NATIONAL OPERATIONS SECURITY PROGRAM

Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 CONPNT IAL 1-4 -Ta ROUTING AND RECORD SHEET OS REGISTRY SUBJECT: (Optional) 15 APR 1988 National Operations Security Program FROM: EXTENSION NO. OS 8-5546 Policy Branch/PPS Office of Security DATE i APRIL. Icl VII TO: (Officer designation, room number, and building) DATE OFFICER'S COMMENTS (Number each comment to show from whom RECEIVED FORWARDED INITIALS to whom. Draw a line across column after each comment.) . C/Policy Br C/PPS BO/OS 13AP1*--?' 0 6 4. D/OS , 0 S get_ 1J ? . . 10. 11. 12. 13. 14 15 FORM 610 USE PREVIOUS CON NTIAL 1-79 Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 * U.S. Government Printing Office: 1985-494-034/49156 STAT S TAT STAT STAT CONFIDENTIAL . Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 6 APR 1988 OS REGISTRY MEMORANDUM FOR: Executive Director 1 5 APR 1988 VIA: Deputy Director for Administration FROM: Director of Security SUBJECT: National Operations Security Program REFERENCE: National Security Decision Directive Number 298, dtd 22 January 1988 1. The attached memorandum requests each Deputy Director to provide written comments to the Office of Security indicating how a formal OPSEC program might be implemented in the Agency and what current applications are being utilized within their directorate. As the Central Intelligence Agency (CIA) member to the Interagency Group for Countermeasures (Policy) [IG/CM(P)], my Office will serve as the focal point for coordination within the Agency. 2. It is recommended that you sign the attached memorandum addressed to the Deputy Directors. Attachment !OS/PB/PPS !Distribution.. Orig - Adse! 8 2 - DDA! ? 1 - ER! 1 - C/CI Staff/DDO! - OGI! - OC! - NIO/FDIA! SMS/DDS&T! - D/OS Chrono! - PPS Chrono! (4 Apr 88) OS 8-5546 CONFIDENTIAL Declassified in Part - Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 LyNriuhNTiAL . Declassified in Part - Sanitized Copy Approved for Release 2013/09/25 : CIA-RDP91B00390R000300280012-4 MEMORANDUM FOR: Deputy Director for Administration Deputy Director for Intelligence Deputy Director for Operations Deputy Director for Science and Technology FROM: Executive Director SUBJECT: National Operations Security Program STAT 1. The attached National Security Decision Directive (NSDD) Number 298, entitled "National Operations Security Program," was approved by the President on 22 January 1988. This Directive establishes a National Operations Security Program (OPSEC) and calls for each executive department and agency substantially involved in or supporting national security missions with classified nsitive activities to STAT establish a formal OPSEC program. 2. It is requested that addressees provide written comments to the Policy and Plans Staff, Office of Security (PPS/OS), Room 6S17, Stafford Building, indicating how a formal OPSEC program might be implemented in the Agency and what current applications are presently being utilized within your directorate. Additionally, it is requested that your response include the name and secure telephone number of a designated focal point officer for thi subject. Questions may be directed to C/PPS/OS, on extension (secure). Attachment cc: Comptroller James H. Taylor CONFIDENTIAL Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 S TAT STAq STAa Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 SYSTFM Ti Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 THE WHITE HOUSE WASHINGTON January 22, 1988 MEMORANDUM FOR THE VICE PRESIDENT THE SECRETARY OF STATE THE SECRETARY OF THE TREASURY THE SECRETARY OF DEFENSE THE ATTORNEY GENERAL THE SECRETARY OF THE INTERIOR THE SECRETARY OF AGRICULTURE THE SECRETARY OF COMMERCE THE SECRETARY OF LABOR THE SECRETARY OF TRANSPORTATION THE SECRETARY OF ENERGY THE DIRECTOR, OFFICE OF MANAGEMENT AND BUDGET THE DIRECTOR OF CENTRAL INTELLIGENCE UNITED STATES REPRESENTATIVE TO.41HE UNITED NATIONS UNITED STATES TRADE REPRESENTATIVE CHIEFAYST4FF TO THE PRESIDENT ASSISZANT TO THE PRESIDENT FO % POLICY DEVELOPMENT CHAIRMAN, J: INT CHIEFS-00 STAFF CLEAR REGULATORVCcMM SION ':RATQR, AGENCY FOR INTERJATrONAL DEVE4?PMENT DIRECTOR, ARMS CONTROL AND DIS NT AGENCY DIRECT O'FICE OF SCIENCE AND TE NOLOGY POLICY - ADMINIPA CR, GENERAL SERVICES ADMINISTRATION DIRLCTORJ ITED STATiSINFORMATIeN AGENCY ADMINIS , NATIoNAL-AE4Tuarrics AND SPACE ADMINISTRATION DIRECTOR, FEDERAL BUREAU OF INVESTIGATION DIRECTOR, FEDERAL EMERGENCY MANAGEMENT AGENCY DIRECTOR, NATIONAL SCIENCE FOUNDATION DIRECTOR, NATIONAL SECURITY AGENCY DIRECTOR, OFFICE OF PERSONNEL MANAGEMENT CHAIRMAN, PRESIDENT'S FOREIGN INTELLIGENCE ADVISORY41130ARD CHAIRMAN,ORESIDENT'S INTELLIGENCE OVERSIGHT BOARD DIRECTOReeINFORMATION,SECURI,TY OVERSIGHT OFFICE DIRECTOR, WRITE HOUSE/MILITARY OFFICE ,-- `3 SUBJECT: National Operations tectrity,Progtam ? The President has app ve the at curity Natio Decision Directive (N D) stab1iin.2 Nati alperations ??:4, Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 - 2 - Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 Security Program (OPSEC)4*Phis unclasfiTied Ngbp calls for each Executive department ancVagfncy substentiaMy involved in or supporting national securi4, mission*wi1 CIAissi*ied'or sensitive activities to establish a ?f0,r4,41 OPIEC,dorogram. While the NSDD cannot be circulated, a Fact SheetcOntaining identical information shouldApe given the widest distribution possible within your agency/department. The DCI should provide copies the appropriate committees of Congress. FOR THE PRESIDENT: Attachments NSDD Fact Sheet olin . Pow 1 Assistant to the President for National Security Affairs STAT Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 SYqTPM TT . Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 - ? ? 7v - ' - . 7 - - 7,;,?"ivii WASHINGTON.-- , , .1 ... : January 22,-088 ./ NATIONAL SECURITY DECISION DIRECTIVE NUMBER 298 OBJECTIVE NATIONAL OPERATIONS SECURITY PROGRAM Security programs and procedures already exist to protect clas- sified matters. However, information generally available to the public as well as certain detectable activities reveal the existence of, and sometimes details about, classified or sensitive information or undertakings. Such indicators may assist those seeking to neutralize or exploit U.S. Government actions in the area of national security. Application of the operations security (OPSEC) ,process promotes operational effec- tiveness by helping prevent the inadver? ?romise of - sensitive or classified U.S., Governmenteactivit capabilities, or intentions. OPSEC PROCESS The operations sec tion of critical inforinAtio" vulnerabilities, assesspent priate counter1neasures.V Th of the totality of an a' iv. unclassified evidence of4 cik ss involves five? f thre f ris appl proces y to d sified be s w rm light of the known collet?ob capabili vity co ? a identifica- nalysis of of appro- examinat ion loitable but be acquired in ential adver- saries. Such evidence Usti-illy derives fr.' enly available data. Certain indicators may be pieced together or interpreted to discern critical information. Indicators most often stem from the routine administrative, physical, or technical actions taken to prepare for or execute a plan or activity. Once identified, they-are analyzed against the threat to determine the extent to which they may reveal critical information. Commanders and managers then use these threat and vulner,444.4y analyses in risk assessments to assistA;n the selec4Onnaadoption of countermeasures. , OPSEC thus is a systemntic Government and its s1Iport adversaries informOlon identifying, contrAgaill evidence of the planne activities. nd prove contra t capabilities protecting. gene execu f sens ich the U.S. to potential ntions by nclassified Government Declassified in Part - Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 . Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 APPLICATION , _ Indicators and vulnera4ilities,are best identlfied through , . . _ . detailed OPSEC planning before activities statt. .They may also be identified during/orafter the conduct of routine functional activities by analyzing,how.functions are actually.performed and the procedures used. ,Planning and analysis proceed from the adversary's-perspective. To assist inOPSEC planning and analysis, OPSEC planning guidance mOst'te develbpedjointly by those most familiar with the operational-.aspeCts of a particular activity together with their supporting intelligence elements. ??.2 OPSEC planning guidanceshouid take account of-those aspects of an activity that should be protected in light of U.S. and adversary goals, estimated key adversary questions, probable adversary knowledge, desirable and harmful adversary apprecia- tions, and pertinent intelligence threats. OPSEC planning guidance should also outline OPSEC measures to complement physical, information, personnel, signals, computer, communica- tions, and electronic security measures. OPSEC measures may include, but are not limited to, counter.i,maggu, cover, conceal- ment, and deception. In the OPSEC process, analysis of threat a implementation, on OPSEC measures ar analyses, but ultim commanders, supervis aspects of a program o maker with ultimate res resource management mu where and how OPSEC wi important.7 toidia vulnerability the othe . RecoMMend tion joint operationa ions on implement: program gers vity to,be rotect onsibilityiformissio h e complkautIty applied. POLICY sh between and, and the use of- ligence re made by ermine the he decision- ...1. accomplishment and r determining A National Operations Security Program is hereby established. Each Executive department and agency assigned or supporting national security missions with classified or sensitive activi- ties shall establish a formal OPSEC program with the following common features: Specific assignment,r responsib y fo.SEC direction and implementation Specific requirements o plan anticipation aVan ere app agency activit.,_ Direction to use 0 analyt identifying vulne ties a measures. nt OPSEC in g department or assist in priate OPSEC Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 , Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 ? - - Enactment of measures to ensure that all personnel, commen- surate with their positions and security clearances, are aware oehostile intelligence threats and understand the OPSEC process. Annual review and evaluation of OPSEC procedures so as to assist the improvement of OPSEC programs. Provision for interagency support and cooperation with respect to OPSEC programs. Agencies with minimal activities that could affect national security need not establish a formal OPSEC program; however, they must cooperate with other departments and agencies to minimize damage to national security when OPSEC problems arise. ACTION Heads of Executive departments and agencies assigned or support- ing national security missions. Heads of Executive departments or agencies e -1 missions shall: ?110 Establish organizational OPSEC , . Issue, as approprzatei planning guidance? and - '41 I Designate departmental and A ; Further, they shall advi,is4the Nati OPSEC measures required of4other Exe agencies in order to ach and main with national security ams;,, OPSEC policiesW1pocedures, and % lanners ectii i t y Co u nc i 1 (NSC) on ive departments and 16-Cive operations or activities. In this connection, the Joint Chiefs of Staff shall advise the NSC of the impact of nonmilitary U.S. policies on the effectiveness of OPSEC measures taken by the Armed Forces, and recommend to the NSC policies to minimize any adverse effects. for OPSEC. Chairman, Senior Interagency Group for Intelligence (SIG-I). Consistent with previous Directives, thOlqjG7I has responsibility for national OPSEC policy formulation rsolutTion of interagency differences, guidance Mitional-1 1 OC *caning, technical OPSEC support, and advrCello indivi41alxectitive departments and agencies. The National Oplrations city Aqviiory Committee (NOAC), as part ofele,SIGI structednd fUnctioning under the aegis of the Inter4.9endy Group for Counteriii4i6ur4,s (Policy), will: - -- Advise the SIG-I tr ture on res fot re ucing OPSEC vulnerabilities Ad propose corredttmemeasures; Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 c, Declassified in Part - Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 ? As requested, consult'with, and provide advice and recom- mendations to, the variousdepartments,and agencies concern- ing OPSEG vulnerabilities. and corrective measures; On an ad hoc basis, chair meetings of representatives of two or more Executive departments or agencies having competing interests or responsibilities with OPSEC implications that may affect national security interests. Analyze the issues and prepare advisory memoranda and recommendations for the competing agencies. In the event NOAC fails to resolve differences, it shall submit the issue, together with its recommendation, to the SIG-I for resolution, which may recommend a meeting of the Policy Review Group (PRG) to consider the issue; Bring to the attention of the SIG-I unsolved OPSEC vulner- abilities and deficiencies that may arise within designated programs and activities of the Executive branch; and Specify national-level requirements for intelligence and counterintelligence OPSEC support to.,.-ttke SIG-I. - Director, National SecuritY Agency. 4 ... The Director, Natio Security Agency ,-igated Executive t, Agent for interag OPSEC training,n t. Apacity, he has responsibility t s..i4t Eiecutive departm i--a agencies, as needed, to establiS OPSEC1programs; develop 'fb d p ovide inter- agency OPSEC training courses, anfficelablish d 04intain an Interagency OPSEC Supp4rtaff (Igps)f whos empership shall include, at a minimum,* representative._ ,f, DeArtment of Defense, the Department oflEnergy,-tlw C611 al Intelligence Agency, the Federal Bureau of InvestIllation, and4the General Services AdministrationfiLTIle IOSS wiItftlaggW. Carry out interagency, national-level, OPSEC training for executives, program and project managers, and OPSEC specialists; Act as consultant to Executive departments and agencies in connection with the establishment of OPSEC programs and OPSEC surveys and analyses; and -fr Provide an OPSEC techincal Nothing in this directive:i staftrforthe SIG-I. 4 _ Is intended to,infrinsie on the ties of the Diiector!4f Centr intelligence sourdesRnd meth the Intelligence Commdnity as No. 12333; or authorI4ts and responsibili- ,,4 telligglaceco protect nor those 0 any member of fied Executive Order Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 Declassified in Part - Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4 - - Implies an authority.b? the part ofthe SIG1-I Interagency Group for Countermeasures (Policy) or the NOAC to examine the facilities or Operations of any Executive department or agency without the approval of the head ox such Executive department or agency. cv-isLeK '411 \ Declassified in Part- Sanitized Copy Approved for Release 2013/09/25: CIA-RDP91B00390R000300280012-4