I linked at the end of my last post to this commentary, here’s more.

OPSEC, the OOBs and the Myopic Mis-Focus of Security Personnel

By DJ Elliott, IS1(SW), USN(Ret)

Just below a photo of soldiers boarding a helicopter, DJ Elliott opens his report with the question, “what’s wrong with this caption?”

U.S. Army Soldiers move to the UH-60 Black Hawk after searching the area for items of interest during an aerial response force mission, Iraq, March 31. Soldiers are assigned to the 1st Platoon, Alpha Company, 2nd Battalion, 35th Infantry Regiment, Schofield Barracks, Hawaii. U.S. Air Force photo by Master Sgt. Andy Dunaway. [Link]

Msgt Dunaway may not be the author of the captions on his photos, but whoever is, needs to learn the art of “sanitizing” intelligence information. Public disclosure of this sort information is precisely what the increased vigilance of new OPSEC Update was designed to prevent.

Now, if that were a MILBLOGGER revealing that much information, we as fellow MILBLOGGERS would want to quickly come alongside and urge our colleague to avoid these kinds of violations.

There’s just one problem. The people who are releasing this kind of information, and lots more besides, are higher level Multinational Force headquarters and Public Affairs Offices (PAO), not MILBLOGGERS.

DJ Elliott along with a coworker has been compiling Orders of Battle (OOB) for posting on Bill Roggio's site. According to DJ, here’s what motivated the exercise:

My principle motivations for my involvement in publishing these OOBs are somewhat contradictory. First, I wanted to get the principle operational security [OPSEC] violators to tighten their OPSEC. Second, I want to further an understanding of the development of the Iraqi Security Forces and the Baghdad Security Plan. As a retired intelligence analyst, I could not believe that the Public Affairs Officers [PAOs] and Commanders were releasing this much operational data in a time of war.

For those who criticize their effort as a blatant violation of OPSEC, DJ makes the following argument:

The Order of Battles are not OPSEC violations, they are reports of OPSEC violations. All of the data contained within the OOBs is available with a simple word search on the Internet and any intelligence operation worthy of its name already has the data in far greater detail than what we publish in these OOBs. Most of the information used to compile the OOB comes from the PAOs and senior officer briefs. By far, these are the source of the greatest OPSEC violations in this war.

DJ reports a significant reduction in OPSEC violations since publishing the OOBs. Based on his research, and the sources for the information he compiles, DJ reports that military leadership itself can be identified as the worst of OPSEC violators, starting at the very top:

The worst OPSEC violator in the senior staffs is the Pentagon. I get more advance notice from a Pentagon Press Brief of US movements from Kuwait into Iraq than I get from all other sources combined. The Pentagon acts as if it is not at war, and the leaks emanating from Arlington are enormous.

After the Department of Defense (DoD) itself, DJ indicts all the major Multinational Division (MND) and Multinational force (MNF) commands as sources for intelligence exploitation, in clear violation of the letter and spirit of OPSEC. Beyond the violations of high level commands, DJ notes that various team assigned to training Iraqi Army units too frequently over-identify the forces they work with and their readiness status.

And who does DJ compliment as the top three maintainers of good OPSEC?

3. Military Bloggers: Despite the worries by the hierarchy, I have seen only five valid OPSEC violations in two years from Military Bloggers concerning ISF/Coalition forces (only 1 in the last year). MilBloggers tend to lose unit IDs and details in their writings in a way that PAOs should study and learn from.
2. Special Operations Forces: We have SOF? All joking aside their security is good and the Iraqi Security Forces is following their lead, except they do acknowledge that I SOF conducts operations now.
1. Multinational Division-North East/Zaytun Division (Republic of Korea Army): The best in-theater OPSEC. Period. The only thing I see from their AOR is what new project or jobs training is ongoing. Unit identification of coalition/Iraqi Security Forces below Division does not get released by the Koreans. I get my data on Iraqi Security Forces in that area from US PAO releases and briefs.

DJ goes on to explain that the major sources for public disclosure of intelligence and sensitive information (and therefore, those responsible for OPSEC violations) are photo captions, PAO press releases, Commander’s and Pentagon Briefs, and unclassified reports to Congress.

This makes intuitive sense for those of us in Military Intelligence. At each level of Command, on up to our civilian leadership, there is often one set of rules for the handlers of intelligence, for those who analyze and pull pieces together, and another altogether for consumers. Clearly, this gets more extreme the higher one goes, and some relates to executive authority to declassify information, or at lower levels, command prerogatives.

Yet, this is a new avenue of discussion, given the controversy involving OPSEC and MILBLOGS. Even more ironic (some might say perverse) is the level of animosity and distrust between some PAOs and MILBLOGS within their Area of Operations (AO). Note I say some; clearly the PAOs who attended the 2007 MILBLOG Conference (and the one in 2006) seem like big fans of MILBLOGS.

But for the PAOs who fight MILBLOGGERS within their AOs, one has to wonder. Do they really view them as potential OPSEC violators, or as competition? We politically minded types speak often about message control. Stay on message. Maintain message control.

Is that the motivation behind those who would shut MILBLOGS down, or at least see their prevalence controlled by local commanders?

I only pose these last as questions, I can’t say I know the answers.