OPSEC and the surprise birthday party
If you want to see OPSEC in action – and a well-executed OPSEC program, at that – watch a parent plan a surprise party for their child.
Here the threat is clear: The child, who won’t be surprised if they know about the party.
The vulnerability is also clear: It is hard to hide anything from a bright, inquisitive child who is the focus of your life.
The information that you need to hide is also clear: The list of guests (any of whom might blab), the party favors, the cake, and any other actual clue as to what is being planned.
The risk is clear: You will lose the pleasure of seeing your child excited and surprised by all the unexpected attention.
And, astonishingly, while we in business suffer greatly at putting together the countermeasures needed to null-out business vulnerabilities, parents don’t have all that much of a problem hiding the party from their kids, no matter how many of their friends will be involved.
It is this last point that is the interesting one. As parents we know what we need to do, and what we need to do is generally not all that high-tech. In fact, it generally requires only small changes to be effective. In business, as it turns out, many of the countermeasures developed turn out to be equally low-tech, inexpensive, and effective.
Granted that in business the stakes may be higher, and identifying the threats and vulnerabilities more difficult, but in the end, if you think of OPSEC as what you do to keep your children unaware of their impending surprises, you will be in the right mindset for keeping your adversaries from finding out what they want to know.