AIR FORCE AF AFI 10-701-2011 OPERATIONS SECURITY (OPSEC).pdf

1、 BY ORDER OF THE SECRETARY OF THE AIR FORCE AIR FORCE INSTRUCTION 10-701 8 JUNE 2011 Operations OPERATIONS SECURITY (OPSEC) COMPLIANCE WITH THIS PUBLICATION IS MANDATORY ACCESSIBILITY: Publications and forms are available on the e-Publishing website at www.e-publishing.af.mil for downloading or orde

2、ring. RELEASABILITY: There are no releasability restrictions on this publication. OPR: AF/A3Z-CI, Information Operations Division Supersedes: AFI10-701, 18 October 2007 Certified by: AF/A3Z (Maj Gen Bolton) Pages: 40 This publication implements Air Force Policy Directive (AFPD) 10-7, Air Force Infor

3、mation Operations. The reporting requirements in this publication have been assigned Report Control Symbol (RCS) DD-INTEL(A)2228 in accordance with DoDD 5205.02, DoD Operations Security (OPSEC) Program. It applies to all Major Commands (MAJCOM), Field Operating Agencies (FOA), Direct Reporting Units

4、 (DRU), Air Force Reserve Command and Air National Guard (ANG) organizations. This publication provides guidance for all Air Force personnel (military and civilian) and supporting contractors in implementing, maintaining and executing OPSEC programs. It describes the OPSEC process and discusses inte

5、gration of OPSEC into Air Force plans, operations and support activities. Refer recommended changes and questions about this publication to the Office of Primary Responsibility (OPR) using the AF Form 847, Recommendation for Change of Publication; route AF Forms 847 from the field through appropriat

6、e chain of command. Ensure that all records created as a result of processes prescribed in this publication are maintained in accordance with AFMAN 33-363, Management of Records, and disposed of in accordance with the Air Force Records Disposition Schedule (RDS) located at https:/www.my.af.mil/afrim

7、s/afrims/afrims/rims.cfm. The use of the name or mark of any specific manufacturer, commercial product, commodity, or service in this publication does not imply endorsement by the Air Force. SUMMARY OF CHANGES This document has been substantially revised and must be completely reviewed. This updated

8、 instruction adds responsibilities for MAJCOMs, FOAs and DRUs (paragraph 1.4.8), Air Combat Command (ACC) (paragraph 1.4.8), commanders (paragraph 1.4.15), requirement to budget, Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-2 AFI10-701 8 JUNE 2011

9、 acquire and distribute OPSEC awareness and education materials (1.4.15.8.2), OPSEC Program Managers (PM), Signature Management Officers, Coordinators and Planners (paragraph 1.4.16) and all Air Force personnel (paragraph 1.4.17). Chapter 2 has been renamed Signature Management and OPSEC Process has

10、 been moved to Chapter 4. OPSEC measures have been deleted from chapter 4 and are now reflected to read countermeasures (paragraph 4.6). Acquisition planning has been removed from chapter 3, OPSEC Planning and placed within chapter 8, OPSEC Contract Requirements. OPSEC Awareness Education and Traini

11、ng has been moved to chapter 5, OPSEC Education and Training, and includes requirement to provide awareness information to AF family members. OPSEC assessments has been moved to chapter 6 and titled Assessments. Additions to chapter 6 include web site link to the OPSEC Core Capabilities Checklists (

12、paragraph 6.1.5), requirements regarding the assessment of information on AF public and private web sites (paragraph 6.5), and requirement to utilize the operations security collaborations architecture (OSCAR) tool for annual assessments (paragraph 6.6.4). Air Force OPSEC annual awards is located in

13、 chapter 7 and chapter 8 includes information regarding OPSEC as a requirement within government contracts. Chapter 1 GENERAL 4 1.1. Introduction: . 4 1.2. Operational Context: 4 Figure 1.1. OPSEC Functional Structure . 4 1.3. Purpose: . 5 1.4. Roles and Responsibilities: 5 Chapter 2 SIGNATURE MANAG

14、EMENT 15 2.1. Signature Management. . 15 2.2. Wing or installation commanders will: 15 2.3. Signature Management Officer/Signature Management Non-Commissioned Officer will: . 16 2.4. Signature Management Planning and Coordination. . 17 2.5. Exploitation Countermeasures (Refer to AFI 10-704, Paragrap

15、h 2. 18 Chapter 3 OPSEC PLANNING 19 3.1. General. 19 3.2. Operational Planning. 19 3.3. Support Planning. . 19 3.4. Exercise Planning. . 19 3.5. Acquisition Planning. . 20 Chapter 4 OPSEC PROCESS 21 4.1. General: 21 Provided by IHSNot for ResaleNo reproduction or networking permitted without license

16、 from IHS-,-,-AFI10-701 8 JUNE 2011 3 4.2. Identify Critical Information: . 21 4.3. Analyze Threats: 21 4.4. Analyze Vulnerabilities: 21 4.5. Assess Risk: . 22 4.6. Apply Countermeasures: 22 Chapter 5 OPSEC EDUCATION AND TRAINING 23 5.1. General. 23 5.2. All Personnel: 23 5.3. OPSEC PMs/SMO/SMNCOs/C

17、oordinators, Planners, Inspection Teams: . 24 5.4. Joint and Interagency OSPEC Support: . 25 Chapter 6 ASSESSMENTS 26 6.1. General: 26 6.2. Annual OPSEC Program Review: . 26 6.3. Staff Assistance Visit (SAV): 27 6.4. Survey: . 27 6.5. Web Content Vulnerability Analysis: 28 6.6. Support Capabilities:

18、 28 Table 6.1. OPSEC Assessment Types and Support Capabilities 30 Chapter 7 AIR FORCE OPSEC ANNUAL AWARDS PROGRAM 31 7.1. General: 31 Chapter 8 OPSEC REQUIREMENTS WITHIN CONTRACTS 32 8.1. General: 32 8.2. Guidance and procedures: 32 Attachment 1 GLOSSARY OF REFERENCES AND SUPPORTING INFORMATION 34 P

19、rovided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-4 AFI10-701 8 JUNE 2011 Chapter 1 GENERAL 1.1. Introduction: OPSEC is a military capability within Information Operations (IO). IO is the integrated employment of three operational elements: influence op

20、erations (IFO), electronic warfare operations and network warfare operations. IO aims to influence, disrupt, corrupt, or usurp adversarial human or automated decision-making while protecting our own. IFO employs the military capabilities of military information support operations (MISO), OPSEC, mili

21、tary deception (MILDEC), counterintelligence operations, public affairs (PA) operations and counterpropaganda operations to affect behaviors, protect operations, communicate commanders intent and project accurate information to achieve desired effects across the operational environment. OPSECs desir

22、ed effect is to influence the adversarys behavior and actions by protecting friendly operations and activities. 1.2. Operational Context: 1.2.1. Operational Focus. The OPSEC program is an operations function or activity and its goals are information superiority and optimal mission effectiveness. The

23、 emphasis is on OPERATIONS and the assurance of effective mission accomplishment. To ensure effective implementation across organizational and functional lines the organizations OPSEC Program Manager (PM), Signature Management Officer (SMO), or coordinator will reside in the operations and/or plans

24、element of an organization or report directly to the commander. For those organizations with no traditional operations or plans element, the commander must decide the most logical area to place management and coordination of the organizations OPSEC program while focusing on operations and the missio

25、n of the organization. Figure 1.2 illustrates the AF OPSEC functional structure. Figure 1.1. OPSEC Functional Structure Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-AFI10-701 8 JUNE 2011 5 1.2.2. Operational effectiveness is enhanced when commande

26、rs and other decision-makers apply OPSEC from the earliest stages of planning. OPSEC involves a series of analyses to examine the planning, preparation, execution and post execution phases of any operation or activity across the entire spectrum of military action and in any operational environment.

27、OPSEC analysis provides decision-makers with a means of weighing how much risk they are willing to accept in particular operational circumstances in the same way as operations risk management allows commanders to assess risk in mission planning. 1.2.3. OPSEC must be closely integrated and synchroniz

28、ed with other IFO capabilities, security disciplines, and all aspects of protected operations (see references listed in Attachment 1). 1.3. Purpose: 1.3.1. The purpose of OPSEC is to reduce the vulnerability of Air Force missions by eliminating or reducing successful adversary collection and exploit

29、ation of critical information. OPSEC applies to all activities that prepare, sustain, or employ forces during all phases of operations. 1.3.2. OPSEC Definition. OPSEC is a process of identifying, analyzing and controlling critical information indicating friendly actions associated with military oper

30、ations and other activities to: 1.3.2.1. Identify those actions that can be observed by adversary intelligence systems. 1.3.2.2. Determine what specific indications could be collected, analyzed, and interpreted to derive critical information in time to be useful to adversaries. 1.3.2.3. Select and e

31、xecute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. 1.4. Roles and Responsibilities: 1.4.1. Air Force organizations must develop and integrate OPSEC into their mission planning to ensure critical information and indicator

32、s are identified. At a minimum, the Air Force will integrate OPSEC into the following missions: military strategy, operational and tactical planning and execution, military indoctrination, support activities, contingency, combat and peacetime operations and exercises, communications-computer archite

33、ctures and processing, critical infrastructure protection, weapons systems, Research, Development, Test and Evaluation (RDT budget, acquire, and distribute OPSEC education materials. 1.4.15.8.3. Ensure the OPSEC training program clearly communicates to all personnel that the command will consider fo

34、r appropriate disciplinary action all failures to follow directed OSPEC measures and/or unauthorized disclosure of critical information. 1.4.15.9. Ensure OPSEC assessments are conducted annually to support operational missions. 1.4.15.10. Ensure OPSEC PMs and Coordinators integrate into or liaise wi

35、th the information protection, force protection, antiterrorism, and threat working groups and if necessary establish a working group to address OPSEC concerns. In addition, an ad-hoc working group will be established for any large-scale operation or exercise. NOTE: Refer to AFTTP 3-1.IO, Tactical Em

36、ployment Information Operations (U), Attachment 4 for additional guidance. 1.4.15.11. Ensure unit deployment managers add OPSEC awareness training as a mandatory requirement for deploying personnel. 1.4.15.12. Ensure all personnel such as, Web Site administrators, Webmasters, supervisors, public aff

37、airs specialists, OPSEC coordinators, PMs, SMOs, etc., who review information for public release complete OPSEC training focused on reviewing information that is intended for posting utilizing Internet-based Capabilities. 1.4.16. OPSEC PMs, Coordinators and Planners: NOTE: Wing and installation SMOs

38、 will follow the guidance in Chapter 2, Signature Management. 1.4.16.1. OPSEC PMs are assigned in writing at organizations above the wing/installation level. OPSEC PMs may be assigned to FOAs and DRUs depending on their size, need and organizational reporting chain. Provided by IHSNot for ResaleNo r

39、eproduction or networking permitted without license from IHS-,-,-12 AFI10-701 8 JUNE 2011 1.4.16.2. OPSEC Coordinators are assigned in writing at each subordinate organization below the wing-level. At the MAJCOM level, National Guard Bureau (NGB), FOAs, or DRUs, OPSEC Coordinators will be appointed

40、within HQ directorates, as appropriate. 1.4.16.3. OPSEC PMs, and Coordinators will: 1.4.16.3.1. Have at a minimum a secret clearance (recommend Top Secret for Wing level positions and higher). In addition, OPSEC PMs will have accounts established on SIPRNET. 1.4.16.3.2. Advise commander or director

41、on all OPSEC and signature management related matters to include developing operating instructions, recommending guidance, and OPSEC measures. Review periodically (at a minimum annually) for currency and update as necessary. 1.4.16.3.3. Tenant organization OPSEC PMs and Coordinators will closely coo

42、rdinate and integrate with host wing on any OPSEC or signature management initiatives and working groups. However, administrative oversight of tenant organizations program still resides with its HHQ OPSEC PM. 1.4.16.3.4. Incorporate OPSEC into organizational plans, exercises, and activities. 1.4.16.

43、3.5. Develop, implement, and distribute commanders OPSEC guidance memorandums to include CILs, and follow up with new or updates to local or MAJCOM supplements to AFI 10-701, Operations Security (OPSEC). Review periodically (at a minimum annually) for currency and update as necessary. 1.4.16.3.6. En

44、sure procedures are in place to control critical information and associated indicators. Review periodically (at a minimum annually) for currency and effectiveness. 1.4.16.3.7. Utilize assessment results to mitigate discovered vulnerabilities and aid organization OPSEC awareness efforts. 1.4.16.3.8.

45、Work closely with PA, information protection, web administrators, and other officials designated by the commander who share responsibility for the protection and release of information to ensure critical information is protected. 1.4.16.3.8.1. Prior to submitting to PA, conduct for OPSEC concerns a

46、review of organizational information intended for publication or release to the public. This could include, but is not limited to base newspapers, safety magazines, flyers, web pages, interviews, and information for news articles. 1.4.16.3.8.2. Answer questions, assist in the development of guidance

47、, and provide advice to PA and other information-releasing officials concerning protecting critical information during reviews of public and/or private web pages. 1.4.16.3.9. Provide oversight and management of organizations OPSEC education and training. 1.4.16.3.9.1. Ensure initial mission-oriented

48、 OPSEC education and awareness training is accomplished upon arrival of newly assigned personnel and then annually thereafter. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-AFI10-701 8 JUNE 2011 13 1.4.16.3.9.2. Track initial and annual awareness t

49、raining and report training initiatives via the annual OPSEC program report to the next HHQ OPSEC PM. 1.4.16.3.10. Coordinate, facilitate, and conduct annual OPSEC assessments such as surveys, annual program reviews and vulnerability assessments as listed in Chapter 6. 1.4.16.3.10.1. Coordinate with appropriate organizations to resolve/mi