111

Question 1

111.1 Define OPSEC.

Answer 1

• A process of identifying critical pieces of information that could be grouped together to create an aggregate picture of operations for enemy interpretation, and then performing specific action ‘countermeasures’ that eliminate or reduce the ability of adversaries to gather these critical pieces of information. It identifies, controls, protects this CI in order to deny an enemy the ability to compromise/interrupt a mission/ operation/ activity.

Question 2

111.2 Discuss the five step planning process.

Answer 2

1. Identify ‘Critical Information’ (CI) - info about allied or coalition forces activities, intentions, capabilities or limitations an adversary may seek to gain a military, political, diplomatic, economic, or technological advantage.
2. Threat Assessment - identify potential adversaries & their associated capabilities, limitations, and intentions to collect, analyze, & use knowledge of our CI.
3. Vulnerability Analysis – Identify operational or mission vulnerabilities that can reveal CI.
4. Risk Assessment – estimate an adversary’s capability to exploit a vulnerability, the potential effects it would have on operations to include cost to benefit analysis.
5. Apply Measures/Counter measures – these are to mitigate or remove the vulnerability that could divulge CI.

Question 3

111.3 Discuss the responsibilities of the command OPSEC Officer.

Answer 3

• OPSEC Officers and planners ensure all participants in the command are aware of relevant Critical Information (CI) and coordinate timely and capable solutions for the commander regarding processes for implementation that best protect OPSEC.

Question 4

111.4 Describe the OPSEC considerations regarding public affairs.

Answer 4

• To the maximum extent possible, the PAO and OPSEC Officer should coordinate the release of data relative to the mission or to impending potentially sensitive activity, so as to minimize any threat to OPSEC. To do this they must examine all the information prepared for release against CI and balance the legitimate information requirements of DoD and civilian audiences against the intelligence desires of the enemy. The CO ultimately has responsibility for the traditional security and OPSEC of the command.

Question 5

111.5 Define WRA.

Answer 5

• Web Risk Assessment. The application of the OPSEC 5-step planning process is critical to security when placing information on the web. OPSEC Officers should review their command web site through the eyes of the adversary, scrubbing for CI.

Question 6

111.6 Define the following terms: EEFI; Critical information

Answer 6

a. EEFI - Essential Elements of Friendly Information. It is anything that answers the questions of an enemy intelligence gatherer. It seeks to know about: your systems, support, deployments, force protection, and mission(s).
b. Critical Information - info about allied or coalition forces activities, intentions, capabilities or limitations an adversary may seek to gain a military, political, diplomatic, economic, or technological advantage.

Question 7

111.7 Describe the components and functions of the command OPSEC Program.

Answer 7

• Each command will have an OPSEC Officer designated in writing. This person will develop and maintain a continuity folder, instructions and supporting documents. The CO will actively advocate, support, and implement OPSEC policy, provisions, and programs. The OPSEC Officer will run the OPSEC program by reviewing plans, OPORDs, and exercise scenarios. This person will maintain current and potential adversary threat assessments, understand the relationships operations have with COMSEC, COMPUSEC, physical security, and INFOSEC. This person will also liaison with higher authority, develop training, tactics, and procedures, and ensure the command is trained on them.

Question 8

111.8 Describe how the OPSEC and Public Affairs programs interact.

Answer 8

• To the maximum extent possible, the PAO and OPSEC Officer should coordinate the release of data relative to the mission or to impending potentially sensitive activity, so as to minimize any threat to OPSEC. To do this they must examine all the information prepared for release against CI and balance the legitimate information requirements of DoD and civilian audiences against the intelligence desires of the enemy. The CO ultimately has responsibility for the traditional security and OPSEC of the command.

Question 9

111.9 Describe the role of the Ombudsman in a command OPSEC program.

Answer 9

• From the NTTP 3-54 (Operations Security) handbook, it is recognized that command OMBUDSMAN deal with the distribution of unclassified information to persons via the internet, and that through data aggregation it could potentially lead to EEFI / CI disclosure / OPSEC violations. To this end the OMBUDSMAN must be brought into the loop with the CO, OPSEC Officer, and PAO. The person must become intimately familiar with OPSEC and its risks. Once trained they must further become an advocate for maintaining OPSEC to the families of military personnel.

Question 10

111.10 Identify the role of NCIS in OPSEC, and resources available to commands.

Answer 10

• The Naval Criminal Investigative Service has several roles it fills that support anti-terrorism and force protection. They provide investigations, collection, operations, analysis, law enforcement, and physical security to inform and advise Navy and Marine Corps commanders concerning threats and vulnerabilities at permanent / transient locations and transit chokepoints.