OpSec is the way we identify information which could be used by others ("the Enemy") to their benefit and our disadvantage. Once we identify this information, we select measures to eliminate or at least reduce how well others can discover or exploit that information.
When something is declared as "OpSec," that means it should be treated as potentially harmful information, if it were to escape into the perception of others.
This is the problem. We don’t know. We have identified many bad actors who are interested in our downfall. But for every one we identify, there could be others.
Kinda like roaches.
Gross.
If you don’t say it (type it, chat it, post it on Reddit or purchase a billboard advertising it), it can’t be overheard.
This is sometimes expressed as
Loose Lips Sink Ships
or
Why Did My Orca Blow Up?
The goal of identifying something as OpSec is to prevent potential adversaries from discovering it. This prevents others from finding out our capabilities and intentions. We identify, control and protect security related information, evidence and planning records, to name a few.
This is why you rename your ship. Why give away free information? Every reduction reduces the surface of the vulnerability.
You do rename your ship. Right? Right?!
Generally, there will be a marking indicating that the information is considered OpSec. If you are not certain, ask Leadership. When it doubt, keep it secret.
Without going into specifics - that would violate OpSec, after all - the sorts of things that are considered OpSec are
Author has been terminated.
Another writer will be provided after suitable training has been completed.