University Consortium for Applied Hypersonics

You are here: Home / Security

Security

Managed by Texas A&M University System (TAMUS) Research Security Office (RSO)

Contact: [email protected]

OPSEC

OPSEC is a systematic and proven process designed to deny to potential adversaries, information about capabilities and intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities. As UCAH activities are sponsored by the U.S. Department of Defense, there will be a requirement for members and participants to become familiar with the OPSEC plan which will be associated with this project. This section will contain material designed to foster awareness and recommendations related to OPSEC and UCAH activities.

OPSEC Process

Identification of Critical Information

Critical information is factual data about an organization’s intentions, capabilities, and activities that the adversary needs to plan and act effectively to degrade operational effectiveness or place the potential for organizational success at risk. The OPSEC process identifies critical information and determines when that information may cease to be critical in the life cycle of an operation, program, or activity.

Assessment of Risks

Risk assessment is the heart of the OPSEC process. In a risk assessment, threats and vulnerabilities are compared to determine the potential risk posed by adversary intelligence collection activities targeting an activity, program, or organization. When the level of vulnerability is assessed to be high and the adversary threat is evident, then adversary exploitation is expected, and risks are assessed to be high. When the vulnerability is slight, and the adversary’s collection ability is rated to be moderate or low, the risk may be determined to be low, and no protective measures may be required. Based on the assessed level of risk, cost/benefit measures can be used to compare potential countermeasures in terms of their effectiveness and cost.

Analysis of Vulnerabilities

Vulnerability analysis requires that the OPSEC analyst adopt an adversarial view of the activity requiring protection. The analyst attempts to identify weaknesses or susceptibilities that can be exploited by the adversary’s collection capabilities. The vulnerability analysis process must identify the range of activities that can be observed by the adversary, the type of information that can be collected, and the specific organizational weaknesses that the adversary can exploit. Based on this knowledge, the OPSEC analyst determines what critical information the adversary can derive based on the known threat and assessed vulnerabilities.

Analysis of Threats

Threat analysis consists of determining the adversary’s ability to collect, process, analyze, and use information. The objective of threat analysis is to know as much as possible about each adversary and their ability to target the organization. It is especially important to tailor the adversary threat to the actual activity and, to the extent possible, determine what the adversary’s capabilities are with regard to the specific operations of the activity or program.apabilities, and activities that the adversary needs to plan and act effectively to degrade operational effectiveness or place the potential for organizational success at risk. The OPSEC process identifies critical information and determines when that information may cease to be critical in the life cycle of an operation, program, or activity.

Application of Appropriate Countermeasures

In the final step, countermeasures are developed to protect the activity. Ideally, the chosen countermeasures eliminate the adversary threat, the vulnerabilities that can be exploited by the adversary, or the utility of the information. In assessing countermeasures, the impact of the loss of critical information on organizational effectiveness must be balanced against the cost of implementing corrective measures. Possible countermeasures should include alternatives that may vary in terms of feasibility, cost, and effectiveness. Based on the probability of collection, the cost effectiveness of various alternatives and the criticality of the activity countermeasures are selected by the program manager. In some cases, there may be no effective means to protect information because of cost or other factors that make countermeasure implementation impossible. In such cases, the manager must decide to accept the degradation of effectiveness or cancel the activity.

  • Security

Security

pdf

UCAH-OPSEC-Brief

PDF detailing operations security (OPSEC) which is a process by which organizations assess and protect public data.
Size: 259.84 KB
Hits: 326
Date added: 14-10-2021
Download
pdf

Safe Social Networking

A PDF detailing how to be safe on social media
Size: 598.13 KB
Hits: 255
Date added: 14-10-2021
Download
pdf

Academic Solicitation

PDF detailing Academic Solicitation and some examples.
Size: 667.89 KB
Hits: 343
Date added: 24-01-2023
Download
pdf

Controlled Unclassified Information

PDF detailing Controlled Unclassified Information identification and management.
Size: 3.97 MB
Hits: 301
Date added: 03-02-2023
Download
pdf

DOD INSTRUCTION 5230.24

DISTRIBUTION STATEMENTS ON DOD TECHNICALINFORMATION
Size: 427.46 KB
Hits: 340
Date added: 10-08-2023
Download
pdf

What is Military Civil Fusion PDF

PDF describes the Military Civil Fusion strategy utilized by the People's Republic of China.
Size: 187.14 KB
Hits: 395
Date added: 14-10-2021
Download
pdf

PSA On Talent Programs

PDF detailing how Foreign government-sponsored talent recruitment plans can lead to data leaks.
Size: 287.08 KB
Hits: 264
Date added: 14-10-2021
Download
pdf

Guidance for Securing Video Conferencing

PDF providing guidance for securing video conferencing.
Size: 215.50 KB
Hits: 402
Date added: 14-10-2021
Download
pdf

Foreign Collection Methods

PDF describing how sensitive information is often collected.
Size: 728.83 KB
Hits: 334
Date added: 14-10-2021
Download

 

Icon label