LN324-91
CHAPTER III
OPSEC EVALUATION
INTRODUCTION:
OPSEC means Operations Security. It is the duty of the Intelligence/
Counterintelligence Agent to determine the extent to which the security
measures are being followed within the OPSEC program. If the measures have not
been carried out, then nothing has been accomplished and the security of the
command is in serious danger. When the OPSEC measures, developed from the
OPSEC Procedures, are applied to an operation or activity (Commando) there are
several methods to evaluate its effectiveness. All are included under the
subject of "OPSEC Evaluation." The phrase OPSEC EVALUATION is applied to two
different concepts:
a. One concept refers to an evaluation or study of the activity,
unit, or project, using the OPSEC Procedure in order to recommend the OPSEC
measures and create a Data base for Counterintelligence (CI).
b. The second concept is an evaluation of the effectiveness of the
OPSEC measures already recommended. This evaluation might result in
modification or suppression of measures, or the identification of new OPSEC
measures.
OVERVIEW:
1. The OPSEC Evaluations vary, as already mentioned, depending on the
units needs.
2. All evaluations have in common the characteristics of examining
the effectiveness, the failure or the lack of OPSEC measures in a unit.
3. All evaluations are structured in a way that can provide complete
and detailed information as to how the units and agencies are implementing the
OPSEC measures.
4. THE OPSEC EVALUATIONS ARE NOT INSPECTIONS. The evaluations are
presented and must be considered as data finding and/or failure finding.
5. The Evaluation is used to identify those areas of the security
procedure of a unit that need to be improved.
6. When a team of agents carries out an OPSEC evaluation, it must be
done sensibly and not overlook or ignore something, having always in mind that
the evaluation results will be used to improve the system.
7. EVALUATIONS IN PEACE TIME AND IN WARTIME:
45
LN324-91
a. During peacetime the OPSEC Evaluations can be prepared
several months in advance. An OPSEC evaluation of each command (unit) within a
Division or Brigade, must be carried out annually.
b. In addition to a yearly evaluation, a commander may request
it, through the G3/S3, that an OPSEC special evaluation be made of his unit.
c. During wartime, as vulnerabilities and threats are
identified, the evaluations are carried out in response to an emergency
request or urgency by the affected agencies.
8. Each evaluation is unique, since each one reflects the operation
or activity being evaluated. However, there are certain common procedures for
all evaluations, and these are as follows:
a. Planning
b. Evaluation
c. Report/Information
9. Planning of Evaluation:
The main factor in the planning stage of an evaluation is detail.
It must be prepared in detail to carry out an evaluation. Normally, the
planning stage includes the following:
a. Development of the purpose and scope of the evaluation:
The purpose/scope of the evaluation is prepared by the
analysis section of CI, and by the OPSEC element, for approval by G3/S3.
SAMPLES OF POSSIBLE PURPOSES AND SCOPES OF AN EVALUATION:
(1) "This OPSEC Evaluation will discuss the vulnerability of
the Division or Brigade to the multi-disciplinary threats of the enemy. These
threats include Human Intelligence (HUMINT) and Signal Intelligence (SIGINT),
etc.
b. Selection of the team that will carry out the Evaluation:
The team shall be selected by G3/S3, who will request its
units to assign expert personnel in the areas of operations, intelligence,
communications, logistics and administration. The team can be re-structured
according to the type of evaluation to be made.
c. Establish the contacts (link) in the area to be evaluated:
One of the initial steps before evaluation is to contact the
security chief of the installation to be evaluated. He can provide access to
the necessary files needed for an evaluation.
46
LN324-91
d. Compilation of the reference materials:
The team must review the Standard Operations Procedures
(SOP) of the unit to be evaluated. This will make the team familiar with the
mission and the operational procedures of that installation.
e. Review the Essential Elements of Friendly Information
(EEFI):
By reviewing the EEFI, the team may identify the valuable
intelligence data which the commander deems important for the security of the
installation. This information may include any information, classified or not,
which, if revealed to enemy intelligence agent, could result in serious damage
to the installation.
f. Review the threat of hostile intelligence:
The team must be familiar with possible espionage threats,
activities of intelligence gathering by the enemy, by using all the sources in
the area of operations.
g. Become familiar with the activity or installation to be
evaluated:
Members of the evaluation team shall review all the
directives of the installation. The evaluation team leader should be briefed
by the commander of the installation.
h. Prepare organizational charts:
Preparation of organizational charts for evaluation purposes
will facilitate the evaluator's work. The chart should be prepared according
to the area to be evaluated. The charts should include the areas to be
reviewed by the agents and specific notes that might be useful for the
individual evaluator to carry out his duties.
i. Give notice of evaluation:
The final step in the preparation of an OPSEC evaluation is
to notify it. The G3/S3 notifies the installations that will be evaluated by
means of an amendment. The information that might appear in the message is as
follows:
(1) The purpose and scope of the evaluation.
(2) The members of the evaluating team and its access to
classified information.
(3) Necessary briefings and familiarity.
(4) Date and time that will be spent in the evaluation.
(5) Support required from Signal Security (SIGSEC)
47
LN324-91
10. The Evaluation:
After completing the planning stage, the evaluation will be
performed. The following steps, in order, must be carried out at the onset of
the evaluation.
a. Beginning briefing:
This briefing could be formal or informal. It must be given
by the evaluating team leader. The areas to be covered during this briefing
are:
(1) Purpose and scope of the evaluation.
(2) How the evaluation will be conducted.
(3) Summary of the enemy threats and the vulnerability of
the installations to these threats.
(4) Previous OPSEC evaluations, if any, will be discussed.
b. Briefing by the Commander:
This briefing will give the Evaluating Team an opportunity
to receive information on the operations from the viewpoint of the commander
of the installation.
c. The Evaluation: (Information that will be covered later on
by this chapter).
d. Final Briefing:
The purpose of the final briefing is to inform the Commander
of the results of the evaluation and the findings during the evaluation with
regard to the OPSEC system of his installation. Also, the outgoing briefing
could be an informal one.
e. Report:
During this period, the evaluating team, the analysis
section of CI and the OPSEC section, shall evaluate all the information
obtained during the evaluation. The product of this effort shall provide a
data base that can be used to identify the vulnerabilities of the installation
in the OPSEC areas. The evaluation results of the information obtained by the
team will be the basis for recommendations of new OPSEC measures, if
necessary.
48
LN324-91
OPSEC EVALUATION
BROCHURE: TECHNIQUES AND AREAS TO BE COVERED DURING AN OPSEC
EVALUATION.
OPSEC EVALUATION
HUMAN INTELLIGENCE
A. Security of Information:
1. Reproduction machines (copiers):
a. How many machines are there?
b. What is the control on the reproduction of classified
material?
c. Who is authorized to reproduce classified material?
d. Who authorizes reproduction?
e. Has the personnel been instructed that when a document is
copied in a copier, the image of the document remains latent in the crystal
and could emerge if a blank paper goes through.
2. Destruction of classified information:
a. Who does the destruction of classified information?
b. Where is destruction carried out?
c. When and how often is classified information destroyed?
d. How is it destroyed?
e. What security measures exist during the destruction process
of classified material?
3. Emergency Evacuation and Destruction Plan:
a. Obtain a copy of the plan and review it to determine whether
it is effective:
b. How is the plan carried out?
c. Do they have the necessary materials on hand to implement
the plan?
49
LN324-91
d. Has the plan been rehearsed (drilled)?
4. Sensitive unclassified Trash:
a. Is there a procedure with regard to the handling of
sensitive unclassified trash?
b. Is there any mention of it in the SOP?
c. Is the SOP specification carried out?
d. How can they be sure that the command instructions are
carried out with regard to sensitive unclassified material?
e. Is all the personnel aware of the importance of controlling
the sensitive unclassified trash? How were they instructed?
5. Requests for information:
a. How are requests for information processed?
b. What is the procedure if the request originates from another
military or civilian command, or foreign country?
c. How do they control publication of information on activities
evaluated by other sources?
d. Is there an Officer for Public Relations (PRO)?
e. What are the responsibilities of the PRO in this program?
f. How is unsolicited mail handled?
6. Open Publications:
a. Which are the open publications of the installation? (A
publication which is unclassified and anybody can have access to it.)
b. Obtain copies and determine whether the publication has any
EEFI information.
c. How are open publications controlled?
7. EEFI:
a. Obtain copy of the current EEFI list.
b. On what was this list based?
50
LN324-91
c. Is all the necessary personnel aware of what is included in
the EEFI list? Is this information denied to some personnel?
d. Is the EEFI list realistic, does it in fact contain
everything that the unit wants to protect?
8. Reports of Previous Inspections/evaluations or Studies:
a. Obtain copies of all the inspections, evaluations, studies,
of physical security, personnel, OPSEC, that has pertain to the installation.
b. Review all the reports and determined which measures have
been taken to correct problems identified previously.
9. Special Access Material:
a. Which materials requiring special access are used by the
installation?
b. What security measures are enforces to protect and safeguard
the material?
10. Classification guidelines:
a. Obtain copy of the classification guidelines for classified
material of the installation.
b. Are these guidelines effective?
c. Are they written in an efficient way, providing the
necessary information?
d. Is the personnel knowledgeable of this classification
guideline?
11. Casual Conversation.
a. During the evaluation of the installation, try to listen to
conversation carried out in areas where classified or sensitive matters should
not be discussed; also be on the alert to conversation between persons that
have access and the need to know certain information with persons that do not
have the need to know nor the access.
b. Which is the procedure of the unit/installation regarding
casual conversation?
c. Does the installation have an instruction program to brief
its personnel with regard to the danger of casual conversation?
51
LN324-91
12. Security Education Program:
a. Which is the level of security education of the evaluated
installation?
b. Is there an education program in the areas of sabotage and
espionage against the armed forces, OPSEC, SigSec, Humint, and imagery
intelligence?
c. If there is a program, is it effective? (Does the personnel
respond to the teachings?)
d. Has the installation informed on any attempt of sabotage and
espionage or incident to the SEAAF?
e. Is the personnel contacted aware of the purpose of OPSEC?
Could they identify an approach to SEAAF if it would happen to them?
B. Physical Security
1. Inspections after working hours:
a. Are inspections of the installation carried out after
working hours?
b. If they do, what do they look for?
c. How often are these inspections performed?
d. What happens if they find loose classified material or any
other security violation?
2. Effectiveness of Physical Security:
a. What is the concrete effectiveness of the physical security
of the installation?
b. Are the current physical security measures adequate?
c. Examine doors, gates, fences, barriers, etc. and determine
its weakness and strong points.
3. Inspection Program of the Security Inspector:
a. Does the installation have an inspection program by the
Security Supervisor?
b. When the security supervisor carries out an inspection, is
it announced or unannounced?
c. Is the personnel performing the physical security
inspection, assigned to the same installation which they are inspecting?
d. What do they look for when inspecting?
e. What happens when they discover a vulnerability?
4. Access Control:
52
LN324-91
a. Pretend you are a hostile intelligence agent and determine
how could you manage to enter the installation. Plan it from the outside to
the inside and how far could you penetrate. Try to obtain classified material
or try to listen to casual classified conversation. Use your imagination. The
enemy will do the same.
b. Are the gates adequate?
c. Is there a cleared zone beyond the perimetry fences?
d. Is there an adequate number of guards? Are they duly
trained? (How do they communicate among themselves?
e. Are the fences adequate?
f. Are the outer doors adequate?
g. Is the alarm system adequate? (Do they have an alarm
system?)
h. Is there a control of visitors and their vehicles?
i. Do the guards have an established routine of movement that
will make them vulnerable to an attack?
j. Is there a reserve/support group that could assist in case
of a surprise attack?
k. Prepare a scenario of how you could penetrate the
installation, include a detailed account of the weak and strong points of the
security program of the installation.
5. Pass system:
a. Is it adequate?
b. Can the passes be reproduced easily?
c. Is there another system that could be used in case the first
one is compromised?
d. How are passes destroyed?
e. What happens when they are informed that a pass has been
lost?
f. Do they allow for one pass to have access to the entire
installation, or are there restrictions?
53
LN324-91
g. If the pass is not shown, is he made aware by the other
individuals, or is he allowed to walk without problem or question?
h. Are all the passes always visible?
i. How is the access to classified information certified or
verified of an individual visiting the installation?
j. Are visitors escorted through the installation?
k. Is there a record of the passes?
l. How many times a year is the pass system changed?
6. Visitors control:
a. What kind of access is authorized to visitors?
b. How are their level of access to classified information
verified?
c. Are the visitors required to sign at the entrance? What
information are they required to provide?
d. What other controls are applied for visitors?
7. Foreign Liaison Visitors
a. Are their access or authority for visiting verified?
b. Who is notified of their visit to the installation?
c. Which areas are they allowed to access?
d. What type of information is exchanged?
e. Is a briefing offered to the personnel that will have
contact with the foreign visitors?
8. OPSEC Support - Physical Security Plan:
a. Review and determine whether the plan is effective,.
b. Does this plan provide the support/information/guidelines
needed?
c. Can a Study of Physical Security be carried out?
d. What do the personnel know of the Physical Security Plan?
54
LN324-91
e. Is it reviewed and updated frequently?
9. Instructions for the Guards
a. Are the instructions to guards adequate?
b. Do the instructions to guards indicate which are their
responsibilities?
c. Are emergency plans included in the instructions?
d. What do the guards know about the plan?
e. Do the instructions include how to proceed in case of a bomb
threat, sabotage, espionage, events of interest for the CI, and the
destruction of government property?
f. Do the guards understand what they have to do if they are
involved in an incident that concerns the military intelligence?
C. Personnel Security
1. Human Reliability Program: (This program is used to determine the
reliability of persons in sensitive posts. The subject is discussed in the
Chapter entitled "Security Investigation of Personnel")
a. Does the installation have such a program?
b. If it does, how is it checked?
c. What has this program offered to the Commander?
d. How is access to classified information validated?
e. Where do personnel whose access has not been approved yet
work?
2. Travel Abroad by Staff Personnel:
a. Where to and when do these individuals travel to foreign
countries?
b. What is the procedure to notify the commander of these
trips?
c. Are the travel schedules controlled/evaluated?
d. Is the personnel travelling abroad briefed?
55
LN324-91
e. What kind of information do they carry and what kind of
information can they exchange?
f. Are trips abroad reported to military intelligence?
3. List of Accesses to Classified Information:
a. Is there a list of all the persons who have access to
classified information?
b. Do the personnel have access to the necessary information to
carry out their tasks?
c. Revise the access list and determine whether there is any
individual with access to information who should not be allowed.
d. How does the command verify the access to classified
information of other agencies?
4. OPSEC Program:
OPSEC SOP:
a. Does the installation have an OPSEC SOP?
b. Is it adequate?
c. Does the SOP of OPSEC describe the responsibilities of
everybody down to the individual level?
OPSEC Officer
a. Does the officer in charge of OPSEC working full-time for
OPSEC, or does he have other primary functions?
b. Which are the responsibilities of the OPSEC officer?
c. What kind of support is given to him?
d. Does he have the experience/education/reference material
necessary to carry out his tasks?
e. What importance does the Commander bestow on the OPSEC
program?
OPSEC Analyst
a. Is the command aware of what is an OPSEC analyst?
56
LN324-91
b. Does the command know what an Analyst can do for them?
c. Have they requested support by the OPSEC Analyst, and what
kind of support was requested?
d. Have they received in the past any support by an OPSEC
Analyst?
e. Is the OPSEC Analyst effective?
4. OPSEC Consciousness:
a. Does the personnel know what OPSEC means, what OPSEC can do
for them to protect their mission and work material?
b. Is OPSEC considered a daily routine in this installation?
c. Is OPSEC considered before, after and during a military
exercise?
d. What kind of OPSEC training have been given to the
personnel?
e. Does the personnel believe in the importance of OPSEC?
f. Which is your (the agent's) opinion of the total
consciousness of OPSEC in the installation?
D. Signal Intelligence
1. SOP:
a. Obtain and review all the SOP's of SIGSEC. (are they
adequate?)
b. Are they reviewed and updated periodically?
2. Support by Signal Intelligence:
a. What kind of support has the installation received from
Signal Intelligence?
b. What kind of signal intelligence support does the
installation need?
3. Safe Communication:
a. What are the means for safe communication?
57
LN324-91
b. Are they adequate?
c. Is there a backup system in case the primary one stops
working?
4. Inspections of Safe Communications and Signal Security:
a. When was the last SIGSEC/COMSEC inspection done and what
were the results?
b. Does the system need to be improved? (Were the improvement
measures carried out?)
c. Is there a need currently to improve the SIGSEC and COMSEC
systems?
5. Security Education:
a. Is the installation personnel trained on communications
security?
b. If they are trained, how is instruction given, is it
accepted or rejected?
c. Is there a need to improve the security education program?
6. ADP Security:
(ADP: is a security system used to protect the computer communication)
a. Is the personnel trained on COMSEC?
b. Is a key code used? How can an unauthorized person be
prevented to access the computer system?
c. Do unauthorized persons use the system?
d. What is the software used? What classification does it have?
e. What is the procedure for controlling the computer output?
f. What physical security measures are used to protect the
computer terminals that are outside the computer room?
g. Which procedure is used for the necessary maintenance?
58
LN324-91
h. If the system contains classified information, how can they
get the cleared personnel to carry out the computer maintenance?
i. Is there a Security Officer assigned for the computer room?
j. Are the computer operators trained on the need to protect
the systems security?
k. Can classified information be obtained through the
terminals?
l. Are visitors escorted while visiting the computers area?
m. Is there a pass system for the computers area?
n. Does the installation share the use of computers with other
installations or agencies?
E. Imagery Intelligence
1. Aerial Photography:
a. Is the personnel conscious of the existence/threat of aerial
photography?
b. Is the installation vulnerable to this threat?
c. What precautions are taken for protection against this
threat?
d. What kind of written information do they have to protect
themselves against this threat?
2. Manual Photography by an Agent:
a. Is the personnel conscious of this kind of threat?
b. What physical security precautions are taken to protect
themselves against this threat?
c. How vulnerable is the installation?
d. Are the guards aware of this threat and know how to prevent
it?
3. Outside Tryouts
59
LN324-91
a. Does the installation conduct tryouts outside the building
that could be vulnerable to the threat of imagery intelligence?
b. Has the command considered using camouflage before the
tryouts are carried out?
c. Does the SOP contain something with regard to the protection
against this threat?
F. Vulnerabilities/Recommendations of Signal Intelligence
G. Imagery Intelligence
1. Local threat:
2. Vulnerabilities/Recommendations:
H. Other Vulnerabilities and recommendations as appropriate:
I. Remarks:
(General remarks are included which are not qualified as
vulnerabilities.)
J. Conclusions
(Support to be given to the installation in the future.)
I. ANNEXES:
a. Data on Threats in general.
b. Results of the COMSEC evaluation.
c. Study of Signal Security
d. Essential Elements of the Enemy
e. Report of ADP Security
f. BEFI - Evaluation
g. Inspection of Technical Support
h. Other information or reports that might backup the OPSEC
Evaluation.
60
LN324-91
NOTE: Not all the Annexes mentioned above are required in all the reports of
an OPSEC evaluation.
61
Chapter 4
[Back to SOAW Home
Page] [Send email to
SOAW] [SOA Manuals]