OPERATIONS SECURITY (OPSEC) GUIDE
DOCUMENT 600-11RANGE OPERATIONS GROUPOPERATIONS SECURITY (OPSEC) GUIDEWHITE SANDS MISSILE RANGEREAGAN TEST SITEYUMA PROVING GROUNDDUGWAY PROVING GROUNDABERDEEN TEST CENTERELECTRONIC PROVING GROUNDHIGH ENERGY LASER SYSTEMS TEST FACILITYNAVAL AIR WARFARE CENTER WEAPONS DIVISION, PT. MUGUNAVAL AIR WARFARE CENTER WEAPONS DIVISION, CHINA LAKENAVAL AIR WARFARE CENTER AIRCRAFT DIVISION, PATUXENT RIVERNAVAL UNDERSEA WARFARE CENTER DIVISION, NEWPORTPACIFIC MISSILE RANGE FACILITYNAVAL UNDERSEA WARFARE CENTER DIVISION, KEYPORT30TH SPACE WING45TH SPACE WINGAIR FORCE FLIGHT TEST CENTERAIR ARMAMENT CENTERARNOLD ENGINEERING DEVELOPMENT CENTERBARRY M. GOLDWATER RANGENATIONAL AERONAUTICS AND SPACE ADMINISTRATIONDISTRIBUTION A: APPROVED FOR PUBLIC RELEASEDISTRIBUTION UNLIMITED
This page intentionally left blank.
DOCUMENT 600-11OPERATIONS SECURITY (OPSEC) GUIDEAPRIL 2011Prepared byRANGE OPERATIONS GROUPOPERATIONS SECURITY COMMITTEEPublished bySecretariatRange Commanders CouncilU.S. Army White Sands Missile Range,New Mexico 88002-5110
This page intentionally left blank.
Operations Security Guide, RCC Document 600-11, April 2011TABLE OF CONTENTSLIST OF FIGURES .vLIST OF TABLES .vPREFACE . viACRONYMS AND INITIALISMS . ixCHAPTER 1:1.11.21.31.4INTRODUCTION. 1-1Background . 1-1Responsibilities and Authoties . 1-1Scope . 1-1OPSEC Definition. 1-2CHAPTER 2:2.12.22.32.42.52.6THE OPSEC PROCESS . 2-1Overview . 2-1Step 1: Identification of Critical Information (CI) and Indicators . 2-1Step 2: Threat Assessment . 2-3Step 3: Vulnerability Analysis . 2-3Step 4: Risk Assessment . 2-4Step 5: Application of Appropriate OPSEC Measuresand Countermeasures . 2-5OPSEC Tools (Assessments, Surveys, and Reviews) . 2-6Arms Control OPSEC Planning . 2-92.72.8CHAPTER 3:3.13.23.33.4RANGE COMMANDERS COUNCIL (RCC) OPSEC PROGRAM . 3-1Purpose . 3-1Roles and Responsibilities . 3-1Training and Awareness . 3-4OPSEC Reporting Requirements . 3-7CHAPTER 4:4.14.24.34.44.54.6THE OPSEC SURVEY . 4-1OPSEC Survey (Overview) . 4-1Uniqueness . 4-1OPSEC Surveys versus Security Inspections . 4-1Types of Surveys. 4-2Survey Execution. . 4-2OPSEC Survey Planning Worksheet . 4-8CHAPTER 5:5.15.25.3ORGANIZATIONAL OPSEC PLANNING . 5-1Purpose and Composition . 5-1OPSEC Plan . 5-2OPSEC Document Reviews . 5-2REFERENCESiii
Operations Security Guide, RCC Document 600-11, April 2011APPENDIX A:RESPONSIBILITIES AND AUTHORITIES . A-1APPENDIX B:DOCUMENTING VULNERABILITIES .B-1APPENDIX C:DOCUMENTED MEASURES AND COUNTERMEASURES . C-1APPENDIX D:SELF ASSESSMENTS: OPSEC INSPECTION CHECKLIST(EXAMPLE) . D-1APPENDIX E:OPSEC SURVEY PLANNING WORKSHEET .E-1APPENDIX F:OPSEC INTERVIEW CHECKLIST. F-1APPENDIX G: OPSEC SURVEY REPORT FORMAT (SAMPLE) . G-1APPENDIX H: OPSEC REVIEW OF PAPER/PRESENTATION (EXAMPLE) . H-1APPENDIX I:ANNUAL OPSEC REPORT FORMAT . I-1APPENDIX J:MILITARILY CRITICAL TECHNOLOGIES LIST (MCTL) . J-1APPENDIX K: DOD DISTRIBUTION STATEMENTS . K-1APPENDIX L:RECOMMENDED CONTENTS FOR OPSEC PLAN .L-1APPENDIX M: SAMPLE MATERIAL SECURED RECYCLING PLAN . M-1APPENDIX N:INFORMATION PROTECTION WALK-THRUS ANDRECEPTACLE INSPECTIONS . N-1APPENDIX O: REVIEW PROCESS . O-1APPENDIX P:DOCUMENT REVIEW PROCESS LETTER . P-1GLOSSARYiv
Operations Security Guide, RCC Document 600-11, April 2011LIST OF FIGURESFigure 2-1:Figure 3-1.Extract from Arms Control OPSEC Brochure . 2-11OPSEC Advisory Report (an example). . 3-8LIST OF TABLESTable 2-1.Table 2-2.Table 3-1.Sample Critical Information List (CIL) . 2-2Types of OPSEC Assessments and the OPSEC Survey . 2-8Related Security Disciplines and Source Documentation . 3-6v
Operations Security Guide, RCC Document 600-11, April 2011This page intentionally left blank.vi
Operations Security Guide, RCC Document 600-11, April 2011PREFACEThis document presents the results of Task ROG-008 ―Update to RCC 600-07 OperationsSecurity (OPSEC) Guide‖ for the Range Operations Group (ROG) in the Range CommandersCouncil (RCC). Security programs and procedures already exist to protect classified matters.However, information generally available to the public as well as certain detectable indicatorsreveal the existence of, and sometimes details about, classified or sensitive information orundertakings. Such indicators may assist those seeking to neutralize or exploit U.S. Governmentactions in the area of national security. Application of the OPSEC process promotes operationaleffectiveness by helping prevent the inadvertent compromise of sensitive or classified U.S.Government activities, capabilities, or intentions.The OPSEC process is a systematic and proven process that the U.S. Government and itssupporting contractors can use to deny potential adversaries access to information aboutcapabilities and intentions of the U.S. Government. The program is implemented by identifying,controlling, and protecting generally unclassified evidence of the planning and execution ofsensitive Government activities (Reference a: National Security Decision Directive (NSDD)No. 298).The RCC gives special acknowledgement for production of this document to:Author: Mr. Jerry A. NoeMember Range Operations Group (ROG)45th Space Wing Operations Security Officer45th Space Wing (45 OSS)Patrick AFB, FL 32925-3299Phone:DSN: 467-6891Comm: (321) 853-6891Fax:DSN: 467-7121Comm: (321) 853-7121E-Mail:jerry.noe@patrick.af.milPlease direct any questions to:Secretariat, Range Commanders CouncilATTN: TEDT-WS-RCC100 Headquarters AvenueWhite Sands Missile Range, New Mexico 88002-5110Telephone: (575) 678-1107, DSN 258-1107E-mailwsmrrcc@conus.army.milvii
Operations Security Guide, RCC Document 600-11, April 2011This page intentionally left blank.viii
Operations Security Guide, RCC Document 600-11, April 2011ACRONYMS AND INITIALISMSAFAF EWEW CIRDIWIWUJCSAir ForceAir Force SupplementAir Force Doctrine DocumentAir Force InstructionAir Force Office of Special InvestigationsAir Force Policy DirectiveArmy RegulationAnti-Terrorism OfficeAgency Vulnerability AssessmentCapability Development DocumentChairman, Joint Chiefs of StaffChairman, Joint Chiefs of Staff InstructionCritical InformationCounterintelligenceCritical Information ListCommunications IntelligenceCommunications SecurityConcept of OperationsConcept PlanDepartment of DefenseDepartment of Defense DirectiveDepartment of Defense InstructionDepartment of Defense RegulationDefense Treaty Inspection Readiness ProgramEssential Elements of Friendly InformationElectronic IntelligenceElectronic WarfareElectronic Warfare OperationsForeign Instrumentation Signals IntelligenceFreedom of Information ActFor Official Use OnlyForce ProtectionHuman IntelligenceInformation AssuranceInitial Capability DocumentsImagery IntelligenceInformation OperationInfluence OperationInteragency OPSEC Support StaffInformation Operations Threat Analysis CenterInitial Requirements DocumentInformation WarfareInformation Warfare UnitJoints Chiefs of Staffix
Operations Security Guide, RCC Document 600-11, April etNSDDNSTISSINW CTECHINTTMAPTTPTWGJoint PublicationJoint Staff Integrated Vulnerability AssessmentsMeasurement and Signature IntelligenceMilitary Critical Technologies ListMulti-disciplined Vulnerability AssessmentMilitary IntelligenceMilitary DeceptionMajor Range and Test Facility BaseNational Aeronautics and Space AdministrationNational Security CouncilNonsecure Internet Protocol Routing NetworkNational Security Decision DirectiveNational Security Telecommunications and Information Systems SecurityInstructionNetwork Warfare (NW) OperationsOffice of the Chief of Naval OperationsOperations PlansOperations OrdersOperations SecurityOperational Risk ManagementOpen Source IntelligenceOPSEC Working GroupPublic AffairsProgram ManagerProgram Protection PlanPsychological OperationsRisk AssessmentResearch, Development, Test, and EvaluationRange Operations GroupSpecial Access ProgramStaff Assistance VisitSensitive But UnclassifiedSecurity DetachmentSecurity ForcesSecretary of the Navy InstructionSenior IntelligenceSignal IntelligenceStatement of WorkRequest for ProposalThreat Analysis CenterTechnical IntelligenceTelecommunications Monitoring and Assessment ProgramTactics, Technologies, and ProceduresTerrorism Working Group (formerly Threat Working Group)x
Operations Security Guide, RCC Document 600-11, April 2011CHAPTER 1INTRODUCTION1.1BackgroundOperations Security (OPSEC) involves a series of steps to examine the planning,preparation, execution and post execution phases of any activity across the entire spectrum ofmilitary actions and operational environments. OPSEC analysis provides decision-makers with ameans of weighing how much risk they are willing to accept in specific operationalcircumstances in the same way as Operational Risk Management (ORM) allows Commanders toassess risk in mission planning. In fact, OPSEC can be referred to as information riskmanagement.The OPSEC process will be employed with other complementary Information Operation(IO) activities to obtain maximum effectiveness. Commanders and their planners should utilizeall capabilities within information operations, including OPSEC, in a synchronized effort toinfluence the perceptions and affect decision-making of an adversary. For example, a knownOPSEC vulnerability may be used to deliver a deception message or psychological operationstheme instead of simply correcting or mitigating the vulnerability. In this case, the use of thediscovered vulnerability would be considered application of the appropriate OPSEC measure.1.2Responsibilities and AuthoritiesOperational effectiveness is enhanced when Commanders and other decision-makersapply OPSEC from the earliest stages of planning. A detailed discussion on OPSECresponsibilities and authorities is provided at Appendix A.1.3ScopeThe OPSEC process is an integral process of force protection to help protect Servicemembers, civilian employees, family members, facilities, and equipment at all locations and inall situations. Force protection relies heavily on OPSEC as a means of denying targetedinformation to terrorists and other adversaries. Since force protection safeguards anorganization’s most precious asset (i.e. people), it is critical that OPSEC be applied throughoutall organizations.The OPSEC is also a process and capability within IO. The IO is the integratedemployment of three operational elements:a. Influence operations (InOps)b. Electronic warfare (EW) operations (EW Ops)c. Network warfare (NW) operations (NW Ops).The purpose of InOps is to influence, disrupt, corrupt, or usurp adversarial human orautomated decision-making while protecting our own decision-making capabilities. InfluenceOperations employ core military capabilities of psychological operations (PSYOP), OPSEC,1-1
Operations Security Guide, RCC Document 600-11, April 2011military deception (MILDEC), counterintelligence (CI) operations, public affairs (PA)operations, and counter-propaganda operations to affect behaviors, protect operations,communicate Directors’ and Commanders’ intentions and project accurate information toachieve desired effects across the cognitive battle space. OPSEC protects friendly operationsand efforts in order to influence the adversary’s behavior.The OPSEC should be closely coordinated with the other security disciplines. To ensurethat all aspects of sensitive activities are protected, each Service has regulations that specificallyapply to security disciplines. These disciplines include physical security, acquisition security,industrial security, information security or safeguarding classified information, informationsystems security or transmission of information via the Internet and electronic mail (e-mail)management and use, antiterrorism/force protection, personnel security, foreign disclosures(visits or requests for information from foreign representatives). Also, public affairs policies andprocedures for each Service require a security review prior to disclosure of any information tothe public. Information related to technologies provided by other Department of Defense (DoD)agencies, as well as national laboratories and ranges, also requires coordination with the systemdeveloper/system owner/program manager and other affected agencies prior to public disclosure.The primary focus of OPSEC analysis is to deny potential exploitation of open sources andobservable actions. These sources are generally unclassified and, consequently, more difficult tocontrol. A list of related Service security regulations is provided in Table 3-1 of this document.1.4OPSEC DefinitionThe OPSEC is a process of identifying, analyzing, and controlling critical informationindicating friendly actions attendant to military tactics, techniques, and procedures (TTPs),capabilities, operations, and other activities to:a. Identify actions that can be observed by adversarial intelligence systems.b. Determine what indicators adversarial intelligence systems might obtain that could beinterpreted or combined to derive critical information in time to be useful toadversaries.c. Select and execute measures that eliminate or reduce to an acceptable level thevulnerabilities of friendly actions to adversary exploitation.1-2
Operations Security Guide, RCC Document 600-11, April 2011CHAPTER 2THE OPSEC PROCESS2.1OverviewUtilizing OPSEC is a process and not a collection of specific rules and instructions thatcan be applied to every operation. OPSEC must be closely integrated and synchronized withother Information Operation (IO) capabilities and all aspects of the protected operations.OPSEC is accomplished with a five-step process. Although these steps are normallyapplied in a sequential manner during deliberate or crisis action planning, dynamic situationsmay require any step to be revisited at any time. The OPSEC process is therefore cyclical innature. The five steps are:Step 1:Step 2:Step 3:Step 4:Step 5:2.2Identification of critical information (CI) and indicators.Threat assessment.Vulnerability analysis.Risk assessment.Application of appropriate OPSEC measures and countermeasures.Step 1: Identification of Critical Information (CI) and IndicatorsCritical information is information about friendly (U. S., allied, and/or coalition)activities, intentions, capabilities, or limitations that an adversary seeks in order to gain amilitary, political, diplomatic, economic, or technological advantage. Another term for CI isEssential Elements of Friendly Information (EEFI). Such information, if revealed to anadversary prematurely, may prevent or complicate mission accomplishment, reduce missioneffectiveness, or cause loss of lives or damage to friendly resources. Critical information mayalso be derived from seemingly unrelated elements of information known as indicators. Theproduct of the first step in the OPSEC process is the development of a Critical Information List(CIL). The sample CIL at Table 2-1 is not all-inclusive, but contains examples of indicators thatcan provide adversaries with information about our capabilities and intentions.The goal of OPSEC is to identify information and observable activities relating tomission capabilities, limitations and intentions in order to prevent exploitation by ouradversaries. OPSEC methodology provides a systematic analysis of our operations and behaviorfrom an adversary’s perspective, thereby assessing how vulnerabilities could be exploited.Information that adversaries need to achieve their goals constitutes critical information about ouroperations or programs. By identifying and protecting this critical information, the OPSECprocess becomes a positive, proactive means by which adversaries are denied an importantadvantage.OPSEC provides a method of identifying our critical information and denying orcontrolling an adversary’s access to that information. OPSEC enables friendly force informationsuperiority by neutralizing adversary information collection activities.2-1
Operations Security Guide, RCC Document 600-11, April 2011TABLE 2-1. SAMPLE CRITICAL INFORMATION LIST (CIL) Work schedulesShipping requests or announcementsMeeting minutes or notesVario
Operations Security Guide, RCC Document 600-11, April 2011 vii PREFACE This document presents the results of Task ROG-008 ―Update to RCC 600-07 Operations
(c) DoDINST 5220.22M, National Industrial Security Program Manual (NISPOM) (d) AR 530-1, Army Regulation Operations Security (f) U.S. Army Corps of Engineers, Fort Worth District, Operations Plan, August 2018 (g) Interagency OPSEC Support
Threat analysis support to OPSEC † 3–4, page 12 Chapter 4 Training Requirements, page 13 Overview † 4–1, page 13 Training programs † 4–2, page 13 OPSEC and external official presence training † 4–3, page 15 Joint and interagency training † 4–4, page 15 Chapter 5 Operat
United States OPSEC Program has given us a superb monograph about the genesis of Operations Security during the Vietnam War. I . !thorough and readable account describes the initial problems in air operations which prompted a high-level investigation, explains the weaknesses in U.S, practices
training and awareness. a. Initial training may be provided by computer-based training, live training or a combination of both. b. OPSEC training is required initially within 30 days of assignment and annually thereafter. c. The contractor is required to maintain individual training records for compliance purposes. III. Contractor Developed .
Mar 24, 2017 · COMDTINST M5510.24. OPSEC Coordinator “C” training will continue to be funded by AFC-56. 7. ENVIRONMENTAL ASPECT AND IMPACT CONSIDERATIONS. a. The development of this Manual and the general policies contained within it have been thoroughly reviewed
OPSECFundamentals for Remote Red Teams "Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence,determines if information obtained by adversaries could be interpreted
AT Level 1 Awareness Training https://atlevel1.dtic.mil/at Level 1 OPSEC Training http://cdsetrain.dtic.mil/opsec/index.htm Comply with local facility access and security policies and.
Jun 29, 2021 · The Five-Step OP SEC Process The NSDD formalized OPSEC and described it as a five-step process: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of countermeasures. The following paragraphs discuss the elemen
