An experienced OPSEC professional was once asked to address a small class of intelligence professionals on the subject of Operations Security. As a way of introducing his subject, he asked the group this question: "All of you are intelligence professionals. I'd like to know how much of the intelligence product that you produce is based on direct sources--a captured document or manual, a photograph, a HUMINT source, a SIGINT intercept--and how much, on the other hand, is the result of careful analysis--assembling many little pieces of information to form a complete picture?" The class discussed this question briefly among themselves before coming up with a collective answer. "Ten and ninety," they replied. "Ten percent is based on direct information and ninety percent is the result of analysis and inference." "Well," said the OPSEC professional, "I'm in the business of protecting the ninety percent."

There are two points to this story. The first is that the 10/ 90 split was not what the intelligence professionals would have preferred. The reason that only ten percent came from direct sources was because the traditional security disciplines were doing their job in limiting access to those sources. The second point, however, is that in spite of the effectiveness of the traditional security disciplines, the intelligence analysts were not put out of work: there was still plenty of intelligence to produce. The analysts simply had to work harder to get it. By specifically addressing the indirect sources, the ninety percent, the discipline of OPSEC seeks to make that analysis work harder still.

"... want to read the full article? - Join OPS or order a Journal."