HOME

OPSEC -- A state of mind

By Wallace McBride, Fort Jackson LeaderApril 3, 2014

OPSEC
Dwight Peters teaches profile indicators during a recent OPSEC training class at the Soldier Support Institute at Fort Jackson, S.C. Peters, the installation operations security manager, is one of two Level III certified OPSEC officers currently on F... (Photo Credit: U.S. Army) VIEW ORIGINAL

FORT JACKSON, S.C. (April 3, 2014) -- Dwight Peters, operations security manager for Fort Jackson, says vigilance isn't a part-time job. Because of the casual manner in which information is moved around post every second of the day, though, it's easy to take the value of data for granted.

Operations security, or OPSEC, is a process of evaluating and identifying information to determine if casual behaviors are visible to adversary intelligence systems, and whether they can be used against us.

"OPSEC is a mindset," Peters said. "If it's not on your mind, you won't practice it."

The goal, Peters said, is to give Soldiers and staff reminders throughout the work day without being obtrusive or obnoxious. Signs are posted near many trash receptacles and paper shredders concerning OPSEC measures, computers frequently "push" security notices, and management offers the occasional reminders to properly dispose of sensitive materials.

The challenge, Peters said, is that most of the information covered by OPSEC regulations appears relatively harmless to most people.

"Even though a lot of our tactics, techniques and procedures aren't classified, they still require shredding, protection and safeguarding," said Soldier Support Institute OPSEC officer Geraldo Cruzado. "If not, the adversary will come up with a countermeasure to our protective measures."

OPSEC is the process of protecting little pieces of data that could be combined to give the bigger picture.

"We want to protect that information long enough so that the mission is not disrupted," Cruzado said. "We want to protect personal, identifiable information. That's your Social Security number, your home address, your contact information, cell phone and home number and so forth. That will protect against identity theft."

In March, the Soldier Support Institute hosted training to certify military and civilian personnel in OPSEC levels II and III. Level II represents "Jouneyman" certification, while Level II is a "Senior Analyist."

"OPSEC is a mandated program that everybody's required to have, in every organization from battalion level and above," Cruzado said. "It's primarily about protecting unclassified information. The focus is on protecting information that can be pieced together that can tell our adversaries what we're going to do, what our capabilities are and what our limitations are."

Level I OPSEC training takes place for Soldiers and Department of the Army civilians within the first 30 days of arrival at an installation, and is conducted again on an annual basis. Despite this regiment, Peters said it's difficult for an installation to consistently staff enough Level II and Level III OPSEC officers.

"We can conduct these training sessions maybe twice a year so we can keep people on board," he said. "As you know, people rotate in and they rotate out. Regulations require certain positions of command and directorate levels must have an OPSEC officer."

The class was taught March 18-20, with 49 students graduating from the course with Level II certification. The class was a joint effort between IMCOM, the SSI and the Army Training Center.

"These Level II officers are from throughout Fort Jackson and three major commands," Cruzado said. "We also qualified 18 National Guard (Soldiers) and reservists from all over the U.S."

Daily OPSEC measures ensure that emails are encrypted, sensitive information is shredded, trash is disposed of properly and personal information doesn't fall into the wrong hands. OPSEC officers sometimes take unusual measures to verify that these procedures are being followed.

"If we were to go into a recycling bin, would we find For Official Use Only (material)?" Cruzado asked. "We do dumpster diving to make sure some kinds of information isn't being thrown away as is."

But, OPSEC policies can have negative impacts on the lifespan of paper shredders, he said, which is a problem the post also can't afford. This means sometimes reassessing how data is sometimes discarded.

"I go through a lot of shredders, and we can't afford to buy shredders all of the time," Cruzado said. "So we have to educate the workforce on what is sensitive information, and that's what gets shredded. We're trying to prevent OPSEC compromises. When in doubt, shred."

"There's no such thing as 100 percent prevented OPSEC compromises," Peters said. "People make mistakes. Sometimes it's big, sometimes it's small. But little bitty small things add up."

Not long ago, Cruzado said he was one of six Level III OPSEC officers in all of TRADOC. Today, he said, those numbers have tripled, but there's still room for improvement. He estimates that Fort Jackson needs a minimum of 80 OPSEC officers at levels I and II, but it's difficult to keep OPSEC training and Soldier/employee transfers at the same pace.

"That's why there's a need to replenish this group every year," he said. "But, when we run a class, it's not just Fort Jackson people that come. The class is open to the Army. We get a lot of people from other organizations."

"ATC and IMCOM have been very supportive and cooperative," Cruzado said. "We all have this requirement that's mandated by regulation. It's been a cooperative effort across Fort Jackson to get this done."

Adding additional Level III officers helps the installation maintain the number of Level II people trained.

"This gives us the ability to maintain those levels at a very low cost, because we're here and can train them," Peters said.

It's also difficult to match OPSEC training with the needs of different offices, which have different security demands.

"Every unit is different, so they have different information to protect," Cruzado said. "You have to tailor your OPSEC program to fit your organization's mission, vulnerability and activities."

This could mean creating countermeasures to protect against elements as fierce as terrorism, spies and hackers, but also from information that invariably trickles down to military family members.

"Families have access to sensitive information like deployment dates," he said. "Here at Fort Jackson we have a unique opportunity, because we can instill OPSEC in new Soldiers and new officers when they come here for training."

Related Links:

DoD OPSEC training

Army.mil: Soldiers must consider OPSEC when using social media

Army.mil: OPSEC -- Helpful hints to prevent information spillage

OPSEC for family members

Army OPSEC on Facebook

RELATED STORIES