What a Threat Actually Is

The Three-Part Test

For something to constitute a threat in OPSEC terms, it must pass three tests simultaneously. First, there must be a specific adversary — not a category like “bad people” or “the government,” but an identifiable person, group, or organization with an operational reason to want your critical information. Second, that adversary must have the capability to collect the information — the means, access, and skill to actually obtain it. Third, the adversary must have credible intent — an active interest in collecting your critical information for a purpose that would harm you.

If any one of the three is missing, the threat is eliminated for planning purposes. A neighbor who could observe your patterns but has no operational reason to do so is not a threat to your OPSEC plan — they are merely someone with observational access. Recognizing this keeps your countermeasure effort focused.

Intelligence Collection Methods

What Adversaries Can Actually Do

Part of threat analysis is assessing your adversary’s collection capability. Collection methods fall into several categories that you need to evaluate. Open Source Intelligence (OSINT) is available to anyone with internet access: your social media, public records, voter registration, property records, court filings, vehicle registrations, and any publicly accessible content that names or describes you or your group. This is the most accessible collection method and is severely underestimated as a threat vector.

Human Intelligence (HUMINT) refers to information obtained through personal contact — conversations, elicitation, or individuals embedded in or adjacent to your group. Most preparedness groups are far more exposed to HUMINT collection than they realize. Members talk to spouses, children, neighbors, and acquaintances who are not part of the group’s security perimeter.

Physical observation covers surveillance of your location, activities, vehicles, and patterns by someone with physical access to your environment. This requires less technical capability than most people assume — a patient observer with a vehicle parked nearby can build substantial understanding of your group’s size, schedule, and operational patterns over time.

Technical collection includes signals interception (monitoring radio traffic), network intrusion, and other technology-enabled collection. For most civilian preparedness environments, this is a lower-probability threat than OSINT or HUMINT, but it is not zero — particularly for groups with adversaries who are technically sophisticated or who have institutional resources.

Keeping It Grounded

Threat analysis is where OPSEC practice most often slides into paranoia or disconnection from reality. The discipline requires you to be specific and evidence-based, not imaginative. If you cannot articulate why a specific adversary would want your specific critical information, and what they would do with it, they do not belong in your threat assessment. Threat inflation wastes countermeasure resources and, more importantly, makes the entire OPSEC framework feel unworkable — which causes people to abandon it.

Start with the most likely and most capable threats, not the most catastrophic ones. For most preparedness groups, the realistic threat landscape includes nosy neighbors, social media exposure, and the group’s own members who have not internalized communications discipline — not nation-state actors or sophisticated surveillance programs.

↑ All Seven Lessons