The IT Law Wiki
Register
Advertisement

Definitions[]

Computer crime[]

Operations security (OPSEC) relates to

[o]peration of computers requires many controls. Isolation of sensitive computer production jobs to minimize exposure to modification, destruction, exposure, or unauthorized use especially separating production and testing activities, is essential. Computer system trouble logs and activity records must be kept and used. Magnetic tapes and disks and output documents must be appropriately identified, and copies must be made and kept safe for backup. Contingency and recovery plans must be prepared and tested. Employee identification on work products and other practices to assure worker trustworthiness must be carried out.[1]

Military[]

Operations security (OPSEC) is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to:

  1. identify those actions that can be observed by adversary intelligence systems;
  2. determine indicators that hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries; and
  3. select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation.[2]

Operations security (OPSEC) is the

[s]ystematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.[3]

Overview[]

OPSEC contributes to offensive IO by slowing the adversary's decision cycle and providing opportunity for easier and quicker attainment of friendly objectives. OPSEC focuses on having a good understanding of the adversary decision maker's ability to collect reliable, adequate, and timely intelligence, and, when integrated with other capabilities, shapes to our advantage the adversary's knowledge and beliefs about a military's operations.

OPSEC denies the adversary critical information about friendly capabilities and intentions needed for effective and timely decision making, leaving the adversary vulnerable to other offensive capabilities. Early integration of OPSEC into mission planning is essential to reduce a friendly operation’s revealing indicators to a minimum and better target the adversary's decision making process.

References[]

  1. Computer Crime: Computer Security Techniques, at ix.
  2. U.S. Department of Defense, Joint Pub. 1–02: DOD Dictionary of Military and Associated Terms (Apr. 2010) (full-text).
  3. CNSSI 4009.

See also[]

  • Joint Publication 3-13.3
Advertisement