Fire Chief
Home > Technology > Communications > LOOSE LIPS
Fire Chief

LOOSE LIPS

Christopher Brennan, Fire Chief
Nov. 1, 2003 1:00pm
Our national inclination to be open about our vulnerabilities has changed since Sept. 11. In light of the threat of terrorism and the potential for weapons of mass destruction to generate large numbers of fatalities, we must begin to balance the need for open information against the need for operational security, or OPSEC. Although OPSEC principles originally were designed to protect information gathered

Our national inclination to be open about our vulnerabilities has changed since Sept. 11. In light of the threat of terrorism and the potential for weapons of mass destruction to generate large numbers of fatalities, we must begin to balance the need for open information against the need for operational security, or OPSEC.

Although OPSEC principles originally were designed to protect information gathered and generated by the federal government, as mandated in 1988 by presidential directive, it's now critical that local emergency responders understand and practice them. By increasing first responders' knowledge of and application of OPSEC, we reduce the risk from terrorist or criminal actions.

Security basics

According to Special Operations for Terrorism and Hazmat Crimes by Chris Hawley, Gregory Noll and Michael Hildebrand, OPSEC is “a systematic and proven process that an individual or an organization can use to control and protect information about an operation or activity that you do not want your enemy or adversaries to know about.”

OPSEC's premise is that the accumulation of one or more elements of sensitive/unclassified information or data could damage national security by revealing classified information, according to the OPSEC program manager's office at the Nevada Office of the National Nuclear Security Administration.

If we extend this premise to local security, adversaries who can assemble nonclassified information on the capabilities or intentions of the police can prepare themselves against law enforcement; those who collect photos of firefighter hazmat training can implement a chemical attack that local hazmat units may not be prepared to face. These are real concerns for fire, police and EMS agencies that are the first line of defense for our communities.

Special Operations for Terrorism and Hazmat Crimes lists five steps for ensuring operational security:

  1. Identify critical information a terrorist or criminal may want that we wish to keep confidential. This may not be traditional “classified” information but rather a piece of the puzzle that can reveal our intentions, such as the same unmarked car, bristling with radio antennae, showing up at the local fire station the day before a raid on a clandestine drug lab.

  2. Conduct a threat analysis to determine what information our adversaries seek and if they have both the intent and capability to harm us.

  3. Perform a vulnerability analysis to determine how an individual or group might disrupt our operations or security by using the information.

  4. Assess risks and determine the probability that the bad guys will actually obtain critical information and how badly their having the information might hurt your operation.

  5. Implement countermeasures to minimize your opponents' ability to strike at your vulnerability.

For example, if the local police have information that a neo-Nazi group is planning to use pipe bombs and improvised chemical weapons to attack a rally for the local chapter of the NAACP, local responders must ensure they maintain operational security to safely and effectively prevent the attack. If local police choose to use a tactical response team supported by explosive ordnance disposal personnel and fire department and EMS resources to “take down” the location where the bombs and chemicals are being assembled, procedures must be used to ensure that the bad guys don't find out in advance.

Agencies should operate on a need-to-know basis. Don't reveal information to one another too soon. If the local tactical team is preparing the plan for the assault (as it should, because its personnel will be conducting the tactical element of the plan), it needs to know where and when the assault will occur. Local fire and EMS resources, however, may need to know only to allocate an engine company and an ambulance company to the police on a certain day.

For some municipalities, that information can go to a single liaison, who can call the fire department dispatch center the morning of the operation to have companies sent. Smaller municipalities may need to rehire personnel to cover both the regular shift and the special-duty assignment. In this case, care must be taken not to tip an observer that the rehire is connected to something special about to happen.

Similarly, supporting resources should be given a staging area to report to just prior to the assault. If possible, to avoid compromising the target location, this staging area should be remote from the target's location, but within a two- to three-minute response time.

Even with such precautions, if police, fire department and EMS agencies don't regularly work together, we risk an adversary finding out that some type of operation will occur, just based on the information that a multi-agency response is planned.

Historically, maintaining open lines of communication between local fire service, law enforcement and EMS responders has been a good thing. But in this day and age we must readopt the old World War II slogan “Loose Lips Might Sink Ships,” which reminded civilians and military personnel alike that they should refrain from discussing anything that could benefit the enemy.

The same applies to today's emergency responders: Lapses in operational security are often unintentional and go unidentified until well after an operation goes awry. These lapses, however, can have dire consequences for responders, the communities we serve and the nation. Effective security strategies require a conscious effort.

Information control

Information and document control help ensure the security of plans, policies and intelligence. An adversary can get a lot of valuable information by dumpster-diving if an effective shredding program is not employed. If your agency recycles and separates garbage, paper and plastics, you have made your adversary's job easier — and cleaner.

Consider the example of overtime shifts to support the tactical team. If adversaries suspect they may be targeted, they could regularly go through the trash at the fire station to see if any abnormal staffing is planned. This may be the tip that their organization needs to change its operation or speed up things to avoid arrest. Consider incinerating sensitive documents, provided the data in question doesn't require reporting through the Freedom of Information Act.

Communications also offer a means for adversaries to track the intentions and procedures of responders. Consensus standards and federal laws require that public safety agencies use incident command systems for many responses. One of the cornerstone principles of ICS is clear — concise language and no code words. If we communicate in plain English, on frequencies that can be monitored through legal radio scanners or illegal radios, we can tip our adversaries to what our intentions are.

Methods of controlling communications security include using encrypted radio frequencies, digital voice radios or cell phones and reducing radio-based communications in favor of face-to-face meetings. These methods are most important for the activities of public safety special operations units, whose communications traffic might indicate our intentions.

Electronic security

Another place we often find a chink in OPSEC's armor is in electronic documentation. As reliance on technology has increased, we've reduced the volume of paper we use but vastly increased the amount of information that is created, edited and archived on computer hard drive. If executives and staffers can access sensitive documents on secure databases on common servers through wide-area networks, dial-in modems or Web sites, then “crackers,” those computer hackers who have a criminal intent, can get to them as well.

Much of the discussion regarding operational security revolves around protecting critical information pertaining to particular operations, such as clandestine lab raids or tactical operations against terrorists. We must, however, extend OPSEC principles to include day-to-day information, such as locations of critical infrastructures and depots of industrial chemicals. This open-source documentation can provide people with all the data they need to decide on a target. It's important for citizens to be able to find out the hazards in their community, but we should consider limiting the ease with which this information can be obtained.

Web sites exist that allow people to enter an address to find local routes by which nuclear waste will be shipped, or the location and quantities of industrial hazardous chemicals in an area. People with nefarious intentions can use this information easily. To minimize the threat from terrorism or criminal acts, we must address the accessibility of this information. This might take the form of limiting where information on critical systems can be obtained and requiring some type of identification to access it. Alternatively, information accessibility may go unchanged but the physical security of critical sites can be increased, with the resulting cost increases for the products those companies need to protect.

Increasing security while still keeping important information available to responsible citizens is a complex problem with no easy solutions. But looking at these issues is important for federal, state and local leaders.

The leaders of public safety agencies must introduce and mandate the need for operational security. Fire chiefs, police chiefs and emergency managers need to work together to determine how to ensure security and who has a need to know. Document control must become the responsibility of all. OPSEC principles need to be practiced daily. Agencies who will support one another at a major incident must train together and make operational security part of their routine.

As with any change in our attitude, this will take time and effort. But in light of the increased threat environment we live in, it's imperative that we prevent our vulnerabilities from being displayed to our adversaries.

Christopher Brennan is a firefighter with the Darien-Woodridge (Ill.) Fire Protection District, a field staff member with the Illinois Fire Service Institute Hazmat and Terrorism Programs, and a member of the International Association of Counter-Terrorism and Security Professionals.

Resources

Special Operations for Terrorism and Hazmat Crimes, Chapter 3. Hawley, Noll and Hildebrand. Available from www.ifsta.com.

Department of Energy on operational security: www.nv.doe.gov/opsec.

Interagency OPSEC support staff: www.ioss.gov.

International Association of Counter Terrorism and Security Professionals: www.iacsp.com.

Related Articles

Please login or register to post comments

FC Subscribe Now
Get the latest information on fire service news, trends, intelligence and more.
Subscribe Now
FC IFCA
Commentaries and Blogs
'Frequent Fliers' are Some Things One Just Has to Accept
Posted 22 hours ago
in Mutual Aid
Ala. Fire Department Partners with Honda for New Station Revenue
by Janet Wilmoth
Posted 1 day ago
in Mutual Aid
No EMS Panaceas -- But Many Good Approaches
Posted 1 day ago
in Mutual Aid
FC Twitter
Popular Articles
FC Newsletters

Succession Planning Needs to be a Higher Priority 1

In my experience leadership in fire departments are scared to initiate true succession planning as they feel threatened by the knowledge being imparted to the future leaders. 

By SSWilliams on May 15, 2012
Join the Discussion
FC Wildfire

PentonEquipmentAuctions.com

Used Equipment - Buy, Sell, Save!
prev next
FC Blue Book
FireChief.com
Fire Chief Related Sites
Copyright © 2012 Penton Media, Inc.