New facts emerge from the NSA’s previously Top Secret history of OPSEC.

Most people don’t know the full history of Operation Safe Escape. Until 2016, Operation Safe Escape was a project under the Operations Security Professional’s Association or OSPA. At that time, the organization was the largest non-profit organization in the world dedicated to teaching people about Operations Security (OPSEC) and how to use it to protect themselves, their businesses, and more. Over time, the anti-domestic violence mission became more important and the organization’s core focus, now referred to as OSE.

Introduction to OPSEC’s Evolution

OPSEC, or Operations Security, remains a key aspect of our mission to protect survivors of domestic violence, stalking and harassment, and human trafficking. Far from its original application of protecting military missions and plans, OPSEC today can help protect an individual’s plans to escape abuse or other circumstances. For that reason, in a practical sense, OSE is the successor for many of the OPSEC organizations that came before. Consistent with the OSE mission, this report is a historical analysis of the roots of OPSEC and is not an endorsement of any aspect of the Vietnam War or any other military application.

For context, the term “Purple Dragon” refers to the code name for the survey team in Vietnam. As a historical aside, the code name was originally intended to be temporary, so the team chose the name they liked best from a list of code names provided. The other options have been lost to history.

In 1993, the National Security Agency (NSA) released a report titled “Purple Dragon: The Origin and Development of the United States OPSEC Program,” which described the unusually high American losses in the high altitude bombing missions code-named Arc Light and Rolling Thunder, and the reconnaissance missions under Blue Thunder, and discussed the intelligence failures that led to them as well as the measures taken as a response. The process developed at the time later became what we call OPSEC today. In 2007, a heavily redacted version of the report was released to the public under a Freedom of Information Act (FOIA) request, bringing some of the previously Top Secret history to light. However, significant portions of the documents remained redacted.

In 2018, Operation Safe Escape researchers requested a declassification review from the NSA to determine which redacted information could be released. In January 2024, we received a largely (but not entirely) unredacted version that provided additional context and historical information. This report does not attempt to summarize the entirety of the 102-page document but instead highlights some of the most surprising or compelling facts not previously made available. While the document also explores OPSEC findings related to ground and riverine operations, the findings are generally similar to the ones identified by the Air Force.

The original 2007 release can be found here:
https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/cryptologic-histories/purple_dragon.pdf

The 2024 release can be viewed here:
https://safeescape.net/opsecdoc

It’s interesting to note that many of the original redactions were public knowledge (and some were even referenced in official government OPSEC training resources) in 2007 when the original redacted version was made available. For example, the 2007 release redacted the name of the Commander in Chief of U.S. Pacific Command, Admiral U.S. Grant Sharpe Jr., that he originally convened the Purple Dragon team, and for what purpose.

New and noteworthy information in the 2024 release include:

1. Initially, many members of the team believed the losses were due to a communications security issue. In fact, the communications security team found 50 different nonsecure communications during the survey that included specific details regarding the time of the bombing run, referred to as “time on target” (page 9). These sensitive details were transmitted over nonsecure (and, as such, able to be intercepted) between an hour and a quarter and up to 15 hours ahead of the mission. The now-unredacted section of the report notes that 228 aircraft had been shot down and 60% of Blue Springs photography drones were destroyed up to that point, and the report questions whether North Vietnamese forces had advanced knowledge that may have contributed to those losses. The following line answers this question, which was redacted in the 2007 release: yes, they did. Adversarial forces had up to three hours, sometimes up to eight hours, to prepare or evacuate the area.

2. The National Security Agency (NSA) and the Joint Chiefs of Staff agreed to launch a counterintelligence effort to identify and close the sources of the leaks (page 12). The Defense Intelligence Agency (DIA) was tasked with coordinating the effort and convened two working groups- a counterintelligence (CI) working group and a communications security (COMSEC) working group. The CI working group ultimately concluded that “losses of sensitive information through enemy human intelligence (HUMINT) could not be prevented.” It made no recommendations aside from increasing ongoing, general CI activities. The COMSEC working group was convinced that the blame could be placed on individuals failing to protect sensitive information properly and that monitoring communications and transmissions could identify who and punish offenders. A plan was put in place to conduct a COMSEC survey- a new concept at the time- which the DIA approved with the condition that another team be established to examine all aspects of military operations, from planning to execution, to look for other ways they might be compromised.

3. One piece of history that was available through other sources (but was redacted in the 2007 release as “classified matters of national defense or foreign policy”) was the overall strategy for identifying information leaks and vulnerabilities (page 14). The committee ultimately decided to focus on three areas: “enemy exploitations of U.S. communications, enemy recognition of patterns and operations, and enemy access, by whatever means, to pre-execution plans and preparations for operations.” To put it another way, the committed proposed searching for insecure communications channels, patterns and indications, and anything else that might give adversarial forces access to allied plans. What wasn’t previously known was that Admiral Sharp himself elected to assume official responsibility for the survey.

4. Initially, responsibility for the survey was offered to the CINCPAC communications staff, known as J6, because no one was certain who else should manage it (page 14). However, the communications staff lacked experience in the intelligence aspect of the survey and passed ownership on to the intelligence staff, J2. But J2 wasn’t sure how to approach the survey as a concept, so it finally landed with the operations staff, J3, under the command of Colonel James Chance, J3 Deputy for Command Center and Nuclear Operations. At the time, the concept of “surveying operational effectiveness” was new to the military, but the assignment makes sense in hindsight. Although Colonel Chance’s role as direct manager of the project has been widely discussed, it deserves special mention here due to his contributions and decisions throughout.

5. Although a relatively minor historical note, the size and scope of the survey team was previously undisclosed (page 15). Teams were established at seven commands at various airbases in Japan, Thailand, Guam, and Vietnam. At each command, the number of personnel assigned ranged from a small handful of men at some bases to 39 assigned to the U.S. Military Assistance Command in Vietnam.

6. In the 2007 document, pages 17-31 were almost entirely redacted, representing nearly the entirety of the “Birth of a Dragon” section, which primarily focused on the team’s findings and observations throughout the survey. Although much of the section still remains classified, a significant amount of previously redacted information was revealed in the 2024 release. Much of the information is commonly known, but noteworthy revelations include:

In order to encourage everyone surveyed, from the lowest ranks to the commanding officers, the team agreed that the Purple Dragon survey wouldn’t be treated like a traditional inspection and that no reprimands would come from the gathered information. It was decided at that time to capture the information would be kept non-attributional
In a departure from the original COMSEC team’s plan, the goal was to address the root of the problem rather than punish those who failed to follow proper procedures. With this in mind, unit commanders were given the opportunity to fix any issues before they were reported higher.
To avoid having those interviewed from unconsciously altering their usual activities and gathering accurate information, participants were not told the nature of the survey when being interviewed or observed.

Much of the information disclosed in the document detailed the specific procedures and goals for the team. Based primarily in Pearl Harbor (partially, we learn from other sources due to travel budget limitations for the NSA members of the team), team members compiled a database of findings and evaluated the information as it unfolded. Given that the team was looking for something entirely unknown, it’s interesting to see how they approached the problem and made sense of what they discovered.

7. Even the initial recommendations proved effective (page 22). Before OPSEC as a process was formalized, the initial recommendations given on-site increased survivability and recovery rates for bombers and drones.

8. By reviewing unclassified Notices to Airmen (NOTAMs) for upcoming missions, the Purple Dragon survey team was able to gauge upcoming targets and mission times with about 80% accuracy (page 22). The NOTAMs are generally made widely available with limited control to deconflict airspace and help prevent aviation accidents. It’s certain that adversarial forces had access to those reports, which detailed specific times and general locations of missions.

9. Local Vietnamese allies and officials were warning their friends and family of upcoming bombing missions to give them time to leave the area (page 24). The process for selecting and approving targets could take a week or more, and it involved approvals from multiple different commands and up to the Pentagon. This included coordination with local allies. There is no evidence that any Allied official leaked information to adversarial forces. Still, it should have been foreseen that local officials would naturally want to warn their family and friends who may be in the area. Those family and friends would warn their family and friends, and so on. The local civilian population would start evacuating the general target area one to three days before the mission, which signaled to adversarial forces that they should do the same.

10. Many Rolling Thunder missions were compromised shortly after takeoff (page 25). Early in the survey, it was estimated that up to 90% of Rolling Thunder missions were compromised to varying degrees after takeoff from Thailand or the Gulf of Tonkin, giving the adversary up to 45 minutes’ notice before a strike. Given the sophistication and resiliency of the North Vietnamese tunnel systems, this was more than enough time to shelter personnel and equipment. The Navy and Air Force would use exactly four electronic countermeasure aircraft to jam enemy radar when targeting heavily defended areas, but only two when targeting others. Simply by observing the configuration of the flights or noting the distinctive (and unchanged) call signs of the aircraft, the type of target could be determined. There were also other examples given, including the pattern that Airborne Command Post (ACP) aircraft would land at certain places and times depending on when and where the mission would take place, the fact that the Air Force and Navy would strike at specific times (the Air Force, for example, would almost invariably strike targets between 0800 and 0900, and again between 1600 and 1700) and only in good weather, that airborne refueler aircraft would use the same route and fly several minutes ahead of bombers (using the flight route and plane number as their call sign, which was sent over nonsecure voice channels), and more. Putting this all together, it became trivial to determine the timing and target of a bombing mission.

11. The Purple Dragon survey wasn’t intentionally intended to be repeated, but the survey team and agency leadership advocated for a permanent program based on their findings and the likelihood of reoccurrence (page 30). The survey was intended to be a one-off response to specific security concerns. Still, COL Chance and Admiral Sharp agreed that the survey should become a standard procedure for any military operation. The final report to the Joint Chiefs of Staff included a recommendation that the survey be expanded into an enduring capability; the Joint Chiefs agreed and authorized a permanent OPSEC branch under the CINCPAC J3. This answers a long-standing question as to where OPSEC was intended to “live” from its inception and whether it was originally viewed as a security discipline or an operational one.

While not in this document, an interesting historical side note was that the name for the new discipline was decided at a bar in Hawaii. According to Robert “Sam” Fisher (and retold by others from the team): “The next question was what to call this new organization. Our role was operations analysis, but operations analysis would not do for a name. We wanted to distinguish ourselves from the many operations analysis groups that already existed in Vietnam. One knew that Mother NSA would not allow me to be a part of this new organization unless security was among our objectives. Hence, we arrived at the name Operations Security. A side benefit to this name was the acronym OPSEC, a good way to catch people’s attention.”

12. As a mildly interesting note, the original 2007 release showed the affiliation (U.S. Navy) of the artist that drew the dragon on the cover of the final Purple Dragon report, but the new release redacts it, likely in error (page 35).

13. The first major Purple Dragon survey of a non-Air Force mission took place in 1967 when the survey team examined Navy and Marine amphibious landing missions and found multiple similarities nearly identical to the Air Force operations assessed previously (page 37). The (reasonable) requirement to coordinate landings and raids with local officials and allied forces during the early planning phases of the mission led to provincial chiefs and local villagers moving their cattle and equipment out of the area well in advance of the assault. The movement signaled to adversarial forces that “an operation of some sort was going to occur.” It was also noted that helicopters were pulled from other areas and limited in use the day before to ensure availability in support of the landing. Naval bombardment would also begin several hours before the landing, a literal “wake-up call” for those forces that hadn’t already left, and the reporters would be notified up to four days before the assault and transported by helicopter to one of the assault ships the day before. Perhaps the most significant observation was that a Navy hospital ship, which required more time to move and stage, would be anchored off the opposite side of the target beach the day before the assault. Hospital ships are distinctly marked and easily observed, giving at least an evening’s warning.

14. About a week before an amphibious landing, the Marines would send an Airspace Reservation Request to the Air Traffic Controller in Saigon, along with a formal request to keep the NOTAM secret until a few hours before the requested time (page 40). However, this request was often ignored, and the NOTAL was released immediately. This revealed the fact that a military operation was planned for a specific day at a specific time in a specific location up to a week in advance. The solution was to send the request to Saigon at the last moment and, in at least one case, not until the Marines had already landed on the beach.

15. In an interesting twist, the largest amphibious operation of the war at the time, Operation Bold Mariner, used the same OPSEC weaknesses the adversary was exploiting to mislead them (page 40). Now understanding that the adversary was looking out for certain patterns and indications, mission planners spread misinformation through those channels to convince them that the attack would take place at Mo Duc rather than the actual target, Batangan. The Marines issued a NOTAM for Mo Duc eight hours before the apparent landing time, naval gunfire targeted the decoy target on schedule, and a Naval hospital ship anchored near Mo Duc only to reposition once the actual assault had already begun.

16. The American logistics system in Vietnam was a major success when it came to moving weapons and supplies around the country, but at the same time, the process turned into an intelligence goldmine for adversaries (page 47). Supplies came into the theater through centralized supply depots in “rear” areas and were distributed by truck convoys all over the country. Coordination for convoys and road clearances was often conducted well ahead of time and often over unsecured phone lines that were frequently intercepted. Worse still, larger convoys often used the same routes at the same times and on the same days for their deliveries, which made planning ambushes relatively simple. The survey team also found that many combat units would requisition supplies for a particular operation a month or more in advance. This request, which was often processed by local civilians, would list the latest acceptable delivery date, the unit designation and location, and often even the cover name for the operation. These details would then be stenciled on the crates and left in plain view of anyone with access.

17. The initial success of OPSEC measures to protect Arc Light bombing missions was overestimated and may have been historically overreported (page 52). One of the primary metrics for the effectiveness of Arc Light OPSEC measures was the number of alerts detected by adversary forces transmitting a warning of upcoming strikes. After the measures were put in place, these transmissions had nearly stopped completely- in one six-month period, only five valid alerts were detected out of over 2,600 missions flown. Not long after, however, North Vietnamese defectors reported that the units were still being informed of airstrikes up to several days in advance but had switched to courier and landlines to avoid detection.

18. Another section of the report that was redacted in the 2007 release was the discussion of the concept of and rationale behind “thinking like the enemy.” (page 65). Even in 2007, a fundamental concept of OPSEC is viewing your own operations from an adversarial perspective in order to identify vulnerabilities and shortcomings that you would have missed otherwise. The 2024 release discusses the effectiveness of the approach and how combat commanders were eventually able to embrace it when shown concrete examples of lessons learned.

19. In yet another example of content that was redacted for unclear reasons, the section in which the Joint Chiefs of Staff noted that one-year rotations led to repeated OPSEC issues was redacted due to national security and classification reasons (page 76). The decision was then made to train servicemembers on OPSEC concepts before deployment rather than on the job when they get into theater. To help with coordination and planning, the DIA hosted the first Worldwide OPSEC Conference from 30 April to 2 May 1968 in Virginia. Shortly after this, COL Chance was named the head of the newly-created Joint Chiefs of Staff OPSEC branch, building on his

20. After the war ended, the OPSEC process was applied to peacetime drills and exercises to determine if the same issues would be discovered away from the chaos and fog of war. It turns out they were (page 77). Joint training exercises in Korea, code-named Combat Dawn SIGINT, found many of the same issues and indicators encountered in Vietnam only a few years prior. One example of many is that drone aircraft were deployed to skirt the North Korean airspace in an attempt to activate and test the country’s air defense radar system, but the drones invariably flew the same path for the same duration at the same time of day, making the mission predictable. Much like in Vietnam, the flight plans for the recovery helicopters were filed ahead of time- in this case, exactly at 0800 the day before.

21. An interesting perspective found in the 2024 release, but not the 2007 one, determined that “the greatest single cause of the U.S. military’s poor operations security in Vietnam (was) the general lack of respect U.S. personnel felt for the VC/NVA” (Page 85). General Creighton Abrams (the namesake for the M1 Abrams series of tanks) also reportedly said, “A lot of Americans over here underestimate the cleverness” of the North Korean people. In underestimating their adversary, U.S. forces underestimated their ability to intercept unsecured communications and their intelligence in analyzing intelligence.

22. Perhaps of interest to some, the 2024 release discusses the circumstances and resourcing concerns that led to the National OPSEC Program being ultimately established under the NSA (Page 90). The CINCPAC OPSEC branch was the rightful successor to the Purple Dragon survey team, but by 1980, the branch had dwindled to only five employees and was left unsure of its peacetime role. The NSA, however, had provided many of the staff for the CINCPAC team and, in no small part due to the leadership role of Sam Fisher and others, maintained a recent institutional memory for the process. In 1981, the agency began providing OPSEC training to the government, civilian, and military elements, so it came as no surprise when President Ronald Reagan established the NSA as the executive agent in charge of the National OPSEC Program when it was created in 1988.

A lot has changed in the decades since this history was written. And even more has changed since the date the final Purple Dragon report was submitted in 1967. But in understanding the history of OPSEC, we can understand just how many things have actually stayed the same. OPSEC is no longer only a military discipline, but the challenges faced by the original Purple Dragon survey team have a lot to teach us about the challenges we’re likely to face in our own organizations and communities.

On August 18, 2023, Twitter… we mean “X” owner Elon Musk made an announcement that the site will be removing the block feature for public posts, leaving the function only available for direct messages. He later clarified his (flawed) belief that the mute button is good enough to protect Twitter’s users.

Elon is, frankly, wrong.

Survivors of domestic violence and stalking block accounts for their own safety and mental health. It can help people share their story, connect with their support system, and enjoy the internet without the constant harassment of people who want to cause them harm or distress. And while not a perfect solution, it gives them some measure of control over their online presence even when the harasser creates new accounts for the same purpose. This is why we typically recommend survivors of abuse, stalking, and harassment block and report any accounts sending abusive messages.

Instead of blocking, Elon says that Twitter users should mute abusive accounts. The biggest problem with this approach is that the abuser can still send messages, which often includes threats, lies, and even non-consensual pornographic images. If the account is muted, the survivor won’t be able to see or address them, but everyone else on their timeline can. In effect, it gives control of the narrative over to the abuser while taking away from the voice of the survivor. This plan also makes it easy for abusers to view posts and replies from the survivor and their support system while remaining logged into their own account.

Blocking isn’t a perfect solution- there are ways around it, and stalkers or abusers know that. But taking away a tool that survivors of crime use to protect themselves is not okay. We’ve reached out to the Twitter team- and to Elon himself- to make it clear that this plan will put people at risk. Whether or not he listens remains to be seen.

Personally, we believe that Twitter will ultimately end up doing the right thing, but maybe not for the right reason. It’s been pointed out that the iOS app store requires that social media services require “The ability to block abusive users from the service.” Elon may argue that allowing users to block direct messages meets this requirement but we, and many Twitter users, can see that this isn’t enough to protect users.

Elon, millions of survivors of domestic violence, stalking, online abuse, and harassment are watching.

Additional Links:
https://www.cnbc.com/2023/08/18/elon-musk-says-x-users-will-be-losing-the-ability-to-block-content-.html
https://www.theverge.com/2023/8/18/23837494/elon-musk-twitter-x-remove-blocking

Musk says X’s ‘block’ feature is going away

Social Media Abuse Resources

The State of Online Harassment

https://www.getsafeonline.org/personal/articles/online-abuse/
https://wellnesscenter.gatech.edu/report-social-media-abuse