Just for a moment, think about the movie Die Hard. In this movie, terrorists seize a high-rise office building in Los Angeles in order to steal a significant amount of money. They had the numbers, the firepower and the technology to achieve their goal, and they had the information needed to not only accomplish this feat, but also to defend against any offensive efforts by law enforcement. In one scene in which the SWAT team was attempting to gain entry, the terrorists’ use of the building’s security cameras coupled with their knowledge of SWAT tactics allowed them to quickly overcome the threat posed by law enforcement. The line went like this: “All right, listen up guys.’Twas the night before Christmas, and all through the house, not a creature was stirring, except… the four a***s coming in the rear in standard two-by-two cover formation.”1 Their knowledge of the building and standard operating procedures, as well as how to maximize the use of technology allowed them to almost complete the perfect crime.
Immediately after 9/11, our industry learned, again, that there was a lot more to our job than just providing emergency medical care. We began to learn more about terrorism, attended classes on chemical, biological, radiological, nuclear and explosive (CBRNE) incidents, acquired new levels of personal protective equipment (PPE), and worked to improve our overall awareness of this new environment. One of the new terms we learned was operational security (OPSEC), but as time has passed, so has our endeavor to ensure that we are maintaining operational security for our agencies.
Fast forward 15 years and we again find ourselves in a “new” environment. This one involves a significant increase in the killing of law enforcement officers, EMS responders and firefighters responding to “normal” calls for service. We’re experiencing an increase in protests and civil unrest where our the safety of our personnel is placed at risk, and we now participate in rescue task forces to enter hostile incidents to rescue and save as many victims as possible from active shooter situations. These challenges are an excellent reason why we should re-introduce OPSEC into our daily operations.
Simply defined, OPSEC is ensuring the security of all of our operations. From past events where critical information has been learned, to daily operational issues to planned events and mass gatherings, OPSEC is a vital component to the success of our mission. It is designed to keep critical information safe and prevent our adversaries from gaining information they can use against us. Some might think this is only about classified, for official use only (FOUO), or law enforcement sensitive (LES) information, but it’s much more than that. We publish lessons learned from past significant events, we have become lax in securing our stations, we struggle to keep our electronic records secure from hacking and we freely talk about our plans as they relate to emergency response, planned events and staffing locations. All of this information can be used against us by those wishing to do us harm.
All is not necessarily lost though, as we are still using some of the concepts of OPSEC in our operations. For example, implementing and utilizing the Traffic Incident Management System (TIMS) is a type of force protection (another concept in OPSEC) that is taking hold in agencies across the country). Securing our stations, limiting access, and requiring personnel to have IDs and key cards visible is a form of OPSEC. Standing to the side of the door when knocking and then clearing the entire house is another form of force protection. Monitoring computer systems, encrypting data and following cyber security guidelines is another example of OPSEC. We may not think about this as operational security, but we are doing it. However, there is always room for improvement.
OPSEC involves everyone from the street provider to the CEO, and their families. Every single individual in your organization should understand what OPSEC is, why it is important and how to implement it. We can learn a lot from the military and law enforcement agencies that have practiced this concept for many, many years. In fact, their entire existence is based on operational security, and even these entities have struggled with ensuring their information is safe.
Ultimately, OPSEC needs to become an everyday part of our lexicon. We need to educate personnel on its importance, develop plans that address all aspects of our operations and then, like everything else, practice and test it. We also need to be more careful about how and where we distribute information. Someone is out there planning their next attack, and when they have our information and playbook in hand as we respond to the incident, they, too, might be able to say, “Oh my God, the quarterback is TOAST!”1
1. IMBD. Quotes for Theo from Die Hard. Retrieved Oct. 18, 2016, from http://www.imdb.com/character/ch0083845/quotes.
Norris W. Croom III, EFO, CEMSO, CFO, is the Deputy Chief of Operations for the Castle Rock (CO) Fire and Rescue Department. He currently serves as the International Director for the International Association of Fire Chiefs (IAFC) EMS Section and as the EMS Representative on the Center for Public Safety Excellence (CPSE) Commission on Professional Credentialing.