures and all Security-Related Exercises
12. Communications - Procedures/Capabilities/Limitations, Aircraft and Ground Radios, Jamming/Intrusion Effectiveness and Duress Words
13. Codes, Call Signs Passwords, and PINs - Authentication Codes, Duress Words,
Computer Usernames and Passwords, Association of Call Signs with Specific Personnel or Functional Areas, Door/Safe Combinations
14. Base Infrastructure - Diagrams, Blueprints, Current Photography and/or Imagery,
Security Measures, Control Facilities, Communication Facilities, or Support Facilities such as Water Supply, Electrical Grids, Fuel Pipelines, etc
15. Critical Nodes - Existence and Details about Single Points of Failures for Systems

Since OPSEC is a collective effort by all of us to safeguard our Critical Information; think about how you can protect our Critical Information. One of the biggest OPSEC failures is how much information we share about our work activities on the internet. Social networking sites like MySpace and Facebook allow individuals to instantly communicate to a worldwide audience, including our adversaries. Very little censorship is immediately available to stop someone from compromising Critical Information. Therefore, it is up to each of us to exercise sound judgment when using these social sites and to take a few seconds to ensure we are not compromising Critical Information. Some tips to help do this are to not discuss your military affiliation and military duties, to not post pictures of yourself in uniform, and to not post any deployment information. Keep it personal and avoid including any military information. Think about how easy it is for an adversary to gather intelligence by using search engines and social network sites. Do you want the adversary to know exactly who you are, where you are, and when you are moving? Do you want the adversary to know your capabilities so that they can defeat you? of course not. Be a good Wingman and protect the mission, your fellow coworkers, and family by not providing Critical Information.

Dumpster diving (also known as Trash Intelligence) is another way to collect Critical Information. It is easy for people to discard orders, recall rosters, flight schedules and other personnel paperwork when they are no longer needed. However, this over sight compromises our Critical Information. Internet availability can further refine investigative efforts by an adversary that can result in further damage to our CI, or result in Identity Theft. Whether it is personal or professional, the best way to combat Trash Intelligence is to have a cross-cut shredder and to make sure we SHRED Critical Information, before it goes in the trash or recycle bin.

Remember that Loose Lips, Sink ships. When you're sending email, speaking on the phone, talking in public, at home station or deployed you have a responsibility to protect our Critical Information. You can do this by not discussing topics that compromise our Critical Information with people who do not have a valid need-to-know. You may be around trusted friends in public and talking about work related subject matter, but it is easy for anyone to eavesdrop on your conversation. This is especially true when you're in uniform because you represent the Air Force and people are curious about our activities. The majority of people who may approach you in uniform, are friendly and want to talk to you. However, some people may try to collect intelligence by asking supposedly innocent questions about military operations. It is important to remain vigilant and guard against giving away Critical Information.

We all play an important role in the defense of our nation. You can all be proud of your service, just be careful how much information you release when you talk about your duties and your unit's mission. When it comes to internet activities watch what you say about your work, shred paperwork with Critical Information that relates to your professional and personal business when it is no longer needed. Be careful not to compromise our Critical Information when talking on an unsecured phone, or in public about sensitive topics. We all have the responsibility to practice good OPSEC. By exercising caution we protect our Critical Information, our mission, and most importantly the lives of our Airmen. For more information, please visit the OPSEC webpage on the D-M intranet at https://wingxp/opsec.htm or call Master Sgt. Brian Bosse at DSN 228-1019.