EXPAT SURVIVAL: OPSEC For NGO’s and Humanitarian Aid groups

Be smart with the information your NGO publicly displays

OPSEC = Operations security

Every time I see some well meaning yet idiotic humanitarian aid guy flashing the peace sign in a picture with a caption like “This is me and my local fixer Jang Wang getting ready to cross into North Korea on our mission to bring bibles and polio shots to poor people” on Facebook all I can do is shake my head.

What these people don’t realize is any half descent photo intelligence guy can not only pinpoint there exact location based on the vegetation and topography in the background – he has put himself and anyone working or traveling with him on a shit-list. Or even worse, they may have endangered the very people they are supposed to be helping.

I understand that most people who work with or run smaller NGO’s don’t have any counterintelligence training so I have written up this quick primer on OPSEC for NGO’s.

OPSEC is a multi-tier system where you identify sensitive information, determine who is potentially a threat and enact measures to prevent your NGO’s sensitive information from being compromised. The following OPSEC Process is based on the one developed by the Operations Security Professionals Association.

1) Identification of Critical Information:

Identifying information vitally needed by an adversary, which focuses the remainder of the OPSEC process on protecting vital information, rather than attempting to protect all classified or sensitive unclassified information.

For NGO’s this information would be timetables for missions, routes you are planning to take, the local assets you use, post-mission information and media (videos and photos).

Many NGO’s like to post pictures, videos, upcoming mission dates and foreign NGO’s who assist them on their websites for publicity, to show people who donate to them that they actually go on humanitarian aid missions and because the think “all NGO’s do it”.

If your NGO is conducting missions in Hostile Environments and tin-pot dictatorships then you should consider all of the above Critical Information.

2) Analysis of Threats:

The research and analysis of intelligence, counterintelligence, and open source information to identify likely adversaries to a planned operation.

For NGO’s this can be every government agency in the country you are operating in to even your own government depending on the current political environment. Generally speaking all governmental authorities and unrecognized political groups are considered intelligence threats.

3) Analysis of Vulnerabilities:

Examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action.

This more or less means taking any mission information that you would not want the “bad guys” to see and determine if they (the bad guys) can easily access it.

4) Assessment of Risk:

First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability.

This is where you take the mission information that you decided was valuable in step 3 and figure out a way to better conceal and protect it from the “bad guys”

This can mean taking down pictures and upcoming mission dates from your NGO’s website, buying a safe and paper shredder and setting guidelines for information you give over the phone.

5) Application of Appropriate OPSEC Measures:

The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans

After you have completed all the above steps have them written down, the “head guy” sign off on it and made into “law” for everyone involved with your NGO. Then review and follow the above OPSEC measures for future missions.

—————————————————————————————

~James G
Founder – Editor in Chief

James G is a Veteran Civilian Contractor who has worked in the Middle East and Southeast Asia for way too long. He spends his off time in Indonesia and Virginia getting drunk, shooting guns and writing poorly written articles.

Be Sociable, Share!

15 thoughts on “EXPAT SURVIVAL: OPSEC For NGO’s and Humanitarian Aid groups”

  1. Good stuff and a nice gesture. The NGOs I’ve been around, however, would probably discount all of it because they’re little angels of mercy and who would ever wish them harm. And god forbid they would ever take advice from one of those brutish caveman with gun types who are responsible for the way the world is. Whaaa…

    Journos are just as bad. The abduction of Jill Carrol vividly illustrates total lack of OPSEC thinking. She broadcast her intended routes and meeting times, predictably got jacked, her fixer got murdered and 3 months later she emerged all Stockholm’d out in her good little muslim girl outfit singing the praises of how wonderful her captors were to her, a heroes welcome and a staff job.

    In those circles you apparently get rewarded for fuk’ing up and getting someone killed.

    Maybe if you re-wrote it in language that would resonate with Care Bears or Teletubbies it might penetrate the ideologue addled minds one finds in that sector.

    .

      (Quote This Comment)

  2. James,
    Really good stuff as usual.

    Albert

      (Quote This Comment)

  3. The big problem with OPSEC & NGOs is that NGOs live by their publicity. Most of them have to show what they’re doing or the money flow stops because the sheeple quickly “move-on” to the next crisis.

    Overall, you’re right though. The media and NGOs really have to think about what their actions might cause to happen. Most of the more reputable organizations seem to generally “get the message” more often as it relates to PERSEC.

      (Quote This Comment)

  4. So you’re asking them to get off their high-horse and lay off of the smug “I’m helping starving kids in africa, what about YOU?” bullshit and keep it to themselves? Good luck. I have met more than a handful of these types,

    I wish I could say one of them wasn’t like that…but they all were.

      (Quote This Comment)

    1. Unfortunately most of these are low self-esteem types that are overcompensating by making a big show of trying to save something or other: “Save the whales,” “Save the Starving Kids,” “Save this weird little field mouse you never heard of,” etc.

      They are like little kids vying for attention.

        (Quote This Comment)

  5. I have found most of these types to be left wing pieces of garbage that hate everything about America, capitalism, & are flaming anti Semites. I am constantly irritated when these idiots get killed, especially in the territories in Israel & then scream rape forgetting that they are in a war zone.

    Frankly I have a really hard time shedding a tear for these people & feel that they usually get what they deserve. I just hate the sympathy that they seem to generate in the liberal media.

    Oh my did I let my feelings out & express how I really feel about them?

      (Quote This Comment)

  6. Jeez, didn’t any of you realize that with peace in your hearts, bullets turn to flowers in mid flight and all the world’s problems are soluble in sunshine and rainbows?

    As for the opsec guidelines, this breakdown is great, and one of the most understandable presentations of basic opsec I’ve read. Hopefully the more reputable humanitarian agencies either have or will learn better opsec. And those damn hippies? Dollar voting will, eventually, win the day.

      (Quote This Comment)

  7. Excellent stuff and spot on! It’s a hard lesson to learn sometimes, for those of us running NGOs, that it is better to keep the public info to a minimum when dealing with sensitive operations.

      (Quote This Comment)

  8. Good stuff and a nice gesture. The NGOs I’ve been around, however, would probably discount all of it because they’re little angels of mercy and who would ever wish them harm. And god forbid they would ever take advice from one of those brutish caveman with gun types who are responsible for the way the world is

    Many people involved in Humanitarian Aid work do tend to discount or not seek out advice from people who work within the international security world (security contractors and such) because they dislike the type of work they do.

    I have run into this an many occasions (I have been involved in NGO Humanitarian Aid work for a good part of my adult life), I try to give advice and as soon as they find out my day job is a “Mercenary” they immediately turn their back on me and any advice I have concerning security and OPSEC.

    But it does go both ways, I have tried to get some guys from the contracting world to help me out on some Humanitarian Aid projects and they say “Fuck those Hippies”

    I have always been a believer that you should pay attention to people with intelligent knowledge no matter what their political opinions are.

    The child dying of AIDS in Asia does not care if you are a democrat or republican, they only care that you have the heart, skills and knowledge to help them.

    I really wish those in the tactical world and those who work in the NGO world could put away their political differences and just concentrate on helping people. That was why I wrote this article, to spread a bit of info to those in the NGO world that probably wouldn’t go to a “shooter” for advice.

    The big problem with OPSEC & NGOs is that NGOs live by their publicity. Most of them have to show what they’re doing or the money flow stops because the sheeple quickly “move-on” to the next crisis.

    Yes, I do understand that NGO’s that rely on public donations need to show that they use the money responsibly and actually go out into the field.

    They can still post pictures of their missions online, they just need to follow the steps above to ensure that they are not inadvertently posting intelligence that may get someone killed, imprisoned or threaten future missions.

    If they must post pictures of higher risk missions then they should take the pictures inside a nondescript building, in an area outdoors that is not near any sensitive travel points and never post pictures of anyone that helps them that could get them in trouble if the local tin-pot government finds out that they are helping foreign NGO’s commit crimes (like illegally crossing borders to help people).

    And using the pixilation feature in Photoshop doesn’t actually mask someone’s features – software exists to reverse engineer pixilated pictures. You have to cut the face off of the picture, paste a random face in the chopped space (I like to use head shots of Bill Murray) then use pixilation to mask the face.

    I can go to almost any NGO website and show you extremely sensitive information and pictures on their websites that will surely get someone killed. All NGO’s should have a designated counter-intelligence security officer – yet pretty much none do.

    They are like little kids vying for attention.

    Yes, many times (generally this mostly happens with the smaller one or two people NGO’s) they post pictures of their missions (that have sensitive information) purely out of ego. Unfortunately the NGO world has bad apples that only do Humanitarian Aid work so they can brag about it.

    Those people have no place in the Humanitarian Aid work world and I hope they get hit by a bus

    As for the opsec guidelines, this breakdown is great, and one of the most understandable presentations of basic opsec I’ve read

    This is by no means a comprehensive OPSEC plan as I have left out about 30 steps – but it is a good basic primer for people without an OPSEC background.

    Hopefully the more reputable humanitarian agencies either have or will learn better opsec.

    Dr. David over at La Cima World Missions (his comment is above this one) has passed this article along to people in his NGO.

    ~James G

      (Quote This Comment)

  9. Thanks for the kind words of support James.

    It is very true that many NGOs are reluctant to take advice from those with secy experience, but I have also found that once they have become victims, they become very attentive. We sponsored a security seminar for expats and NGO workers and a shooter presented an excellent program with their needs in mind. There were nearly 30 organizations represented and every one of them had been affected by violence, some severe. The others that were invited but didn’t show up – hadn’t been hit…..yet. Unfortunately experience is one of those things you get just AFTER you needed it.

    I know that I have much to learn and I have made mistakes, but as we move forward, we try to keep the communication lines open to those that know their stuff. Our goal is to improve our techniques and our effectiveness in tricky areas to get the work done and keep everyone alive. When we have had shooters on our teams providing security, it has given me a great peace of mind and allows me to focus on the work at hand.

    If you need a tooth pulled, you probably don’t care if about someone’s ability to shoot sub MOA groups, you want someone who is a good dentist. We all can bring something to the table and use the skill set we have to leave the world better than we found it.

    There are those, both from the secy world and from the NGO world, who will decide to never “play well with others.” So be it, but for those that do wish to use what they have and, as James so aptly put it, put the politics, philosophy, and religion behind them, and focus on those who are innocent, oppressed, hurting, and broken, there is a mission objective to attain.

    Just for the record, I support the “hit by a bus” philosophy for those who focus on themselves and not the people that need the help. There is a difference between informing supporters and seeking accolades from the masses for personal gain.

      (Quote This Comment)

  10. I meant to add (in the tooth pulling example) that if you come under fire by bandits on a rural Honduran dirt road, you don’t care too much about your secy team’s ability to pull teeth, but you do hope they can shoot a tight group in a high stress situation.

      (Quote This Comment)

  11. A very good breakdown for the non-proffesionals.

    David, it’s not that hard to pull teeth. It’s just to keep a firm grip on the pliers and a steady foot on the patients forehead. Just joking, I admire your work and what you are doing for people out there.

      (Quote This Comment)

  12. Huh?

    The whole idea is to be transparent, open minded and permissive. Ergo the full communication of agenda, dates, movements, deeds, staff etc. This is SOP for anyone from the UN to missionaries. They full accept the additional risk because being “secretive” only hampers their mission. Many hire ex-SAS or hostile environment experts who work without weapons or aggression to mitigate, but never remove risk. Hiding is simply not an option for those who have nothing to hide. And these are very often brave experienced people, not stupid, naive people as you suggest. Maybe you should hang out with a better class of NGO :))

    NGO’s by definition must register and work within the current legal framework of the country they are in. “Humanitarians” could be ex SF docs going in to do trauma work or CBN weirdos preaching Jesus. None of these activities are predictable, plannable or even mitigated by OPSEC. Since they are foreigners in a permissive or non permissive environment.

    The key to security is very simple. Form mutually supportive relationships with the locals (in all their variety), engage an outside information network and be as zen like as you can, accepting the risk and rewards.

      (Quote This Comment)

  13. None of these activities are predictable, plannable or even mitigated by OPSEC. Since they are foreigners in a permissive or non permissive environment.

    Late comer to this article, but I’m not getting your comment here. Are you saying that OPSEC doesn’t / can’t apply to NGO’s and humanitarian work because they are in a foreign country?? Just because they have to register doesn’t mean they have to broadcast there GPS coordinates to the world via the web. Or are you saying that they just wander into foreign countries with no plan or idea of what will happen so planning for anything is just dumb??

    If it’s either I think you are living in la la land. If there is an option three, I’d love to hear it because you kinda got me confused.

      (Quote This Comment)

  14. It basically means that the greatest source of security leaks are going to come from your local staff. You can scrub geotagging info off all photos used for PR, you ban FB, but chances are your driver, local coordinators, fixers, etc will have told their family and friends that they won’t be home for dinner tomorrow night because they have to drive to place such and such to take a bunch of foreigners to see Mr. So and So at whatever o’clock.

      (Quote This Comment)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Upload Files

You can include images or files in your comment by selecting them below. Once you select a file, it will be uploaded and a link to it added to your comment. You can upload as many images or files as you like and they will all be added to your comment.