DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
(U//FOUO) OPSEC: Why Should You Care?
FROM:
SID OPSEC Manager (S02L3)
Run Date: 04/07/2004
FROM:
SID OPSEC Manager (S02L3)
(U//FOUO) Most of us have taken the mandatory OPSEC training for this year, and many people
are wondering, "Why should I care?" or, "What does this have to do with me?" If you think
OPSEC doesn't apply to you, consider the following scenario:
(U//FOUO) You're at a luncheon at a local restaurant to bid farewell to Sue, a co-worker who is
moving on to a new office. There are 15 people there, all agency employees from your
immediate team, plus Sue's spouse, an agency employee who works in another area.
(U//FOUO) Your boss gets up and starts talking about the great contributions Sue has made to
your efforts against international crime, and the wonderful working relationship she's had with
our sister agencies inside the beltway. He goes on to mention that she'll make a great Branch
Chief, and the people working Russia are lucky to get her. Sue gets up to thank specific
individuals present who have helped her succeed.
(U//FOUO) Sound familiar? Then you've witnessed (or perhaps participated in) a demonstration
of poor OPSEC. But who cares? Did anybody do any harm here? After all, we know what is
classified, and we would never divulge that in public, right? But have you ever stopped to
consider what your unclassified public discussions might be giving away? Take the scenario, for
instance. This is a scene that is played out monthly in the Fort Meade area. It's entirely possible
that nothing said during the speeches was classified, and everyone who attended works here, so
what's the big deal?
(U//FOUO) To understand the answer, you need to think like the adversary. That's really what
OPSEC is all about. What information do our adversaries care about, and what are we giving
away every day? Let's look at the scenario from an adversary perspective. Pretend you're the
bad guy sitting at the next table in the restaurant where the luncheon is being held. What did
you learn? Take a minute to think about what information you believe was shared, and then
compare that to the list below.
1. The names and faces of team members. (Picked up either because of introductions to
Sue's husband, or just in casual conversation.)
2. The fact that this team works on international crime issues. This shows not only that the
NSA is interested in this issue, it also shows the adversary who specifically knows about
this target.
3. The most senior people on the team have been identified, specifically the boss who
praised Sue's efforts. It is also highly likely that the general hierarchy of the team can be
determined just by watching social interaction.
4. The links between NSA and other agencies working crime issues.
5. The skills necessary to work both the international crime and Russian targets, and any
parallels between them.
(U//FOUO) There are potentially many more correlations that can be drawn from this scenario,
but I think you get the point. So what can we do to reduce this risk? There are some simple
adjustments we can make that can help a great deal. No, I'm not going to suggest discontinuing
luncheons. But requesting a private room, or for tables to be set up away from other customers
for privacy purposes is a relatively easy way to make it much more difficult for an adversary to
gather information unobtrusively.
(U//FOUO) I hope that this has shown you that OPSEC does, in fact, apply to everyone. The SID
OPSEC Program Managers are ready to assist you in determining how OPSEC relates to your
particular mission area and day-to-day work activities. For more information, contact
or
on
"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet
without the consent of S0121 (DL sid_comms)."
DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108