OPSEC revisited

The goal of OPSEC is to control information about your capabilities and intentions to keep them from being exploited by your adversary.

In typical hacker fashion, the term OPSEC has come to mean more than just information about capabilities and intentions, but also personal information about the yourself.

Kerckoff’s Principle and OPSEC

A common source for the idea that “security through obscurity is bad” is Kerckoffs’ principle which states that: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. OPSEC as a system of security is sometimes confused with “security through obscurity”. This is not the case. Such thinking reflects a confusion of both the problem with opaque security systems and the foundations of OPSEC.

OPSEC is a System

The way to clear this confusion, I believe, is to point out that OPSEC is a security system, not any one specific practice. The system itself is open source, in that we know how and why the various techniques and practices work. For example, the tradecraft technique of a dead drop is public knowledge. The security of a dead drop is not that no one knows how they work, but rather the adversary does not know where a specific dead drop is locate, nor when that dead drop is being serviced (loaded or unload). That information, primarily the location of that dead drop, is the secret key to the dead drop security system. This information is what must remain secret for the dead drop to remain secure.

Why OPSEC Works

So OPSEC as a system of security does not violate Kerckoff’s principle, and is not “security through obscurity”. The specifics of any one application of OPSEC techniques provide security, but those are analogous to the private key to the system. If they are compromised, then security they provide will be be compromised.