Operations Security or OPSEC is an analytical process used to deny or delay adversaries access to Sandia National Laboratories’ (Sandia) critical information. OPSEC is not just a program—it supplements security disciplines.
OPSEC
- Provides tools and resources to identify and protect critical information.
- Where appropriate, provides guidance on OPSEC measures to protect information from inadvertent release or intentional disclosure.
- Assists leadership in making OPSEC risk-management-based decisions.
The OPSEC Process
- Apply threat
- Identify critical information
- Analyze vulnerabilities
- Assess the risk
- Apply countermeasures
- Assess Effectiveness
OPSEC Practices
- Properly handle and destroy sensitive and critical unclassified information
- Maintain situational awareness when conducting activities
- Use the most secure means of communicating
- Guard against unsolicited inquiries to obtain sensitive and/or critical information
- Observe need-to-know and lawful government purpose principles
- Be mindful of what applications you install
- Be adversary aware, the threat is real
OPSEC Simplified
Three Steps: Think. Assess. Protect.
- Think about the information you need to protect and the adversaries who want it.
- Assess the ways they can acquire the information and risk to the mission if it is compromised.
- Protect the information by implementing appropriate countermeasures.