CHAPTER III

                           OPSEC EVALUATION


     OPSEC means Operations Security. It is the duty of the Intelligence/
Counterintelligence Agent to determine the extent to which the security
measures are being followed within the OPSEC program. If the measures have not
been carried out, then nothing has been accomplished and the security of the
command is in serious danger. When the OPSEC measures, developed from the
OPSEC Procedures, are applied to an operation or activity (Commando) there are
several methods to evaluate its effectiveness. All are included under the
subject of "OPSEC Evaluation." The phrase OPSEC EVALUATION is applied to two
different concepts:

     a.    One concept refers to an evaluation or study of the activity,
unit, or project, using the OPSEC Procedure in order to recommend the OPSEC
measures and create a Data base for Counterintelligence (CI).

     b.    The second concept is an evaluation of the effectiveness of the
OPSEC measures already recommended. This evaluation might result in
modification or suppression of measures, or the identification of new OPSEC


     1.    The OPSEC Evaluations vary, as already mentioned, depending on the
units needs.

     2.    All evaluations have in common the characteristics of examining
the effectiveness, the failure or the lack of OPSEC measures in a unit.

     3.    All evaluations are structured in a way that can provide complete
and detailed information as to how the units and agencies are implementing the
OPSEC measures.

presented and must be considered as data finding and/or failure finding.

     5.    The Evaluation is used to identify those areas of the security
procedure of a unit that need to be improved.

     6.    When a team of agents carries out an OPSEC evaluation, it must be
done sensibly and not overlook or ignore something, having always in mind that
the evaluation results will be used to improve the system.



LN324-91 a. During peacetime the OPSEC Evaluations can be prepared several months in advance. An OPSEC evaluation of each command (unit) within a Division or Brigade, must be carried out annually. b. In addition to a yearly evaluation, a commander may request it, through the G3/S3, that an OPSEC special evaluation be made of his unit. c. During wartime, as vulnerabilities and threats are identified, the evaluations are carried out in response to an emergency request or urgency by the affected agencies. 8. Each evaluation is unique, since each one reflects the operation or activity being evaluated. However, there are certain common procedures for all evaluations, and these are as follows: a. Planning b. Evaluation c. Report/Information 9. Planning of Evaluation: The main factor in the planning stage of an evaluation is detail. It must be prepared in detail to carry out an evaluation. Normally, the planning stage includes the following: a. Development of the purpose and scope of the evaluation: The purpose/scope of the evaluation is prepared by the analysis section of CI, and by the OPSEC element, for approval by G3/S3. SAMPLES OF POSSIBLE PURPOSES AND SCOPES OF AN EVALUATION: (1) "This OPSEC Evaluation will discuss the vulnerability of the Division or Brigade to the multi-disciplinary threats of the enemy. These threats include Human Intelligence (HUMINT) and Signal Intelligence (SIGINT), etc. b. Selection of the team that will carry out the Evaluation: The team shall be selected by G3/S3, who will request its units to assign expert personnel in the areas of operations, intelligence, communications, logistics and administration. The team can be re-structured according to the type of evaluation to be made. c. Establish the contacts (link) in the area to be evaluated: One of the initial steps before evaluation is to contact the security chief of the installation to be evaluated. He can provide access to the necessary files needed for an evaluation. 46
LN324-91 d. Compilation of the reference materials: The team must review the Standard Operations Procedures (SOP) of the unit to be evaluated. This will make the team familiar with the mission and the operational procedures of that installation. e. Review the Essential Elements of Friendly Information (EEFI): By reviewing the EEFI, the team may identify the valuable intelligence data which the commander deems important for the security of the installation. This information may include any information, classified or not, which, if revealed to enemy intelligence agent, could result in serious damage to the installation. f. Review the threat of hostile intelligence: The team must be familiar with possible espionage threats, activities of intelligence gathering by the enemy, by using all the sources in the area of operations. g. Become familiar with the activity or installation to be evaluated: Members of the evaluation team shall review all the directives of the installation. The evaluation team leader should be briefed by the commander of the installation. h. Prepare organizational charts: Preparation of organizational charts for evaluation purposes will facilitate the evaluator's work. The chart should be prepared according to the area to be evaluated. The charts should include the areas to be reviewed by the agents and specific notes that might be useful for the individual evaluator to carry out his duties. i. Give notice of evaluation: The final step in the preparation of an OPSEC evaluation is to notify it. The G3/S3 notifies the installations that will be evaluated by means of an amendment. The information that might appear in the message is as follows: (1) The purpose and scope of the evaluation. (2) The members of the evaluating team and its access to classified information. (3) Necessary briefings and familiarity. (4) Date and time that will be spent in the evaluation. (5) Support required from Signal Security (SIGSEC) 47
LN324-91 10. The Evaluation: After completing the planning stage, the evaluation will be performed. The following steps, in order, must be carried out at the onset of the evaluation. a. Beginning briefing: This briefing could be formal or informal. It must be given by the evaluating team leader. The areas to be covered during this briefing are: (1) Purpose and scope of the evaluation. (2) How the evaluation will be conducted. (3) Summary of the enemy threats and the vulnerability of the installations to these threats. (4) Previous OPSEC evaluations, if any, will be discussed. b. Briefing by the Commander: This briefing will give the Evaluating Team an opportunity to receive information on the operations from the viewpoint of the commander of the installation. c. The Evaluation: (Information that will be covered later on by this chapter). d. Final Briefing: The purpose of the final briefing is to inform the Commander of the results of the evaluation and the findings during the evaluation with regard to the OPSEC system of his installation. Also, the outgoing briefing could be an informal one. e. Report: During this period, the evaluating team, the analysis section of CI and the OPSEC section, shall evaluate all the information obtained during the evaluation. The product of this effort shall provide a data base that can be used to identify the vulnerabilities of the installation in the OPSEC areas. The evaluation results of the information obtained by the team will be the basis for recommendations of new OPSEC measures, if necessary. 48
LN324-91 OPSEC EVALUATION BROCHURE: TECHNIQUES AND AREAS TO BE COVERED DURING AN OPSEC EVALUATION. OPSEC EVALUATION HUMAN INTELLIGENCE A. Security of Information: 1. Reproduction machines (copiers): a. How many machines are there? b. What is the control on the reproduction of classified material? c. Who is authorized to reproduce classified material? d. Who authorizes reproduction? e. Has the personnel been instructed that when a document is copied in a copier, the image of the document remains latent in the crystal and could emerge if a blank paper goes through. 2. Destruction of classified information: a. Who does the destruction of classified information? b. Where is destruction carried out? c. When and how often is classified information destroyed? d. How is it destroyed? e. What security measures exist during the destruction process of classified material? 3. Emergency Evacuation and Destruction Plan: a. Obtain a copy of the plan and review it to determine whether it is effective: b. How is the plan carried out? c. Do they have the necessary materials on hand to implement the plan? 49
LN324-91 d. Has the plan been rehearsed (drilled)? 4. Sensitive unclassified Trash: a. Is there a procedure with regard to the handling of sensitive unclassified trash? b. Is there any mention of it in the SOP? c. Is the SOP specification carried out? d. How can they be sure that the command instructions are carried out with regard to sensitive unclassified material? e. Is all the personnel aware of the importance of controlling the sensitive unclassified trash? How were they instructed? 5. Requests for information: a. How are requests for information processed? b. What is the procedure if the request originates from another military or civilian command, or foreign country? c. How do they control publication of information on activities evaluated by other sources? d. Is there an Officer for Public Relations (PRO)? e. What are the responsibilities of the PRO in this program? f. How is unsolicited mail handled? 6. Open Publications: a. Which are the open publications of the installation? (A publication which is unclassified and anybody can have access to it.) b. Obtain copies and determine whether the publication has any EEFI information. c. How are open publications controlled? 7. EEFI: a. Obtain copy of the current EEFI list. b. On what was this list based? 50
LN324-91 c. Is all the necessary personnel aware of what is included in the EEFI list? Is this information denied to some personnel? d. Is the EEFI list realistic, does it in fact contain everything that the unit wants to protect? 8. Reports of Previous Inspections/evaluations or Studies: a. Obtain copies of all the inspections, evaluations, studies, of physical security, personnel, OPSEC, that has pertain to the installation. b. Review all the reports and determined which measures have been taken to correct problems identified previously. 9. Special Access Material: a. Which materials requiring special access are used by the installation? b. What security measures are enforces to protect and safeguard the material? 10. Classification guidelines: a. Obtain copy of the classification guidelines for classified material of the installation. b. Are these guidelines effective? c. Are they written in an efficient way, providing the necessary information? d. Is the personnel knowledgeable of this classification guideline? 11. Casual Conversation. a. During the evaluation of the installation, try to listen to conversation carried out in areas where classified or sensitive matters should not be discussed; also be on the alert to conversation between persons that have access and the need to know certain information with persons that do not have the need to know nor the access. b. Which is the procedure of the unit/installation regarding casual conversation? c. Does the installation have an instruction program to brief its personnel with regard to the danger of casual conversation? 51
LN324-91 12. Security Education Program: a. Which is the level of security education of the evaluated installation? b. Is there an education program in the areas of sabotage and espionage against the armed forces, OPSEC, SigSec, Humint, and imagery intelligence? c. If there is a program, is it effective? (Does the personnel respond to the teachings?) d. Has the installation informed on any attempt of sabotage and espionage or incident to the SEAAF? e. Is the personnel contacted aware of the purpose of OPSEC? Could they identify an approach to SEAAF if it would happen to them? B. Physical Security 1. Inspections after working hours: a. Are inspections of the installation carried out after working hours? b. If they do, what do they look for? c. How often are these inspections performed? d. What happens if they find loose classified material or any other security violation? 2. Effectiveness of Physical Security: a. What is the concrete effectiveness of the physical security of the installation? b. Are the current physical security measures adequate? c. Examine doors, gates, fences, barriers, etc. and determine its weakness and strong points. 3. Inspection Program of the Security Inspector: a. Does the installation have an inspection program by the Security Supervisor? b. When the security supervisor carries out an inspection, is it announced or unannounced? c. Is the personnel performing the physical security inspection, assigned to the same installation which they are inspecting? d. What do they look for when inspecting? e. What happens when they discover a vulnerability? 4. Access Control: 52
LN324-91 a. Pretend you are a hostile intelligence agent and determine how could you manage to enter the installation. Plan it from the outside to the inside and how far could you penetrate. Try to obtain classified material or try to listen to casual classified conversation. Use your imagination. The enemy will do the same. b. Are the gates adequate? c. Is there a cleared zone beyond the perimetry fences? d. Is there an adequate number of guards? Are they duly trained? (How do they communicate among themselves? e. Are the fences adequate? f. Are the outer doors adequate? g. Is the alarm system adequate? (Do they have an alarm system?) h. Is there a control of visitors and their vehicles? i. Do the guards have an established routine of movement that will make them vulnerable to an attack? j. Is there a reserve/support group that could assist in case of a surprise attack? k. Prepare a scenario of how you could penetrate the installation, include a detailed account of the weak and strong points of the security program of the installation. 5. Pass system: a. Is it adequate? b. Can the passes be reproduced easily? c. Is there another system that could be used in case the first one is compromised? d. How are passes destroyed? e. What happens when they are informed that a pass has been lost? f. Do they allow for one pass to have access to the entire installation, or are there restrictions? 53
LN324-91 g. If the pass is not shown, is he made aware by the other individuals, or is he allowed to walk without problem or question? h. Are all the passes always visible? i. How is the access to classified information certified or verified of an individual visiting the installation? j. Are visitors escorted through the installation? k. Is there a record of the passes? l. How many times a year is the pass system changed? 6. Visitors control: a. What kind of access is authorized to visitors? b. How are their level of access to classified information verified? c. Are the visitors required to sign at the entrance? What information are they required to provide? d. What other controls are applied for visitors? 7. Foreign Liaison Visitors a. Are their access or authority for visiting verified? b. Who is notified of their visit to the installation? c. Which areas are they allowed to access? d. What type of information is exchanged? e. Is a briefing offered to the personnel that will have contact with the foreign visitors? 8. OPSEC Support - Physical Security Plan: a. Review and determine whether the plan is effective,. b. Does this plan provide the support/information/guidelines needed? c. Can a Study of Physical Security be carried out? d. What do the personnel know of the Physical Security Plan? 54
LN324-91 e. Is it reviewed and updated frequently? 9. Instructions for the Guards a. Are the instructions to guards adequate? b. Do the instructions to guards indicate which are their responsibilities? c. Are emergency plans included in the instructions? d. What do the guards know about the plan? e. Do the instructions include how to proceed in case of a bomb threat, sabotage, espionage, events of interest for the CI, and the destruction of government property? f. Do the guards understand what they have to do if they are involved in an incident that concerns the military intelligence? C. Personnel Security 1. Human Reliability Program: (This program is used to determine the reliability of persons in sensitive posts. The subject is discussed in the Chapter entitled "Security Investigation of Personnel") a. Does the installation have such a program? b. If it does, how is it checked? c. What has this program offered to the Commander? d. How is access to classified information validated? e. Where do personnel whose access has not been approved yet work? 2. Travel Abroad by Staff Personnel: a. Where to and when do these individuals travel to foreign countries? b. What is the procedure to notify the commander of these trips? c. Are the travel schedules controlled/evaluated? d. Is the personnel travelling abroad briefed? 55
LN324-91 e. What kind of information do they carry and what kind of information can they exchange? f. Are trips abroad reported to military intelligence? 3. List of Accesses to Classified Information: a. Is there a list of all the persons who have access to classified information? b. Do the personnel have access to the necessary information to carry out their tasks? c. Revise the access list and determine whether there is any individual with access to information who should not be allowed. d. How does the command verify the access to classified information of other agencies? 4. OPSEC Program: OPSEC SOP: a. Does the installation have an OPSEC SOP? b. Is it adequate? c. Does the SOP of OPSEC describe the responsibilities of everybody down to the individual level? OPSEC Officer a. Does the officer in charge of OPSEC working full-time for OPSEC, or does he have other primary functions? b. Which are the responsibilities of the OPSEC officer? c. What kind of support is given to him? d. Does he have the experience/education/reference material necessary to carry out his tasks? e. What importance does the Commander bestow on the OPSEC program? OPSEC Analyst a. Is the command aware of what is an OPSEC analyst? 56
LN324-91 b. Does the command know what an Analyst can do for them? c. Have they requested support by the OPSEC Analyst, and what kind of support was requested? d. Have they received in the past any support by an OPSEC Analyst? e. Is the OPSEC Analyst effective? 4. OPSEC Consciousness: a. Does the personnel know what OPSEC means, what OPSEC can do for them to protect their mission and work material? b. Is OPSEC considered a daily routine in this installation? c. Is OPSEC considered before, after and during a military exercise? d. What kind of OPSEC training have been given to the personnel? e. Does the personnel believe in the importance of OPSEC? f. Which is your (the agent's) opinion of the total consciousness of OPSEC in the installation? D. Signal Intelligence 1. SOP: a. Obtain and review all the SOP's of SIGSEC. (are they adequate?) b. Are they reviewed and updated periodically? 2. Support by Signal Intelligence: a. What kind of support has the installation received from Signal Intelligence? b. What kind of signal intelligence support does the installation need? 3. Safe Communication: a. What are the means for safe communication? 57
LN324-91 b. Are they adequate? c. Is there a backup system in case the primary one stops working? 4. Inspections of Safe Communications and Signal Security: a. When was the last SIGSEC/COMSEC inspection done and what were the results? b. Does the system need to be improved? (Were the improvement measures carried out?) c. Is there a need currently to improve the SIGSEC and COMSEC systems? 5. Security Education: a. Is the installation personnel trained on communications security? b. If they are trained, how is instruction given, is it accepted or rejected? c. Is there a need to improve the security education program? 6. ADP Security: (ADP: is a security system used to protect the computer communication) a. Is the personnel trained on COMSEC? b. Is a key code used? How can an unauthorized person be prevented to access the computer system? c. Do unauthorized persons use the system? d. What is the software used? What classification does it have? e. What is the procedure for controlling the computer output? f. What physical security measures are used to protect the computer terminals that are outside the computer room? g. Which procedure is used for the necessary maintenance? 58
LN324-91 h. If the system contains classified information, how can they get the cleared personnel to carry out the computer maintenance? i. Is there a Security Officer assigned for the computer room? j. Are the computer operators trained on the need to protect the systems security? k. Can classified information be obtained through the terminals? l. Are visitors escorted while visiting the computers area? m. Is there a pass system for the computers area? n. Does the installation share the use of computers with other installations or agencies? E. Imagery Intelligence 1. Aerial Photography: a. Is the personnel conscious of the existence/threat of aerial photography? b. Is the installation vulnerable to this threat? c. What precautions are taken for protection against this threat? d. What kind of written information do they have to protect themselves against this threat? 2. Manual Photography by an Agent: a. Is the personnel conscious of this kind of threat? b. What physical security precautions are taken to protect themselves against this threat? c. How vulnerable is the installation? d. Are the guards aware of this threat and know how to prevent it? 3. Outside Tryouts 59
LN324-91 a. Does the installation conduct tryouts outside the building that could be vulnerable to the threat of imagery intelligence? b. Has the command considered using camouflage before the tryouts are carried out? c. Does the SOP contain something with regard to the protection against this threat? F. Vulnerabilities/Recommendations of Signal Intelligence G. Imagery Intelligence 1. Local threat: 2. Vulnerabilities/Recommendations: H. Other Vulnerabilities and recommendations as appropriate: I. Remarks: (General remarks are included which are not qualified as vulnerabilities.) J. Conclusions (Support to be given to the installation in the future.) I. ANNEXES: a. Data on Threats in general. b. Results of the COMSEC evaluation. c. Study of Signal Security d. Essential Elements of the Enemy e. Report of ADP Security f. BEFI - Evaluation g. Inspection of Technical Support h. Other information or reports that might backup the OPSEC Evaluation. 60
LN324-91 NOTE: Not all the Annexes mentioned above are required in all the reports of an OPSEC evaluation. 61

Chapter 4

[Back to SOAW Home Page]    [Send email to SOAW]    [SOA Manuals]