Archive for the ‘Leadership Support’ Category

Fight The Power

Wednesday, September 16th, 2009

“I’ve called this meeting because, as we feared, our budget has been cut 14%. We’ve game-planned for this but now is the time to get serious about what we can slim down and what we can live without.”

“Sir, if I may…we do have one program that has absolutely no verifiable Return on Investment that I think we should consider.”

“You mean, we actually have a program that is costing us money that has absolutely no ROI?”

“Yes sir.”

“Frankly, I’m a little worried that this hasn’t come to my attention before. What program are you talking about Johnson?”

“OPSEC sir.”

“Op-what-now?”

“OPSEC sir; Operational Security. You know the one. That briefing we get once a year where they tell you to keep your mouth shut. Don’t talk about work in bars and stuff.”

“Yeah, I know it. You mean that program costs us money? It can’t be very much can it?”

“Well sir, we have a full time guy who runs the program and then we have a group of people who have to spend a small percentage of their time on it as OPSEC Committee members.”

“Hmmm. So what do they actually do for us?”

“No one really knows sir. I think I’ve seen a report or two floating around but I’ve never read one and no one I’ve asked has either.”

“Let me make sure I understand…they give briefings that no one wants to go to, write reports that no one reads and take up valuable time from committee members who should be doing something else. Is that about right?

“I would say that about sums it up sir.”

“And how much will we save annually if we kill it?”

“Based on the projected cuts for this upcoming FY killing this program would save us .003% off the top.”

“Well that’s not much is it Johnson?”

“No it isn’t sir, but if we think we really don’t need it anyway then why not just kill it? It will show that we’re being proactive and not afraid to cut what some of our security professionals say is a critical program.”

Ladies and Gentlemen, this is happening today. OPSEC has already been reduced or just plain cut from a number of organizations. We know OPSEC is a viable program. We also know that it does not and will not ever bring in money. ROI is almost impossible to prove also. Did OPSEC save any lives today? Did a competitor not find what he was looking for when he went through our trash because of OPSEC? Did Johnny or Susie not say something critical or sensitive on the Internet today because of OPSEC? Beats me. I hope so – but we have no proof.

Sooner or later your OPSEC program will come into question. At that time you will need to be able to answer the question: “Why should we keep the program?”

The answers to that question are as varied as the individual programs and can’t be fully answered in this forum. But you need to be thinking about how to answer that question for your program and your organization. I guarantee you that sooner or later the question will be asked and I’ll bet you that if you don’t have the answer they’re looking for…

Let’s just say you and your program may be in danger.

Keep the Faith!
Revelator

Fight The Power – Public Enemy

Posted in General OPSEC, Leadership Support, Program Management | No Comments »

OPSEC FAQ’s

Tuesday, May 20th, 2008

Q:  How much money does a full-time OPSEC manager make annually?

A:  It’s not about the money you self-serving SOB.

Q:  Which really comes first; Critical Information Identification or Threat Analysis?

A:  Some say OPSEC is an iterative process and you can do whatever step in the process whenever the hell it feels right.  Others would argue that if you don’t have a threat then who cares what your critical information is.  But for me – Saint Ron (Pres Reagan) listed CI identification first and that’s good enough for me.

Q:  What is the best way to get leadership support for my OPSEC program?

A:  There is no “best” way but here are some suggestions: begging, bribery, coercion, blackmail, threats, acid filled water pistol, doctored photos, water-boarding, repeated viewing of Molly Shannon skits from Saturday Night Live.  Folks, I really don’t have a solid answer for this one.  Some times you just get lucky and have leadership that understands OPSEC and its importance to the mission.  Other OPSEC Managers are just real good salesmen who convince management of the need for OPSEC.  If any of you out there have a good idea or war story please click the comment link and I’ll get it to the masses.

Q:  OPSEC says to avoid stereotyped activities but there is validity in the thought that if it worked once it will work again.  So isn’t OPSEC really saying that even though it worked once we really want you to try something different that may or may not work?  And isn’t this harmful to the potential success of the mission?

A:  Helluva question.  I’ll leave this one to the readers to respond to – come on folks – send me your responses.

Q:  Why do all the posters tell me to “Think” OPSEC?  Wouldn’t it better if I “Acted” OPSEC? 

A:  Clearly.  “Thinking” something is great only of there is an action tied to the thought.  Why just the other day I “thought” drive the speed limit – but I didn’t actually drive the speed limit so what good was thinking it?  This morning I “thought” diet and then had four biscuits with about a quart of gravy.  And come Friday evening I’m pretty sure I’m gonna “think” about not having that next beer – I think y’all can tell where this is going.  Thinking OPSEC must be followed by performing some act of OPSEC.

Now I know that many of you have serious OPSEC questions.  This entry is just my way of getting the ball rolling.  If you have ANY questions about OPSEC that you would like answered please send them to me.  We’ll treat them seriously and try to get some good answers for you.  Of course we’ll also accept those sent in a humorous vain and do our best to respond in kind.

Keep the Faith!

Revelator

Posted in Awareness, Countermeasures, Critical Information Lists, Leadership Support, Threat | 6 Comments »