Operational security assessment and enemy capability analysis are two sides of the same coin: understanding what an adversary can do to you, and understanding what you are revealing to the adversary. For the prepared citizen, this is not an abstract military exercise. Anyone who carries a firearm, maintains communications equipment, or organizes with neighbors for community defense is already operating within an environment where potential threats have their own capabilities, intentions, and collection methods. The discipline of assessing those threats — and hardening your own posture against them — is what separates genuine preparedness from the illusion of it.
The Enemy Always Has a Say
The foundational principle of enemy analysis is that adversaries are thinking actors, not static obstacles. They observe, adapt, and react to changing circumstances. Within the METT-TC framework, the “Enemy” factor demands that planners evaluate what an adversary is capable of, what they are likely to do, and how they will respond to your actions. This requires moving beyond simple threat identification into structured analysis of capability, disposition, and intent.
Observations of enemy operational security — or the lack of it — provide critical indicators. Poor OPSEC, such as lack of security dispersion, absence of firewatch rotation, or unsecured communications equipment, suggests broader deficiencies in training, discipline, and equipment across an organization. These indicators are valuable precisely because they reflect systemic conditions: an adversary who fails to rotate sentries probably also fails to encrypt communications or vary movement patterns.
However, apparent vulnerability must be weighed against the possibility of deliberate deception. Experienced adversaries may present themselves as disorganized or unaware specifically to draw observers into ambush positions or to shape the operational picture in their favor. Every assessment must hold open the possibility that initial readings are wrong. The phrase “the enemy always has a say” is a reminder that no plan survives contact with a thinking opponent who is actively working to defeat your intentions.
Structured reporting formats like SALUTE and DRAW-D provide the framework for capturing and transmitting these observations in a standardized way, ensuring that raw data becomes actionable intelligence rather than disorganized impressions. The SALUTE report format captures size, activity, location, unit, time, and equipment — the basic building blocks from which higher-level enemy analysis is constructed.
Assessing Capability Across Domains
Enemy capability analysis extends well beyond counting rifles and vehicles. A thorough assessment covers several domains:
Physical capability includes weapons, equipment, numbers, training level, and mobility. This is the most visible dimension and the one most people default to, but it is only part of the picture.
Communication capability determines how an adversary coordinates. Can they communicate beyond line of sight? Do they use encrypted digital systems, or are they operating on unencrypted analog radios that can be monitored? Understanding adversary communications informs both your intelligence collection and your own signal security posture. An adversary with sophisticated signals intelligence capability changes the entire calculus of how — and whether — you transmit.
Information capability addresses what the adversary knows and how they collect it. This includes technical surveillance (radio monitoring, drone overflights, camera systems) as well as human intelligence (informants, social engineering, open-source collection from social media). Comprehensive target reconnaissance — research into system architecture, access points, and human factors — is the foundation of any successful exploitation effort, whether the adversary is a state actor, a criminal organization, or an opportunistic threat during civil unrest.
Institutional and organizational capability shapes how effectively an adversary processes information and makes decisions. A common pattern in institutional failure is that information exists at lower levels but is never elevated to decision-makers, or systems are never tested against realistic threat scenarios — the information existed, but the organization could not act on it. When assessing an adversary, understanding their decision-making structure and information flow is as important as counting their weapons.
Your Own OPSEC Is Part of the Assessment
Assessing enemy capability is meaningless if you ignore what you are presenting to the adversary. Operational security is the discipline of identifying and controlling the information you reveal through your own actions, communications, and presence.
In the digital domain, this begins with personal device security. Modern smartphones are continuous radio emitters — broadcasting Wi-Fi probes, Bluetooth beacons, and cellular signals that can be geolocated and associated with patterns of life. Fine-grained control over device radio states has become increasingly difficult as operating systems make autonomous decisions about when radios are active. Manually toggling Wi-Fi or Bluetooth off on a modern commercial phone may not actually disable those radios at the hardware level. For users with genuine communication security concerns, this creates a security-versus-convenience trade-off: maximum control requires either older, more controllable platforms or purpose-built privacy-hardened phones that offer reliable emission control.
This is not paranoia — it is a realistic acknowledgment that location data, communication metadata, and digital patterns of life are among the most accessible forms of intelligence collection available to any adversary with basic technical capability. Treating mobile digital OPSEC and privacy-focused platforms as components of overall operational awareness — alongside radios, maps, and field equipment — reflects the reality that digital emissions are as revealing as physical signatures.
In the physical domain, OPSEC considerations include movement patterns, light discipline, noise discipline, and the observable signatures of your equipment and activity. A well-equipped group that follows the same route at the same time every day, or that broadcasts unencrypted radio traffic on predictable frequencies, is handing an adversary the information needed to plan an effective action against them.
Applying the Framework to Your Area
The Area Intelligence Handbook by Mike Shelby provides civilians with a structured process for conducting the kind of operational environment assessment that military intelligence personnel use, adapted for community-level application. The operational environment encompasses both physical and human terrain: the actual ground you live on (terrain, weather, lines of communication) and the people who inhabit it (population, governance, social dynamics, economic conditions).
Critical infrastructure — power substations, water systems, transportation nodes, communication towers — is evaluated for vulnerability and dependency. Understanding how a disaster, civil unrest event, or deliberate attack would interact with the specific conditions of your area is the foundation of meaningful preparedness, as opposed to generic planning that ignores local reality. This structured approach to area assessment is covered in depth in The Area Intelligence Handbook.
The operational environment assessment feeds directly into Intelligence Preparation of the Battlefield, where terrain analysis, weather effects, and threat overlays are combined into a coherent picture that supports planning and decision-making. For the civilian practitioner, this means moving beyond “what gear do I own” to “what does my specific environment demand, and what threats actually exist here.”
Bridging Assessment to Action
The point of operational security assessment and enemy capability analysis is not to produce documents — it is to inform decisions. What communications methods are appropriate given the adversary’s collection capability? What movement techniques are necessary given their observation capacity? What equipment signatures must be managed? How should you plan your PACE communications given what the adversary can intercept or jam?
These assessments also shape training priorities. If the realistic threat in your area has night vision capability, then understanding active versus passive aiming and managing IR signatures becomes a training requirement rather than an academic exercise. If the threat has radio monitoring capability, then radio encryption and security moves from a nice-to-have to a necessity.
Ultimately, the prepared citizen who takes threat recognition and tactical awareness seriously is doing the same analytical work that military intelligence sections perform — scaled to the individual or small-group level. The tools are simpler, the scope is narrower, but the intellectual discipline is identical: understand the adversary, understand what you are revealing, and make decisions accordingly. This analytical rigor is part of the broader obligation described in building a coherent loadout — gear without understanding of the threat environment it must function in is just equipment, not capability.