Tuesday, May 08, 2007

 

OPSEC Update

The recent controversy over the Army’s latest update the Army Regulation (AR) 530-1, Operations Security (OPSEC), certainly added discussion fuel and maybe some added media attention to our 2007 MILBLOG Conference.

The controversy took shape in public this week with Noah Shachtman’s article on the OPSEC update in Wired. Since that piece came out, MILBLOGS and other conservative bloggers have reacted strenuously to the new Regulations. But even within MILBLOGS, reaction to the OPSEC update is far from uniform.

Some, like Blackfive and I, are very concerned that local commanders and intermediate commands will shortcut potential OPSEC problems by reading the Regulation literally, and err on the side of caution. This would certainly mean bloggers having their work reviewed and possibly censored, or even with blogs shutting down. Commanders might also consider other prevention measures for electronic email or instant messaging (IM). The AR is written very expansively, and in the interest of giving military personnel a comprehensive summary of OPSEC threats, directs unit Commanders to conduct very thorough OPSEC reviews in a wide range of communications that might otherwise have escaped such scrutiny.

Matt Burden, the MILBLOGGER behind Blackfive, has long been warning that the attitudes towards MILBLOGS from some senior military leadership might soon mean the end of blogging by active duty military. Promotional materials for Burden’s anthology of MILBLOGS, The Blog of War quote a Vanity Fair review, “Grab it before the Pentagon orders it burned...,” in explicit reference to the possibility that MILBLOGS might be shut down by the military.

Earlier updates to AR 530-1, as well as policy announcements from military officials, suggested increased military attention to and concern with military use of new media. In the past two years, some local commanders and higher echelon leaders put pressure on MILBLOGGERS over content. Several MILBLOGGERS voluntarily closed down their blogs pre-emptively.

Other MILBLOGGERS dismiss these concerns as overblown. They suggest Commanders have always had great latitude and control over soldier communications, public posting and/or dissemination of military information, and even pass or entertainment privileges for the soldiers under their command. They also point to interviews given by the AR’s author, MAJ Ceralde, who goes to great lengths to explain that the specifics in the AR are guidelines, and that in no way is the AR intended to shut down or censor MILBLOGS. Military officials have also released a two page fact sheet that reiterates many of the same points made by MAJ Ceralde, which in some cases directly refutes the language contained in the AR.

Still others, among them former military, think it long past time for the military to impose tighter OPSEC restrictions or at least oversight of MILBLOGS who have allowed sensitive information to be made publicly available and exploitable by potential enemies and adversaries.

Among those who make this argument is Joe Carter of Evangelical Outpost.

Here’s how Joe sets up his rebuttal to the arguments Blackfive and I have made against the OPSEC update:

I propose that these bloggers consider how they would react upon hearing the following two statements:

1) The editors of the Washington Post released details about operational security in their newspaper that may have led to the deaths of 14 American soldiers.

2) A group of milbloggers released details about operational security on their blogs that may have led to the deaths of 14 American soldiers.

Imagine the reaction if the editors of the Post were to justify such an irresponsible move based on their right to "freedom of expression" or the American public's need to "know what's going on in Iraq." We would rightly consider such rationalization indefensible. So why are the same arguments being used to excuse milbloggers who are able to have a far more deleterious impact?

Any observer can find mountains of examples of Mainstream media (MSM) revelations that surely have contributed to combat losses and operational degradation of strategic and tactical military capabilities. Entire websites and blogs have been founded on such evidence. The same cannot be said of MILBLOGS, even those who place their cravings for public attention above any OPSEC concerns they hold, if they hold them at all.

Joe quotes from Ed Morrissey, who makes the similar but perhaps broader claim, “no one has any evidence that milbloggers have violated OPSEC orders in their communications.”

Joe feels otherwise, and links to an Army slide presentation that Joe claims provides evidence of serious OPSEC violations:

In fact, the Army has an unclassified PowerPoint presentation that provides an example of what they are trying to prevent [emphasis and commentary added]:

"It is Monday again and we are still at K-2 airfield in Bayji [location]. As a squadron [size and type of unit], we are 'demonstrating a military presence.' [type of action] That means the troops set up checkpoints and stop hundreds of cars, searching them and the people. [explanation of tactical reasoning] They keep taking these 'detainees' or EPWs and I have partial responsibility for the 'jail', which is a building here on the airfield. [provides notice of prisoner location on base] But we are not set up for this. MPs are supposed to come and get them almost immediately but they take a while. [Elucidates point of tactical weakness] Plus the Civil Affairs/Counter Intelligence teams that are supposed to talk to them don't know crap and the whole thing borders on a war crime. I am just trying to find blankets and light and medical care for the prisoners. [provides propaganda from an American solider "admitting to war crimes."]

As any small-unit leader will tell you, this is the type of information that gets men killed.

The PowerPoint presentation also shows photos taken by a soldier and posted on his blog that were later used on a Jihadist site to expose weaknesses and areas for exploitation on American tanks and armored vehicles. Such information may seem trivial to civilians, but it is worth more than gold to a terrorist.

The examples contained in the presentation and highlighted by Joe are obvious OPSEC violations. Commanders would have every right and reason to shut a blog down that posted such information, and use these as good examples of what NOT to do in any electronic communications.

More MILBLOGGERS than ever blog, and there are legitimate concerns that the many, less experienced MILBLOGGERS might not write with the same care and concern over OPSEC as their more experienced forebears.

But the vast majority of MILBLOGGERS, and all of the more experienced ones, stay far away from this kind of OPSEC sensitive information. None of these same would come close to posting information that could be so easily used for enemy propaganda, or provide such details battle damage assessment (BDA) results.

So the military has examples of violations, and some MILBLOGGERS go too far and need to be reigned in. I’m still not sure the latest OPSEC update doesn’t go way beyond what would be needed to end violations of the type highlighted by Joe.

As I stated earlier, the OPSEC update is written very expansively, and dictates very thorough OPSEC reviews in a wide range of communications. All to prevent these more obvious examples of excess. Many commanders are likely to opt to forbid blogging or insist on review prior to publishing each post, on the basis that any potentially sensitive information will be too much, as every little clue can be joined with thousands of other little clues in building the puzzle of capabilities and vulnerabilities for our enemies.

The flaw in this argument is that the US employs thousands and thousands of analysts, with huge investments in computers, automation, and artificial intelligence, and we can’t even begin to organize the volume of data into coherent patterns, at least not sufficient to ensure we can draw accurate conclusions about what we see. At the rate that bloggers and other on-line resources for information increase and expand, the terrorists and their state sponsors would need to invest at least some significant fraction of such human and technical resources to come anywhere near what OPSEC purists suggest they can accomplish. It’s just too big a problem, outside of these specific, isolated instances of violations. Better that we educate, inform, and correct or discipline those who violate OPSEC. MILBLOGGERS can help police themselves, likely far more effectively than military authorities ever could.

This reminds me of criticism of the National Security Agency (NSA) in the aftermath of 9/11. In the days following 9/11, NSA combed back through millions of intercepts, worked through translation backlogs, and managed to find a handful of traffic excerpts that seemed to refer to the terror plot against World Trade, the Pentagon, and the intended target of flight 93. Similar threads of analysis teased out the many mentions and forewarnings of Al Qaeda and Osama bin Laden threats against US and Western interests.

A lot of craven partisanship, and ignorance, fostered a blizzard of criticisms along the lines of, “why didn’t anybody act?!”

What the US Intelligence and Foreign Relation Communities had was full knowledge of the desire, fomented by bin Laden and Al Qaeda, of radical Islamic terrorists to strike at the US, our allies, and Western interests in general. But they did not have information about specific targets, specific timeframes, specific weapons, nor specific tactics. One can argue for years – and likely, we will – about how much more could have been done to get better information, and more specifics, but the fact remains there was little we could or should have done with what we had. The implication that we could somehow have shut down air traffic, or imposed draconian preventive measures, prior to 9/11, is naïve. The US air traveling public and most of Congress would have reacted violently, and no such policy in the absence of a “9/11 type attack” could have been maintained.

Only in hindsight can one see any way of preventing 9/11 prior to such an event even emerging in consciousness. People forget how much of a stunning break with everything we had ever known, was the sight of two planes hitting the WTC towers in quick succession.

Joe argues strongly in favor of tighter OPSEC, despite its potential impact on MILBLOGS. Critics of the OPSEC update, myself included, should seriously consider them:

Let me be clear. I love milbloggers. I was one myself before I left the Marines (though I was not a "warblogger" in a combat zone). But the job of our American soldiers is not to win the "information war" or to provide "unbiased, indifferent view of the war" or even to "tell the truth about The Long War." The job of American soldiers is to win the war. That can't be done when the enemy is being fed critical information through the blogosphere.

Instead of criticizing the addition of common sense restrictions, my fellow conservative bloggers should be asking why this change wasn't implemented years ago. How many times do we have to read about the enemy being an "adaptive, cunning, and learning adversary ... unlike most previous experiences" before we figure out where the terrorists are getting their information from? The question that should be asked is how many soldiers lives had to be lost do to poor OPSEC before the generals realized they needed to tell milbloggers to "button your lip!"

Now I admire Joe and his fine work at EO, he’s often been inspiration, along with John Shroeder and Lance, for what I’ve wanted to do with Gladmanly. His reaction gave me real pause in thinking about OPSEC and MILBLOGS; exacerbated, of course, by the fact that Joe quoted some earlier posts of mine at length to back up his argument.

Let me tell you, trying to reason through a determined debate opponent is made lots more difficult when he can use your own words against you. Here’s how Joe accomplished that:

In August 2005, a number of the most prominent milbloggers wrote about and expressed their concern over violations of OPSEC in the blogosphere. Dadmanly wrote:

Frankly, much of the most popular ("live action") combat reporting on the web makes me nervous. Many of these young men (and women) are not at all careful or discrete about their identities, unit compositions, and even very minute operational details. All of us understand how popular such accounts are, people back home and even fellow soldiers are really hungry for knowledgeable front line reporting. But this same accuracy and realism may be providing our enemies -- who gain some advantage they wouldn't otherwise have if we ignore their collection or reconnaissance capabilities -- with useful information for planning more effective attacks (and by the way, allowing them at least some useful battle damage assessment (BDA) information).

John from Argghhh! Acknowledged that it could be a problem and admitted to having inadvertently made a clear OPSEC violation on his blog. Blackfive even predicted that "in the future, Military Blogging would be severely restricted."

Two years later the prediction is coming true. That is hardly "out-of-the-blue."

Finally, as Dadmanly wrote almost two years ago:

I would hate to think that good OPSEC might interfere with what is some of the best reporting available on our great efforts in Iraq. But I likewise think that MILBLOGGERS need to carefully (and prayerfully) consider if, in the interest of feeding a hungry audience, we likewise satisfy an avaricious enemy. This is an enemy who knows how and where to get information vital to making his efforts against us more deadly and effective, and knows how and where and to whom to get this information into the hands of those who would harm us.

If we ignore this responsibility, aren’t we doing the same as the big media we so frequently criticize? In the interest of “hits” and traffic (equivalent after all to ratings or circulation), we go for the gritty detail, and disregard real and significant concerns about whether this in some way increases the danger to our soldiers?

I think there’s a middle ground between me and Joe (and even my own OPSEC concerns I’ve expressed over time).

More on that in a follow-up post. Plenty to ponder on for now.

While I linger on the topic of OPSEC, National Public Radio (NPR) did an interview with Jason Hartley, author and early milblogger at Justanothersoldier.com, as well as Matt from Blackfive, and OPSEC AR author MAJ Ceralde. NPR also published a story on the OPSEC update, including quotes from John Noonan, Matt Burden, and Noah Shachtman. (Via Blackfive and Instapundit.)

LAST MINUTE UPDATE (More follow-up required)

Bill Roggio passes on a link to an OPSEC piece, written by “DJ Elliott, the tireless worker behind the Order of Battles we publish” over at Bill’s website. Per Bill:
DJ outlines who the worst OPSEC violators are in Iraq. MilBlogs are the least of the Army's problems. DJ also gives advice on how to fix the problem. He is a former Navy intel specialist, and they don't get much sharper than him.

Sounds like a must read, I’ll have to check it out.

Labels: ,






<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]