The Interagency OPSEC Support Staff [IOSS] carries out national-level interagency Operational Security [OPSEC] training for executives, program and project managers, and OPSEC specialists; acts as consultant to Executive departments and agencies in connection with the establishment of OPSEC programs and OPSEC surveys and analyses; and provides an OPSEC technical staff, as required, for the National Security Council [NSC].
It was established in January 1989, and is located in suburban Maryland, just outside of Washington D.C. The IOSS is a distinctly interagency organization, comprised of individuals from the Executive departments and agencies required by NSDD 298 to provide representation. In addition, other organizations have been invited to assign persons to the IOSS to help provide OPSEC support to their parent organization and as a way to gain valuable OPSEC experience. The IOSS is comprised up of individuals with both OPSEC and various technical expertise, and with experience in many different aspects of government activities.
The IOSS operates as a government "consulting firm" providing OPSEC advice and services to Executive departments and agencies. It can provide help in the areas of program development, training, briefings, developing reference materials and audio visual aids, and providing or arranging for support to OPSEC surveys and other OPSEC activities. Initially, the IOSS is concentrating on assisting organizations in implementing OPSEC programs. The IOSS will also develop materials to assist organizations in establishing and maintaining their OPSEC programs. The IOSS sponsors a National OPSEC Conference, seminars on OPSEC related subjects and community of interest working groups
The National OPSEC Program was established as a response to the increasing need for and interest in, OPSEC by government departments and agencies. Interest has been increasing for three main reasons: (1) OPSEC practitioners have been improving and refining the OPSEC process making it more useful and easier to apply; (2) there has been a realization of OPSEC's natural potential in non-military as well as military activities; and most important, (3) there has been a general recognition that adversary intelligence collection capabilities are improving, the vulnerability to exploitation is increasing, and the impact of loss of data is escalating.
In the "information age" indicators, the category of information OPSEC was originally developed to protect, have become more difficult for organizations to control and much easier for adversaries to exploit. The loss of critical information to our adversaries has reached serious proportions and is impacting adversely on government activities. OPSEC has proved to be an essential element in ensuring effective operations of departments and agencies assigned or supporting national security missions with classified or sensitive activities.
National Security Decision Directive 298, of 22 January 1988, requires formal OPSEC programs, describes the OPSEC process and provides guidance on the application of the OPSEC process within departments' and agencies' activities. The NSDD recognizes that not all agencies are directly involved in classified or sensitive activities. It exempts those agencies with only minimal activities that could affect national security from establishing formal programs. However, they must cooperate with other departments and agencies to minimize damage to national security when OPSEC problems or vulnerabilities arise relating to their own or to other department or agency programs. The responsibility for the development, implementation and maintenance of a department's or agency's OPSEC program rests with the head of the department or agency.
The NSDD assigned the Director of the National Security Agency (NSA) as the Executive Agent for interagency OPSEC training. The Executive Agent was given the responsibility to assist Executive departments and agencies to establish OPSEC programs; develop and provide interagency OPSEC training courses; and establish and maintain an Interagency OPSEC Support Staff (IOSS), whose membership would include as a minimum, a representative of the Department of Defense, the Department of Energy, the Central Intelligence Agency, the Federal Bureau of Investigation, and the General Services Administration.
In order to carry out his NSDD responsibilities, the Director, NSA appointed a Director of Operations Security and established the IOSS. The Director of Operations Security has the responsibility for oversight and support of IOSS activities on behalf of the Executive Agent. In addition, the Director of Operations Security is responsible for implementation, direction and oversight of OPSEC within the NSA and the Cryptologic Community.