OPSEC: Helpful hints to prevent information spillage
June 14, 2013
- "You kind of have to take the approach of anything you put out there, just assume the world can see it. Good people, bad people." -- Jay Fangman, Fort Campbell Garrison OPSEC Officer
FORT CAMPBELL, Ky. -- Loose lips sink ships. A phrase first used on U.S. propaganda posters during World War II, it still rings true for today's military in the age of social media, a 24/7 news cycle and quick information exchange. All in all, it's now more than ever a "loose keys break knees" society.
On post, Soldiers and Department of Defense civilians are trained to keep quiet on information considered to be matters of Operations Security, better known as OPSEC. This guidance also applies to Army Family members, contractors, retirees and others throughout the community.
Operations Security, as defined by Garrison OPSEC Officer Jay Fangman, is "a systematic and analytic process to deny potential adversaries information about capabilities and intentions by identifying, controlling and protecting evidence of the planning and execution of sensitive activities and operations."
For example, people should refrain from sharing troop movements, upcoming VIP visits, returning Soldiers flight times, results of military operations, descriptions of overseas bases and other similar information. While a spouse may be excited about their Soldier returning home, releasing too much information can in fact aid the enemy and put many lives in danger. Using email or social media to share can make it even easier for people to find and spread this information quickly.
"It's open source stuff, and everything they can get open source are things that they don't have to dig to get," explained Fangman, of information easily accessible on the Internet. "Because when they dig is when our law enforcement and investigative people can catch them."
While Fangman said Fort Campbell-affiliated individuals should not "assume that everybody's out to get you," making a judgment call on what to do with sensitive information is important, no matter your rank, position or status.
"A lot of things, it's a judgment call," he said. "Certain things they could say, anything that has to do with operations; times things are going to start … communications, where communications nodes are; the location of key leaders. But there are other things where it's a gray area that you kind of have to look at it and say, 'you know, could the enemy use this against us?'"
Applying simple OPSEC principles in your day-to-day life can help serve as a reminder when it comes to handling more military-specific information. In terms of social media, people should think about who can actually see the information they post. Apply stricter privacy standards when necessary. After all, do you want the whole world knowing where you are going on vacation and that your house will be unoccupied for a two-week period this summer?
"Do you know all the friends of your friends on your social media sites?" Fangman questioned. "You kind of have to take the approach of anything you put out there, just assume the world can see it. Good people, bad people."
Deployed Soldiers should carefully consider posting personal photos from overseas, as al-Qaida and other extremist groups can use these as research tools.
"It's something that could put them in harm's way if they're posting pictures with metadata on it," Fangman said. "… If you see something and take a picture that metadata could be used. You post it on Facebook [and others could] pull that Facebook and say, 'oh this unit must be right here somewhere.'"
Fangman also encourages individuals to protect their personal identifiable information by applying personal safeguards, such as shredding important documents.
"We're not just looking at terrorists," he said. "We're looking at identity thieves. You throw away your mail, that's OPSEC. Shredding that stuff, that's personal OPSEC."
The same idea applies to professionals handling this information, such as Human Resources employees who routinely handle Social Security numbers, names and addresses for fellow government employees and Soldiers. In general, recycle bins and trash cans should not be the go-to place for this type of sensitive information, rather shredding or secured filing systems are preferred.
"When you think about it on a personal level, it helps when you're at work because you have that mindset," Fangman said. "It's like, 'oh yeah, I need to consider OPSEC before I just throw this in the trash can.'"
Fangman suggests reviewing the following items to maintain good OPSEC.
• Shred all documents that contain sensitive information. If you think it might be sensitive, shred it!
• Encrypt e-mails that contain sensitive information. If you think it might be sensitive, encrypt it!
• Protect all Personally Identifiable Information in your control. Government employees must use the EFS Protected folder on your desktop to store files that contain PII.
• Departing and returning flight times, flight numbers, number of personnel on board is sensitive information. Do not publish to organizations without a need to know. (Welcome Home Ceremony times, available at www.campbell.army.mil, are OK).
• Apply OPSEC principles when using social media. Assume anything you put on social media can be seen by the enemy.
While Soldiers violating OPSEC could potentially be prosecuted under the Uniform Code of Military Justice, violations from DoD civilians and others are often handled through the chain of command with counseling and retraining. Fangman encourages people to rely on Fort Campbell and 101st Airborne Division Public Affairs officials to release pertinent information to the community.
For more information on this topic, download a copy of the Garrison OPSEC Standard Operating Procedures on the Garrison SharePoint homepage or speak with your organization's OPSEC officer. Family members can like the Army Operations Security page on Facebook and find more valuable tips from DoD at www.slideshare.net/DepartmentofDefense/opsec-for-families.
"You've just got to teach people the principles and let them apply them," he said. "OPSEC is not an interesting or fun topic to talk about, but it is important."