MARINE CORPS BASE HAWAII, Kaneohe Bay -- A number of years ago, the University of Maryland fielded a football team with an outstanding quarterback - Boomer Esaison, one of the best in college football. His remarkable passing skills led Maryland to an exceptionally fine year; however, when Maryland played against the University of Miami, Esaison experienced one of the worst days of his career.
His passing game was terrible; every time he tried to throw a pass, he was either sacked or rushed so hard that he threw an incomplete pass. After the game, when asked by reporters about his performance, he could only shake his head and say, "They always seemed to know when I was going to throw."
The Maryland coach, concerned with the apparent ability of the opposition to anticipate the quarterback, spent the next week with his staff reviewing tapes of the game. Upon close observation, they discovered the problem: Esaison was tipping his hand.
When he called a running play, he left the huddle and immediately placed himself behind the center. However, when he called a pass, he left the huddle, paused, licked the tips of his fingers and then took his stance behind the center.
Those unconscious habits were a clear signal to the Miami defense that a passing play was about to occur. Miami had completed its homework; it had viewed tapes of Maryland before the game and identified the indicators.
What is OPSEC?
Esaison's story illustrates two of the central facts in which Operations Security (OPSEC) is based: First, seemingly innocuous activities can sometimes be pieced together to reveal future plans; second, failure to recognize one's vulnerabilities in the face of a threat can lead to disastrous consequences.
Operations security is the process used to deny our enemies information concerning our intentions, capabilities and vulnerabilities by identifying and protecting critical information associated with our operations.
While many security programs exist to protect classified information, OPSEC seeks to protect mostly unclassified information about our mission.
One of the basic concepts of OPSEC is that we can't protect everything: e-mails must be sent, phone calls must be made and personal contacts must be initiated. The key to successful operations security is to identify and protect critical information that may reveal our intentions, capabilities and vulnerabilities.
How did OPSEC begin?
Although the OPSEC process originated during the Vietnam era, the realization that we had to protect sensitive information was clearly evident as early as World War II, when war posters reminded Americans "Loose lips sink might ships."
Late in the war, the Germans believed an allied invasion of France was imminent, but they didn't know exactly when or where the allies would attack. The allies performed superbly by protecting details of "Operation Overlord" - an amazing feat considering it was the largest amphibious attack in the history of warfare.
In Vietnam, poor operations security by U.S. and South Vietnamese forces caused frequent compromises of operations. Early in the conflict, much of the radio communication took place "in the clear" without the use of secure codes. Some units failed to change radio call signs for a year or more. As a result, intelligence sources routinely indicated that enemy forces had advance warning of our intentions.
In many cases, U.S. forces ended up reacting to events rather than seeking out indications of future enemy operations. We faced an adversary who was seemingly able to anticipate our every move, choose the time and place of confrontation, and more often than not, evaporate like mist after doing great damage to U.S. personnel.
As a result, the OPSEC process began: a process to analyze military operations, identify the sources of the enemy's ability to determine our actions in advance of those actions, and to implement countermeasures.
Initially, the OPSEC process started with interviews of operations personnel to see what exploitable activities they were involved with and how that information might be passed to the enemy.
As the process matured and the gathered information was analyzed, it was quickly realized that large amounts of primarily unclassified information were inadvertently being disseminated to the enemy. Our adversaries capitalized on this information, which revealed our intentions, our operations and our methodology for conducting the war.
The most common countermeasures to eliminate these indicators of future activity were simple changes in the procedures that involved how classified and unclassified information were handled.
After the Vietnam War, it was realized that OPSEC could not be treated exclusively as a wartime activity. But, it wasn't until 1983 that OPSEC was recognized as a national program that was applicable to more than just combat operations.
How is OPSEC practiced today?
Fast forward to the present. As we assist transitional governments in Iraq and Afghanistan, our enemies are constantly looking for patterns and indications of our intentions that can be used to target our forces.
As we have seen, information can be as powerful a weapon as anything in our arsenal. No information is more valuable to our enemies than foreknowledge about our plans. The best planned and executed military operations can be seriously degraded, even rendered ineffective, if the enemy has advance knowledge of our intentions.
You can be sure our enemies know the importance of OPSEC. Poor operations security on their part enabled the United States and our allies to thwart a number of planned terrorist attacks around the world. The terrorists have responded by changing tactics, thereby forcing us to look for new indicators, or clues, to their plans.
In ALMAR 07/04, the Commandant underscored the need for operations security by stating: "At no time in history has the need to protect critical information been more essential than today. ...Our adversaries will continue to seek all possible advantages, and it is imperative that we protect information that can be exploited and used in an attack against us."
Who should be concerned about OPSEC?
While OPSEC may not seem as important here in Hawaii as it is in a far-off war zone, remember that terrorists and foreign intelligence services are busy at work around the world trying to collect information about our military capabilities and intentions. And while you may think your daily duties are not important in the "big scheme of things," remember that in the hands of a trained analyst, seemingly unimportant bits of information we reveal in our daily duties can prove valuable to our enemies.
Just as you don't need every piece of a jigsaw puzzle to discern the "big picture," our enemies don't need a complete picture of our intentions and capabilities to thwart our plans either.
(Portions of this article were adapted from the OPSEC Handbook.)