DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U//FOUO) OPSEC: Why Should You Care? FROM: SID OPSEC Manager (S02L3) Run Date: 04/07/2004 FROM: SID OPSEC Manager (S02L3) (U//FOUO) Most of us have taken the mandatory OPSEC training for this year, and many people are wondering, "Why should I care?" or, "What does this have to do with me?" If you think OPSEC doesn't apply to you, consider the following scenario: (U//FOUO) You're at a luncheon at a local restaurant to bid farewell to Sue, a co-worker who is moving on to a new office. There are 15 people there, all agency employees from your immediate team, plus Sue's spouse, an agency employee who works in another area. (U//FOUO) Your boss gets up and starts talking about the great contributions Sue has made to your efforts against international crime, and the wonderful working relationship she's had with our sister agencies inside the beltway. He goes on to mention that she'll make a great Branch Chief, and the people working Russia are lucky to get her. Sue gets up to thank specific individuals present who have helped her succeed. (U//FOUO) Sound familiar? Then you've witnessed (or perhaps participated in) a demonstration of poor OPSEC. But who cares? Did anybody do any harm here? After all, we know what is classified, and we would never divulge that in public, right? But have you ever stopped to consider what your unclassified public discussions might be giving away? Take the scenario, for instance. This is a scene that is played out monthly in the Fort Meade area. It's entirely possible that nothing said during the speeches was classified, and everyone who attended works here, so what's the big deal? (U//FOUO) To understand the answer, you need to think like the adversary. That's really what OPSEC is all about. What information do our adversaries care about, and what are we giving away every day? Let's look at the scenario from an adversary perspective. Pretend you're the bad guy sitting at the next table in the restaurant where the luncheon is being held. What did you learn? Take a minute to think about what information you believe was shared, and then compare that to the list below. 1. The names and faces of team members. (Picked up either because of introductions to Sue's husband, or just in casual conversation.) 2. The fact that this team works on international crime issues. This shows not only that the NSA is interested in this issue, it also shows the adversary who specifically knows about this target. 3. The most senior people on the team have been identified, specifically the boss who praised Sue's efforts. It is also highly likely that the general hierarchy of the team can be determined just by watching social interaction. 4. The links between NSA and other agencies working crime issues. 5. The skills necessary to work both the international crime and Russian targets, and any parallels between them. (U//FOUO) There are potentially many more correlations that can be drawn from this scenario, but I think you get the point. So what can we do to reduce this risk? There are some simple adjustments we can make that can help a great deal. No, I'm not going to suggest discontinuing luncheons. But requesting a private room, or for tables to be set up away from other customers for privacy purposes is a relatively easy way to make it much more difficult for an adversary to gather information unobtrusively. (U//FOUO) I hope that this has shown you that OPSEC does, in fact, apply to everyone. The SID

OPSEC Program Managers are ready to assist you in determining how OPSEC relates to your particular mission area and day-to-day work activities. For more information, contact or on "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)." DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108