OPSEC history: from ancient origins to modern challenges

  • Published
  • By DCMA Information Security Team

The National Operations Security Program office and the Under Secretary of Defense for Intelligence and Security designated January “National Operations Security Awareness Month,” to highlight the program’s vital national security role.

“The OPSEC program is an integral element to the protection of our nation’s information and people,” said Tony Lowery, DCMA Information Security and OPSEC program manager. “This national-level program is being reenergized at the highest levels of government to stem the massive amounts of information from all facets being collected by our adversaries.”

The concept of OPSEC as an element of conflict maintains a long history:

  • Fifth century Chinese General Sun Tzu wrote about the importance of achieving the element of surprise on the battlefield.
  • General George Washington recognized the importance of small details when trying determine the enemy’s intentions and capabilities during America’s War of Independence. He told his spies not to overlook or dismiss such information.
  • During World War II and the Korean War there were concentrated, national efforts to prevent the spread of sensitive information.
  • In the Vietnam War, the U.S. military lost several aircraft during operations Rolling Thunder and Arc Light because the enemy seemed aware of combat operations in advance and were prepared to counter.

In response to the apparent compromise of mission-related information contributing to the loss of aircraft in Vietnam, the Joint Chiefs of Staff authorized Operation Purple Dragon from 1966-1967 to analyze the phenomenon. The results showed the enemy received sensitive information from different mediums throughout the operation’s planning, preparation and execution.

Soon after, OPSEC was formally implemented and military leaders were tasked to identify information potentially important to the enemy, to determine how it was collected, and to implement measures to prevent information loss. These methods proved so effective in improving combat operations the Joint Chiefs insured its universal implementation.

In 1988, President Ronald Reagan recognized the success and importance of OPSEC beyond the military community and made OPSEC a government-wide requirement. National Security Decision Directive 298, signed into effect by Reagan, tasked departments and agencies with a national security mission to implement the initiative.

In January 2021, the White House released National Security Presidential Memorandum-28, known as NSPM-28, superseding the Reagan-era directive. This new effort aims to reenergize OPSEC understanding and convey, throughout the executive branch, its national-level importance within today’s threat environment. With NSPM-28’s implementation, the National Operations Security Program office was established within the National Counterintelligence and Security Center under the Office of the Director of National Intelligence.

This action moved national responsibility for OPSEC from the Department of Defense to the federal level and requires all executive branch departments and agencies to implement an OPSEC program.

The program is designed to deny adversaries the ability to collect, analyze and exploit information that might provide an advantage against the United States. It prevents inadvertent compromise of critical information through a process of continual assessment that identifies and analyzes critical information, vulnerabilities, risks, and external threats.

“OPSEC is intended to operate throughout all areas of our lives, both professional and personal,” said Lowery. “Regardless if it is related to contract pricing, a DOD customer’s essential products to continue operations, or the personal information belonging to ourselves or our coworkers.”

Lowery said George Washington’s quote about embracing minor details when gathering intelligence remains relevant after more than 240 years: “Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion.”

“We may think the information we are privy to is not important … but, we can be very wrong if the information is collected by our adversaries,” said Lowery.

During OPSEC Awareness Month, DCMA Information Security will provide useful links and information to assist agency personnel with practicing good OPSEC.

For more information on the origins of OPSEC, read the redacted and declassified version of Operation Purple Dragon.

To contact the DCMA OPSEC program, email: dcma.lee.hq.list.information-security@mail.mil.