Tuesday, May 08, 2007


The milblogging world has been abuzz the last week about the new revision to AR 530-1, Operations Security. As posted initially on Wired, the new regulations could be construed as to say that all communication from a combat zone will be reviewed by a unit commander before being sent, or in the case of a blog, before being posted. I have read 530-1 all the way through(much caffeine was required) and although I can see where some might be worried, I think this is a lot of hoopla over not a lot of substance.

The pertinent passage from 530-1 is this-

Chapter 5
OPSEC Review, Assessment, and Survey
Section I
OPSEC Review
5–1. General
The OPSEC review is an evaluation of an information or visual product to ensure protection of critical or sensitive information. A reviewed product may be, but is not limited to, a memorandum, letter, e-mail message, article, academic paper, video, briefing, contract, news release, technical document, proposal, plan, order, response to Freedom of Information Act (FOIA), Privacy Act requests, or other visual or electronic media. The OPSEC officer will conduct a review of these products related to U.S. Government or military operations, and other supporting programs, prior to release in the public domain. An OPSEC review is normally conducted in conjunction with a public affairs review for the release of official information to the public. The OPSEC review of a product is unrelated to the annual program

Translated to civilian english, this is stating that potentially all written or typed communication could be considered to be sensitive information, and therefore subject to opsec rules. But this is only saying what may be reviewed for opsec, not what will be reviewed or what must be reviewed. That's an important difference.

Really there are two ways to look at this regulation, either as a cynic or an optimist. The cynic would say that the army is setting a broad and restrictive policy in place that it will decide to enforce aggressively at some future date. The optimist would say that the army is setting a broad policy in place that it can use to weed out the few individuals that are actually violating opsec policies, while not interfering with the vast majority. As I mentioned in Stars and Stripes, the key is of course in how this is enforced. There does now arise the potential of some units being very restrictive on blogging, while others are very loose. That could indeed be a problem. But Army-wide, this should help milbloggers quite a bit.

Shortly after releasing the new AR, the Army also released a fact sheet about it.-
In no way will every blog entry/update a Soldier makes on his or her blog need to be monitored or first approved by an immediate supervisor and Operations Security (OPSEC) officer. After receiving guidance and awareness training from the appointed OPSEC officer, that Soldier blogger is entrusted to practice OPSEC when posting in a public forum.

AR 530-1 simply lays out measures to help ensure OPSEC issues are not published in public forums (i.e., blogs) by Army personnel.

Aside from the possible restrictions, what the new regulation also sets out is guidelines for units to monitor opsec. Individual units, down to the battalion level, are now directed to establish an opsec policy and an individual responsible for it.
a. Commanders at all levels are responsible for ensuring that their units, activities, or installations plan, integrate,and implement OPSEC measures to protect their command’s critical information in every phase of all operations,exercises, tests, or activities.
Much like the safety officer or NCO that we are now familiar with, there will also be an Opsec officer or NCO. I see this as a positive, because it is forcing units to be involved with bloggers, rather than trying to ignore them.

When I started this blog in January, I found my brigade's policy memo on blogs on AKO. It directed me to inform my chain of command and register my blog with my unit. So I went up to see my company first sergeant. Since there are no other soldiers in my company with blogs, he referred me to the battalion S-6, in charge of communications. S-6 referred me to S-2, in charge of intelligence. S-2 referred me to my company first sergeant, who they assured me was in charge of registering my blogs. Having now done a 360 degree spin, I blanket emailed everyone in my chain of command from squad leader to company commander. Here's where having a unit opsec officer would be handy.

There's also the question of opsec itself. I've read some milblogs from deployed soldiers that give out a fair amount of info. I've tried to stay far away from giving any particulars on our missions, just to be safe. But where does the line really lie? We all have a fairly good idea of what opsec is, but having more specific guidelines would be nice.

Blogging is still relatively new to the world, and milblogging even more so. Done right, milblogging represents a powerful weapon to the Army, a great source of PR and positive propaganda. Since an organization as large as the Army changes slowly, it seems to me only natural that there will be some growing pains along the way.

No comments: