View
231
Download
0
Embed Size (px)
Citation preview
8/3/2019 Joint Doctrine for Operations Security
1/79
24 January 1997
Joint Doctrinefor
Operations Security
Joint Pub 3-54
8/3/2019 Joint Doctrine for Operations Security
2/79
PREFACE
i
1. Scope
This publication describes the use of
operations security (OPSEC) in the planning,preparation, and execution of joint operations.Additionally, it provides the procedures forthe conduct of OPSEC surveys.
2. Purpose
This publication has been prepared underthe direction of the Chairman of the Joint
Chiefs of Staff. It sets forth doctrine and togovern the joint activities and performanceof the Armed Forces of the United States in
joint operations and provides the doctrinalbasis for US military involvement inmultinational and interagency operations. Itprovides military guidance for the exerciseof authority by combatant commanders andother joint force commanders and prescribes
doctrine for joint operations and training. Itprovides military guidance for use by theArmed Forces in preparing their appropriateplans. It is not the intent of this publication torestrict the authority of the joint forcecommander (JFC) from organizing the forceand executing the mission in a manner the JFCdeems most appropriate to ensure unity of effort in the accomplishment of the overall
mission.
3. Application
a. Doctrine and guidance established in
this publication apply to the commandersof combatant commands, subunifiedcommands, joint task forces, and subordinatecomponents of these commands. Theseprinciples and guidance also may apply whensignificant forces of one Service are attachedto forces of another Service or whensignificant forces of one Service supportforces of another Service.
b. The guidance in this publication isauthoritative; as such, this doctrine (or JTTP)will be followed except when, in the judgmentof the commander, exceptional circumstancesdictate otherwise. If conflicts arise betweenthe contents of this publication and thecontents of Service publications, thispublication will take precedence for the
activities of joint forces unless the Chairmanof the Joint Chiefs of Staff, normally incoordination with the other members of theJoint Chiefs of Staff, has provided morecurrent and specific guidance. Commandersof forces operating as part of a multinational(alliance or coalition) military commandshould follow multinational doctrine andprocedures ratified by the United States. For
doctrine and procedures not ratified by theUnited States, commanders should evaluateand follow the multinational commandsdoctrine and procedures, where applicable.
DENNIS C. BLAIRVice Admiral, US NavyDirector, Joint Staff
For the Chairman of the Joint Chiefs of Staff:
8/3/2019 Joint Doctrine for Operations Security
3/79ii
Preface
Joint Pub 3-54
Intentionally Blank
8/3/2019 Joint Doctrine for Operations Security
4/79
TABLE OF CONTENTS
iii
PAGE
EXECUTIVE SUMMARY ............................................................................................. v
CHAPTER IGENERAL
Policy ........................................................................................................................ I-1 Definition .................................................................................................................. I-1 Characteristics of OPSEC ......................................................................................... I-1 OPSEC Survey ......................................................................................................... I-1 Fundamentals of Command and Control Warfare (C2W) .......................................... I-2
OPSEC and Command and Control Warfare ............................................................. I-3
CHAPTER IIOPSEC PLANNING
General .................................................................................................................... II-1 OPSEC Planning Factors ......................................................................................... II-1 OPSEC Planning and the Joint Operations Planning Processes ................................. II-2
CHAPTER IIITHE OPSEC PROCESS
General .................................................................................................................. III-1 The OPSEC Process ............................................................................................... III-1
APPENDIX
A Examples of Critical Information ..................................................................... A-1
B The Intelligence Threat ..................................................................................... B-1C OPSEC Indicators ..............................................................................................C-1D Operations Security Measures .......................................................................... D-1E Procedures for OPSEC Surveys ........................................................................ E-1
ANNEX
A OPSEC Survey Planning Phase ................................................................ E-A-1
TAB
A Composite OPSEC Profile for Combat Operations ....................... E-A-A-1B Functional Outline and Profile Guideline for Intelligence
Collection Operations ............................................................... E-A-B-1C Functional Outline and Profile Guideline for Logistics .................. E-A-C-1D Functional Outline and Profile Guideline for Communications ..... E-A-D-1
8/3/2019 Joint Doctrine for Operations Security
5/79iv
Table of Contents
Joint Pub 3-54
E Functional Outline and Profile Guideline for Operations .............. E-A-E-1F Functional Outline and Profile Guideline for Administration
and Support ................................................................................ E-A-F-1B Field Survey Phase .................................................................................... E-B-1C Analysis and Reporting Phase ................................................................... E-C-1
TAB
A Suggested Format for Final OPSEC Survey Report ...................... E-C-A-1
F References ....................................................................................................... F-1G Administrative Instructions .............................................................................. G-1
GLOSSARY
Part I Abbreviations and Acronyms .................................................................... GL-1Part II Terms and Definitions .............................................................................. GL-3
FIGURE
I-1 Operations Security and Command and Control Warfare ................................ I-4II-1 Deliberate Planning Process ........................................................................... II-4II-2 Crisis Action/Campaign Planning Process ..................................................... II-5III-1 The Operations Security (OPSEC) Process .................................................. III-2B-1 The Intelligence Cycle ................................................................................... B-1E-A-A-1 Sample Composite OPSEC Profile for Combat Operations .............. E-A-A-2
8/3/2019 Joint Doctrine for Operations Security
6/79
EXECUTIVE SUMMARYCOMMANDERS OVERVIEW
v
Discusses the Characteristics of Operations Security
Covers Operations Security Planning
Details the Operations Security Process
General
Operations Security (OPSEC) is a process of identifying criticalinformation and subsequently analyzing friendly actionsattendant to military operations and other activities to: (a)identify those actions that can be observed by adversaryintelligence systems; (b) determine what indicators adversaryintelligence systems might obtain that could be interpreted orpieced together to derive critical information in time to beuseful to adversaries; and (c) select and execute measures thateliminate or reduce to an acceptable level the vulnerabilities
of friendly actions to adversary exploitation.OPSECs most
important characteristic is that it is a process and not acollection of specific rules and instructions that can beapplied to every operation. Therefore, OPSEC and securityprograms must be closely coordinated to ensure that all aspectsof sensitive operations are protected. Commanders must beprepared to assume some degree of risk because, in most cases,OPSEC entails the expenditure of resources. An OPSECsurvey is essential for identifying requirements for
additional measures and for making necessary changes inexisting measures. Command and control warfare (C2W) isthe integrated use of psychological operations, militarydeception, OPSEC, electronic warfare, and physicaldestruction, mutually supported by intelligence, to denyinformation to, influence, degrade, or destroy adversarycommand and control (C2) capabilities while protectingfriendly C2 capabilities against such actions. In C2W, thethreat to OPSEC is ultimately the adversary commander.
Denial of critical information about friendly capabilities andlimitations may result in flawed command decisions that provedevastating to the adversary force. The emphasis of OPSECas a part of an overall C2W effort should be to deny criticalinformation necessary for the adversary commander toaccurately estimate the military situation. The intent of OPSECin C2W should be to force the adversary commander to make
Operations security(OPSEC) is concerned with identifying,
controlling, and protecting the generally unclassified evidence that is associated with sensitive operations
and activities.
8/3/2019 Joint Doctrine for Operations Security
7/79vi
Executive Summary
Joint Pub 3-54
faulty decisions based upon insufficient information and/or todelay the decision making process due to a lack of information.Planning and executing OPSEC measures require closecoordination with public affairs officers.
Joint OPSEC planning and execution occur as part of thecommands or organizations C2W effort. The commandersobjectives for C2W are the basis for OPSEC planning. OPSECis an operational function, not a security function. Planningmust focus on identifying and protecting critical information,and the ultimate goal of OPSEC is increased missioneffectiveness. OPSEC should be one of the factorsconsidered during the development and selection of friendlycourses of action. The termination of OPSEC measures mustbe addressed in the OPSEC plan in order to prevent futureadversaries from developing countermeasures to successfulOPSEC measures. There are three major planning processesfor joint planning. Plans are proposed under different processesdepending on the focus of a specific plan. The processes arelabeled either campaign, deliberate, or crisis action planning;however, they are interrelated. OPSEC plans are prepared aspart of all joint operation plans and orders.
The OPSEC process, when used in conjunction with the jointplanning processes, provides the information required to writethe OPSEC section of any plan or order. The OPSEC processconsists of five distinct actions: identification of criticalinformation, analysis of threats, analysis of vulnerabilities,assessment of risk, and application of appropriate OPSECmeasures. These actions are applied in a sequential mannerduring OPSEC planning, yet in some situations individualactions may be revisited at any time in order to update allplanning processes.
This publication describes the use of operations security in theplanning, preparation, and execution of joint operations.Additionally, it provides the procedures for the conduct of OPSEC surveys.
To be effective, OPSEC measures must be considered as early as possible during mission planning and then be appropriately revised to keep pace with any changes in current operations and adversarial threats.
OPSEC planning is accomplished through theuse of the OPSEC process.
CONCLUSION
OPSEC Planning
OPSEC Process
8/3/2019 Joint Doctrine for Operations Security
8/79
CHAPTER IGENERAL
I-1
operation or activity for the purpose of denying critical information to an adversary.
b. Unlike security programs that seek toprotect classified information, OPSEC isconcerned with identifying , controlling , andprotecting the generally unclassifiedevidence that is associated with sensitiveoperations and activities. OPSEC andsecurity programs must be closelycoordinated to ensure that all aspects of sensitive operations are protected.
c. OPSEC acknowledges that commandersmust be prepared to assume some degreeof risk when choosing whether or not toexecute OPSEC measures. OPSEC measureswill, in most cases, entail the expenditure of resources. In choosing to execute particularOPSEC measures, commanders must decidethat the assumed gain in secrecy outweighsthe costs in resources . If commanders decidenot to execute certain measures because thecosts outweigh the gain, then they areassuming risks. The OPSEC process requiresthat decision makers directly address howmuch risk they are willing to assume.
4. OPSEC Survey
An OPSEC survey is an intensive applicationof the OPSEC process to an existing operationor activity by a multi-disciplined team of experts.Surveys are essential for identifyingrequirements for additional measures and formaking necessary changes in existingmeasures. Appendix E, Procedures for OPSECSurveys, describes the procedures forconducting OPSEC surveys.
If I am able to determine the enemys dispositions while at the same time I conceal my own, then I can concentrate and he must divide.
Sun Tzu,The Art of War , 400-320 BC
1. Policy
Policy for joint operations security(OPSEC) is established by the Chairman of the Joint Chiefs of Staff (CJCS) Instruction3213.01, Joint Operations Security.Reference should be made to that documentfor information concerning responsibilitiesrelating to joint OPSEC and for requirementsfor establishing joint OPSEC programs.
2. Definition
OPSEC is a process of identifying criticalinformation and subsequently analyzingfriendly actions attendant to militaryoperations and other activities to:
a. Identify those actions that can beobserved by adversary intelligence systems;
b. Determine what indicators hostileintelligence systems might obtain that couldbe interpreted or pieced together to derivecritical information in time to be useful toadversaries; and
c. Select and execute measures thateliminate or reduce to an acceptable levelthe vulnerabilities of friendly actions toadversary exploitation.
3. Characteristics of OPSEC
a. OPSECs most important characteristicis that it is a process . OPSEC is not acollection of specific rules and instructions thatcan be applied to every operation. It is amethodology that can be applied to any
8/3/2019 Joint Doctrine for Operations Security
9/79I - 2
Chapter I
Joint Pub 3-54
5. Fundamentals of Commandand Control Warfare (C2W)
a. C2W is the integrated use of psychological operations (PSYOP), militarydeception, OPSEC, electronic warfare (EW),and physical destruction, mutually supportedby intelligence, to deny information to,influence, degrade, or destroy adversarycommand and control (C2) capabilities whileprotecting friendly C2 capabilities againstsuch actions. C2W is a warfightingapplication of information warfare (IW) inmilitary operations and is a subset of IW.C2W applies across the range of militaryoperations and all levels of conflict. C2W isboth offensive and defensive.
C2-attack. Prevent effective C2 of adversary forces by denying informationto, influencing, degrading or destroyingthe adversary C2 system.
C2-protect. Maintain effective C2 of own forces by turning to friendlyadvantage or negating adversary effortsto deny information to, influence,degrade or destroy the friendly C2system.
b. C2W employs various techniques andtechnologies to attack or protect a specifictarget set C2. C2W is applicable to bothwar and military operations other than war(MOOTW). C2W is planned and executedby combatant commanders, subunifiedcommanders, and joint task force commanders.C2W efforts are focused within a commanderof a combatant commands area of responsibility or a commander, joint task forces joint operations area and their area of interest (AOI). C2W is an essential part of any joint military operation opposed orthreatened by an organized military orparamilitary force. It is an integral part of anoverall campaign plan. C2W applies to allphases of an operation, including those before,during and after actual hostilities.
c. The elements of C2W (PSYOP,military deception, OPSEC, EW, physicaldestruction) can support land, sea, air, andspace operations . Although C2W as definedis composed of these five elements, in practiceother warfighting capabilities may beemployed as part of C2W to attack or protecta C2 target set. The level of applicabilityof the various C2W elements is dependent onthe assigned mission and the circumstances,targets, and resources available. C2Wprovides a framework that promotessynergy between the individual elementsto produce a significant warfightingadvantage. Even in MOOTW, C2W offersthe military commander lethal and nonlethalmeans to achieve the assigned mission whiledeterring war and/or promoting peace.
d. Effective C2W provides to the jointforce commander (JFC) an ability to shapethe adversary commanders estimate of thesituation in the theater of operations. It mayeven be possible to convince an adversary thatthe United States has won prior to engagingin battle, resulting in deterrence andpreempting hostilities.
e. A successful C2W effort will contributeto the security of friendly forces, bring theadversary to battle (if appropriate) at adisadvantage, help seize and maintain theinitiative, enhance freedom of maneuver,contribute to surprise, isolate adversary forcesfrom their leadership, and create opportunitiesfor a systematic exploitation of adversaryvulnerabilities.
f. Effective C2W operations influence,disrupt, or delay the adversarys decisioncycle. This decision cycle is supported by aC2 system which does not merely consist of a commander and the infrastructure tocommunicate orders. It encompasses all thecapabilities, thought processes, and actionsthat allow a commander to correctly observethe AOI; assess what those observations implyabout the operation; use assessments to make
8/3/2019 Joint Doctrine for Operations Security
10/79
I - 3
General
timely, effective decisions; and communicatethose decisions as orders to subordinatecommanders to control the course of anoperation. The execution of orders on bothsides of an operation alters the situation inthe operational area. These changes, in turn,must be observed, assessed, and acted uponin a continuous process . This process canbe thought of as a decision cycle.
g. Synchronized C2W operations shouldenable a JFC to operate inside anadversarys decision cycle by allowing theJFC to process information through the C2decision cycle faster than an adversarycommander. Initiative is fundamental tosuccess in military operations. In C2W, bothC2-attack and C2-protect operations
contribute to gaining and maintaining militaryinitiative.
h. For more information on C2W, see JointPub 3-13.1, Joint Doctrine for Command andControl Warfare.
6. OPSEC and Command andControl Warfare
See Figure I-1.
a. OPSEC is concerned with denyingcritical information about friendly forcesto the adversary. In C2W, the threat toOPSEC is ultimately the adversarycommander. Denial of critical informationabout friendly capabilities and limitations mayresult in flawed command decisions that provedevastating to the adversary force. The emphasisof OPSEC as a part of an overall C2W effortshould be to deny critical informationnecessary for the adversary commander toaccurately estimate the military situation . Theintent of OPSEC in C2W should be to force theadversary commander to make faulty decisionsbased upon insufficient information and/or todelay the decision making process due to a lack of information.
b. The inevitable presence of the newsmedia during military operationscomplicates OPSEC. As part of the globalinformation infrastructure, the news mediaportrays and offers commentary on militaryactivities on the battlefieldboth preparatoryto and during battle. News media portrayalof military activities prior to hostilities canhelp to deter actual hostilities and/or buildpublic support for inevitable hostilities . Byportraying the presence of US and/or
Since the news media potentially can be a lucrative source of information to adversaries, OPSEC planners must work closely with public affairs personnel to avoid inadvertent disclosure of critical information.
8/3/2019 Joint Doctrine for Operations Security
11/79I - 4
Chapter I
Joint Pub 3-54
multinational military forces in or en routeto the operational area, news media storiescan demonstrate the readiness,commitment and resolve of the UnitedStates and its multinational partners tocommit military forces to battle if necessaryto protect US and/or multinational interests,lives, or property. However, the presence of the news media in the operational area, withthe capability to transmit information on areal-time basis to a worldwide audience, hasthe potential to be a lucrative source of information to adversaries . OPSECplanners must keep these considerations inmind when determining which aspects of amilitary operation are critical information
Figure I-1. Operations Security and Command and Control Warfare
OPERATIONS SECURITY AND COMMANDAND CONTROL WARFARE
A methodology that can beapplied to any operation oractivity for the purpose ofdenying critical information toan adversary
Concerned with identifying,controlling, and protecting thegenerally unclassifiedevidence that is associatedwith sensitive operations andactivities
Deny critical informationnecessary for the adversarycommander to accuratelyestimate the military situation
Force the adversarycommander to make faultydecisions based uponinsufficient information and/orto delay the decision makingprocess due to lack ofinformation
Operations Security
Operations Security In Command andControl Warfare
that must be denied to the adversary. OPSECplanners must work closely with militarypublic affairs personnel to develop guidelinesthat can be used by both military and newsmedia personnel to avoid inadvertentdisclosure of critical information that could,ultimately, increase the risk to the lives of US and/or multinational military personnel.
c. Denial of critical information to theadversary commander contributes touncertainty and slows the adversarys decisioncycle. Critical information can be hidden bysuch traditional OPSEC measures as actioncontrol, countermeasures, andcounteranalysis. Counterintelligence
8/3/2019 Joint Doctrine for Operations Security
12/79
I - 5
General
appropriate level. In C2W, operationalplanners concerned with OPSEC shouldalso coordinate with C2 planners, EWplanners, and targeteers to deny criticalinformation to the adversary commander. TheOPSEC process may also identify for attack particular adversary collection, processing,analysis, and distribution systems in order todeny the adversary commander criticalinformation by fo re st al l in g th atcommanders ability to collect it.
support is an integral part of successfulOPSEC. PSYOP and military deceptionpersonnel also work closely with OPSECplanners to mutually support their respectiveefforts.
d. Critical information denied to anadversary can be replaced or refocused tosupport the commanders goals throughmilitary deception and/or PSYOP, if use of those elements has been approved at the
8/3/2019 Joint Doctrine for Operations Security
13/79I - 6
Chapter I
Joint Pub 3-54
Intentionally Blank
8/3/2019 Joint Doctrine for Operations Security
14/79
CHAPTER IIOPSEC PLANNING
II-1
1. General
a. In order to prevent adversaries (orpotential adversaries) from gaining valuableintelligence about friendly operations, jointforces must plan and execute OPSECmeasures . To be effective, OPSEC measuresmust be considered as early as possible duringmission planning and then be appropriatelyrevised to keep pace with any changes incurrent operations and adversarial threats.
b. Joint OPSEC planning and executionoccur as part of the commands ororganizations C2W effort. The commandersobjectives for C2W are the basis for OPSECplanning. In addition to directly supportingthe accomplishment of the commanders
objectives, the use of OPSEC measures insupport of the other components of C2W mustalso be considered during OPSEC planning.
2. OPSEC Planning Factors
The following factors must be consideredwhen conducting OPSEC planning:
a. The commander plays the critical role.OPSEC planning guidance must be providedas part of the commanders C2W planningguidance to ensure that OPSEC is consideredduring the development of friendly coursesof action (COAs).
b. OPSEC is an operational function ,not a security function. OPSEC planning
To keep your actions and your plans secret always has been a very good thing . . . Marcus Crassus said to one who asked him when he was going to move the army: Do you believe that you will be the only one not to hear the
trumpet?
Niccolo Machiavelli,The Art of War , 1521
While planning joint operations, including those requiring highly visible deployments,OPSEC measures must be considered as early as possible to prevent adversaries from gaining valuable intelligence.
8/3/2019 Joint Doctrine for Operations Security
15/79II-2
Chapter II
Joint Pub 3-54
must be done by the operations planners.They are assisted by the organizationsOPSEC program personnel and appropriateplanners from other staff elements.Intelligence support is particularly importantin determining the threat to friendlyoperations and in assessing friendlyvulnerabilities.
c. Planning must focus on identifyingand protecting critical information.Denying all information about a friendlyoperation or activity is seldom cost effectiveor realistic.
d. The ultimate goal of OPSEC isincreased mission effectiveness. Bypreventing an adversary from determiningfriendly intentions or capabilities, OPSECreduces losses to friendly units and increasesthe likelihood of mission success.
e. OPSEC should be one of the factorsconsidered during the development andselection of friendly COAs. COAs will differin terms of how many OPSEC indicators willbe created and how easily those indicators canbe managed by OPSEC measures. Dependingupon how important maintaining secrecy isto mission success, OPSEC considerationsmay be a factor in selecting a COA.
O divine art of subtlety and secrecy! Through you we learn to be invisible,through you inaudible; and hence hold the enemys fate in our hands.
Sun Tzu, c. 500 BCThe Art of War
f. OPSEC planning is a continuous process.During the execution phase of an operation,feedback on the success or failure of OPSECmeasures is evaluated and the OPSEC planis modified accordingly. Friendly intelligenceand counterintelligence organizations,communications security (COMSEC)monitoring, and OPSEC surveys are the primarysources for feedback information.
g. Public affairs officers shouldparticipate in OPSEC planning to providetheir assessments on the possible effects of media coverage and for the coordination of OPSEC measures to minimize those effects.
h. The termination of OPSEC measuresmust be addressed in the OPSEC plan toprevent future adversaries from developingcountermeasures to successful OPSECmeasures. In some situations, it may benecessary for the OPSEC plan to provideguidance on how to prevent the target of theOPSEC operation as well as any interestedthird parties from discovering sensitiveinformation relating to OPSEC during thepost-execution phase.
3. OPSEC Planning and theJoint Operation PlanningProcesses
a. Joint OPSEC Planning. OPSECplanning in support of joint operations isaccomplished through the application of the OPSEC process. The five actions thatcompose the OPSEC process are describedin detail in Chapter III, The OPSECProcess. Joint OPSEC planning is alwaysdone in conjunction with normal jointoperation planning and is a part of the overallC2W planning effort.
b. Planning Processes. There are threemajor planning processes for joint planning.Plans are proposed under different processesdepending on the focus of a specific plan. Theprocesses are labeled either campaign ,deliberate , or crisis action planning , and areinterrelated. They are described in Joint Pub5-0, Doctrine for Planning Joint Operations.
c. The Deliberate Planning Process.OPSEC planning relates to the Joint OperationPlanning and Execution System (JOPES)deliberate planning process as shown inFigure II-1.
8/3/2019 Joint Doctrine for Operations Security
16/79
II-3
OPSEC Planning
d. The Crisis Action Planning Process.OPSEC planning relates to the JOPES crisisaction planning process as shown in FigureII-2.
e. The Campaign Planning Process
Combatant commanders translatenational and theater strategy into strategicand operational concepts through thedevelopment of theater campaignplans . The campaign plan embodies thecombatant commanders strategic visionof the arrangement of related operationsnecessary to attain theater strategicobjectives. Campaign planningencompasses both the deliberate andcrisis action planning processes. If thescope of contemplated operationsrequires it, campaign planning beginswith or during deliberate planning. Itcontinues through crisis action planning,thus unifying both planning processes.As stated in Joint Pub 1, Joint Warfareof the Armed Forces of the UnitedStates, Campaign planning is done incrisis or conflict (once the actual threat,national guidance, and availableresources become evident), but the basisand framework for successful campaignsis laid by peacetime analysis, planning,and exercises. The degree to which theamount of work accomplished indeliberate planning may serve as the corefor a campaign plan is directly dependenton the particular theater and objectives.
Preparation of a campaign plan isappropriate when contemplatedmilitary operations exceed the scopeof a single major operation . Campaignplanning is appropriate to both deliberateand crisis action planning. Duringpeacetime deliberate planning,combatant commanders prepare jointoperation plans (OPLANs), includingcampaign plans , in direct response totaskings in the Joint Strategic Capabilities
Plan. Tasking for strategic requirementsor major contingencies may require thepreparation of several alternative plansfor the same requirement using differentsets of forces and resources to preserveflexibility. For these reasons, campaignplans are based on reasonableassumptions and are not normallycompleted until after the NationalCommand Authorities (NCA) selects thecourse of action during crisis actionplanning. Deliberate plans may includeelements of campaign planning;however, these elements will have to beupdated as in any deliberate plan used atexecution. Execution planning isconducted for the actual commitmentof forces when conflict is imminent. Itis based on the current situation andincludes deployment and initialemployment of forces. When a crisissituation develops, an assessment isconducted that may result in the issuanceof a CJCS WARNING ORDER. COAsare developed based on an existingOPLAN or operation plan in conceptformat (CONPLAN), if applicable. Thecombatant commander proposes COAsand makes any recommendations whenthe Commanders Estimate is forwardedto the NCA. The NCA selects a COAand, when directed, the Chairmanissues a CJCS ALERT ORDER. Thecombatant commander now has theessential elements necessary forfinalizing the construction of a campaignplan using the approved COA as thecenterpiece of the plan. OPSEC planningis done the same as in crisis actionplanning (see Figure II-2).
f. OPSEC Plans Format. OPSEC plansare prepared as part of all joint operationplans and orders. The format is found inJoint Pub 5-03.2, Joint Operation Planningand Execution System, Vol II: (Planning andExecution Formats and Guidance).
8/3/2019 Joint Doctrine for Operations Security
17/79II-4
Chapter II
Joint Pub 3-54
DELIBERATE PLANNING PROCESS
InitiationPhase I
Concept DevelopmentPhase II
Mission AnalysisStep 1
Planning Guidance
OPSEC Action 1 -- Identificationof Critical Information
Step 2
Staff EstimatesOPSEC Action 2 --
Analysis of ThreatsOPSEC Action 3 --
Analysis of Vulnerabilities
Step 3
Commander's EstimateOPSEC Action 4 --Assessment of Risks
Step 4
Commander's ConceptStep 5
Chairman of the Joint Chiefs of StaffConcept Review
Step 6
Plan DevelopmentPhase III
Phase IV Plan Review
Phase V Supporting Plans
OPSEC Action 5 -- Application of Appropriate OPSEC Measures (This relates to those measures intended to protect the plan prior to its being implemented) *OPSEC = Operations Security
Figure II-1. Deliberate Planning Process
8/3/2019 Joint Doctrine for Operations Security
18/79
II-5
OPSEC Planning
CRISIS ACTION/CAMPAIGN PLANNINGPROCESS
Situation DevelopmentPhase I
Crisis AssessmentPhase II
Identification of CriticalInformation
OPSEC Action 1
Course of Action
DevelopmentPhase III
Phase V Execution Planning
Phase IV Execution
OPSEC Action 5 -- Application of AppropriateOPSEC Measures
Analysis of ThreatsOPSEC Action 2
Analysis ofVulnerabilities
OPSEC Action 3
Assessment of RisksOPSEC Action 4
Phase IVCourse of ActionSelection
OPSEC = Operations Security
Figure II-2. Crisis Action/Campaign Planning Process
8/3/2019 Joint Doctrine for Operations Security
19/79II-6
Chapter II
Joint Pub 3-54
THE BLACK HOLE: OPSEC DURING PLANNING
During the autumn of 1990, joint force air component commander (JFACC)planners merged the Air Force Component, Central Command (CENTAF) pre-deployment concept of operations with the INSTANT THUNDER concept to
form the foundation for the Operation DESERT STORM plan for air operations.Navy, USMC, and Army planners worked closely with Air Force (USAF) plannersin August and September to draft the initial offensive air plan. In Riyadh, NavyComponent, Central Command (NAVCENT), Marine Corps Component, CentralCommand (MARCENT), and Army Component, Central Command (ARCENT)were integral planning process members. Royal Air Force (RAF) plannersjoined the JFACC staff on 19 September.
CENTCOMs offensive air special planning group (SP6), in the Royal Saudi Air
Force (RSAF) headquarters, was part of the JFACC staff and eventually becameknown as the Black Hole because of the extreme secrecy surrounding itsactivities. The Black Hole was led by a USAF brigadier general, reassignedfrom the USS Lasalle (AGF 3) where he had been serving as the deputycommander of Joint Task Force Middle East when Iraq invaded Kuwait. Hissmall staff grew gradually to about 30 and included RAF, Army, Navy, USMC,and USAF personnel. By 15 September, the initial air planning stage wascomplete; the President was advised there were sufficient air forces to executeand sustain an offensive strategic air attack against Iraq, should he order one.However, because of operational security (OPSEC) concerns, most of CENTAF
headquarters was denied information on the plan until only a few hours beforeexecution.
SOURCE: Final Report to CongressConduct of the Persian Gulf War, April 1992
8/3/2019 Joint Doctrine for Operations Security
20/79
CHAPTER IIITHE OPSEC PROCESS
III-1
1. General
a. OPSEC planning is accomplishedthrough the use of the OPSEC process. Thisprocess, when used in conjunction with the
joint planning processes, provides theinformation required to write the OPSECsection of any plan or order. OPSEC planningis done in close coordination with the overallC2W planning effort and with the planningof the other C2W components.
b. The OPSEC process consists of fivedistinct actions. These actions are appliedin a sequential or adaptive manner duringOPSEC planning. In dynamic situations,however, individual actions may be revisitedat any time. New information about theadversarys intelligence collectioncapabilities, for instance, would require a newanalysis of threats.
c. An understanding of the followingterms is required before the process can beexplained.
Critical Information. Specific factsabout friendly intentions, capabilities,and activities vitally needed byadversaries for them to plan and acteffectively so as to guarantee failure orunacceptable consequences for friendlymission accomplishment.
OPSEC Indicators. Friendly detectableactions and open-source information thatcan be interpreted or pieced together byan adversary to derive criticalinformation.
OPSEC Vulnerability. A condition inwhich friendly actions provide OPSECindicators that may be obtained andaccurately evaluated by an adversary intime to provide a basis for effectiveadversary decision making.
2. The OPSEC Process
See Figure III-1 and Figure III-2.
a. OPSEC Action 1 Identification of Critical Information
While assessing and comparing friendlyversus adversary capabilities during theplanning process for a specific operationor activity, the commander and staff seek to identify the questions that theybelieve the adversary will ask aboutfriendly intentions, capabilities, andactivities. These questions are theessential elements of friendlyinformation (EEFI). In an operationplan or order, the EEFI are listed inAppendix 3 (Counterintelligence) toAnnex B (Intelligence).
Critical information is a subset of EEFI. It is only that information that isvitally needed by an adversary. Theidentification of critical information isimportant in that it focuses theremainder of the OPSEC process onprotecting vital information rather thanattempting to protect all classified orsensitive information.
He passes through life most securely who has least reason to reproach himself with complaisance toward his enemies.
Thucydides,History of the Peloponnesian Wars, 404 BC
8/3/2019 Joint Doctrine for Operations Security
21/79III-2
Chapter III
Joint Pub 3-54
Critical information is listed in theOPSEC portion of an operation planor order. Some general categories of critical information are provided inAppendix A, Examples of CriticalInformation.
b. OPSEC Action 2 Analysis of Threats
This action involves the research andanalysis of intelligence information ,counterintelligence , reports , and opensource information to identify who thelikely adversaries are to the plannedoperation.
The operations planners , working withthe intelligence and counterintelligencestaffs and assisted by the OPSECprogram personnel, seek answers to thefollowing questions:
Who is the adversary? (Who has theintent and capability to take action againstthe planned operation?)
What are the adversarys goals?(What does the adversary want toaccomplish?)
What is the adversarys strategy foropposing the planned operation? (Whatactions might the adversary take?)
What critical information does theadversary already know about theoperation? (What information is it toolate to protect?)
What are the adversarys intelligencecollection capabilities?
Detailed information about theadversarys intelligence collectioncapabilities can be obtained from thecommands counterintelligence andintelligence organizations. In additionto knowing about the adversaryscapabilities, it is important tounderstand how the intelligencesystem processes the information thatit gathers . Appendix B, TheIntelligence Threat, discusses thegeneral characteristics of intelligencesystems.
THE SEQUENTIALOPERATIONS SECURITY
(OPSEC) PROCESS
OPSEC ACTION 1
Identification of CriticalInformation
OPSEC ACTION 2
Analysis of Threats
OPSEC ACTION 3
Analysis ofVulnerabilities
OPSEC ACTION 4
Assessment of Risk
OPSEC ACTION 5
Application ofAppropriate OPSEC
Measures
Figure III-1. The Sequential OperationsSecurity (OPSEC) Process
8/3/2019 Joint Doctrine for Operations Security
22/79III-3
The OPSEC Process
OPSEC ACTION OPSEC ACTION OSPSECACTION OPSEC ACTION OPSEC ACTIONOSPSEC ACTION OPSEC ACTION OPSECACTION OSPSEC ACTION OPSEC ACTIONOPSEC ACTION OSPSEC ACTION OPSECACTION OPSEC ACTION OSPSEC ACTION
OPSEC ACTION OPSEC ACTION OSPSECACTION OPSEC ACTION OPSEC ACTIONOSPSEC ACTION OPSEC ACTION OPSECACTION OSPSEC ACTION OPSECOPSEC
THE ADAPTIVE OPERATIONS SECURITY (OPSEC)PROCESS
CRITI CAL INFO
VU LNERA BILITY
ASSESS RISKS AND
AP PLY CO UNTER MEASU RES
TH REAT
Figure III-2. The Adaptive Operations Security (OPSEC) Process
c. OPSEC Action 3 Analysis of Vulnerabilities
Little minds try to defend everything at once, but sensible people look at the main point only; they parry the worst blows and stand a little hurt if thereby they avoid a greater one. If you try to hold everything, you hold nothing.
Frederick the GreatThe Art of Modern War, 1940
The purpose of this action is to identifyan operations or activitys OPSECvulnerabilities . It requires examiningeach aspect of the planned operation toidentify any OPSEC indicators that couldreveal critical information and then
comparing those indicators with theadversarys intelligence collectioncapabilities identified in the previousaction. A vulnerability exists when theadversary is capable of collecting anOPSEC indicator, correctly analyzing it,and then taking timely action.
Continuing to work with the intelligenceand counterintelligence staffs, theoperations planners seek answers tothe following questions:
What indicators (friendly actions andopen source information) of criticalinformation not known to the adversarywill be created by the friendly activitiesthat will result from the plannedoperation?
What indicators can the adversaryactually collect?
What indicators will the adversary beable to use to the disadvantage of friendlyforces? (Can the adversary analyze theinformation, make a decision, and takeappropriate action in time to interferewith the planned operation?)
See Appendix C, OPSEC Indicators,for a detailed discussion of OPSECindicators.
8/3/2019 Joint Doctrine for Operations Security
23/79III-4
Chapter III
Joint Pub 3-54
d. OPSEC Action 4 Assessment of Risk
This action has two components. First,planners analyze the OPSECvulnerabilities identified in the previous
action and identify possible OPSECmeasures for each vulnerability. Second,specific OPSEC measures are selectedfor execution based upon a risk assessment done by the commander andstaff.
OPSEC measures reduce the probabilityof the adversary either collecting the
indicators or being able to correctlyanalyze their meaning.
OPSEC measures can be used to:(1) Prevent the adversary from detectingan indicator; (2) Provide an alternativeanalysis of an indicator; and/or (3)Attack the adversarys collection system.
OPSEC measures include, amongother actions, cover, concealment,camouflage, deception, intentionaldeviations from normal patterns, anddirect strikes against the adversarysintelligence system.
More than one possible measuremay be identified for eachvulnerability. Conversely, a singlemeasure may be used for more than onevulnerability. The most desirable
OPSEC measures are those that combinethe highest possible protection with theleast effect on operational effectiveness.Appendix D, Operations SecurityMeasures, provides examples of OPSEC measures.
Risk assessment requires comparing theestimated cost associated with
implementing each possible OPSECmeasure to the potential harmful effectson mission accomplishment resultingfrom an adversarys exploitation of aparticular vulnerability.
OPSEC measures usually entailsome cost in time, resources, personnel,or interference with normal operations.
If the cost to mission effectivenessexceeds the harm that an adversary couldinflict, then the application of the measureis inappropriate. Because the decisionnot to implement a particular OPSECmeasure entails risks, this step requirescommand involvement.
When conducting joint operations, all personnel must understand the adversary's intelligence collection capabilities and take action to deny the use of those capabilities.
8/3/2019 Joint Doctrine for Operations Security
24/79
III-5
The OPSEC Process
Typical questions that might beasked when making this analysisinclude the following: (1) What risk toeffectiveness is likely to occur if aparticular OPSEC measure isimplemented? (2) What risk to missionsuccess is likely to occur if an OPSECmeasure is not implemented? (3) Whatrisk to mission success is likely if anOPSEC measure fails to be effective?
The interaction of OPSECmeasures must be analyzed. In somesituations, certain OPSEC measures mayactually create indicators of criticalinformation. For example, thecamouflaging of previously unprotectedfacilities could be an indicator of preparations for military action.
The selection of measures must becoordinated with the othercomponents of C2W. Actions such as
jamming of intelligence nets or thephysical destruction of criticalintelligence centers can be used asOPSEC measures. Conversely, militarydeception and PSYOP plans may requirethat OPSEC measures not be applied to
certain indicators in order to project aspecific message to the adversary.
e. OPSEC Action 5 Application of Appropriate OPSEC Measures
In this step, the command implementsthe OPSEC measures selected in Step4 or, in the case of planned futureoperations and activities, includes themeasures in specific OPSEC plans.
During the execution of OPSECmeasures, the reaction of adversariesto the measures is monitored todetermine their effectiveness and toprovide feedback . Planners use thatfeedback to adjust ongoing activities andfor future OPSEC planning. Provisionsfor feedback must be coordinated withthe commands intelligence andcounterintelligence staffs to ensure thatthe requirements to support OPSECreceive the appropriate priority. Inaddition to intelligence sources providingfeedback, OPSEC surveys can provideuseful information relating to the successof OPSEC measures.
A key action during the OPSEC process is to analyze potential vulnerabilities to joint forces.
8/3/2019 Joint Doctrine for Operations Security
25/79III-6
Chapter III
Joint Pub 3-54
Intentionally Blank
8/3/2019 Joint Doctrine for Operations Security
26/79
APPENDIX AEXAMPLES OF CRITICAL INFORMATION
A-1
This appendix provides general examplesof critical information. Several generic
military activities with some of theirassociated critical information are listed.These are only a few of the many types of military activities and their associated criticalinformation.
a. Diplomatic Negotiations
Military capabilities (pretreaty and
posttreaty)
Intelligence verification capabilities
Minimum negotiating positions
b. Politico-Military Crisis Management
Target selection
Timing considerations
Logistic capabilities and limitations
Alert posture
c. Military Intervention
Intentions
Military capabilities
Forces assigned and in reserve
Targets
Timing
Logistic capabilities and constraints
Limitations
Third-nation support arrangements
d. Counterterrorism
Forces
Targets
Timing
Staging locations
Tactics
Ingress and egress methods
Logistic capabilities and constraints
e. Open Hostilities
Force composition and disposition
Attrition and reinforcement
Targets
Timing
Logistic constraints
Location of critical C2 nodes
f. Mobilization
Intent to mobilize before publicannouncement
Impact on military industrial base
Impact on civil economy
Transportation capabilities andlimitations
g. Intelligence, Reconnaissance, andSurveillance
8/3/2019 Joint Doctrine for Operations Security
27/79A-2
Appendix A
Joint Pub 3-54
Purpose of collection
Targets of collection
Timing
Capabilities of collection assets
Processing capabilities
Unit requesting collection
h. Peacetime Weapons and OtherMilitary Movements
Fact of movement
Periodicity of movements
Origin and destination of equipmentbeing moved
Capabilities and limitations of equipmentbeing moved
Extent of inventory of equipment beingmoved
i. Command Post or Field TrainingExercises
Participating units
OPLAN, CONPLANs, or othercontingencies that are being exercised
Command relationships
Command, control, communications, andcomputers connections and weaknesses
Logistic capabilities and limitations
j. Noncombatant Evacuation Operations(Hostile Environment)
Targets
Forces
Logistic constraints
Safe havens
Routes
Timing
k. Counterdrug Operations
Identity of military forces
Law Enforcement Agency (LEA)involvement
Military support to LEAs
Host-nation cooperation
Capabilities
Timing
Tactics
Logistic capabilities and constraints
8/3/2019 Joint Doctrine for Operations Security
28/79
APPENDIX BTHE INTELLIGENCE THREAT
B-1
1. Introduction
Adversaries and potential adversariescollect and analyze information about USmilitary operations in order to determinecurrent capabilities and future intentions. Toperform this function, most adversaries havecreated intelligence organizations andsystems. The capabilities and levels of sophistication of these threats differ greatly,but they all share certain core characteristics.
The most important of these are howintelligence is developed and how it iscollected. This appendix will describe thosecharacteristics.
2. The Intelligence Cycle
All intelligence systems follow a process.This process begins with a consumer (acommander or decision maker) requestinganswers to certain questions and ends withthe intelligence system providing thoseanswers. Figure B-1 illustrates a typicalintelligence cycle (in this case, the intelligencecycle described in Joint Pub 2-0, JointDoctrine for Intelligence Support to
Operations). Understanding the concept of the intelligence cycle is basic to understandingthe total adversary intelligence threat tofriendly operations in general and the specific
Figure B-1. The Intelligence Cycle
12
34
5
PLANNING ANDDIRECTION
DISSEMINATION COLLECTION
PROCESSINGPRODUCTION
THE INTELLIGENCE CYCLE
MISSION
8/3/2019 Joint Doctrine for Operations Security
29/79B-2
Appendix B
Joint Pub 3-54
threat to the critical information that OPSECseeks to protect.
a. Planning and Direction
Decision makers task their intelligencesystems to collect and assess informationabout their adversaries and potentialadversaries. These informationrequirements are the basis for intelligencecollection, evaluation, and reporting.
These information requirements willnormally include any information thatwould allow the decision maker to betterunderstand an adversarys goals,intentions, current capabilities, strengths,and weaknesses. At the operational andstrategic levels of war, decision makerswill want to know what their adversarycounterparts think; how they make theirdecisions; and their social, cultural,economic, and political beliefs and habits.
Intelligence specialists take the decisionmakers information requirements and turnthem into specific intelligence taskings.
b. Collection
After determining the taskings, theintelligence system will evaluate thecurrency and amount of informationalready at hand. If more or newerinformation is needed, collectionrequirements will be submitted to theappropriate collection resources.
Information may be collected eitherovertly or clandestinely.
Overt collection may include suchactivities by military attaches assignedto embassies and the review of availableopen-source information.
Clandestine collection acquiresinformation while concealing thecollection effort and consists of espionageand technical means such as signals andimagery intelligence.
c. Processing. Collected information mustbe processed into a form that is suitable forthe production of intelligence. For example,imagery film must be developed and signalsmust be processed before they can beevaluated, analyzed, and interpreted forsignificance.
d. Production
The still raw intelligence is evaluated foraccuracy, reliability, and credibility. It iscompared for consistency with knowndata and examined for meaningfulassociations by analyzing it against itshistorical background. It is combinedwith other information. The informationis analyzed, interpreted, and prepared forpresentation to the consumer. There arenumerous types of intelligence productsranging from informal briefings tomultivolume written studies.
Generally, every product attempts toaddress the questions, What is theadversary doing now?" and "What is itgoing to do next? In many cases,because of inadequate collection orinsufficient time for processing andanalysis, intelligence analysts will not beable to provide unambiguous answers tothose questions. This phase of theintelligence cycle is still more art thanscience.
e. Dissemination. In this step, the productis delivered to the consumer. There are asmany forms of delivery as there are productsand consumers. Automated means arebecoming increasingly important in manyintelligence systems.
8/3/2019 Joint Doctrine for Operations Security
30/79
B-3
The Intelligence Threat
3. Intelligence Sources
a. Human Intelligence (HUMINT).HUMINT uses people to gain information thatis often inaccessible by other collectionmeans. Although it is the oldest and mostbasic form of intelligence collection,HUMINT remains significant because it isoften the only source with direct access to theopponents plans and intentions. ClandestineHUMINT collection is done in a fashion thatmaintains the secrecy of the collectionoperation.
b. Imagery Intelligence (IMINT)
IMINT is derived from visualphotography, infrared sensors, lasers,electro-optics, and radar sensors. IMINTsystems can operate from land, sea, air,and/or space platforms. Imageryequipment is being improved constantly,and combinations of sensors are beingused to enhance the quality and timelinessof the intelligence product.
An increasing number of countries arestarting to use photo reconnaissancesatellites. In addition to being a majorstrategic collection capability, they arebecoming an increasingly importantoperational and tactical capability. Thetraditional airborne IMINT platformsremain an important capability for thosecountries without access to satelliteimagery.
c. Signals Intelligence (SIGINT).SIGINT is derived from communication(COMINT), electronics (ELINT), and foreigninstrumentation signals (FISINT).
COMINT is technical and intelligenceinformation derived from foreigncommunications by other than theintended recipients. Prime COMINTsources include clear voice(nonencrypted) telephone and radio
communications and unencryptedcomputer-to-computer data communications.
ELINT is technical or geolocationintelligence derived from foreign non-communications electromagneticradiations emanating from other thannuclear detonations or radioactivesources. Radars are the primary ELINTsource.
FISINT is derived from the intercept andanalysis of electronically transmitted datacontaining measured parameters of performance, such as a ballistic missilesperformance during a test flight.
d. Measurement and SignatureIntelligence (MASINT). MASINT isscientific and technical intelligence obtainedby the quantitative and qualitative analysis of data (metric, angle, spatial, wavelength, timedependence, modulation, plasma, andhydromagnetic) derived from specifictechnical sensors for the purpose of identifyingany distinctive features associated with thesource, emitter, or sender and to facilitatesubsequent identification and/or measurementof the same. MASINT includes otherintelligence sources such as acousticalintelligence, laser intelligence, and nuclearintelligence.
e. Open Source Intelligence (OSINT).OSINT is information of potential intelligencevalue that is available to the general public.OSINT is available from such sources as thenews media, public affairs announcements,unclassified government documents andpublications, public hearings, and contractsand contract-related material.
f. Technical Intelligence (TECHINT).TECHINT is derived from the exploitationof foreign materiel. It results from the analysisof captured or otherwise obtained foreignequipment.
8/3/2019 Joint Doctrine for Operations Security
31/79B-4
Appendix B
Joint Pub 3-54
Intentionally Blank
8/3/2019 Joint Doctrine for Operations Security
32/79
APPENDIX COPSEC INDICATORS
C-1
1. OPSEC Indicators
OPSEC indicators are those friendly actionsand open sources of information thatadversary intelligence systems can potentiallydetect or obtain and then interpret to derivefriendly critical information.
2. Basic OPSEC IndicatorCharacteristics
An indicators characteristics are thoseelements of an action or piece of informationthat make it potentially useful to an adversary.There are five major characteristics.
a. Signature
A signature is the characteristic of anindicator that makes it identifiable or
causes it to stand out. Key signatureproperties are uniqueness and stability.Uncommon or unique features reduce theambiguity of an indicator and minimizethe number of other indicators that mustbe observed to confirm a singleindicators significance.
An indicators signature stability,
implying constant or stereotypedbehavior, can allow an adversary toanticipate future actions. Varying thepattern of behavior decreases thesignatures stability and thus increases theambiguity of the adversarys observations.
Procedural features are an important partof any indicator signature and may
provide the greatest value to an adversary.They identify how, when, and where theindicator occurs and what part it plays inthe overall scheme of operations andactivities.
b. Associations
Association is the relationship of anindicator to other information oractivities. It is an important key to anadversarys interpretation of ongoingactivity. Intelligence analystscontinuously compare their currentobservations with what has been seen inthe past in an effort to identify possiblerelationships.
For example, a distinctive piece of ground-support equipment known to beused for servicing strategic bombersmight be observed at a tactical fighterbase. An intelligence analyst couldconclude that a strategic bomber presencehas been or will be established there. Theanalyst will then look for other indicators
associated with bombers to verify thatconclusion.
Another key association deals withcontinuity of actions, objects, or otherindicators that may register as patternsto the observer or analyst. Suchcontinuity may not be the result of planned procedures but may result
instead from repetitive practices orsequencing to accomplish a goal.
If, for example, the intensive generationof aircraft sorties is always preceded bya maintenance standdown to increaseaircraft readiness, detecting andobserving the standdown may allow theadversary analyst or observer to predict
the subsequent launch activity.Moreover, based on past patterns of thelength of such standdowns, the analystmay be able to judge the scope of thesortie generation.
8/3/2019 Joint Doctrine for Operations Security
33/79C-2
Appendix C
Joint Pub 3-54
Another type of association that is usefulto intelligence analysts is organizationalpatterns. Military units, for example, areoften symmetrically organized. Thuswhen some components are detected,others that are not readily apparent canbe assumed to exist.
For example, an intelligence analystknows that a particular armys infantrybattalions are organized with threeinfantry companies, a headquarterscompany, and a weapons company. If only the headquarters company and oneinfantry company are currently beingdetected, the presence of the other knownbattalion components will be stronglysuspected. Thus in some situations, apattern taken as a whole can be treatedas a single indicator, simplifying theintelligence problem.
c. Profiles
Each functional activity generates its ownset of more-or-less unique signatures andassociations. The sum of these signaturesand associations is the activitys profile.An activitys profile is usually unique.Given enough data, intelligence analystscan determine the profile of any activity.Most intelligence organizations seek toidentify and record the profiles of theiradversarys military activities.
The profile of an aircraft deployment, forexample, may be unique to the aircrafttype or mission. This profile, in turn, hasseveral subprofiles for the functionalactivities needed to deploy the particularmission aircraft (e.g., fuels, avionics,munitions, communications, air trafficcontrol, supply, personnel, andtransportation).
The observation of a unique profile maysometimes be the only key that an
intelligence analyst needs to determinewhat type of operation is occurring, thusminimizing the need to look harder foradditional clues. Such unique profilescut the time needed to make accurateintelligence estimates. As a result,profiles are the analytical tools.
d. Contrasts
Contrasts are any differences that areobserved between an activitys standardprofile and its most recent or currentactions. Contrasts are the most reliablemeans of detection because they dependon differences to established profiles.They also are simpler to use because theyneed only to be recognized, notunderstood.
Deviations from normal profiles willnormally attract the interest of intelligence analysts. They will want toknow why there is a change and attemptto determine if the change meansanything significant.
In the previous example of the distinctivebomber-associated ground supportequipment at a fighter base, theintelligence observer might ask thefollowing questions.
Have bombers been deployed atfighter bases before? At this particularfighter base? At several fighter basessimultaneously?
If there have been previous bomberdeployments, were they routine or didthey occur during some period of crisis?
If previous deployments have beenmade to this base or other fighter bases,how many bomber aircraft weredeployed?
8/3/2019 Joint Doctrine for Operations Security
34/79
C-3
OPSEC Indicators
What actions occurred while thebombers were deployed at the fighterbases?
What is happening at other fighter andbomber bases? Is this an isolated incidentor one of many changes to normalactivity patterns?
Although the detection of a singlecontrast may not provide intelligenceanalysts with a total understanding of what is happening, it may result inincreased intelligence collection effortsagainst an activity.
e. Exposure
Exposure refers to when and for how longan indicator is observed. The duration,repetition, and timing of an indicatorsexposure can affect its relativeimportance and meaning. Limiting theduration and repetition of exposurereduces the amount of detail that can beobserved and the associations that can beformed.
An indicator (object or action) thatappears over a long period of time willbe assimilated into an overall profile andassigned a meaning. An indicator thatappears for a short time and does notappear again may, if it has a high interestvalue, persist in the adversary intelligencedata base or, if there is little or no interest,fade into the background of insignificantanomalies. An indicator that appearsrepeatedly will be studied carefully as acontrast to normal profiles.
Because of a short exposure time, theobserver or analyst may not detect keycharacteristics of the indicator the firsttime it is seen, but he can formulatequestions and focus collection assets toprovide answers if the indicator isobserved again.
Repetition of the indicator in relationshipto an operation, activity, or exercise willadd it to the profile even if the purposeof the indicator is not understood by theadversary. Indicators limited to a singleisolated exposure are difficult to detectand evaluate.
3. Examples of Indicators
The following paragraphs provideexamples of indicators that are associated withselected military activities and information.This short list only scratches the surface of the almost infinite sources of indicatorsassociated with the wide range of US militaryoperations and activities that could beexploited by an adversary. This list is designedprimarily to stimulate thinking about whatkinds of actions can convey indicators thatbetray critical information for specific friendlyoperations or activities.
a. Indicators of General Military ForceCapabilities
The presence of unusual type units for agiven location, area, or base.
Friendly reactions to adversary exercisesor actual hostile actions.
Actions, information, or materialassociating Reserve components withspecific commands or units (e.g.,mobilization and assignment of Reservepersonnel to units).
Actions, information, or materialindicating the levels of unit manning aswell as the state of training andexperience of personnel assigned.
Actions, information, or materialrevealing spare parts availability forequipment or systems.
8/3/2019 Joint Doctrine for Operations Security
35/79C-4
Appendix C
Joint Pub 3-54
Actions, information, or materialindicating equipment or systemreliability (e.g., visits of technicalrepresentatives or special repair teams).
Movement of aircraft, ships, and groundunits in response to friendly sensordetections of hostile units.
Actions, information, or materialrevealing tactics, techniques, andprocedures employed in different typesof training exercises or during equipmentor system operational tests andevaluations.
Stereotyped patterns in performing theorganizational mission that reveal thesequence of specific actions or when theyare accomplished.
b. Indicators of General C2 Capabilities
Actions, information, or materialproviding insight into the volume of orders and reports needed to accomplishtasks.
Actions, information, or materialshowing unit subordination fordeployment, mission, or task.
Association of particular commanderswith patterns of behavior under stress orin varying tactical situations.
Information revealing problems of coordination between the commandersstaff elements.
In exercises or operations, indications of the period between the occurrence of aneed to act or react and the action takingplace, of consultations that occur withhigher commands, and of the types of actions initiated.
Unusual actions with no apparentdirection reflected in communications.
c. General Indicators from CommunicationsUsage
Alert and maintenance personnel usinghandheld radios or testing aircraft orvehicle radios.
Establishing new communications nets.These might reveal entities that haveintrinsic significance for the operation oractivity being planned or executed.Without conditioning to desensitizeadversaries, the sudden appearance of new communications nets could promptthem to implement additional intelligencecollection to discern friendly activitymore accurately.
Suddenly increasing traffic volume or,conversely, instituting radio silence whenclose to the time of starting an operation,exercise, or test. Without conditioning,unusual surges or periods of silence maycatch adversaries attention and, at aminimum, prompt them to focus theirintelligence collection efforts.
Using static call signs for particular unitsor functions and unchanged orinfrequently changed radio frequencies.This usage also allows adversaries tomonitor friendly activity more easily andadd to their intelligence data base forbuilding an accurate appreciation of friendly activity.
Using stereotyped message characteristicsthat indicate particular types of activitythat allow adversaries to monitor friendlyactivity more easily.
Requiring check-in and checkout withmultiple control stations before, during,and after a mission (usually connectedwith air operations).
8/3/2019 Joint Doctrine for Operations Security
36/79
C-5
OPSEC Indicators
d. Sources of Possible Indicators forEquipment and System Capabilities
Unencrypted emissions during tests andexercises.
Public media, particularly technical journals.
Budget data that provide insight into theobjectives and scope of a system researchand development effort or the sustainabilityof a fielded system.
The equipment or system hardware itself.
Information on test and exerciseschedules that allows adversaries to betterplan the use of their intelligencecollection assets.
Deployment of unique units, targets, andsensor systems to support tests associatedwith particular equipment or systems.
Unusual or visible security imposed onparticular development efforts thathighlight their significance.
Information indicating special manningfor tests or assembly of personnel withspecial skills from manufacturers knownto be working on a particular contract.
Notices to mariners and airmen thatmight highlight test areas.
Stereotyped use of location, procedures,and sequences of actions when preparingfor and executing test activity for specifictypes of equipment or systems.
Use of advertisements indicating that acompany has a contract on a classifiedsystem or component of a system,possesses technology of militarysignificance, or has applied particularprinciples of physics and specific
technologies to sensors and the guidancecomponents of weapons.
e. Indicators of Preparations forOperations or Activities. Many indicatorsmay reveal data during the preparatory, ascompared to the execution, phase of operations or activities. Many deal withlogistic activity.
Provisioning of special supplies forparticipating elements.
Requisitioning unusual volumes of supply items to be filled by a particulardate.
Increasing prepositioning of ammunition,fuels, weapon stocks, and other classesof supply.
Embarking special units, installingspecial capabilities, and preparing unitequipment with special paint schemes.
Procuring large or unusual numbers of maps and charts for specific locations.
Making medical arrangements,mobilizing medical personnel, stockpilingpharmaceuticals and blood, andmarshalling medical equipment.
Focusing friendly intelligence andreconnaissance assets against a particulararea of interest.
Requisitioning or assigning increasednumber of linguists of a particularlanguage or group of languages from aparticular region.
Initiating and maintaining unusual liaisonwith foreign nations for support.
Providing increased or tailored personneltraining.
8/3/2019 Joint Doctrine for Operations Security
37/79C-6
Appendix C
Joint Pub 3-54
Holding rehearsals to test concepts of operation.
Increasing the number of trips andconferences for senior officials and staff members.
Sending notices to airmen and marinersand making airspace reservations.
Arranging for tugs and pilots.
Requiring personnel on leave or libertyto return to their duty locations.
Having unusual off-limits restrictions.
Preparing units for combat operationsthrough equipment checks as well asoperational standdowns in order toachieve a required readiness level forequipment and personnel.
Making billeting and transportationarrangements for particular personnel orunits.
Taking large-scale action to change mailaddresses or arrange for mail forwarding.
Posting such things as supply delivery,personnel arrival, transportation, orordnance loading schedules in a routinemanner where personnel without a need-to-know will have access.
Storing boxes or equipment labeled withthe name of an operation or activity orwith a clear unit designation outside acontrolled area.
Employing uncleared personnel tohandle materiel used only in particulartypes of operations or activities.
Providing unique or highly visiblephysical security arrangements for
loading or guarding special munitions orequipment.
Requesting unusual or increasedmeteorological, oceanographic, or iceinformation for a specific area.
Setting up a wide-area network (WAN)over commercial lines.
f. Sources of Indicators During theExecution Phase
Unit and equipment departures fromnormal bases.
Adversary radar, sonar, or visualdetections of friendly units.
Friendly unit identifications throughCOMSEC violation or physical observationof unit symbology.
Force composition and tracks or routesof advance that can be provided byemissions from units or equipment andsystems that provide identifying data.
Stereotyped procedures; static andstandard ways of composing, disposing,and controlling strike or defensiveelements against particular threats; andpredictable reactions to enemy actions.
Alert of civilians in operational areas.
Trash and garbage dumped by units orfrom ships at sea that might provide unitidentifying data.
Transportation of spare parts or personnelto deploying or deployed units or viacommercial aircraft or ship.
Changes in oceanography high frequencyfacsimile transmissions.
8/3/2019 Joint Doctrine for Operations Security
38/79
C-7
OPSEC Indicators
Changes in the activity over WAN.
g. Indicators of Postengagement ResidualCapabilities
Repair and maintenance facilitiesschedules.
Urgent calls for maintenance personnel.
Movement of supporting resources.
Medical activity.
Unusual resupply and provisioning of anactivity.
Assignment of new units from otherareas.
Search and rescue activity.
Personnel orders.
Discussion of repair and maintenancerequirements in unsecure areas.
Termination or modification of procedures for reporting of unclassifiedmeteorological, oceanographic, or iceinformation.
8/3/2019 Joint Doctrine for Operations Security
39/79C-8
Appendix C
Joint Pub 3-54
Intentionally Blank
8/3/2019 Joint Doctrine for Operations Security
40/79
APPENDIX DOPERATIONS SECURITY MEASURES
D-1
The following OPSEC measures areoffered as a guide only. Development of
specific OPSEC measures is as varied as thespecific vulnerabilities they are designed tooffset.
a. Operational and Logistic Measures
Randomize the performance of functionsand operational missions. Avoidrepetitive or stereotyped tactics and
procedures for executing operations oractivities in terms of time, place, eventsequencing, formations, and C2arrangements.
Employ force dispositions and C2 controlarrangements that conceal the location,identity, and command relationships of major units.
Conduct support activities in a way thatwill not reveal intensification of preparations before initiating operations.
Transport supplies and personnel tocombat units in a way that conceals thelocation and identity of the combat units.
Operate aircraft at low altitude to avoidradar detection.
Operate to minimize the reflectivesurfaces that units or weapon systemspresent to radars and sonars.
Use darkness to mask deployments orforce generation.
Approach an objective out of the sunto prevent detection.
b. Technical Measures
Use radio communications emissioncontrol, low-probability-of-intercepttechniques and systems, traffic flowsecurity, padding, flashing light or flaghoist, ultra high frequency relay viaaircraft, burst transmission technologies,secure phones, landline, and couriers.Limit use of high frequency radios anddirectional super-high frequency
transponders.
Control radar emission, operate atreduced power, operate radars commonto many units, assign radar guard to unitsdetached from formations or to air earlywarning aircraft, and use anechoiccoatings.
Mask emissions or forces from radar orvisual detection by use of terrain (suchas mountains and islands).
Maintain sound silence or operate atreduced power, proceed at slow speeds,turn off selected equipment, and useanechoic coatings.
Use screen jamming, camouflage,smoke, background noise, added sourcesof heat or light, paint, or weather.
c. Administrative Measures
Avoid bulletin board, plan of the day, orplanning schedule notices that revealwhen events will occur.
Conceal budgetary transactions, supplyrequests and actions, and arrangements
8/3/2019 Joint Doctrine for Operations Security
41/79D-2
Appendix D
Joint Pub 3-54
for services that reveal preparations foractivity.
Conceal the issuance of orders, themovement of specially qualifiedpersonnel to units, and the installation of special capabilities.
Control trash and garbage dumping orother housekeeping functions to concealthe locations and identities of units.
Follow normal leave and liberty policiesto the maximum extent possible beforean operation starts in order to preserve asense of normalcy.
Ensure that personnel discretely preparefor their families welfare in their absenceand that their families are sensitized totheir potential abrupt departure.
d. Military Deception In Support of OPSEC
Military deception can be an effectiveOPSEC measure, provided that priorcoordination is accomplished whenactions will affect other commanders.Military deception can be used tofacilitate the following.
Cause adversary intelligence to fail totarget friendly activity; collect againsttargeted tests, operations, exercises, orother activities; or determine throughanalysis vital capabilities andcharacteristics of systems and vital
aspects of policies, procedures, doctrine,and tactics.
Create confusion about, or multipleinterpretations of, vital informationobtainable from open sources.
Cause a loss of interest by foreign andrandom observers in test, operation,exercise, or other activity.
Convey inaccurate locating andtargeting information to opposing forces.
In accordance with CJCSI 3211.01A,Joint Military Deception, commandersare authorized to conduct militarydeception:
To support OPSEC during thepreparation and execution phases of normal operations, provided that priorcoordination is accomplished for actionsthat will affect other commanders; and
When the commanders forces areengaged or are subject to imminentattack.
e. Physical Destruction and ElectronicWarfare. During hostilities, use physicaldestruction and electronic attack against theadversarys ability to collect and processinformation. C2W actions that can be usedin support of OPSEC includes strikes againstan adversarys satellites, SIGINT sites, radars,fixed sonar installations, reconnaissanceaircraft, and ships.
8/3/2019 Joint Doctrine for Operations Security
42/79
APPENDIX EPROCEDURES FOR OPSEC SURVEYS
E-1
1. General
a. The purpose of an OPSEC survey is tothoroughly examine an operation or activityto determine if adequate protection fromadversary intelligence exploitation exists.
b. Ideally, the operation or activity beingsurveyed will be using OPSEC measures toprotect its critical information. The OPSECsurvey is used as a check on how effective
the measures are. The survey will determineif the critical information identified during theOPSEC planning process is being protected.
c. A survey cannot be conducted until afteran operation or activity has at least identifiedits critical information. Without a basis of identified critical information, there can beno specific determination that actual OPSEC
vulnerabilities exist.
2. Uniqueness
a. Each OPSEC survey is unique. Surveysdiffer in the nature of the information requiringprotection, the adversary collection capability,and the environment of the activity to besurveyed.
b. In combat, a surveys emphasis must beon identifying operational indicators thatsignal friendly intentions, capabilities, and/orlimitations and that will permit the adversaryto counter friendly operations or reduce theireffectiveness.
c. In peacetime, surveys generally seek to
correct weaknesses that disclose informationuseful to potential adversaries in the event of future conflict. Many activities, such asoperational unit tests, practice alerts, andmajor exercises, are of great interest to a
potential adversary because they provideinsight into friendly readiness, plans, crisis
procedures, and C2 capabilities that enhancethat adversarys long-range planning.
3. OPSEC Surveys VersusSecurity Inspections
a. OPSEC surveys are different fromsecurity evaluations or inspections. A surveyattempts to produce an adversarys view of
the operation or activity being surveyed. Asecurity inspection seeks to determine if anorganization is in compliance with theappropriate security directives andregulations.
b. Surveys are always planned andconducted by the organization responsible forthe operation or activity that is to be surveyed.
Inspections may be conducted withoutwarning by outside organizations.
c. OPSEC surveys are not a check on theeffectiveness of an organizations securityprograms or its adherence to securitydirectives. In fact, survey teams will beseeking to determine if any security measuresare creating OPSEC indicators.
d. Surveys are not punitive inspections, andno grades or evaluations are awarded as aresult of them. Surveys are not designed toinspect individuals but are employed toevaluate operations and systems used toaccomplish missions.
e. To obtain accurate information, a survey
team must depend on positive cooperation andassistance from the organizations participatingin the operation or activity being surveyed.If team members must question individuals,observe activities, and otherwise gather data
8/3/2019 Joint Doctrine for Operations Security
43/79E-2
Appendix E
Joint Pub 3-54
during the course of the survey, they willinevitably appear as inspectors, unless thisnonpunitive objective is made clear.
f. Although reports are not provided to thesurveyed units higher headquarters, OPSECsurvey teams may forward to senior officialsthe lessons learned on a nonattribution basis.The senior officials responsible for theoperation or activity then decide to furtherdisseminate the surveys lessons learned.
4. Types of Surveys
There are two basic kinds of OPSECsurveys; command and formal.
a. A command survey is performed usingonly command personnel and concentrates onevents within the particular command.
b. A formal survey requires a survey teamcomposed of members from inside and outsidethe command and will normally crosscommand lines (after prior coordination) to
survey supporting and related operations andactivities. Formal surveys are initiated by aletter or message stating the subject of thesurvey, naming the team leader and members,and indicating when the survey will beconducted. Commands, activities, andlocations to be visited may also be listed, withthe notation that the team may visit additionallocations if required during the field portionof the survey.
c. Both types of surveys follow the samebasic sequence and procedures that areestablished in the annexes to this appendix.
5. Survey Execution
a. Careful prior planning, thorough datacollection, and thoughtful analysis of theresults are the key phases of an effectiveOPSEC survey.
b. The following annexes describe the threephases of an OPSEC survey.
8/3/2019 Joint Doctrine for Operations Security
44/79
ANNEX A TO APPENDIX EOPSEC SURVEY PLANNING PHASE
E-A-1
Preparations for an OPSEC survey mustbegin well in advance of the field survey
phase. The required lead time will depend onthe nature and complexity of the operationand activities to be surveyed (combatoperations, peacetime operational activity, orother type of operation). Sufficient time mustbe allotted in the planning phase for a thoroughreview of pertinent documentation, for formaland informal coordination and discussions,and for the careful preparation of functional
outlines. The following actions normallymake up the planning phase.
a. Determine the Scope of the Survey.The scope of the survey should be defined atthe start of the planning phase and be limitedto manageable proportions. Limitations willbe imposed by geography, time, units to beobserved, funding, and other practical matters.
b. Select Team Members
Regardless of the surveys external orinternal focus, the team should containmultidisciplined expertise. Survey teammembers should be selected for theiranalytical, observational, and problem-solving abilities.
Since surveys are normally oriented tooperations, the senior member should beselected from the operations (orequivalent) staff of the commanderresponsible for conducting the survey.
Typical team members would representthe functional areas of intelligence,
security, communications, logistics,plans, and administration. Whenappropriate, specialists from otherfunctional areas, such as transportationand public affairs, will participate.
When communications monitoring isplanned as part of the survey, the
monitoring groups leader should bedesignated as a member of the OPSECsurvey team. Team members must bebrought together early in the planningphase to ensure timely, thoroughaccomplishment of the tasks outlinedbelow.
c. Become Familiar with Survey
Procedures. Designating team members withsurvey experience is advantageous, but isoften not possible. In such cases, teammembers will require familiarization withsurvey procedures.
d. Determine the Adversary IntelligenceThreat. The adversary threat to the activitiesto be surveyed must be evaluated carefully
and realistically. An all-source threatassessment should comprehensively addressthe adversary intelligence capability, takinginto account not only the adversaryscollection capabilities (see Appendix B, TheIntelligence Threat) but also the adversarysability to exploit the collection results in atimely manner.
e. Understand the Operation or Activityto be Surveyed. The team membersthorough understanding of the operation oractivity to be surveyed is crucial to ensuringthe success of subsequent phases of the survey.Team members should become familiar withthe operation plans, orders, standard operatingprocedures, or other directives bearing on thesurveyed operation or activity. This initial
review familiarizes team members with themission and concept of operation andid