3-2. All soldiers execute OPSEC measures. These cover a range of activities, from maintaining silence among peers and family to camouflaging equipment. Effective OPSEC requires disseminating OPSEC guidance to every soldier. Good OPSEC involves telling soldiers why OPSEC measures are important and what they are supposed to accomplish. All must understand the cost of failing to maintain effective OPSEC. Understanding why they are doing something and what their actions me supposed to accomplish, allows soldiers to execute tasks mere effectively. Active and deliberate actions by individual soldiers are critical to successful OPSEC.
THE OPERATIONS SECURITY PROCESS
OPSEC Process Actions
- Identification of EEFI
- Analysis of adversaries
- Analysis of vulnerabilities
- Assessment of risk
- Application of appropriate OPSEC measures
3-3. Army forces follow the OPSEC process prescribed in JP 3-54. As with other processes, such as targeting and intelligence preparation of the battlefield (IPB), commanders synchronize OPSEC planning during the military decision-making process (MDMP). The OPSEC process includes five actions that apply to any operation. They provide a framework to systematically identify, analyze, and protect essential elements of friendly information (EEFI). The OPSEC process is continuous. G-7s use it to assess the changing nature of adversary operations and friendly vulnerabilities throughout an operation. The OPSEC process is conducted by the OPSEC officer. Actions that compose the OPSEC process follow a sequence. However, as with the MDMP, staffs avoid following the sequence lockstep. Information affecting an OPSEC action can arrive at any time. Effective staffs process the information, enter the OPSEC process at the appropriate point, and execute the actions necessary to act on the information. The following paragraphs discuss the OPSEC actions in the order they logically occur.
OPSEC ACTION 1 — IDENTIFICATION OF ESSENTIAL ELEMENTS OF FRIENDLY INFORMATION
3-4. The product of this OPSEC action is EEFI, a list of information that needs protection. The Army defies essential elements of friendly information as the critical aspects of a friendly operation that, if known by the enemy, would subsequently compromise, lead to failure, or limit success of the operation, and therefore must be protected from detection (FM 3-0). Army doctrine defines EEFI differently from joint doctrine. The joint definition of EEFI focuses on information adversaries want to collect. The Army definition focuses on information friendly commanders want to protect. The joint definition of EEFI includes friendly information that may not compromise friendly operations. However, collecting it consumes resources that adversaries could use to collect EEFI. Army OPSEC doctrine addresses protecting information that is relevant from the adversary's perspective. It does not address what joint doctrine considers EEFI.
3-5. The OPSEC process begins with the commander's initial guidance during receipt of mission. The G-7 recommends initial EEFI if the commander
