Chapter 1--The Concept of Operations Security
Why OPSEC ? 1.1
Air Force Operations Security 1.2
Complementing Activities 1.3
Competing Activities 1.4

Chapter 2--The Operations Security Process
Overview of the OPSEC Process 2.1
Identification of Critical Information 2.2
Threat Analysis 2.3
Vulnerability Analysis 2.4
Risk Assessment 2.5
OPSEC Measures 2.6

Chapter 3--Air Force Operations Security Program
Purpose 3.1
Training and Education 3.2
Funding 3.3
Policy and Evaluation. 3.4
Foreign Intelligence and Counterintelligence Support 3.5
Coordination 3.6

Chapter 4--Unit Operations Security Programs
____________________________________________________________________________________________________

Supersedes: AFR 55-30, August 4, 1988. Certified by: SAF/AAI (Col Edward A. Pardini)
OPR: HQ USAF/XOXT (Lt Col Richard F. Shroy) Pages 20/Distribution: F

Purpose and Composition 4.1
Operations Security Program Managers (PM) 4.2
OPSEC Planning 4.3
Writing Basic OPSEC Plans 4.4
Program Placement 4.7
Unit OPSEC Training. 4.8
Funding 4.9
Evaluations 4.10
Foreign Intelligence and Counterintelligence Support 4.11

Attachments
1. Terms and Definitions 12
2. Responsibilities and Authorities 14
3. Sources of OPSEC Indicators 16
4. Categories of Intelligence Collection 17
5. OPSEC Program Manager (PM) Training Requirements 18
6. Program Manager (PM) Duties 19
7. Annual OPSEC Reports Format. 20

1.2. Air Force Operations Security. Air Force OPSEC consists of three interlocking elements: the OPSEC concept, which is implemented by the OPSEC process, all of which is supported by an OPSEC program.
1.2.1. The OPSEC Concept. The OPSEC concept is to "maintain the element of surprise"--to control exploitable critical information so as to prevent giving away inadvertently or prematurely information we do not want the adversary to have. Commanders and those involved in the operation must realistically consider what capabilities the adversary has to collect and exploit critical information--either at the source or from an "indicator" of that information. By so doing, we can then set out to deliberately eliminate, reduce, or outright control vulnerabilities.
1.2.1.1. The ultimate objective of the OPSEC concept is to enhance operational effectiveness. The result allows the warfighter to pursue conflicts with lower risk, reducing casualties and generally resulting in more "bombs-on-target." In the acquisition community, it means not putting in years of research and development effort--only to field a compromised weapon system. Air Force organizations that fail to implement the OPSEC concept are far more likely to give away critical information prematurely and unintentionally--thus placing their entire mission in unfortunate and unnecessary jeopardy.
1.2.1.2. The OPSEC concept must be considered simultaneously with complementing and competing activities to obtain maximum effectiveness (see paragraph 1.3 and 1.4). Planners and decision makers should consider all the cards in their hand: operational objectives, strategies, deception, psychological operations, electronic combat, and traditional security measures as a single effort to control the perception, decisions and activities of an adversary.
1.2.2. The OPSEC Process. The OPSEC process is a methodology used to facilitate command decisions by arriving at and then recommending certain countermeasures as a way of denying mission critical information. It helps planners and decision makers identify current and future vulnerabilities and make conscious and deliberate decisions to control them. Such an effort is continuous and repetitive. Considerations are based on the unique circumstances and the expected conditions of each planned or on-going mission--conditions which change with time as the operation unfolds. Therefore, the effective use of OPSEC dictates the continuous reassessment of vulnerabilities as time passes and situations change. NOTE: The OPSEC process is used both in OPSEC planning (internally) and in OPSEC surveys (internally or externally conducted). Chapter two explains the OPSEC process in detail.
1.2.3. The OPSEC Program. The OPSEC program is the mechanism that orchestrates and promotes the OPSEC concept throughout a particular area of responsibility. Its primary purpose is to support the commander by ensuring that the command or organization actively practices OPSEC to deny critical information to adversaries. A collateral benefit is that it also promotes the understanding and awareness of OPSEC among all members of the command.
1.2.3.1. An OPSEC program consists of an OPSEC program manager (PM), plans, guidance, training, education, evaluations, and funding, as necessary. In addition, intelligence information must be provided by intelligence and counterintelligence organizations to support both the OPSEC process and the commander's ultimate OPSEC decision. Chapter three explains the OPSEC program in detail.

1.3. Complementing Activities. There are a host of other concepts, activities, procedures, disciplines, and systems that all complement the positive control of information. When they are considered with OPSEC measures, as alternative methods for controlling information, flexibility is added to operations. For instance, in the Command and Control Warfare (C2W) environment, there is a synergistic effect when OPSEC measures are planned in conjunction with deception, psychological operations, electronic combat, physical destruction, and the other traditional security programs.

1.4. Competing Activities. Air Force people must also consider factors that will inevitably compete with the idea of protecting information. Examples of potentially conflicting factors--factors that seem to directly compete with effective OPSEC--are: information releases to the media; foreign military sales; treaty provisions; business agreements; scientific information exchanges; Freedom of Information Act (FOIA) releases; deterrence strategies; military deception; psychological operations; normal operating procedures; and cost/benefit decisions. Each of these legitimate endeavors carries with it the potential to give away at least indicators of critical information. Therefore, commanders must identify and determine the extent to which information and observable indicators should be controlled in order to preserve the integrity of a mission or an objective.
1.4.1. Freedom of Information Act (FOIA) Releases. FOIA reviewers will ensure that indicators of critical information are not inadvertently released under the FOIA. Responsive information will be properly coordinated with all offices that have a release/denial authority or an otherwise genuine interest, prior to release. In all cases, consult the servicing legal office for specific guidance.
1.4.1.1. The (b) (2) exemption may be used to protect information whose disclosure would significantly risk circumvention of agency directives or statutes. This may include such things as classification guides and vulnerability assessments. The (b) (5) exemption may be used to protect critical self-evaluation reports or deliberative process material.
1.4.1.2. Reasonably accessible portions of responsive documents must be released.
1.4.2. Media Coverage. The release of critical information and OPSEC indicators through publication by the media could have a grave impact on military operations if adversaries access it in time to analyze it and then alter their plans in such a way as to counter or evade friendly forces. Critical information and OPSEC indicators must be controlled at the source. Commanders must educate Air Force people not to inadvertently release critical information and/or indicators of that critical information through the media. To do so could put American lives at risk.

____________________________________________________________________________________________________

• To identify (and continuously update) both critical information and indicators of that critical information.
• To analyze (with the assistance of intelligence and counterintelligence analysts) the threat to that critical information.
• To determine OPSEC vulnerabilities--critical information (or indicators of such) that are exploitable by adversarial collection agents.
• To analyze and assess (with the senior decision maker) what level of risk can be tolerated.
• For the senior decision maker to select and implement appropriate OPSEC measures that eliminate or reduce risk to an acceptable level.

2.3. Threat Analysis. OPSEC planners and com-manders must use current threat information to develop appropriate OPSEC measures. This information is available from authorized USAF and DoD intelligence and counterintelligence organizations. An OPSEC threat analysis includes identifying adversaries and their capabilities, limitations, and intentions to collect, analyze, and use critical information and OPSEC indicators against friendly forces. This analysis must be specific--tailored to the particular operation, test, project, geographic region, facility, etc. The various methods of intelligence collection are at Attachment 4. Each applicable category or method must be addressed on its own merit.
2.3.1. The Air Force Office of Special Investigations (AFOSI) produces counterintelligence studies and analyzes multidiscipline intelligence threats posed to US Air Force and DoD programs and resources by foreign intelligence services. See Attachment 1 for definitions of counterintelligence and multidiscipline counterintelligence (MDCI) threat assessment. Contact your servicing AFOSI detachment to request counterintelligence studies or MDCIs.
2.3.2. To request foreign intelligence threat information, start by calling the Air Force Information Warfare Center's Operations Support Central (AFIWC/OSC) at DSN 969-2191/2152 for 24-hour support. If they do not have the information you need, they will most likely be able to point you in the right direction.

2.4. Vulnerability Analysis. Vulnerabilities are weaknesses that make it relatively easy for an adversary to obtain and exploit critical information, either from the source of information itself, or from an indicator of that source. Consequently, vulnerabilities must be either outright denied or pro-actively controlled.
2.4.1. Two conditions must be present for an OPSEC vulnerability to exist: 1) There is a weakness that could reveal critical information, and 2) there is an adversary with both the intent and the capability to exploit that weakness (i.e., a threat). Once identified, these conditions can normally be controlled, thereby eliminating or reducing the OPSEC vulnerability. Remember: (Critical Information [or an Indicator] + Threat = an OPSEC Vulnerability).
2.4.2. At times, it may not be cost-effective or even possible to alter the source of an OPSEC indicator. In that instance, it may be prudent to take a pro-active approach by attempting to disrupt or confuse the adversary's ability to collect and/or properly interpret the information. Hence, OPSEC measures should also be considered as a means to control the adversary and their ultimate comprehension or use of the information when an OPSEC indicator or indicators cannot be modified.

2.5. Risk Assessment. Risk assessment involves an informed estimate of an adversary's capability to exploit a friendly weakness; the potential effects such exploitation will have on an operation (or activity, or weapon system); and a cost-benefit analysis of actions contemplated to counter the vulnerability. Risks are reduced or eliminated by employing OPSEC measures to control the availability of information to the adversary.
2.5.1. OPSEC PMs, in concert with other planners, and
with the assistance of intelligence and counterintelligence organizations, will accomplish risk assessments and provide recommendations to commanders (the senior decision makers). Commanders, who are ultimately responsible for mission success, must decide whether or not to employ OPSEC measures.
2.5.1.1. At the very heart of the OPSEC concept is risk management by commanders and senior decision makers. Recommended actions (OPSEC measures) must preserve the effectiveness of friendly military capabilities while controlling the adversarial exploitation of critical information to the maximum extent possible. Determining the delicate balance between OPSEC measures and operational needs is always the commander's decision. Commanders must decide whether organizational activities which yield OPSEC indicators jeopardize (risk) the attainment of friendly initiative, surprise, or superiority and, if so, to what degree? While acknowledging a well-briefed vulnerability, a commander may well decide to accept a certain amount of risk--by not taking any countermeasure action whatsoever.

2.6. OPSEC Measures. OPSEC measures are employed to counter or eliminate vulnerabilities that point to or divulge critical information. They help to deny critical information by controlling the raw data adversaries use to make decisions, thereby limiting their effectiveness and possibly even their credibility. OPSEC measures also enhance friendly capabilities by increasing the potential for surprise and effectiveness of friendly military forces and weapon systems.
2.6.1. Measures to control critical information and OPSEC indicators involve a full range of possibilities that is limited only by the user's imagination.
2.6.2. OPSEC measures that control critical information and OPSEC indicators must be developed as operations are planned to complement mission objectives and strategies. Individuals who are most familiar with the operation should develop and recommend OPSEC measures. However, OPSEC measures should be centrally supervised by an office of primary responsibility within the Plans and/or Operations structure to ensure their purpose is consistent with mission needs.
2.6.3. The Air Force and supporting organizations will develop and execute OPSEC measures that:

• Are consistent with operational mission needs.
• Deny (by controlling) critical information, OPSEC indicators, and the sources of such information to prevent degrading the effectiveness of friendly plans, forces, weapon systems, defense systems, and command and control.
• Degrade the effectiveness of enemy decisions, command and control, and weapon systems to limit the effectiveness of enemy forces.

3.2. Training and Education. The purpose of OPSEC training and education is to ensure Air Force people understand: 1) the very real and positive benefits of the OPSEC concept by, 2) understanding the effects of foreign intelligence collection on mission effectiveness and then, 3) what the Air Force does to control the full exploitation of critical information. The OPSEC program first provides all Air Force members with a general exposure to the logic behind the OPSEC concept as they enter the Air Force. When members reach their assigned location for duty, units must then provide them with mission specific and job related OPSEC training (IAW paragraph 4.8.1.).
3.2.1. Foreign Intelligence. The Air Intelligence Agency (AIA) is responsible for providing foreign intelligence threat information in support of the Air Force OPSEC program. Such data includes information relating to the capabilities, intentions, and activities of foreign powers, organizations, or persons, but not including counterintelligence (except for information on international terrorist activities).
3.2.2. Counterintelligence. AFOSI is the USAF agency responsible for counterintelligence and MDCI threat assessments. They produce studies, estimates, and analyses in support of the OPSEC program. Such data includes information relating to the capabilities, intentions, resources, doctrine, and collection methods of foreign intelligence services or international terrorist activities.
3.2.3. OPSEC Education is a continuing requirement and must be provided to personnel upon their initial entrance into military service (via Basic Military Training School, Reserve Officer Training Corps, Officer Training
School, the Air Force Academy, etc.) as well as to civilian employees, through Civilian Personnel channels, as they are brought into Federal Service. All personnel must understand that the actions of a single person can have a dramatic effect--either positive or negative--upon mission effectiveness. Education topics must include the OPSEC concept, (implemented by) the OPSEC process, (and supported by) the OPSEC program; the intelligence process, intelligence collection methods, and the implications of the almost ever-present foreign intelligence collection activity.
3.2.4. OPSEC Program Manager (PM) Training. Additionally, advanced job-specific training is required for those individuals who are either designated as OPSEC PMs, assigned to AFIWC in support of the Air Force OPSEC program, or who perform formal OPSEC surveys. Such OPSEC training must be current, recurring, and received within ninety days of initial assignment, if at all possible. The office of primary responsibility (OPR) for such training is AFIWC/OSW. OPSEC PM training requirements are listed at Attachment 5.

3.3. Funding. HQ USAF/XO will program for and fund the HQ USAF OPSEC Program billets and associated activities deemed necessary to orchestrate the Air Force OPSEC program.

3.4. Policy and Evaluation. HQ USAF/XOXT sets policy and evaluates the Air Force OPSEC Program based on direction and feedback from higher levels of government; annual OPSEC reports; Inspectors General reports; and OPSEC surveys performed by AFIWC.

3.5. Foreign Intelligence and Counterintelligence Support. Commanders require the most accurate and complete threat information available to properly implement the USAF OPSEC process. As such, no direction stipulated herein is meant to restrict a commander's access to any one source for threat information. In fact, commanders are encouraged to seek the most accurate and focused information available to augment their free-form OPSEC thinking. HQ USAF/IN and the AFOSI Investigative Operations Center (IOC) will plan and coordinate operational requirements and associated threat assessments with other DoD foreign intelligence and counterintelligence organizations to ensure the availability of current, timely, and accurate threat information for commanders and customers in the field.
3.6. Coordination. HQ USAF/XOXT coordinates OPSEC programs and activities across MAJCOM lines of authority and with organizations outside the Air Force. A direct working relationship also exists between HQ USAF/XOXT, HQ AIA/AFIWC, and the AFOSI IOC as indicated in Attachment 2 of this instruction.

____________________________________________________________________________________________________

4.2. Operations Security Program Managers. Full-time PMs will be assigned IAW paragraph 1.4.4, AFPD 10-11, 17 May 1993. All other units are encouraged to assign full time managers, as appropriate, depending upon their operational relationships. If OPSEC is assigned as an additional responsibility, it will either be combined with Tactical Deception or it will be the only additional duty assigned that person. To be effective, the PM must be cleared for access to TS-SCI information in order to properly "facilitate" the OPSEC planning process. In the acquisition environment, the OPSEC PM will work directly with program directors to ensure OPSEC principles are integrated and applied throughout the life-cycle of all programs.
4.2.1. OPSEC PMs are responsible for advising commanders (and/or program directors) on OPSEC-related matters, facilitating OPSEC imple-mentation, and managing the organization's OPSEC program.
4.2.2. OPSEC PMs must participate in and "facilitate" the conception phase of mission planning to help develop command guidance and to assist other planners in developing and integrating OPSEC "thinking" into their plans and programs.
4.2.3. OPSEC PMs must be familiar with higher echelon direction, goals, objectives, strategies, activities and the personnel who participate in those activities to understand what information is critical and how it applies to the organization's primary mission. The OPSEC PM can then be invaluable when helping to develop and recommend OPSEC measures that will have a realistic and positive effect on the outcome of the mission. Other duties of OPSEC PMs are listed in Attachment 6 of this Instruction.
4.2.4. OPSEC PMs will actively promote (market) and build advocacy for the OPSEC concept throughout their area of responsibility. Make OPSEC a positive "household word"! PMs need to develop strong marketing programs to include well-prepared briefings, posters, and other innovative methods to spark an interest and a discipleship that makes OPSEC second nature in the conduct of Air Force business.

4.3. OPSEC Planning. Effective implementation of the OPSEC concept requires deliberate planning. Such planning ensures that OPSEC is implemented in a pro-active manner and that it is integrated into all operations and support activities by design. Equally important, it also ensures that critical information, OPSEC indicators, and OPSEC measures are properly coordinated with all participating organizations.
4.3.1. All Air Force organizations conducting or supporting operational missions must develop OPSEC into their plans to ensure mission critical information, information sources, OPSEC indicators, foreign intelligence threat, and the adversary's use of information are understood and "controlled" according to the unique circumstances of each mission. OPSEC planning must focus on mission needs, provide guidance and coordination, and ensure information is consistently controlled across organizational lines. Once critical information is determined and coordinated, participating organizations can determine OPSEC indicators (of that critical information) and OPSEC measures, as necessary.
4.3.2. As organizational activities begin, they should be monitored and the OPSEC planning adjusted to changing mission needs as well as to the adversary's changing capabilities and intentions. During the acquisition process, operational planners must work directly with program personnel to determine critical information and the general requirements for controlling information.
4.3.3. Continuous OPSEC planning ensures flexibility
and continuous improvements during changing missions and threats. Cost-effectiveness and common sense dictates that we only protect critical information from an adversary for as long as it is critical to mission effectiveness.
4.3.4. OPSEC planning is the joint responsibility of the OPSEC PM (as the facilitator); other planners (as appropriate for the mission at hand); foreign intelligence and counterintelligence organizations; and commanders. In circumstances involving particularly complex operations, commanders may find it useful to create dedicated OPSEC planning groups.
4.3.5. OPSEC PMs must be thoroughly familiar with and supportive of the C2W concept. As required, they must work to integrate OPSEC with the other four activities that support the C2W Strategy, i.e., Military Deception, Psychological Operations (PSYOP), Electronic Warfare (EW), and physical destruction. Only then can the synergism be realized that results from the integrated employment of these five "pillars" of C2W. Build an active rapport with the other players on the C2W team.

4.4. Writing Basic OPSEC Plans. [NOTE: References to developing OPSEC Plans do not necessarily mean the creation of a separate, single OPSEC plan. For our purposes, the term "OPSEC Plan" can mean a separate plan, an annex to a larger plan, or simply the overall integration of OPSEC into and throughout a plan.] Basic OPSEC plans must be developed during the very conception of operations and acquisition planning and must include:
4.4.1. Direction for participating organizations to control critical information, OPSEC indicators, and the sources of such information to prevent its exploitation. NOTE: Specific sources of critical information (and any associated OPSEC indicators) may be different for each functional activity in an organization.
4.4.2. Critical information and OPSEC vulnerabilities applicable to mission at hand. Critical information must be identified during the conceptual phase of planning. OPSEC planners must consider adversarial objectives, the knowledge they need to effectively plan against friendly forces, and their capability to gain such information.
4.4.3. Direction to continuously monitor and review friendly activities for the express purpose of identifying changing parameters as the operation matures. Changes must be plugged back into the OPSEC equation and recommendations made to either modify existing OPSEC measures or create new ones.
4.4.4. Intelligence Threat Information. IAW paragraphs 2.3.1., 2.3.2., 3.2.1., and 3.2.2., Air Force foreign intelligence and counterintelligence organizations will provide this information and should include the following:

• Adversarial intelligence collection capabilities,
  

presence and intentions. These factors must be continually assessed throughout the duration of each operation.

• Essential Elements of Friendly Information (EEFI). When EEFI pertinent to the existing or planned situation are known, they will be listed.
• Probable adversary knowledge. OPSEC plan-ners must consider the knowledge an adversary already has about a situation (from general knowledge, open source information, or from what they will know when the plan is implemented) to determine OPSEC vulnerabilities. Specific OPSEC measures will then be planned to address additional information that is considered to be of intelligence value to an adversary. OPSEC surveys are an additional method of determining probable adversary knowledge.
  

4.5. Coordinating Basic OPSEC Plans. Basic OPSEC plans must be appropriately coordinated with supporting organizations to ensure critical information is consistently controlled across and throughout the infrastructure spectrum. Since exploitable information resides in numerous sources in most Air Force organizations and activities, OPSEC plans must be developed and implemented--or at the very least, complied with--by all functional areas. Many times, the sources of information are unique to the organization's function and may only be known to the individuals of that organization. Therefore, each organization must at least identify OPSEC indicators and then develop and execute OPSEC measures that eliminate or control the exploitation of information.
4.6. Planning Responsibilities of Supporting and
Subordinate Organizations. Subordinate and supporting organizations must develop their own OPSEC plans to support basic OPSEC plans--plans that focus on those mission needs that are defined in the basic guidance. In addition, supporting organizations must participate in the OPSEC measures required by the basic guidance.
4.6.1. OPSEC planning guidance must be developed by those most familiar with the operational aspects of a particular activity-at-hand and then shared with people who have a valid need-to-know.
4.6.2. Each organization will ensure the OPSEC concept and any known OPSEC measures are applied consistently--across the board--in all plans, activities, processes, and procedures that involve either critical information or indicators of that critical information.

4.7. Program Placement. OPSEC is an operations management program. Only the Plans and Operations element of an activity can achieve the timely, effective implementation of activities and procedures that cut across both functional and organizational lines. In order to ensure the operational orientation outlined in paragraph 4.1.2, the office of primary responsibility (OPR or Program Manager) for the OPSEC program will be located within the Plans and/or Operations element of an organization.
4.7.1. Management of the OPSEC program requires a thorough understanding of operations objectives, activities, the planning of those activities, and the relationships that exist with respect to other activities. Only the function responsible for plans and operations can alter the value of information; only that function can decide whether to implement the more pro-active OPSEC measures such as force, deception, psychological operations, and electronic combat as a means of denying critical information to an adversary; only that function can positively ensure the complete and effective implementation of OPSEC measures. By the time other functional areas become aware of the need for OPSEC measures, it is most often too late.

4.8. Unit OPSEC Training. The purpose of unit (recurring) OPSEC training is to ensure all Air Force personnel understand the foreign intelligence threat as it relates to their mission; critical information for the missions they support; job specific OPSEC indicators; and the OPSEC measures they will execute. Training must be designed to support mission objectives. Consider whether local foreign nationals should be given any OPSEC training, education or awareness information, and if so, to what degree.
4.8.1. OPSEC training must be mission-related, tailored to an individuals' duties and responsibilities, and continue throughout their careers. Such training will be developed and presented to newly assigned personnel within 90 days after arrival for duty. As a minimum, it must include:

• Duty related mission critical information and OPSEC indicators.
• Foreign intelligence threat to missions supported and conducted.
• Individual responsibilities.
  

4.9. Funding. OPSEC is a low-cost/high-output concept which draws more on re-thinking a situation than it does requiring an additional outlay of funds or a new funding stream. Most OPSEC measures are the result of relatively simple modifications to existing plans and operations. All MAJCOMs, laboratories, product and logistics centers, and test ranges will program for and fund OPSEC billets according to paragraph 1.4.4. of AFPD 10-11. AIA/AFIWC will fund for and provide training aids and materials for use by OPSEC PMs throughout the growing OPSEC infrastructure.

4.10. Evaluations. There are several methods used to evaluate OPSEC programs and the effectiveness of OPSEC measures:

• OPSEC Surveys
• Telecommunications Monitoring
• OPSEC Appraisals
• OPSEC Status Reports
• Inspector General Evaluations
  

4.10.1.3 The are two (2) ways to do an OPSEC survey:

• The Air Force Information Warfare Center (AFIWC) is responsible for conducting professional-level OPSEC surveys with an in-depth, multi-disciplined approach. HQ USAF, MAJCOMs, and Unit commanders (through appropriate channels) may request OPSEC surveys either directly to AFIWC/OSW or through HQ USAF/XOXT. NOTE: The resources and time required to perform an in-depth OPSEC survey of this caliber severely limits the number of potential surveys during any one given year. If necessary, HQ USAF/XOXT will prioritize OPSEC surveys based upon operational needs.
• Commanders are also encouraged to build their own ad hoc OPSEC survey team(s) from within available resources--facilitated by the OPSEC PM--to effect, on an as needed basis, a low-cost, in-house survey. An alternative benefit to be gained here is the expansion of local awareness by intimately exposing key personnel to the benefits of the OPSEC concept.
  

4.11. Foreign Intelligence and Counterintelligence Support. Foreign intelligence and counterintelligence organizations must ensure they provide all Air Force units and supporting organizations with current and mission specific intelligence threat information. Commanders and PMs will constantly maintain an effective rapport and an open dialogue with their servicing AFOSI detachment to ensure productive access to threat information as needed.

LARRY L. HENRY, Maj Gen, USAF

Acting DCS Plans and Operations

Closed Information Systems. A group of interacting or interdependent procedures and devices acting together to provide information to its users and totally prohibit access to outsiders. It provides its users strict secrecy, prevents information compromise and completely protects the integrity and availability of the information within the system. Examples are secure telephone systems, isolated computer stations, and activities within a building that cannot be detected or observed from the outside.

Critical Information. Specific facts about friendly intentions, capabilities, limitations, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment.

Command and Control Warfare (C2W). The integrated use of Operations Security (OPSEC), Military Deception, Psychological Operations (PSYOP), Electronic Warfare (EW), and Physical Destruction, mutually supported by intelligence, to deny information to, influence, degrade or destroy adversary C2 capabilities against such actions. Command and Control Warfare applies across the operational continuum and all levels of conflict. Also called C2W.

Counterintelligence. Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or international terrorist activities, but not including personnel, physical, document, or communications security programs. (Executive Order 12333)

Essential Elements of Friendly Information (EEFI). Key questions likely to be asked by adversary elements about specific friendly intentions, capabilities, and activities, so as to obtain answers critical to their own operational effectiveness. (Joint Pub 1-02) (Valid answers to EEFI normally constitute classified information.)

Exploitation. 1. Taking full advantage of success in battle and following up initial gains. 2. Taking full advantage of any information that has come to hand for tactical or strategic purposes. 3. An offensive operation that usually follows a successful attack and is designed to disorganize the enemy in depth. (Joint Pub 1-02)

Foreign Intelligence. Information relating to the capabilities, intentions, and activities of foreign powers, organizations, or persons, but not including counterintelligence (except for information on international terrorist activities).

Intelligence System. Any formal or informal system to manage data gathering, to obtain and process the data, to interpret the data, and to provide reasoned judgments to decision makers as a basis for action. The term is not limited to intelligence organizations or services but includes any system, in all its parts, that accomplishes the listed tasks. (Joint Pub 1-02)

Intention. An aim or design (as distinct from capability) to execute a specified course of action.
(Joint Pub 1-02)

Military Deception. Actions executed to mislead foreign decision makers, causing them to derive and accept desired appreciations of military capabilities, intentions, operations, or other activities that evoke foreign actions that contribute to the originator's objectives. There are three categories of military deception: strategic, tactical, and Department/Service (see Joint Pub 1-02).

Multidiscipline Counterintelligence Threat Assessment (MDCI). All-source (HUMINT, SIGINT, and IMINT) analysis of threats to a specific activity, location, operation, project, weapons or other system, deployment, or exercise.

Open Information Systems. Any information system or activity which may be accessed or observed by personnel outside of the system and provides information by open sources or OPSEC indicators. Open information systems use open source information or provide OPSEC indicators that may be observed by adversaries. Open information systems may also be influenced, jammed, interrupted, or exploited by adversaries and adversarial weapon systems. Examples are non-secure telephone systems, computer systems connected to outside lines, and non-secure radio systems.

OPSEC Appraisal. An internal evaluation or assessment of the OPSEC program, usually by the OPSEC PM, to determine the vitality and credibility of his own program. For example: Are the components of the program in place?; have critical information and OPSEC indicators been identified and coordinated?; are necessary personnel apprised of intelligence collection methods?; etc.

OPSEC Indicator. Friendly detectable actions and open-source information that can be interpreted or pieced together by an adversary to derive critical information. (Joint Pub 1-02)

OPSEC Measures. Methods and means to reduce or eliminate OPSEC vulnerabilities by controlling both critical information and the OPSEC indicators of that critical information. The following categories apply:

Action Control. Methods to eliminate or prevent detection of OPSEC indicators. Examples are: adjusting schedules and activities and delaying information releases. First, plan activities necessary to conduct and support an operation; then, control the conduct (timing, place, etc.) of those activities to eliminate or substantially reduce OPSEC indicators.

Countermeasures. Methods to disrupt adversary information gathering sensors and data links, or preventing an adversary from obtaining, detecting or recognizing OPSEC indicators. Examples are jamming, interference, diversions and force. The objective is to disrupt effective adversary information gathering, processing, analysis, and distribution. Use units, system designs, and procedures to create diversions, camouflage, concealment, jamming, threats, police powers, and force against adversary information gathering, processing, and distribution capabilities.

Counteranalysis. Methods to affect the observation and/or interpretation of adversary intelligence analysts. Examples are military deceptions and covers. The objective is to prevent accurate interpretations of OPSEC indicators during adversary data analysis. This is done by confusing the adversary analyst through deception techniques.

Protective Measures. Methods to create closed information systems to prevent adversaries from gaining access to information and resources. Examples include cryptologic systems and standardized security procedures.

OPSEC Survey. The formal evaluation of a function, operation, activity, facility, project, or program designed to identify OPSEC vulnerabilities and provide recommendations to reduce or eliminate them. OPSEC surveys are characterized by the establishment of a dedicated survey team; use of the OPSEC process; the analysis of all sources of information; the use of a multi-discipline approach and an adversarial viewpoint to assess the effectiveness of OPSEC measures; and the preparation of a formal report.

OPSEC Vulnerability. A condition in which friendly actions provide OPSEC indicators that may be obtained and accurately evaluated by an adversary in time to provide a basis for effective adversary decision making. (Joint Pub 1-02)

Psychological Operations (PSYOP). Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the originator's objectives. (Joint Pub 1-02)

Vulnerability. 1. The susceptibility of a nation or military force to any action by any means through which its war potential or combat effectiveness may be reduced or its will to fight diminished. 2. The characteristics of a system which cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (manmade) hostile environment. (Joint Pub 1-02)

Weapon System. A combination of one or more weapons with all related equipment, materials, services, personnel and means of delivery and deployment (if applicable) required for self-sufficiency. (Joint Pub 1-02)

• Integrate the OPSEC concept into their mission plans and activities.
• Ensure every person under their command understands the OPSEC concept as the way in which we conduct Air Force business; the mission critical information they need to know; the job related OPSEC indicators of that information; and the OPSEC measures employed or contemplated to neutralize any OPSEC vulnerabilities.
• Ensure OPSEC measures are appropriately developed and executed to reinforce the combat effectiveness of units, defense systems and weapon systems.
• Centrally manage OPSEC guidance concerning critical information to ensure consistency throughout each organization and across organizational lines.

• Develop OPSEC doctrine, policies, plans, and procedures consistent with joint and DoD OPSEC guidance.
• Designate an overall Air Force OPSEC Program Manager.
• Provide for joint OPSEC related training.
• Provide joint OPSEC lessons learned to the J-3 and J-7, Joint Staff, for inclusion in the joint OPSEC lessons learned data base.
• Provide to J-3, Joint Staff, Attn: J-33/STOD/TSB, copies of all current Service OPSEC program directives and/or policy implementation documents.
• Support the National and DoD OPSEC programs as necessary.
• Provide management, annual review and evaluation of the Air Force OPSEC Program.
• Recommend to the Deputy Under Secretary of Defense (Policy) for Policy Support changes to policies, procedures and practices of the DoD OPSEC Program.
• Utilize OPSEC training, advice, and service provided by the National Security Agency (NSA) and the InterAgency OPSEC Support Staff (IOSS) when appropriate.
  

A2.3. Air Force Major Command (MAJCOM), Field Operating Agency, (FOA), and Direct Reporting Unit (DRU) Responsibilities. MAJCOMs, FOAs, and DRUs will develop effective OPSEC programs that meet the specific needs of their assigned missions and accomplish the following:

• Provide coordination across organizational boundaries as necessary (both vertically and horizontally) to ensure critical information and OPSEC indicators are consistently controlled and that OPSEC measures are effectively implemented and/or adhered to.
• Designate a program manager and an office of primary responsibility IAW AFPD 10-11, paragraph 1.4.4., 17 May 1993. The decision to assign a full-time OPSEC program manager at FOAs and DRUs rests with the commander based upon the specific needs of the assigned mission.
• Ensure mission critical information is identified for each operation, activity, and exercise whether it be planned, conducted or supported.
• Develop OPSEC requirements for new weapon and/or defense systems in the acquisition cycle, list such requirements in statements of need, and participate in milestone reviews to ensure such requirements are satisfied.
• Develop and cultivate the relationships necessary to ensure intelligence and counterintelligence support requirements for OPSEC programs.
• Provide guidance to subordinate units for controlling critical information and OPSEC indicators and ensure subordinate commands plan and exercise mission specific OPSEC measures.
• MAJCOM PMs will ensure OPSEC training of program managers (both full and part-time) at bases, laboratories, product and logistic centers, test ranges, and MRTFBs on a recurring basis.
• Ensure job oriented and mission specific OPSEC training is provided to all personnel on a recurring basis, as often as necessary, but not less than at one year intervals.
• MAJCOMs PMs will conduct annual OPSEC appraisals to assess their OPSEC programs and provide reports to AFIWC/OSW IAW paragraph 4.10.3.

• Assign at least one commissioned officer (or civilian grade equivalent) to function as a full-time OPSEC PM. The PM must be assigned to either the operations or plans element of the organizational structure. In the acquisition environment, the OPSEC program manager will work directly with the acquisition program director to ensure OPSEC principles are integrated and applied throughout the life-cycle of all programs.

• the capability to accomplish thorough, professional level, multi-disciplined OPSEC surveys.
• OPSEC training aids and materials to support both an active marketing plan and a MAJCOM training program to be presented by OPSEC PMs in the field.
• a recurring, in-depth training course for OPSEC PMs and other personnel who perform OPSEC surveys.
  

A2.6. Air Force Office of Special Investigations (AFOSI) Responsibilities. AFOSI will support OPSEC PMs and commanders with OPSEC survey support, planning and training assistance, and a complete range of studies, reports, and analytical products. OSI Detachment commanders will assist their local commanders with access, as necessary, to threat information from sources outside the Air Force.

A2.7. Air Education and Training Command (AETC) Responsibilities. Air Education and Training Command (AETC) will provide for a basic, but thorough, introduction of OPSEC to all new (military) Air Force members. The block of training must include:

• the purpose and value of the OPSEC concept;
• an overview of the process, and
• an introduction to the application of OPSEC measures.
  

A3.1 Operations Indicators

• Stereotyped activities such as schedules, test preparations, range closures
• Visits of VIPs associated with a particular activity or technology
• Abrupt changes or cancellations of schedules
• Specialized equipment
• Specialized training
• Increased telephone calls, conferences, and longer working hours (including weekends)
• Rehearsals of operations
• Unusual or increased trips and conferences by senior officials

• Specialized and unique communications equipment
• Power sources
• Increases and decreases in communications traffic
• Call signs
• Transmitter locations

• Military orders
• Distinctive emblems, logos, and other markings on personnel, equipment, and supplies
• Transportation arrangements
• Schedules, orders, flight plans, and duty rosters
• Leave cancellations

• Unique sized and shaped boxes, tanks, and other containers
• Pre-positioned equipment
• Technical representatives
• Maintenance activity
• Unique or special commercial services
• Deviations of normal procedures
• Physical security arrangements
  

• PHOTINT Photographic Intelligence

• COMINT Communications Intelligence
• ELINT Electronic Intelligence
• FISINT Foreign Instrumentation Signals Intelligence

A4.4 MASINT Measurement and Signature Intelligence

• ACINT Acoustical Intelligence
• OPINT Optical Intelligence
• IRINT Infra-Red Intelligence
• LASINT Laser Intelligence
• NUCINT Nuclear Intelligence
• RINT Radiation Intelligence
• RADINT Radar Intelligence

• LITINT Literature Intelligence

• The OPSEC process
• The principles of intelligence
• The intelligence process
• OPSEC Program Implementation
• Application of the OPSEC Concept
• National Military Objectives
  

• HUMINT
• IMINT
• SIGINT
• MASINT
• OSINT
  

• Action Control Measures
• Countermeasures
• Counteranalysis
• Protective Measures
  

• COMSEC
• COMPUSEC
• TEMPEST
• Information Security
• Industrial Security
  

• Indicators (Detectable Activities)
  

• Written information
• Information releases
  

• Electronic Sources
• Closed Information Systems
  

• C2W Strategy
• Information Warfare
  

• Facilitating the acceptance and implementation of OPSEC throughout their organization
• Integrating the OPSEC concept into organizational plans and activities
• Advising commanders and other primary decision makers on OPSEC matters
• Coordinating on (and facilitating the development of ) OPSEC plans and measures for operations, activities, and exercises
• Integrating OPSEC requirements into C2W and information warfare strategies
• Developing, maintaining and marketing the organization's OPSEC program
• Ensuring all personnel receive appropriate OPSEC training
• Conducting annual OPSEC appraisals (as directed)
• Preparing the organization's annual OPSEC report (as directed)
• Providing OPSEC program requirements for intelligence and counterintelligence support
• Coordinating OPSEC requirements with public affairs officers
• Coordinating with activities which complement the OPSEC concept
• Ensuring mission critical information is identified and controlled
• Assisting in determining operational requirements for security and guidelines for the release of information
• Determining guidelines for controlling mission critical information and sensitive activities
• Coordinating and facilitating OPSEC surveys
• Maintaining an effective rapport with foreign intelligence and counterintelligence agencies

• Unit name and office of primary responsibility
• Name and grade of the OPSEC PM
• Mailing address
• Message address
• Telephone numbers (Secure, clear, and telefax)

A7.3 Problem areas in unit plans, operations, training, exercises, funding, intelligence support,
and counterintelligence support to the OPSEC program

A7.4 Nominations for national OPSEC awards for each of the following categories:

• Individual Achievement Award
• Organizational Achievement Award