What is opsec? A process for protecting critical information
Operations security, or opsec, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger picture that ought to stay hidden. It’s a discipline of military origins that in the computer age has become vital for government and private organizations alike — and every CSO ought to be thinking about what steps they can take to improve their opsec posture.
The term operations security was first coined in the U.S. military during the Vietnam War, as a result of an effort led by a team dubbed Purple Dragon. This team noticed that America’s adversaries seemed to be able to anticipate their strategies and tactics. It was known that North Vietnam and the Viet Cong hadn’t managed to decrypt U.S. communications and didn’t have intelligence assets who could gather data from the inside; the conclusion was that U.S. forces themselves were inadvertently revealing vital information to the enemy. Purple Dragon coined the first military opsec definition: “The ability to keep knowledge of our strengths and weaknesses away from hostile forces.”