Be smart with the information your NGO publicly displays
OPSEC = Operations security
Every time I see some well meaning yet idiotic humanitarian aid guy flashing the peace sign in a picture with a caption like “This is me and my local fixer Jang Wang getting ready to cross into North Korea on our mission to bring bibles and polio shots to poor people” on Facebook all I can do is shake my head.
What these people don’t realize is any half descent photo intelligence guy can not only pinpoint there exact location based on the vegetation and topography in the background – he has put himself and anyone working or traveling with him on a shit-list. Or even worse, they may have endangered the very people they are supposed to be helping.
I understand that most people who work with or run smaller NGO’s don’t have any counterintelligence training so I have written up this quick primer on OPSEC for NGO’s.
OPSEC is a multi-tier system where you identify sensitive information, determine who is potentially a threat and enact measures to prevent your NGO’s sensitive information from being compromised. The following OPSEC Process is based on the one developed by the Operations Security Professionals Association.
1) Identification of Critical Information:
Identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.
For NGO’s this information would be timetables for missions, routes you are planning to take, the local assets you use, post-mission information and media (videos and photos).
Many NGO’s like to post pictures, videos, upcoming mission dates and foreign NGO’s who assist them on their websites for publicity, to show people who donate to them that they actually go on humanitarian aid missions and because the think “all NGO’s do it”.
If your NGO is conducting missions in Hostile Environments and tin-pot dictatorships then you should consider all of the above Critical Information.
2) Analysis of Threats:
The research and analysis of intelligence, counterintelligence, and open source information to identify likely adversaries to a planned operation.
For NGO’s this can be every government agency in the country you are operating in to even your own government depending on the current political environment. Generally speaking all governmental authorities and unrecognized political groups are considered intelligence threats.
3) Analysis of Vulnerabilities:
Examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action.
This more or less means taking any mission information that you would not want the “bad guys” to see and determine if they (the bad guys) can easily access it.
4) Assessment of Risk:
First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability.
This is where you take the mission information that you decided was valuable in step 3 and figure out a way to better conceal and protect it from the “bad guys”
This can mean taking down pictures and upcoming mission dates from your NGO’s website, buying a safe and paper shredder and setting guidelines for information you give over the phone.
5) Application of Appropriate OPSEC Measures:
The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans
After you have completed all the above steps have them written down, the “head guy” sign off on it and made into “law” for everyone involved with your NGO. Then review and follow the above OPSEC measures for future missions.
Founder – Editor in Chief
James G is a Veteran Civilian Contractor who has worked in the Middle East and Southeast Asia for way too long. He spends his off time in Indonesia and Virginia getting drunk, shooting guns and writing poorly written articles.