ETA: I kinda hope someone says something about opsec
OPSEC
(1) As defined in Department of Defense (DOD) OPSEC Program (Department of Defense Directive(DoDD) 5205.02E), OPSEC is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations, as well as other activities to:
(a) Identify those actions that can be observed by an adversary intelligence system.
(b) Determine indicators and vulnerabilities that adversary intelligence systems might be able to obtain. Data that could be interpreted or pieced together to derive critical information that over time could be useful to adversaries and represent an unacceptable risk.
(c) Select and execute countermeasures that eliminate or reduce risk to a level acceptable by the commander.
(2) OPSEC protects Sensitive and/or Critical Information (S/CI) from adversary observation and collection in ways that traditional security cannot. While programs such as Information Assurance (IA) protect classified information, they cannot prevent all indicators of critical information, especially unclassified indicators, from being revealed.
(3) In concise terms, the OPSEC process identifies the critical information of military plans, operations, and supporting activities, as well as the indicators that reveal it. Once identified, measures must eliminate, reduce, or conceal those indicators. During the process, a determination must be developed for when the information may cease to be critical in the lifespan of an organization’s specific operation.
b. Critical Information
(1) Critical information is defined as information important to the successful achievement of United States (U.S.) objectives and missions, which may be of use to an adversary of the U.S.
(2) Critical information consists of specific facts about friendly Capabilities, Activities, Limitations (includes vulnerabilities), and Intentions (CALI) needed by adversaries for them to plan and act effectively to degrade friendly mission accomplishment.
(3) Critical information is information vital to a mission. If an adversary obtains it, correctly analyzes it, and acts upon it, the compromise could prevent or seriously degrade mission success. The goal is to deny our adversaries access to any critical information.
(4) Critical information is primarily unclassified, but can be classified depending on the organization, activity, or mission. Critical information that is classified requires OPSEC measures for additional protection because unclassified indicators can reveal it. Critical information that is unclassified especially requires OPSEC measures because it is not protected by the requirements provided to classified information.
c. Critical Information List (CIL) Is a consolidated list of a unit or organization’s critical information. Every organization’s OPSEC Officer must create a CIL specific for their organization In Accordance With (IAW) Army Regulation (AR) OPSEC (AR 530-1).
d. Sensitive Information and Controlled Unclassified Information (CUI) requires protection from disclosure that could cause a compromise or constitute a threat to national security, an Army organization, activity, Family Member, Department of the Army (DA) Civilian, or DoD contractor. See DOD Manual 5200.01, Volume 4.
(2) For S/CI that has been compromised and is available in open sources, the public domain should not be highlighted or referenced publicly outside of intra-governmental or authorized official communications, because these actions provide further unnecessary exposure of the compromised information. Personnel should not respond to queries to deny or confirm the validity of sensitive information that has been compromised or released to the public. Notify your organization’s OPSEC officer and security manager of all OPSEC compromises.
