Snowden Archive - OPSEC in SID

Snowden Archive
——The SidToday
Files

Browse the Archive

OPSEC in SID - Some Answers

Summary

Helpful hints for SID personnel on applying operational security to their day-to-day activities.

Collapse DetailsExpand Details

Document’s Date

Jan. 12 2004

Publicly Available

Dec. 7 2016

Tags

Systems

DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U//FOUO) OPSEC in SID - Some Answers FROM: SID OPSEC Manager Run Date: 01/12/2004 FROM: SID OPSEC Manager (U//FOUO) By now everyone has heard about the President's visit to Iraq over Thanksgiving. This was a wonderful example of OPSEC in action, allowing the President to spend time with the troops safely. If we stop and take a look at all the work that goes on in SID, it's easy to see that each of us conducts equally sensitive, although less public, activities every day. (U//FOUO) Last month we asked some questions about how OPSEC relates to SID employees (see previous article ). This month we're going to answer those questions, and hopefully spark your interest to learn even more. The questions we asked were: (U) How can you apply OPSEC in your day-to-day activities? (U//FOUO) Given the wide variety of duties within SID, it would be impossible to give a detailed response applicable to every individual job. However, remember that OPSEC is a five-step process which can be applied to any position or job function: Step 1 - Identify your critical information. What is it that you do every day that an adversary would like to know? I challenge anyone to identify a position in SID that does not have at least one sensitive piece of information. Step 2 - Analyze the threat. Who cares about your information? Does that person or organization have the capability to obtain your information if it is not properly safeguarded? Step 3 - Identify vulnerabilities. Is there anything you do in your daily routine (inside or outside work) that could provide information to your adversary? Step 4 - Assess risk. If you have identified your critical information and determined that you have vulnerabilities in your routine, you're halfway there. Then consider your threat information. Does your adversary have the intent and capability to exploit your information? Do they intend to do harm to you or to your mission? Is there an impact to your mission if your adversary obtains your info? If you have a vulnerability, your adversary has intent and capability, and if there is impact to that vulnerability being exploited, you have risk. Step 5 - Apply countermeasures. Make a change to reduce your vulnerability or to lessen impact. This can be as simple as changing your phone call home to be "I'll be home late" rather than "Things are really crazy here since xxx happened. I'll be home once we finish yyyyy." (Fill in your own scenario for your office.) (U) Where can you go if you have OPSEC questions or concerns? (U//FOUO) There are OPSEC representatives throughout SID who should be able to respond to your questions, or at least point you in the right direction. Additionally, you can always contact the SID OPSEC Program Management team on and we'll be glad to address any questions you may have. (U) Whom can you contact to get more information, more training, or become more involved? (U//FOUO) Additional OPSEC training is available through the Interagency OPSEC Support Staff ("go ioss" on the web). Additionally, with help from someone in your office, a SID OPSEC Program Manager can come to your organization and provide a tailored briefing on how OPSEC

applies to your particular job. One of the ways to get more involved is to volunteer to be an OPSEC representative for your work area. You'll get additional training and monthly updates on what is going on with SID OPSEC, as well as have a forum for discussing OPSEC concerns with other SID personnel. (U) Is there more specific SID-applicable training on OPSEC? (C) Yes! Very soon a brand new online class, OPSE-1201, titled "An Introduction to OPSEC for SID Personnel" will be available via VuPort. This course will step you through a real-world example of a SIGINT operation in a non-conventional location. You'll see an email announcing the course premiere shortly. (U//FOUO) We hope we've answered some of your questions about OPSEC in SID. Look in SID today for future updates on our program and what it means to you. As always, if you have any questions relating to OPSEC issues, please contact your SID OPSEC Program Managers, and on "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)." DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108