DOCSLIB.ORG

Doe Handbook Operations Security (Opsec)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Doe Handbook Operations Security (Opsec) DOE‐HDBK‐1233‐2019 June 2019 DOE HANDBOOK OPERATIONS SECURITY (OPSEC) U.S. Department of Energy AREA SANS Washington, DC 20585 DISTRIBUTION STATEMENT A: Approved for public release; distribution is unlimited. This page intentionally left blank. DOE-HDBK-1233-2019 FOREWORD The protection of classified information, projects, and missions is of paramount importance in fulfilling security responsibilities in connection with the Department of Energy (DOE). Operations Security (OPSEC) involves a process of determining unclassified or controlled critical information that may be an indicator or pathway to classified or sensitive activities requiring protection, whether for a limited or prolonged time. To ensure protection, employees should know and follow the applicable procedures and processes outlined in national and departmental policies. This handbook does not establish new requirements and any existing requirements are explicitly referenced from national policy or a DOE Order using the terms “must” or “shall.” It is not intended to replace DOE Order 471.6, Information Security, other departmental rules, or national directives. This handbook describes one way to fulfill requirements for OPSEC within DOE. Section 1 identifies the purpose, history and basic understanding of OPSEC. Section 2 describes the general OPSEC Program and the specific OPSEC Program Plan and its components. Section 3 discusses the OPSEC five-step process. It provides methods to identify critical information, the potential threat, vulnerabilities, and types of countermeasures that may be used. Section 4 describes the on-going activities that keep the critical information and related information and threats up to date. Trainings, briefing and awareness activities are provided. Appendix A is a copy of National Security Decision Directive 298, National Operations Security Program. Appendix B contains a sample OPSEC plan. Appendix C provides a sample OPSEC assessment report. Appendix D provides a sample threat statement. Appendix E contains a sample website review template. Appendix F provides the IOSS OPSEC program implementation tiers. In addition to the sample plans, reports and posters described above, additional resources and information may be found under Security Policy Guidance Documents on DOE Powerpedia at https://powerpedia.energy.gov/wiki/Office_of_Security_Policy. Samples may also be submitted for consideration and inclusion, as appropriate. Beneficial comments (recommendations, additions, and deletions), as well as any pertinent data that may be of use in improving this document, should be emailed to [email protected] or addressed to: Office of Security Policy (AU-51) Office of Environment, Health, Safety and Security (AU) U.S. Department of Energy 1000 Independence Avenue, SW Washington, DC 20585 i DOE-HDBK-1233-2019 TABLE OF CONTENTS FOREWORD .......................................................................................................................... i ACRONYMS ........................................................................................................................ vi 1.0 INTRODUCTION .......................................................................................................... 7 1.1 Purpose ............................................................................................................................... 7 1.2 Understanding OPSEC ....................................................................................................... 8 1.2.1 History ..................................................................................................................... 8 1.2.2 Current Application ................................................................................................. 8 2.0 ESTABLISH AN OPSEC PROGRAM ......................................................................... 9 2.1 OPSEC Program Plan......................................................................................................... 9 2.2 Identification of Roles and Responsibilities ..................................................................... 10 2.2.1 Site – Federal, Contractor, and Tenant Organizations .......................................... 10 2.3 Establish an OPSEC Working Group ............................................................................... 11 2.4 Coordination and Communication ................................................................................... 12 2.4.1 Office of Intelligence/Counterintelligence ............................................................ 12 2.4.2 Internal and External Organizations ...................................................................... 12 2.4.3 Foreign Visits and Assignments ............................................................................ 13 3.0 APPLY THE OPSEC FIVE-STEP PROCESS ............................................................ 14 3.1 Step 1 – Identification of Critical Information ................................................................. 15 3.1.1 Development and Prioritization of Critical Information List ................................ 15 3.1.2 Elements of Critical Information ........................................................................... 16 3.1.3 Indicators and Pathways ........................................................................................ 16 3.1.4 OPSEC Reviews .................................................................................................... 18 3.1.5 Public Release Review .......................................................................................... 18 3.2 Step 2 – Analysis of Threats ............................................................................................ 21 3.2.1 Intelligence Cycle .................................................................................................. 22 3.2.2 National Threats .................................................................................................... 24 3.2.3 Site-Specific Threats ............................................................................................. 26 3.2.4 Collection Techniques ........................................................................................... 27 3.3 Step 3 – Analysis of Vulnerabilities ................................................................................. 32 3.3.1 OPSEC Assessments ............................................................................................. 33 3.3.2 Phase 1 – Planning and Preparation ...................................................................... 36 3.3.3 Phase 2 – Team Orientation .................................................................................. 37 3.3.4 Phase 3 – Introductory Briefing ............................................................................ 37 3.3.5 Phase 4 – Field Data Collection ............................................................................ 37 3.3.6 Phase 5 – Data Analysis ........................................................................................ 47 iii DOE-HDBK-1233-2019 3.3.7 Phase 6 – Draft Report .......................................................................................... 47 3.3.8 Phase 7 – Exit Briefing .......................................................................................... 48 3.3.9 Phase 8 – Final Report .......................................................................................... 48 3.3.10 Phase 9 – Follow-on Tasks .................................................................................... 48 3.3.11 Summary ............................................................................................................... 48 3.4 Step 4 – Assessment of Risks ........................................................................................... 49 3.4.1 NSDD 298 ............................................................................................................. 49 3.4.2 Risk Determination ............................................................................................... 49 3.5 Step 5 - Application of Countermeasures......................................................................... 50 4.0 MAINTAIN THE PROGRAM .................................................................................... 52 4.1 Management Updates ....................................................................................................... 52 4.2 Recordkeeping .................................................................................................................. 53 4.3 Annual Review/Verification of Critical Information Lists .............................................. 53 4.4 OPSEC Awareness ........................................................................................................... 53 4.4.1 Briefings ................................................................................................................ 54 4.4.2 Learning Styles ...................................................................................................... 54 4.4.3 Activities ............................................................................................................... 55 4.4.4 Concerns ................................................................................................................ 55 4.4.5 Delivering the OPSEC Message............................................................................ 56 4.5 OPSEC Training ..............................................................................................................
Load more

Recommended publications
  • Operations Security (OPSEC)
    Army Regulation 530–1 Operations and Signal Security Operations Security (OPSEC) Distribution Restriction Statement. This publication contains technical or operational information that is for official Government agencies and their contractors. Requests from outside U.S. Government agencies for release of this publication under the Freedom of Information Act or the Foreign Military Sales Program must be made to HQDA (DAMO-ODL-CBT), 400 ARMY PENTAGON, WASHINGTON, DC 20310–0440. Destruction Notice. Destroy by any method that will prevent disclosure of contents or reconstruction of the document. Headquarters Department of the Army Washington, DC 27 September 2005 UNCLASSIFIED SUMMARY of CHANGE AR 530–1 Operations Security (OPSEC) This rapid action revision, dated 27 September 2005-- o Emphasizes OPSEC guidelines with which all Army personnel will comply. o Adds and removes responsibilities (chap 2). o Adds definition of OPSEC Compromise (glossary). o Redefines Sensitive Information throughout the publication. o Updates addresses and office symbols throughout the publication. o Corrects typographical errors throughout the publication. This revision-- o Implements Department of Defense Directive 5205.2, Operations Security Program policy and joint policy and doctrine in CJCS Instruction 3213.01. o Fully defines OPSEC as an element of Command and Control Warfare (C2W). o Outlines OPSEC application for on-site inspections under Intermediate-Range Nuclear Forces (INF), Strategic Arms Reduction Treaty (START), and Chemical Weapons Convention (CWC) agreements. o Requires battalion level and higher echelons to plan and implement OPSEC programs. Defines battalion level as an organization MTOE/TDA, headed by a lieutenant colonel or a civilian in the grade of GS-13 or higher.
    [Show full text]
  • Purple Dragon: the Origin and Development of the United States OPSEC Program, NSA Center for Cryptologic History, 1993
    Description of document: National Security Agency: Purple Dragon: The Origin and Development of the United States OPSEC Program, NSA Center for Cryptologic History, 1993 Requested date: 25-December-2007 Released date: 17-January-2008 Posted date: 06-February-2008 Date/date range of document: Viet Nam War era Source of document: NSA FOIA Requester Service Center: National Security Agency Attn: FOIA/PA Office (DJ4) 9800 Savage Road, Suite 6248 Ft. George G. Meade, MD 20755-6248 Telephone: (301) 688-6527 Fax: (443) 479-3612 Notes: Previously Released by NSA in Freedom of Information Act In Case #: 8481 The governmentattic.org web site (“the site”) is noncommercial and free to the public. The site and materials made available on the site, such as this file, are for reference only. The governmentattic.org web site and its principals have made every effort to make this information as complete and as accurate as possible, however, there may be mistakes and omissions, both typographical and in content. The governmentattic.org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused, or alleged to have been caused, directly or indirectly, by the information provided on the governmentattic.org web site or in this file. NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE FORT GEORGE G. MEADE, MARYLAND 20755-6000 MDR Case 54496 17 January 2008 This responds to your Mandatory Declassification Review (MDR) request of 25 December 2007, Purple Dragon: The Origin andDevelopment ofthe United States OPSEC Program. Centerfor Cryptologic History, 1993. The document that you have requested was recently reviewed and released under the Freedom of Information Act (FOIA) requirements.
    [Show full text]
  • Dissecting the Hack This Page Intentionally Left Blank Dissecting the Hack the F0rb1dd3n Network
    Dissecting the Hack This page intentionally left blank Dissecting the Hack The F0rb1dd3n Network Jayson E. Street Kent Nabors AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SYNGRESS SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO ® Syngress is an imprint of Elsevier Syngress is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Dissecting the Hack: The F0rb1dd3n Network © 2010 ELSEVIER Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our Web site: www.elsevier.com/ permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this fi eld are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such informa- tion or methods, they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
    [Show full text]
  • American Intelligence Journal, Volume 32, Number 2
    AMERICAN INTELLIGENCE JOURNAL THE MAGAZINE FOR INTELLIGENCE PROFESSIONALS Denial and Deception __NMIA__________________________ Vol. 32, No. 2, 2015 American THE MAGAZINE FOR INTELLIGENCE PROFESSIONALS Intelligence Journal Vol. 32, No. 2 2015 ISSN 0883-072X NMIA Board of Directors LTG (USA, Ret) James A. Williams, Chairman Col (USAF, Ret) Joseph Keefe, President Mr. Louis Andre, Director Mr. Terrance Ford, Director Col (USAF, Ret) William Arnold, Secretary Ms. Jane Flowers, Director Brig Gen (USAF, Ret) Scott Bethel, Director Col (USAFR, Ret) Michael Grebb, Treasurer Mr. Don Bolser, Director COL (USA, Ret) David Hale, Director CDR (USNR, Ret) Calland Carnes, Chapters Director Ms. Tracy Iseler, Director Col (USAF, Ret) John Clark, Director Ms. Stephanie Leung, Director Lt Gen (USAF, Ret) David Deptula, Director Brad Moss, Esq., Director LtCol James Eden, Director Capt (USNR) Rick Myllenbeck, Director COL (USA, Ret) Jim Edwards, Awards Director Ms. Marcy Steinke, Director Mr. Roland Fabia, Director COL (USA, Ret) Napolean Stewart, Director COL (USA, Ret) Michael Ferguson, Director CDR (USNR) Louis Tucker, Director COL (USA, Ret) Gerald York, Director Editor - COL (USA, Ret) William C. Spracher, Ed.D. Production Manager - Ms. Debra Hamby-Davis LTG (USA, Ret) Harry E. Soyster, Director Emeritus COL (USA, Ret) William Halpin, Director Emeritus LTG (USA, Ret) Patrick M. Hughes, Director Emeritus Dr. Forrest R. Frank, Director Emeritus RADM (USN, Ret) Rose LeVitre, Director Emeritus Mr. Antonio Delgado, Jr., Director Emeritus MG (USA, Ret) Barbara Fast, Director Emeritus The American Intelligence Journal (AIJ) is published by the National Military Intelligence Association (NMIA), a non-profit, non-political, professional association supporting American intelligence professionals and the U.S.
    [Show full text]
  • PURPLE DRAGON: the Origin and Development of the United States OPSEC Program
    TOP SECRET NO. 609 united states cryptologic history i /I ~'/ I PlTRPLE DRAGO~: The {)rigin and Development of the lTnited States OPSEC Program I HIS DOCOIVIEl'\l I COl'\l IAll'JS COO~VVO~EJ l't/l:tff'E~IAL r~e'f ~EL~A~A!;LE: 'fO fiO~E:IC!ll~ r~ATIOMALS Classified by: NSA/CSSM 123-2 Declassify On: Originating Agency's Determination Required CCH-E32-93-04 This monograph is a product of the National Security Agency history program. Its contents and conclusions are those of the author, based on original research, and do not necessarily represent the official views of the National Security Agency. Please address divergent opinion or additional detail to the Center for Cryptologic History (E324). Contents of this publication should not be reproduced or further disseminated outside the U.S. Intelligence Community without the permission of the Director, NSA. Inquiries about reproduction and dissemination should be directed to the Center for Cryptologic History, National Security Agency, Fort George G. Meade, MD 20755-6000, ATTN: E324. I OP SECRET tJM8ftA UNITED STATES CRYPTOLOGIC HISTORY Series VI The NSA Period Volume2 PURPLE DRAGON: The Origin and Development of the United States OPSEC Program (b) (3)-P.L. 86-36 -_ •'. " CENTER FOR CRYPTOLOGIC HISTORY NATIONAL SECURITY AGENCY 1993 NOT REbEhSABLE TO PO REIGH HATIO?L'tLS I OP SECRE I UMBRA TeP 5EERET l:JMBRA Table of Contents Page Foreword ...................................................................... v Acknowledgment . v11 Southeast Asia Map . ix Part I: Introduction . 1 Part II: The Beginnings ofOPSEC . 7 Part III: PC'RPLE DRAGON at War ...............................................
    [Show full text]