August is OPSEC Awareness Month — Do you know where your vulnerabilities are?

Story by David Altom, Kentucky National Guard Public Affairs

purpledots0

A little purple reminder — During OPSEC Awareness Month Kentucky’s citizen soldiers and airmen are encouraged to wear a purple dot on their watches, cell phones, laptops and other electronic devices as a reminder to maintain good operations security practices. (Photo courtesy Kentucky National Guard’s 20th Special Forces Group)

FRANKFORT, Ky. –It’s something that we all take for granted and live with every day.  Most of us think we’re pretty good at it, but the fact is we’re probably not.  It’s been in the international news lately, and not necessarily in a good way. It’s so important that Maj. Gen. Edward W. Tonini, Adjutant General for Kentucky, has even declared the month of August in its honor.

What is it?

It’s OPSEC awareness, dude, also known as operations security.

Gentry01

Chief Warrant Officer Bruce W. Gentry is a trained counter intelligence officer with the Kentucky Guard’s Joint Force Headquarters J2. An expert on operations security, he promotes OPSEC awareness year round. (Photo by David Altom, Kentucky National Guard Public Affairs)

To find out more about OPSEC Awareness Month we conferred with Chief Warrant Officer Bruce W. Gentry with the Kentucky Guard’s Joint Force Headquarters J2.  Gentry is an expert on OPSEC — in addition to being a trained counter intelligence officer, he’s a veteran of Operation Iraqi Freedom where he was the threat vulnerability officer for Victory Base Complex.  He’s also a former Marine with deployments to Bosnia and the Persian Gulf War under his belt.  In civilian life he’s a sergeant with the Shelbyville, Ky. Police Department in charge of the Criminal Investigations Unit.

Here’s what this experienced and dedicated professional had to say about OPSEC ….

Question:  Why OPSEC Awareness Month?  Why Now?

Adjutant General Tonini wanted to highlight one of our most important security programs.  Operations security has always been a part of counter intelligence and protecting critical Information is so important.  Critical Information is needed by adversaries to effectively plan and act to degrade the operational effectiveness of the command.  Critical Information fills in the gaps that exist in the adversaries information base.  Any little piece of the puzzle can be valuable whenever you are putting them all together to make a picture.  Remember, just because the information may be unclassified doesn’t mean it’s appropriate for public disclosure.

As far back as WWII when the Dept of the Army recognized that whenever information was leaked soldiers were getting killed.  A public relations push helped give pause to those soldiers before they spoke.  With the availability of information and the instant means of transmitting that information OPSEC has become even more important now.  This has been extremely evident with former NSA contractor Edward Snowden and former intel analyst Bradley Manning and Wikileaks.

OPSEC purple dragon 2

The purple dot comes from the purple dragon, the Department of Defense symbol of operations security that dates back to the Vietnam War.

The purple dot is a locally generated visual reminder that everything that you say, post, tweet and in some way make information public you are to be vigilant of what is being transmitted.  The underlying principles of denying an adversary information are centuries old. In fact, George Washington was quoted as saying: “Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion.” Millennia before, Sun Tzu wrote, “If I am able to determine the enemy’s dispositions while at the same time I conceal my own, then I can concentrate and he must divide.”

OPSEC as a methodology was developed during the Vietnam War, when Admiral Ulysses Sharp, Commander-in-chief, Pacific, established the “Purple Dragon” team in order to determine how the enemy was able to obtain advanced information on military operations.

The team realized that current counterintelligence and security measures alone were not sufficient. They conceived of and utilized the methodology of “Thinking like the wolf”, or looking at your own organization from and adversarial viewpoint. They discovered that US forces were unvarying in their tactics and procedures, and were able to make certain predictions based on that knowledge.

When developing and recommending corrective actions to their command, they then coined the term “Operations Security”  (Taken from OSPA website 2009)

Question:  What are some of the things our troops can do to maintain good OPSEC awareness?

Always be aware that no piece of information is too small to be protected.  Practice control when it comes to any electronic transmissions such as tweets, blogs, e-mails, facebook postings.  Remember whatever you tell someone usually gets re-told several times.  The OPSEC process is applicable to all military operations and activities.  Its use ensures OPSEC measures address all significant aspects of the particular situation and that the measures are balanced against operational requirements.

OPSEC is a continuous and iterative process.  The specific steps in the OPSEC process are:  Identification of Critical Information, Analysis of threats,  Assessment of risks, and Application of appropriate countermeasure(s).  When in doubt ask your supervisor, security manager or OPSEC Officer.

lossy-page1-220px-'WAAC_-_SILENCE_MEANS_SECURITY'_-_NARA_-_515987.tifQuestion:  What about federal and state civilian employees?  Is OPSEC important for them too?

OPSEC is important to everyone.  Our Army Family includes Soldiers, Federal and State civilian employees, contractors and our family members.  Our Army Family plays a vital role in the successful operations and safety of the Army.  There are some things that we should not talk about, especially things that are critical to unit missions.  Even the most unclassified and everyday events can be important to an adversary’s mission.  Sometimes the need to safeguard this information can conflict with what friends and family want to know and need to know.  That’s where OPSEC comes in!

Question:  Should our Guard members family worry about OPSEC?  What can they do to protect themselves?

OPSEC is a good practice for everyone.  Even though information may not be secret, it can be what we call “critical information.”  Critical information deals with specific facts about military intentions, capabilities, limitations or activities.  If an adversary knew this detailed information, our mission accomplishment and personnel safety can be jeopardized.  It must be protected to ensure an adversary doesn’t gain a significant advantage.  By being a member of the military family, you will often know some bits of critical information.  Do not discuss them outside of your immediate family and especially not over the telephone or on the internet.

Examples of critical information include detailed information about the mission of assigned units; details on locations and times of unit deployments; personal transactions such as pay information, powers of attorney, wills, deployment information; references to trends in unit morale or personnel problems; and details concerning security procedures.

purple dot phones

Social media adds a whole new dimension to OPSEC, both in our professional and personal lives. Adding a purple dot to your smartphone is a great way to remind yourself to maintain OPSEC Awareness.

Remember, not everyone reading your posts are your friends.  Be aware of what information needs to be protected, be aware of your surroundings, practice need-to-know, limit details on websites like Facebook and Myspace and shred documents containing your personally identifiable information.

Question:  How has social media affected both OPSEC and personal security?

Social media has driven intelligence gathering to a new high.  Estimates show that approximately 900 Million people have internet access.  Realize that not everyone on the internet is a patriotic American.  Unfortunately, you can get on Facebook or other social media sites and find out all kinds of information such as: birthdates, names, addresses, unit designations, numbers of people deploying, rear detachment, Commanders names, other pertinent information that is updated and readily available.

As I’ve stated before, the information can be used by persons wanting to do us harm and no matter now harmless a person thinks it is it can be used to our detriment.  OPSEC isn’t only about the internet, it’s about what you talk about in public, trash containing critical information or critical information released to unknown persons.  Remember, think before you post, once it’s out there it’s out there forever!  Limit details that you wouldn’t want a bad guy to know.

Question:  Is maintaining OPSEC awareness being paranoid, or just smart?

OPSEC is always smart.  You can take it past good practice and into the paranoid state when you never say anything to anyone, but being mindful of what you are putting out there and whom you are talking to is always smart.  And that is really all we are talking about.

About kentuckyguard