Throughout the Department of Defense, January is recognized as OPSEC Awareness Month.
Short for Operations Security, OPSEC traces its roots to the Vietnam War.
During operations Rolling Thunder and Arc Light, several U.S. Military aircraft were lost due to the enemy’s seemingly advanced knowledge of plans and operations. This led to Operation Purple Dragon, which analyzed the events and concluded that the enemy was able to gather information, not through elaborate decryption efforts or intelligence assets, but through other mediums.
Thus, Purple Dragon first introduced OPSEC as “the ability to keep knowledge of our strengths and weaknesses away from hostile forces.”
Over 50 years later, the landscape and methods of data and information gathering have evolved, and with it, so have OSPEC practices.
The U.S. Army Security Assistance Command’s security team is charged with educating their colleagues on OPSEC practices and procedures and ensuring measures and policies are adhered to protect sensitive information.
“Our approach to the OPSEC program is to make it interactive,” said Ralph Saorrono, USASAC security specialist. “Whether it’s through informative videos or meeting with people face-to-face, we try to provide information they can utilize in the workplace, in public and at home in an engaging way.”
Their efforts cover every pillar of security--physical, industrial, communications, etc.--in order to help people understand how neglecting one facet can affect others.
The corridors and cubicles of USASAC’s headquarters can seem like an innocuous location, safe from the eyes and ears of the enemy, which is why Saorrono and his fellow security team member, Susanne Reinwald, stress the importance of not becoming complacent and keeping OPSEC practices at the forefront of their minds throughout the year.
“One of the main obstacles to protecting information these days is social media,” said Reinwald. “There is so much personal information that may seem harmless to post, but enemies can use it to their advantage.”
It’s important to adjust privacy settings on all platforms to ensure only trusted individuals have access to personal pages.
Whether it’s posting vacation pictures and letting the enemy know there’s no one home or giving away locations or travel dates of a work trip, Saorrono and Reinwald suggest waiting until after the fact to disclose that information, if at all.
Another obstacle Saorrono notices is password strength and protection. He said people should avoid using birthdays, children, or pet names, as those can often easily be found on social media or gleaned from conversation, and that if a password must be written down to remember it, it should be kept in a locked drawer, encrypted password keychain, or safety deposit box.
“Because of the different agencies at Redstone Arsenal, Huntsville is a big target for intelligence gathering,” he said. “So, we need to do our part and protect the systems we have access to from getting in the wrong hands.”
Other ways USASAC members can protect information is by completing the required annual training online, adhering to the 100% clean desk policy, shredding documents, encrypting email containing sensitive information, and only providing information to personnel with adequate security clearance and a need to know.
“OPSEC is a process, but it is also a mindset,” said Reinwald. “You have to train yourself to be mindful of the information that you’re privy to and the ways in which to protect it every day.”
For more information about OPSEC, members should reach out to their G2 or relevant security representatives.
Social Sharing