Download 111 opsec - Fleet Weather Center, Norfolk, VA

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Information security wikipedia , lookup

IT risk management wikipedia , lookup

Transcript 
Enlisted Information Dominance
Warfare Specialist (EIDWS)
Common Core
111 Operations Security (OPSEC)
Fleet Weather Center Norfolk
1
EIDWS Common Core
111 Operations Security (OPSEC)
• References:
– NTP-3-54
Fleet Weather Center Norfolk
2
EIDWS Common Core
111 Operations Security (OPSEC)
• Define OPSEC:
– OPSEC is a systematic, proven process that identifies, controls, and protects
generally sensitive but unclassified information about a mission, operation, or
activity. When effectively employed, it denies or mitigates an adversary’s ability to
compromise or interrupt a mission, operation, or activity. Without a coordinated
effort to maintain the essential secrecy of plans and operations, our enemies can
forecast, frustrate or defeat major military operations. Good OPSEC helps to blind
our enemies, forcing them to make decisions with insufficient
Fleet Weather Center Norfolk
3
EIDWS Common Core
111 Operations Security (OPSEC)
• Discuss the five step planning process:
• The OPSEC process, also known as the OPSEC five-step process, is the
enabling vehicle for OPSEC planning. It provides the required information for
the OPSEC portion of any plan or activity.
• STEP ONE: IDENTIFY CRITICAL INFORMATION: CI is defined as information
about friendly (U.S., allied and/or coalition) activities, intentions, capabilities, or
limitations an adversary seeks in order to gain a military, political, diplomatic,
economic, or technological advantage.
• STEP TWO: THREAT ASSESMENT: Current, relevant threat information is
critical in developing appropriate OPSEC protective measures. The threat
assessment step in the OPSEC process includes identifying potential
adversaries and their associated capabilities, limitations, and intentions to
collect, analyze, and use knowledge of our CI against us. The threat refers to
more than an enemy agent hiding behind a rock.
• STEP THREE: VULNERABILITY ANALYSIS: An operational or mission-related
vulnerability exists when the adversary has the capability to collect indicators,
correctly analyze them, and take timely action. The vulnerability analysis
identifies operation or mission vulnerabilities. Weaknesses that reveal CI
through collected and analyzed indicators create vulnerabilities. Indicators are
those friendly actions and information that adversary intelligence efforts can
potentially detect or obtain and then interpret to derive friendly CI.
Fleet Weather Center Norfolk
4
EIDWS Common Core
111 Operations Security (OPSEC)
• Discuss the five step planning process (cont):
• STEP FOUR: RISK ASSESSMENT: Risk assessment, or measuring the level of
risk, has two components. First, planners analyze the OPSEC vulnerabilities
identified in the vulnerability analysis and identify possible OPSEC
countermeasures for each. Secondly, planners select OPSEC countermeasures
for execution based on a risk assessment for presentation to the commanding
officer and staffs. OPSEC officers, working with other planners and with the
assistance of intelligence and counterintelligence organizations, provide risk
assessments and recommend actions to mitigate vulnerabilities. Commanders
then decide whether or not to employ the OPSEC measures. Risk assessments
estimate an adversary’s capability to exploit a vulnerability, the potential effects
such exploitation will have on operations, and provide a cost-benefit analysis of
possible methods to control the availability of CI to the adversary. Effective
OPSEC requires managing all dimensions of risk to maximize mission
effectiveness and sustain readiness. Applying operational risk management
enables avoiding unnecessary risks and accepting necessary risk when the
cost of mitigation outweighs the benefit. To better assist the OPSEC
officer/planner assess risk to a mission or activity, Appendix H provides a risk
analysis chart template, an example risk analysis, and analysis ratings criteria.
Proper use of these tools will greatly enhance a command’s OPSEC posture.
Fleet Weather Center Norfolk
5
EIDWS Common Core
111 Operations Security (OPSEC)
• Discuss the five step planning process (cont):
• STEP FIVE: MEASURES/COUNTERMEASURES: OPSEC
measures/countermeasures preserve military capabilities by preventing
adversarial exploitation of CI. Countermeasures mitigate or remove
vulnerabilities that point to or divulge CI. They control CI by managing the raw
data, enhance friendly force capabilities by increasing the potential for surprise,
and augment the effectiveness of friendly military forces and weapons systems.
Fleet Weather Center Norfolk
6
EIDWS Common Core
111 Operations Security (OPSEC)
• Discuss the responsibilities of the command OPSEC officer:
– Strike Group OPSEC Program Manager. The OPSEC program manager will be
appointed by the strike group commander. The OPSEC program manager will
coordinate all staff level OPSEC activities and perform the following tasks:
– Coordinate staff-level OPSEC planning process before major operations/activities.
– Develop and provide OPSEC plans to support major operations/activities.
• Ship/unit OPSEC officers. Perform the following tasks:
• a. Coordinate OPSEC operations as required.
• b. In situations where operating independently from battle group or during remote
•
operations, perform duties as appropriate in support of ship/unit commander
•
mission/operations.
•
•
c. Ensure that all personnel are aware of operations security issues and reinforce
with periodic refresher training/briefings prior to major evolutions (e.g., port calls).
Fleet Weather Center Norfolk
7
EIDWS Common Core
111 Operations Security (OPSEC)
• Describe the OPSEC considerations regarding public affairs:
– Effective planning and execution of PA operations and IO, the latter of which
OPSEC is a core element, are critical to accomplishing the commander’s mission.
The success of both depends on sound leadership and guidance. Successful PA
operations are important in order to fulfill the public’s right to know and maintain
trust and confidence. Credible PA operations are necessary to support the
commander’s mission and keep the public informed throughout the range of
military operations. PA’s principal focus is to provide information to the American
public and international audiences, in support of combatant commander public
information needs at all operational levels.
Fleet Weather Center Norfolk
8
EIDWS Common Core
111 Operations Security (OPSEC)
• Define WRA:
• Web Risk Assessment-Web site self-assessments are a useful tool in
determining whether potential critical information is on a command’s Web site.
Application of the OPSEC five-step process is imperative when placing
information on the Web.
Fleet Weather Center Norfolk
9
EIDWS Common Core
111 Operations Security (OPSEC)
• Define the following terms:
• EEFI- Essential Elements of Friendly Information. Key information adversaries
likely will inquire about regarding our intentions, capabilities, and activities, in
order to obtain answers critical to their own operational effectiveness. Failure to
recognize EEFI/CI renders a commander ineffective against revealing
operational/mission-related vulnerabilities, and thus against a real or potential
threat. The answers to EEFI can potentially lead to CI.
• CI– Critical Information. CI is defined as information about friendly (U.S., allied
and/or coalition) activities, intentions, capabilities, or limitations an adversary
seeks in order to gain a military, political, diplomatic, economic, or
technological advantage.
Fleet Weather Center Norfolk
10
Related documents
Introduction to Operations Security (OPSEC)
Introduction to Operations Security (OPSEC)
Blue Grass Chemical Agent-Destruction Pilot Plant
Blue Grass Chemical Agent-Destruction Pilot Plant
slides - University of Cambridge Computer Laboratory
slides - University of Cambridge Computer Laboratory
전자상거래 요소기술
전자상거래 요소기술
Samantha Plate
Samantha Plate
Great Career Opportunity
Great Career Opportunity
Provider-1 MSP Technical Brief
Provider-1 MSP Technical Brief
North Norfolk District Council Register of Notes Members' Interests Name:
North Norfolk District Council Register of Notes Members' Interests Name:
This Article argues that intellectual property law stifles critical
This Article argues that intellectual property law stifles critical
Document
Document
Cybersecurity of Medical Devices
Cybersecurity of Medical Devices