should be informed by message or memorandum to permit the necessary preparation for the arrival of the team
during the field survey phase. Information items that may be included are:
Survey purpose and scope.
List of team members with clearances.
List of required briefings and orientations.
General timeframe involved.
Administrative support requirements.
Signal security (SIGSEC) monitoring support requirements (if needed).
Vulnerabilities which are identified in the course of an OPSEC survey have only a coincidental relationship to
security classification. A vulnerability (such as a detectable, exploitable event), may or may not carry a security
classification at the time of its identification during the survey. For example, the movement of a reconnaissance
aircraft (the primary operation) may be classified while the movement of a supporting, logistical element may
not have been classified, even though the latter's activity provides an indicator of the primary operation.
OPSEC survey teams are concerned with identifying "indicators," factual or possible sources of information,
which could enable the adversary to degrade friendly effectiveness, whether or not the indicator carries a
classification label. Conversely, there is some "CLASSIFIED" information which, even if it were given to the
adversary, would not necessarily provide a basis for degradation of friendly effectiveness. OPSEC survey
teams, therefore, are not so much concerned with the protection of classified information, per se: rather, they are
concerned with that information which relates to friendly operational effectiveness.
Identification of vulnerabilities is accomplished through the chronicling of the myriad of events which transpire
in the execution of an operation and any supporting or related operations and activities, and analyzing these
events, using the viewpoint of the adversary. To facilitate the analysis, functional outlines should be
constructed in which the events are assembled in a sequential manner, thus creating a time-line which describes
in considerable detail what has, or will, occur in the unfolding of the operation. The term "event" refers to
every conceivable detectable or observable type of activity: communications-electronics, operational
movements, logistical activities, planning conferences, and so on.
Acquisition of the data required to construct an event-sequence time-line is primarily accomplished during the
field portion of an OPSEC survey. This is followed by the analytic phase and requires, in order to assume the
"adversary viewpoint," an in-depth knowledge of the adversary's intelligence systems, ranging from elemental
visual observation to sophisticated electronic systems. Those events in friendly procedures, which are
vulnerable to detection by one or more of the adversary's sensor systems in sufficient time to enable a
potentially degrading reaction, are deemed "vulnerabilities" or "indicators."
An extensive knowledge of the foreign intelligence collection capabilities imparts a realism to OPSEC surveys
which distinguishes them from traditional security assessments. Familiarity with adversary collection and
processing capabilities can enable the OPSEC team to make reasonable judgments concerning the likelihood of
detection of particular events in the friendly scenario, thus allowing prioritization of at least some of the
identified vulnerabilities. Knowledge of the adversary's reaction times may also enable the team to discount
certain apparent vulnerabilities, since detection alone is not necessarily harmful if the adversary does not have
sufficient time to initiate countermeasures to degrade friendly effectiveness.