Marine Corps Air Ground Combat Center Twentynine Palms, Calif. --
The emergence of the Internet and social media as the new information highways has made finding facts easier and faster than ever.
Google “operational security” and you’ll find pages of official and unofficial references, tips for bloggers and people’s opinions on what exactly counts as a violation.
What you won’t find is an official, in-black-and-white, Department of Defense list of absolute do’s and don’ts. It’s simply guidance, and it implies using common sense.
So how do we identify OPSEC violations? If it all boils down to common sense, who can make that final decision? And who can decide what information is releasable to the public? With all the risks, why do we need to release any information to the public?
Why release any information at all to the public?
That’s a simple answer. The accepted public affairs philosophy is “maximum disclosure, minimum delay.”
“It is Department of Defense policy to make available timely and accurate information so that the public, the Congress and the news media may assess and understand the facts about national security and defense strategy,” as stated in the Principles of Information, which is an enclosure within DOD Directive 5122.5. This directive outlines the responsibilities of the Assistant Secretary of Defense for Public Affairs.
Those who share information about the military or military personnel and their families have to balance the public’s right to know with protecting mission accomplishment, personal safety and an individual’s right to privacy.
What is an OPSEC violation?
Operational security is compromised when the enemy knows more than we want it to. To keep this from happening, everyone is responsible for making sure critical information is not leaked. Critical information is “information an adversary seeks in order to gain a military, political, diplomatic, economic or technological advantage,” according to DOD Manual 5205.02-M, which outlines the DOD Operational Security Program.
What is critical information?
There is no one answer. Critical information varies by organization and unit, depending on their roles within the DOD. It is up to the commanders who plan and execute a unit’s mission to determine what information is critical. The best way to decide what may be critical is to think like the enemy.
What are some of the questions an adversary might ask?What sort of information would impact the organization’s success or contribute to the likelihood of an enemy meeting their goal? What kind of information should I never release?
Although what is critical changes mission-by-mission, here are a few examples of things that are always better left unsaid.
Operations: Exact flight information of movements in and out of country or planned attacks. Details on troop size and capabilities. Details on “best practices” and “lessons learned” for a specific type of mission. Why? Losing that element of surprise can lead to significant casualties.
Equipment: Details on new weapons systems still in developmental phases. Details on new force protection equipment being sent to help protect troops, like new armor. Why? The enemy can change tactics or modify their own weaponry to render our new equipment useless.
Personal information: Social security numbers, home addresses, email addresses, birthdays, phone numbers, driver’s license numbers. Posting this about others violates the Privacy Act of 1974. Why? This type of information can be used to commit identity theft.
Never release documentation labeled “Classified,” “Controlled Unclassified Information,” “Sensitive But Unclassified,” “For Official Use Only,” “Law Enforcement Sensitive,” “Sensitive Homeland Security Information,” “Security Sensitive Information” or “Critical Infrastructure Information.” Other things not approved for public release are inter-office memos, troop rosters, e-mails, meeting notes, message traffic, white papers, public affairs guidance, pre-decisional materials, investigatory information and proprietary information.
Who has the final say on what is publically releasable information?
Information released needs to be first cleared to determine it is “consistent with established national, Department of Defense and Department of Navy policies and programs,” according to Marine Corps Order 5230.18, the Clearance of DOD Information for Public Release.
Release authority for each base or unit belongs to the organization’s public affairs officer. When in doubt about a certain piece of information, contact your base’s public affairs office, unit operations officer, security manager, intelligence officer or foreign disclosure officer for some expert advice.