Describe Operational Security (OPSEC)
Training Support Package (TSP) for the Marine Battle Skills Test (BST)
TASK: Describe Operational Security (OPSEC)
CONDITION: Without the aid of references
STANDARD: Without omitting key components
ESTIMATED TIME TO TRAIN: 15 minutes
ESTIMATED TIME TO EVALUATE: 5 minutes per Marine
- Define operational security (OPSEC)
- Identify the OPSEC process
- Describe Commander’s critical information requirements (CCIR)
- Identify the OPSEC manager
- Identify dangers associated with social media
- MCO 3070.2 – The Marine Corps Operations Security (OPSEC) Program
- MARADMIN 181/10 – Responsible and Effective Use of Internet-Based Capabilities
- MCDP 2 – Intelligence
- Defense Media Activity Marine Corps Element “Marine Corps Social Media Principles”
SUPPORT REQUIREMENTS: NA
PERFORMANCE STEP 1: Define operational security (OPSEC).
Operational security is the process used to deny enemy access to our intentions and capabilities by identifying, controlling, and protecting indicators associated with our planning or operations.
PERFORMANCE STEP 2: Identify the OPSEC process.
The OPSEC process involves five steps which are typically conducted in sequential order:
Step 1: Identification of Critical Information. The commander and his staff will try to identify the questions that they believe the enemy will need to know about friendly intentions, capabilities, limitations, and activities. Critical information is the information vitally needed by the enemy. This serves to focus the OPSEC process on protecting the vital information, rather than attempting to protect all information.
Step 2: Analysis of Threats. This involves the research and analysis of intelligence information to identify critical information about the enemy. The commander will ask questions such as:
- Who is the enemy?
- What are the enemy’s intentions?
- What is the enemy’s strategy?
- What critical information does the enemy already know?
- What are the enemy’s intelligence collection capabilities?
Step 3: Analysis of Vulnerabilities. This action identifies an operation or activity’s vulnerabilities. This involves examining operational plans for any aspects that may reveal critical information to the enemy. Vulnerabilities exist when the enemy is capable of collecting critical information and then using it against us.
Step 4: Assessment of Risks. This involves developing OPSEC measures to combat the vulnerabilities identified in Step 3. Risk assessment compares the costs of implementing OPSEC measures to the costs of not implementing them.
Step 5: Application of OPSEC Measures. The commander implements the OPSEC measures of his choice that were identified in Step 4. The enemy’s reaction to these OPSEC measures will be monitored to determine effectiveness.
OPSEC Measures. Some examples of OPSEC measures that commanders can implement include:
- Avoiding predictable tactics and procedures.
- Utilizing night movements to reduce the likelihood of enemy observation.
- Utilizing proper radio procedures to prevent interception by the enemy.
- Using camouflage.
- Maintaining noise discipline.
- Burning all trash that may contain any sensitive information.
- Not discussing sensitive future operations with friends and family.
PERFORMANCE STEP 3: Describe Commander’s Critical Information Requirements (CCIR).
The CCIRs are a comprehensive list of information requirements identified by the commander as being critical in the decision making process that affects mission accomplishment. CCIRs include any information about friendly forces, enemy forces, or the operational environment that the commander deems critical in making his command decisions. The Commanding Officers are responsible for maintaining their own CCIRs.
PERFORMANCE STEP 4: Identify the OPSEC manager.
The OPSEC Manager is typically a Marine in the unit’s Administrative Section (S-1) or Operations Section (S-3).
PERFORMANCE STEP 5: Identify dangers associated with social media.
- Remember that you are a Marine 24/7 – in person, and online. Participation on these sites makes you “THE Marine Corps” – your conduct is a direct reflection of the Marine Corps. The best advice is to approach online communication in the same way we communicate in person – by using sound judgment and common sense, adhering to the Marine Corps’ core values of Honor, Courage and Commitment, following established policy, and abiding by the Uniform Code of Military Justice (UCMJ).
- Violations of federal law and DOD regulations or policies may result in disciplinary action under the UCMJ.
- Dangers associated with social media as it relates to OPSEC include but are not limited to:
- Divulging Personal Identifiable Information (PII) that could be used by the enemy/threats (e.g. family info, address, telephone number, email address, etc.).
- Inadvertently exposing unit information (e.g. deployment schedule, troop movements/locations, size, capabilities etc.).
- Susceptible to hacking, phishing, malware, spyware, viruses etc.
- Friends unknowingly make you vulnerable (privacy issue).
- Identity thieves.
- Fake profiles.
- Third party sharing/selling of your information.
Describe Operational Security (OPSEC)
SUPPORT REQUIREMENTS: NA
EVALUATOR NOTE: Marines must answer or perform all the questions below without error in order to pass this event. The evaluator will guide the Marine being tested through the checklist by asking questions.
|Performance Step||Instructor Notes||Pass or Remediate|
|1. Define operational security (OPSEC).||Marine should state OPSEC is the process used to deny access to our intentions and capabilities by identifying, controlling, and protecting indicators of our planning and operations.|
|2. Describe the 5 steps of the OPSEC process.
|Marine should state at least three of the five steps:
1. Identification of Critical Information
2. Analysis of Threats
3. Analysis of Vulnerabilities
4. Assessment of Risks
5. Application of OPSEC Measures
|3. Describe Commander’s Critical Information Requirements (CCIR).||Marine should state CCIRs are a comprehensive list of information requirements identified by the commander as being critical in the decision making process that affects mission accomplishment.|
|4. Identify the OPSEC manager||Marine should state the OPSEC manager of their unit. Usually a person serving in the S-1 or S-3.|
|5. Identify dangers associated with social media.
|Marine should state at least four of the seven:
1. Divulging Personal Identifiable Information (PII) (for example, family information, address, telephone number, email address, etc.)
2. Inadvertently exposing unit information (for example deployment schedule, troop movements/locations, size, capabilities etc.)
3. Susceptible to hacking, phishing, malware, spyware, viruses etc.
4. Friends can unknowingly make you vulnerable
5. Identity thieves
6. Fake profiles
7. Third party sharing/selling of your information