CHAPTER 2

                      OPERATIONS SECURITY [OPSEC]

INTRODUCTION

     Operations security is one of the keys for achieving the two war
principles: surprise and security. A military force has the advantage when he
can surprise the enemy. In order to achieve this goal, those military forces
must protect their operations and activities with a continuous implementation
of a security plan that is healthy and effective. The purpose of OPSEC is to
protect the military operations and their activities by negating the
indicators military forces plans and their intentions vis-a-vis the enemy
forces. In other words, the enemy commander should not know or recognize how,
when, where, why and what operations our forces are about to undertake, until
it is too late for the enemy to react effectively against our operations.

     OPSEC is the duty of the commander, together with each individual at all
levels of command. The commander determines which are the measures of OPSEC
which should be implemented and the duration of each event. Equally, they
should determine the level of risk that they should be willing to accept. The
elements of intelligence (SD) provide information about enemy threat. The
operation elements (S3) direct the program of OPSEC and recommend measures for
OPSEC. The units of each individual implement those OPSEC procedures. In order
to attain a good OPSEC program, commanders and the members of the joint
command, and each individual should be trained in the proper use of the
procedures and techniques of OPSEC.

     This teaching plan provides a guide for the procedures to be used by the
technical units in the OPSEC program. Described OPSEC and provides doctrinaire
direction for the future instructors and trainers.

     What is OPSEC?

     GENERAL

     In order for our military forces to be successful against enemy forces,
information about the activities of our units or plans and operations should
be denied to the enemy until it is too late for him to react effectively.

     OPSEC does not occur by itself. Our military forces have to create the
right condition for a good OPSEC program since OPSEC is an integral part of
all the operations and activities. The OPSEC program can be good because it
was implemented effectively in each unit; or it can be a program without

                                  13

LN324-91 effectiveness because the members of the unit did not know the importance of the program and does not know what it requires. OPSEC IS ALL ACTION TAKEN BY THE COMMAND TO DENY INFORMATION TO THE ENEMY ON OUR ACTIVITIES OR MILITARY OPERATIONS Generally, OPSEC includes coordination of various techniques and procedures that deny information to the enemy. It is the common sense applied systematically to the situation of a unit or a mission. The result is the security of the military forces. This requires a total effort of integration by all commanders, and the members of the team, and the units and each individual. Under the umbrella of OPSEC, there exist basically three types of action. COUNTER SURVEILLANCE - These activities are taken to protect the true purpose of our operations and activities. COUNTER MEASURES - Those actions taken to eliminate and reduce the enemy threat and its capability of intelligence and electronic warfare against our military forces. DECEPTION - Those actions taken to create the false image of our activities and operations. COUNTERSURVEILLANCE SIGNAL SECURITY (SIGSEC) The signal security includes communication security (COMSEC) and electronic security (ELESEC). COMSEC includes those measures taken to deny the enemy information on our telecommunications. This includes the cryptographic security, transmissions security, physical security of COMSEC information, and measures to assure the authenticity of the communications. ELESEC is the protection of the electromagnetic transmission, which includes the communication apparatus. This includes such measures as standard operations procedures which have been approved, appropriate search, maintenance procedures, and training programs. ELECTRONIC COUNTER COUNTERMEASURES Electronic counter countermeasures (ECCM) are various measures taken to 14
LN324-91 protect the electronic transmissions of our military forces and the detection capacity, recognizing and identifying the enemy. This includes the proper use of the command post of the motor, situating the antennas, concealing and distancing the antennas, a check of the equipment to secure and make sure that there is no radioactive radiation, and training. A good electronic counter countermeasure program must ensure the effective use of the electromagnetic systems of our military forces. INFORMATION SECURITY (DOCUMENTS) Information security INFSEC is the protection of information of value for the enemy forces. This includes two types of information, classified and unclassified. Some examples are the dispatch documents, requisitions (orders), plans, orders (directives), reports, charts (maps), map covering material, and dissemination of verbal information, and the press that may have an adverse effect on national security and the operation of friendly military forces. PHYSICAL SECURITY Physical security (PHYSEC) is the protection of the installations, command post and their activities, etc., by the members of the Armed Forces, dogs, and other necessary measures for the restriction and protection of the area. Some measures include barriers of the perimeters, detective lights, marked copies of the keys or combinations, bolting mechanism, alarm systems for the control of intrusion, personal identification, controlled access, and controlled movement. The PHYSEC also allows the protection against espionage, sabotage and robbery. STANDARD OPERATION PROCEDURES (SOP) As a general rule, the countersurveillance procedures such as camouflage, concealing and the use of color, light and noise, are concealment measures discussed in the SOP. The SOP also covers the manner in which the unit utilizes buildings, roofs, highways and its equipment. COUNTER MEASURES Counter measures are selected, recommended and planned in order to overcome the specific aspects for the operation of intelligence of the enemy. Once a vulnerability has been identified and the risk is determined to exist, a counter measure is designed specifically for this threat in order to avoid exploitation of said vulnerability by the enemy. The counter measures can be anything from deception to the destruction of the capability of the enemy's means. The counter measures also include appropriate measures to discover the vulnerability of the friendly force. For example, the use of smoke, or the 15
LN324-91 use of flak in critical moments. The deception operation also can be planned. DECEPTION OPERATIONS Deception operations (DECOP) are carried out in order to deceive the enemy. These operations include: Handling of Electronic signatures Distortion of the friendly activities in order not to make the real objective known. Falsifying material, and placed wherever it can be captured or photographed by the enemy. Simulated maneuvers Demonstrations Simulated equipment Deception operations can be conducted when the commander sees an opportunity to deceive the enemy. ? 2 Also, deception can be required when the countersurvei1lance operations are not sufficient to disorient the enemy so that the operation may be successful. In any case, knowledge of the friendly military forces provided by security analysis is necessary in order to create a credible deception plan. SECURITY ANALYSIS Security analysis is done in order to support the countersurveillance and counter measures. OPSEC depends on the commander and his personnel being informed of a threat that they will confront, in the patterns, weaknesses and profiles of the friendly force. Intelligence analysts provides information on the enemy; the analyst assigned to OPSEC section determine which unit or activity of the friendly forces are vulnerable, and why. The OPSEC analyst provides the commander and the operators with a risk estimate; this is based on the efforts of the aggregate of intelligence of the enemy and the activities of the friendly forces that are known. They can recommend procedures or procedures of countersurveillance and counter measures. OPSEC is a condition. Generally, OPSEC is a condition that seeks to attain security or safety of the friendly forces. It involves a variety of activities for concealing the friendly units, or to deceive the capabilities of the enemy analyst and commander in regard to intelligence gathering. These activities (under the 16
LN324-91 category of countersurveillance, counter measures and deception) can be accomplished independently by members of each unit. But it is the integration of these activities by the commanders and the operation officer, which transforms the OPSEC program for a unit and provides security for the operations. The elements of security such as SIGSEC, counter intelligence, military police, and the personnel of each unit, provide the necessary support to create good conditions for OPSEC in the installations. THE THREAT COLLECTIVE CAPABILITIES OF THE ENEMY HUMAN RESOURCES ELECTRONIC RESOURCES IMAGE RESOURCES Agents INTELSEN/GE Photography Infiltrators -- Radio interception Infrared (close and distant) Reconnaissance Unit --Radar interception Night vision equipment Combat Unit --Interference equipment Image amplifiers Patrol --Radar surveillance Visual Prisoners of war--Telesensors SLAR Refugees --Acoustics Figure 1 The intelligence threat against our Armed Forces vary from place to place, according to operations, missions, contingency plan and the level of sophistication of the enemy. Therefore, the units to receive information about the threat in specific situations in the local sections of intelligence. It is expected that the enemy units will utilize all of their capabilities of collecting information, as is shown in Figure 1, when they confront our forces. The enemy is particularly interested in the different echelons of our military forces: which are the capabilities of the unit; such as, their fire 17
LN324-91 power, communications, detection capabilities, logistic support, but in the same way are interested in the location, movements, and intentions of our military forces. The capability of the threat that is discussed in the classrooms and the practical exercises of the units should be based on the capabilities of the enemy and the ones that can have be a fundamental threat in the operation activities of the unit involved. In other words, the OPSEC program was developed in order to counteract the specific threats against the military unit involved. OPERATIONAL GUIDE GENERAL The OPSEC program is conducted by the commander and led by the operations officer as part of the operations of each unit. Each unit can have an effective OPSEC program with only the coordinated forces of the commander, members of the task force and the troops, and the use of various activities of security and intelligence. NUCLEUS OF THE OPSEC OPERATIONS Operations Officer G1/S1 G3/S3 SIGSEC Commander Troops Counter espionage G3/S3 MILITARY INTELLIGENCE 18
LN324-91 The OPSEC program is designed to function with the characteristics of the technical operations, and the requirements of each organization. Each unit takes the necessary steps to provide the security and maintain the surprise - keep the enemy without knowledge of what our military forces are doing. For this reason, OPSEC should be taught in all the military schools at all levels, and established in the doctrinaire literature of each organization and its operations. Each manual should describe how military forces can improve the security of their operations. In order for the OPSEC program to be effective, the tactical units should: Be established by the commander, and led by the operations officer of the support of the local intelligence officer. Be based on the operational requirements of the unit. Be imaginative and adaptable for certain changes. Be designed to deny valuable information to the enemy regarding activities and operation. Be compelled at all levels by the commander in the plans and training, so that the program can function in operations situations. OPSEC SUPPORT The OPSEC support is provided by the unit or sections of the OPSEC which are found in the organizations of military intelligence. The OPSEC teams are specialists in security signals in the counter intelligence and should be put in direct support of the combat brigade, support division commands and the artillery units. These teams support the unit determining the vulnerability of each unit, to assist the subordinate units and maintaining the most current data regarding enemy threats and evaluation of vulnerabilities of such threats. The support units of OPSEC participate in the conduct of evaluation of OPSEC. They also recommend certain ways of protecting the procedures which could provide indicators to the enemy. The security specialists help in the development of the plans and procedures of OPSEC, maintaining the archives of OPSEC, and recommending the deception measures. Commanders can also obtain the support of the units of OPSEC at the highest echelons of the high command of the Armed Forces. This support includes services such as the signal security, computerization security, counter measures of technical surveillance, counter intelligence investigations and inspection of cryptographic installations. 19
LN324-91 THE OPSEC PROCESS OPSEC is a continuous process of planning, collecting information, analyzing and forming, changing data base, issuing orders and instructions and execution. OPSEC PROCESS Planning the gathering --->Information gathering--->Analyzing Report on Report results Executing orders <----Issuing orders <-----Revising the and instructionsdata Base NOTE: Once started, the OPSEC process is continuous and more than one section can do it at any moment. The OPSEC process is done in a sequence of planning, execution and reporting the results. The process begins with information already known of the data base and continues in a logical way resulting from the assessment, recommendation and operation plan. The plan is carried out by the units. The OPSEC measures are monitored by members of the different unit and by elements of the CI to verify the effectiveness of the OPSEC measures. The commander and the operations officer take action to correct the vulnerabilities based on the different reports. The process can be illustrated as follows: THE OPSEC PROCESS S3/D3 S2/D2 Based on OPSEC profile Estimate of the enemy Data base or intelligence threat Condition of our forces ------------ and Commander countersurveillance guideline in effect 20
LN324-91 The Concept of the Commander of the mission or operation P --Determine the sensitive aspects of the operation L --Develop the essential elements of friendly information (EEFI) A --Advise on our vulnerabilities N --Analyze the risk N --Determine countermeasures and requirements of deception I --Estimate of OPSEC (written or orally) N --OPSEC plan (written or orally) G --Deception plan (written or orally) I M P --Units implement Operational Plan (With the OPSEC plan as an Annex) L --Counterintelligence elements supervise the OPSEC plan E M --Inform on indicators that can influence the operations E N --Effectiveness of OPSEC program is evaluated T A T I 0 N R E S --Counterintelligence elements inform the commander and the U operations officer orally or in a written report. L T S Figure 1 21
LN324-91 THE DATA BASE Data base for the planning of OPSEC is maintained by the CI section. This information on our units and enemy capability for gathering information is always in the process of evaluation and change. The intelligence section informs the CI element regarding the capability of the element to collect information. This information about the enemy is important because: Time is not wasted advising an erroneous threat. Counter measures are not assigned to indicators which the enemy does not have the capability to collect. Counter measures are assigned to counteract the capabilities of the enemy to collect information on our activities. The CI section establishes the data base to develop the indicators, the signatures, the patterns and the profile of our forces. This information indicates how our units appear in the battlefield -- the way they operate, how they communicate, how they are supplied, etc. The information about our own unit is important for the planning of our operations because: It determines the essential elements of information on our forces and our vulnerabilities. Counter measures are applicable to the units which need them. In carrying out and providing advice for OPSEC measures. Deception can be done effectively. The use of deception depends on common sense, precise information about enemy intelligence and our involved units. For example, the units which use deception have to demonstrate indicators, signatures, patterns and profiles showing the same characteristics as the type of unit they are trying to imitate. COMMANDER GUIDE The concept of the operation and the mission of the commander provides the direction and guideline for the OPSEC plan. The commander can order certain general measures of OPSEC or perceive specific procedures of security during operation. For example, it can establish measures for protecting the revealing of unit movement, supplies and use of radio. The commander should announce which part of the operation should be protected for the operation to succeed. 22
LN324-91 PLANNING The C3/S3 is assisted by the CI section and other high staff and general staff officers, realizing the plan described in Figure 1. Although the different aspects of the planning might not be completed in detail, each one should be completed as much as possible in a given time. Determine the Sensitive Aspects of the Operation Take note of the information which if known by the enemy provides indicators that reveal our operation. Operational indicators and physical characteristics are compared constantly with the operation. Once this is done the planners can -- Determine the Essential Elements of the Elements of Friendly Information (EEFI) The essential element of friendly information is information that if it falls in the hands of the enemy, our operations will fail. The EEFI reflect the concern of the commander regarding areas that need security. The CI agents use the EEFI to identify and inform regarding vulnerabilities. The unit uses the EEFI to plan operations of countersurveillance. Advice on Our Vulnerabilities Noting the EEFIs, the CI sections begin to advise on our vulnerabilities. The CI agents identify the units and activities that are most vulnerable and detectable by enemy intelligence. This step is necessary for -- Risk Analysis Risk analysis is a process that compares our vulnerabilities with the enemy capabilities for gathering of collect. The CI agent identifies indicators that if detected would result in the divulging of important combat intelligence regarding our operations. The purpose is to identify the risk and determine what can be done to reduce them. This includes an evaluation of the operation of countersurveillance and counter measures actually in effect for determining what more needs to be done. The units always employ procedures of counter surveillance. The units separate and evaluate the effectiveness of countersurveillance as they receive new information. Based on the new information, they can decide and adjust the measures for countersurveillance in order to focus on certain techniques and procedures. This process continues throughout the CI agents structure. 23
LN324-91 Determine the Counter Measures Counter measures are used to protecting these indicators and EEFI which are most vulnerable for enemy detection, as a result the counter surveillance measures which are not adequate. Generally there are five options: Counter measures are not necessary Applying a counter measure Stop the activity Employ deception operations Change the operation Counter measures are not necessary under the following conditions: A indicator cannot be detected by the enemy If it is detected, the indicator supports the deception plan. The commander decides to accept the risk. The use of counter measures in deception requires common sense, information over our units and knowledge of the capabilities of the enemy to gather intelligence. The specific counter measures are directed towards the capabilities of the enemy in order to collect information. Counter measures may include the physical destruction of the enemy -s collection measures. If this is the case, the S3, in accordance with the commander, has to react quickly in order to counteract the enemy's gathering capability. For example, it is known that an enemy reconnaissance patrol is collecting enough information regarding our operation, the 53 can recommend the increase of combat patrols to destroy the reconnaissance element. Deception The planning of deception is integral in the planning operations. A deception plan can be done because it is a good idea for a specific operation; because it is a requirement to support a plan of deception at a higher level as part of the measure against the enemy intelligence threat. In any case, deception and the OPSEC are inseparable. In order to use deception successfully, a unit as o have a good knowledge of all of the aspects of OPSEC. 24
LN324-91 Deception is designed to deceive the enemy by means of manipulation, distortion, making him react in a way that is detrimental to his interest. In order for a plan of deception to function, certain conditions have to exist: -- The plan of deception should be credible. The concept of deception should be carried out in conjunction with the concepts of operation. Whenever possible, the operation activities should support the plan of deception. -- The deception should be part of the technical situation. -- The enemy should be given the opportunity to react to deception. -- One should consider all the information gathering capabilities of the enemy. There is no point in deceiving an enemy resource if it is detected by another resource. The success depends on the good knowledge of the characteristics, capabilities and the use of intelligence systems of the enemy. -- The units involved in the deception have to accomplish their different missions. This may not require anything special if the unit is doing its normal mission. It is possible that it may have enough information and equipment to project a false image. The subordinate units have to support the plan of deception of the superior units. Deception requires good intelligence, OPSEC and an operational implementation in order for it to be successful. Intelligence units inform regarding information gathering capabilities of the enemy and possible reactions. The CI section informs regarding indicators, signatures, patterns and profiles of the units involving deception; and the operations sections applies the deception plan of the combat operations. A satisfactory OPSEC program needs to be established in order for the deception to be successful. INDICATORS, SIGNATURES, PATTERNS AND PROFILES General All the armies have their ways of operating. The normal operating procedures, the field manuals, the training instructions, and other local instructions result in similar units functioning in a similar way. The effort of maintaining the similarities and functioning adds to the effectiveness and efficiencies of the units. Its weakness is that the units become stereotypical units, and consequently more predictable. This causes that the analyst of any intelligence can interpret more easily the indicators, signatures, patterns and profiles of our military forces. The commanders and the operation officers should examine and study carefully how to conduct their military operations. They need to know if they 25
LN324-91 are conducting operations in the same way each time there is an operation, and advise on the manner the operation should be conducted. This means that they should revise the actions that occur during the planning phase, execution and the debriefing after the combat drills. It could be that a comparison of the activities of various combat drills is necessary. INDICATORS Indicators are activities that may contribute to determine a course of action of our military forces. When preparing combat operations, it is virtually impossible for a military unit to hide or avoid giving out indicators. Certain activities must be conducted. Some of these activities are essential for the operations -- others can be directed by the commander or by standard operational procedures of the operations. In many cases, these activities might be detected by the enemy and used to predict possible courses of action. Identifying and interpreting specific indicators is a critical task for the intelligence operations, either for the enemy of for our own armed forces. The intelligence personnel looks for indicators, analyze the, and make an estimate of the capabilities, vulnerabilities and intentions. These analyses have become a requirement for information, plans, and eventually provide the basis for directives and orders. Identifying the critical activities of the military forces could indicate the existence of specific capabilities or vulnerabilities, or the adjustment of a particular course of action. Determining which indicator is important, could be the result of previous action analysis. The lack of action is as important, in certain cases, as actions already taken. For example, if a unit does nor normally deploy its attack artillery equipment, this information is important for the analysts to include it in their estimate. In any case, the indicators that arise requires a concrete knowledge of the organization, equipment, doctrine of the tactics, the command personalities, and the logistic methods, as well as the characteristics of the operations. Indicators are not abstract events. The indicators are activities that result from the military operations. Indicators are potential tools for each commander. The indicators are probabilities in nature, which represent activities that might occur in the military operations. The interpretations of the indicators require knowledge of the enemy and the current situation. Some indicators are mentioned below. It is not intended to be a complete list, or applicable to all situations. 26
LN324-91 Possible Attack Indicators -- Concentration of mechanized elements, tanks, artillery, and logistic support. -- Delivery of combat elements (mechanized, tanks, anti-tank) in echelons. -- Deployment of tanks, guns, cars to the front units. -- Extensive preparation of artillery. -- Artillery positions very much to the front and in concentration. -- Extensive patrol activity. -- Change in the level of communications, crypto, codes and frequency. -- Placement of the air defense forces beyond the normal front. -- Logistics activities, reinforcement and extensive replacement. -- Relocation of support unit at the front. Possible Defense Indicators -- Withdrawal of defense positions before onset of battle. -- Successive local counterattacks with limited objective. -- Counterattack is suppressed before regaining positions. -- Extensive preparation of field fortifications and mined fields. -- Firing positions in the front are used; the long-range firing is started. -- Movement to the rear of long-range artillery equipment and logistics echelons. -- Destruction of bridges, communication facilities and other military equipment. 27
LN324-91 SIGNATURES The signatures are a result of the presence of a unit or activity in the battlefield. The signatures are detected because several units have different equipment, vary in size, emit different electronic signals, and have different noises and heat sources. The detection of the individual signatures could be grouped by analysts to point out the installations, units, or activities. In general, these are the categories applied to the units: visual, acoustic, infrared, and electromagnetic. Each one of these areas are discussed individually. Have in mind, however, that the enemy will try to exploit several individual signatures grouping them in order to determine a signature for the unit. Usually, action is not undertaken as a result of the detecting only one signature. With exception of the detection of critical areas, which can result of the detection, identification and location of a signature. The critical areas are key activities such as command posts, communications facilities and systems, some equipment and its surveillance systems. The detection of these areas reduces the ability of a military force to conduct military operations. However, the longer the critical areas are exposed, the easier would be for the enemy to detect, identify, locate, attack and destroy these critical areas. VISUAL Visual signatures are detected through light photography and by human eyesight, assisted or unassisted. Visual signatures are equipment, location of personnel, activity patters, and the frequency of these activities. Also, some of these visual signatures include vehicle movement, tanks, vehicle marking, uniform markings, etc. Theoretically, a target is detected when it is seen by a human eye. The targets might be detected and identified by using photography by -- -- Its distinct form, or recognizable patters, form, style, size, design, shadow, and its dimensions of height and depth. -- A distinct deployment system, possibly involving other targets. -- The color, hue, shine, tone and texture of the target. It is possible to detect a target without having to identify it. Detection is the discovery of a target or activity, while identification requires an additional step - to establish what the target is, what it does, or the capabilities of such target. The violence, confusion, and the darkness in the battlefield introduces variables that might prevent identification or detection of military targets. 28
LN324-91 Some studies point out that the visual detection is affected by the following: -- The size of the target and the time it has been exposed to sight. -- The degree to which the target has been camouflaged or covered. -- Light variation, visibility and weather. -- Number of targets - the more targets there are, it is more difficult to identify them correctly. -- Target distance - the longer the distance the more difficult to identify the target correctly. -- The contrast of the target against the background -- the less contrast there is, the more difficult it is to identify the target. Some factors help the probability of visual detection. For example, the probability of detection is increased by knowing previously that a target is in a particular area. The probability of detection and identification is also augmented if the target detected in a particular area is associated with other targets in the vicinity, in other words, find a known target and search for similar ones in the area. For example, if a tank repair vehicle is detected in an area, look for tank units or mechanized units in the vicinity. The identification and visual detection can be enhanced with the use of photography. Visual location of ground and air observers, of which there is no specific identification, can be used to lead photographic reconnaissance missions. Unlike the location in one site only, or having a short view of the target, photographs provide the opportunity to enlarge and study specific areas and equipment. Photography is limited mainly because it provides the record of an area as it was at the moment the photograph was taken. ACOUSTIC (SOUND) The acoustic signatures come in two types: The first are noises produced during battle by explosives and rifle firing. The second sound is associated with the noise of certain military functions - such as vehicles, equipment and the activities of the installation. The acoustic signatures are detected by human hearing, sound detection equipment, or special devices that magnify the sound. Acoustic sounds could be very significant because different equipment and guns have a unique sound. These signatures have considerable importance for planning countersurveillance, countermeasures and deception. The forces 29
LN324-91 try to prevent escape of signatures in order to reinforce security; a deception plan must sound as if it were an actual unit. The noises produced by operations are affected by the weather conditions, terrain, atmospheric conditions, and the propagation of sound. The relative direction of wind, the amount of wind, the temperature and humidity influence the quality of sound. In general, the sound travels better when projected by the wind, when humidity is relatively high, and during nighttime. The enemy is not expected to react only to what he hears. The sound only serves to alert us on what is happening. The acoustic signature, unlike the visual signature that can stand by itself, normally is used to support other sensors. The acoustic sounds are integrated with other information to enhance intelligence. But have in mind that under certain circumstances, the sound can travel long distances. While the enemy cannot distinguish between an M-60 tank and an APC, the sound can alert him that there is movement in the vicinity. INFRARED (IR) The infrared signatures are those not visible by the eye. It is the heat, or light, produced by equipment, person, unit or activity. The infrared signatures can be detected with the use of several specialized equipment. The infrared surveillance equipment vary from the individual optical device to sophisticated aerial systems. Under favorable conditions, the systems that have been improved will be able to produce images that distinguish between the equipment of the same quality and type. The tactical infrared equipment come in two categories -- active and passive. The active equipment require that the potential target be illuminated by infrared sources -- light sent in infrared frequencies. These devices are susceptible of being detected because they emit a distinct and identifiable signature. The enemy sensors can locate the active sources. The passive devices detect the infrared radiation of any of these two sources: emissions created by the target or solar energy reflected by the target. These devices are more applicable to play the role of surveillance because the equipment does not produce an identifiable signature. The passive devices are vulnerable to detection at the level at which their power sources are detectable. The majority of the military equipment emit an infrared signature of some type. The equipment more vulnerable to infrared detection are those that produce a high degree of heat, such as, tanks, trucks, long guns, generators, air conditioners, furnaces, aircraft, maintenance facilities, artillery fire, kitchen areas, landing areas and assembly points. 30
LN324-91 Infrared surveillance has limitations. Humidity, fog, and clouds can cause serious limitations, while smoke and fog can degrade the operations of some systems. The clouds present a more serious problem because the radiations emitted can be enough to prevent the operations of the system itself. Clouds also telltale the infrared radiation of the objects being targeted by the system. ELECTROMAGNETIC The electromagnetic signatures are caused by electronic radiation of communication and non-communication emitters. In other words, the detection of specific electromagnetic signatures can disclose the present of an activity in the area. This allows us to direct our sensors to that area in order to detect other signatures. The communication signatures are generally direct -- use a radio and a signature will be provided. The battalions have certain communication systems; the brigades have other communication systems, and the elements of higher echelons also have different communication elements and other additional systems. To find the bigger units, to which a transmitter belongs, it is the duty to: -- detect other transmitters in the area. -- Use radio-goniometry to determine the location. -- Categorize signals by a signal analysis. -- Locate the type of transmitter in the vicinity of the area. From this type of information, the intelligence can determine the location of a unit or command, supply point, weapons units, and assembly areas. This is particularly true when some radios or radars are used exclusively by a specific unit or weapons system. The movement, information of the order of battle, the structure of the radio network, tactical deployment, and, in a lesser degree, the intentions could be derived from the interception of the communications systems. All these could be detected and identified by knowing the location of communication equipment, without reading the messages. The signatures produced by radars are considered from two viewpoints. First, when radar systems are activated they transmit signals and create signatures. This makes our forces vulnerable when we use radar against the enemy. Secondly, the equipment, buildings and mountains have identifiable characteristics which the radar can be used to detect and identify. Therefore, the forces exposed are vulnerable to the detection by radar. 31
LN324-91 The military equipment have a great number of protuberances, angles and corners which the radar could detect. This refers to what is called the radar cross-section (RCS). Modern radar surveillance equipment can do more than solely detect the RCS of a target. Aerial radars with lateral view (SLAR) have enough resolution to identify certain weapons systems by detailed imagery or by its pattern. The radar systems can penetrate the fog, cloud and moderate rain. The surveillance radars are active systems and can operate against mobile or fixed targets. The radar systems are limited in that they require an uninterrupted passage, or visibility points, towards the target area. However, have in mind that these systems cannot penetrate forests or heavy rain. The radar systems are susceptible to enemy interception and can become targets because of their distinctive signature. PATTERNS A pattern is the manner in which we do things. Patterns that can be predicted are developed by commanders, planners and operators. The different classes of patterns are as numerous as the different procedures in military operations. Some examples of patterns are: -- Command and Operations Posts -- Artillery fire before an attack -- Command posts located in the same position relative to the location of the combat units. -- Reconnaissance patrols repeatedly on a zone before an operation. The officers need to examine their operations and activities in their zones of responsibility and reduce the established patterns whenever possible. PROFILES The profiles are a result of the actions taken by military units and individual soldiers. The profile analysis of a unit could reveal signatures and patterns on the procedures, and, eventually, the intentions of the unit could be determined, collectively, the profiles could be used by the enemy to find out our various courses of action. Our counterintelligence units develop profiles of our units in order to determine our vulnerabilities and thus recommend the commanders on the correction measures. In order to achieve this, all activity of the unit has to be identified to see if it presents indicators to the enemy. Usually, profiles are developed by means of the gathering of information on the electromagnetic equipment and on physical actions and deployments. 32
LN324-91 Electromagnetic information identifies the activities of the units by associating the different signals with the equipment. Physical actions and deployments are things that the unit does: how a unit appears while it is performing; how it moves; its configuration during march or when it deploys. These different factors identify the different units. In the majority of units, the electromagnetic and physical information is applicable to 5 areas of importance in order to complete an entire profile. The five profiles are: -- Communications and command post -- Intelligence -- Operations and maneuvers -- Logistics -- Administration and other support COMMUNICATIONS AND COMMAND POST Some factors to be considered when developing and profile: Where are the command posts located with regard to other units - particularly subordinate units? -- How does the command post look like? -- When is it transferred with regard to the other command elements? -- Is the post surrounded by antennas - thus creating a very visible target? -- What type of communications equipment is used and where is it located? -- What is the amount of communications traffic with regard to the activities and operations? -- Are there any road signs that might help the enemy units or agents to located the command post? -- Do the logistics and administration communications compromised the operation? 33
LN324-91 INTELLIGENCE Profiles on intelligence, surveillance, reconnaissance and elements identifying targets are developed in order to determine whether our activities indicate our intentions. Some considerations: -- How frequently and to which zones have the land and air elements been assigned for information gathering? -- Where are the information gathering elements located? (Which communication methods are used to report? Which are the information channels? Which are the security measures?) -- How are the radars used? (For how long are they used before transferring them?) -- Are there sensors in the target zone? -- Have the reconnaissance vehicles (land and air) compromised the location of future operations? -- Are the patrol levels been varied? -- Can the different gathering activities relate to the different stages of operation - planning, preparation, execution? OPERATIONS AND MANEUVERS Activities during the preparation and execution of combat operations can be identified. Many activities are hard to cover due to the number of men involved, the noise, dust, tracks of vehicles, heat emitted, etc. However, the activities for combat operation have to be examined. -- Can the drilling and instruction of men be easily detected? -- If there is special training required for the operation, are there any special security measures? -- Where are the units located before the operation? Artillery? Aviation? Reserves? Maintenance and supply? Is the movement indicated towards the front or the rear during their course of action? -- How are the same actions carried out for preparation of offensive or defense operations? Do they indicate intentions? LOGISTICS 34
LN324-91 Supply, maintenance, transportation and services and facilities indicating an operation have to be examined. -- Which movements indicate the starting of an operation? -- Are material and special equipment visible? -- Where is the material being stored? When? -- Is the change of schedule for vehicle and weapons maintenance indicating the start of an operation? -- Are new roads being built? -- Are special munitions being delivered secretly? ADMINISTRATION AND OTHER SUPPORT Activities seemingly completely innocent individually could provide valuable information for the enemy analyst. The administration and support profile could identify these actions which become obvious because they are different from what is normal. Some examples follow: -- Things change before an operation: * Getting up and meals schedules? * Directions * Larger mail volume? * Frequency of reports: * Entry of licensed personnel? -- There is a special request for: * Personnel? * Equipment? * Supplies of all types? -- How is trash, paper, etc. being destroyed? Can enemy agents locate and use the waste? -- Expecting wounded personnel by medical units, do they indicate a pending operation? 35
LN324-91 36
LN324-91 THE OPSEC PROCEDURE 1) To identify the enemy capability to gather intelligence (D-II/S-II). 2) Identify our EEFI and profiles. Profiles + Patterns and signatures Profile: All the characteristics pertaining a unit. Patterns: Repeated activities established by SOP or by doctrine. Signatures: Field actions of a unit. -- visual -- sound -- infrared -- electromagnetic Profiles: Command Post -- Communications -- Operations -- Logistics 3) Identify the vulnerable profiles that indicate our intentions. 4) Implement a risk analysis and make note of the EEFI. -- Profiles \ -- Patterns > Indicators -- Signature / 5) Recommend OPSEC measures -- Countersurveillance -- countermeasures -- Deception 6) Select the OPSEC measures. 7) Apply the OPSEC measures. 8) Apply efforts to monitor OPSEC. 9) Monitor the effectiveness of OPSEC. 10) Recommend OPSEC adjustments. 37
LN324-91 Step (1) --- OPSEC estimates Step (2) --- OPSEC estimates Step (3) -- Planning estimates/guidelines Step (4) --- Estimate/guidelines Step (5) --- Estimate/guidelines Step (6) --- Estimate/guidelines Step (7) --- OPSEC Annex Step (8) --- OPSEC Annex Step (9) --- OPSEC Annex Step (10) --- OPSEC Annex ESTIMATE --> GUIDELINE --> ANNEX EVALUATION:YEARLY REPORT 38
LN324-91 OPSEC ANNEX Item 1): Mission of the unit. (From the Plan of Operation) Item 2): Summarize the enemy situation in terms of intelligence gathering, sabotage, and subversion. Discuss the situation with regard to recent enemy activities and their potential capability. This item is designed to indicate their capability for intelligence gathering; while item 3 include the measures to counteract those efforts. The following factors should be analyzed: A. Indicate the effect of weather on the enemy's capability to gather intelligence on our OPSEC measures. B. Indicate the effect of the terrain on the enemy's capability to gather intelligence on our OPSEC measures. C. Resume the enemy's capability to gather intelligence and carry out sabotage and subversive actions. This includes: 1) Intelligence A) Ground Observation and Reconnaissance 1) Eye observation 2) Patrols 3) Ground radars 4) Infrared surveillance 5) Long-range ground sensors 6) Other B) Air Surveillance and Reconnaissance 1) Penetration flights 2) Long-distance flights 3) Reconnaissance satellites C) Signal Intelligence 1) Communications Intelligence 2) Electronic Intelligence D) Electronic Warfare 1) Interception and radio goniometry 2) Interruption 3) Destruction E) Guerrilla, insurgents, agents 39
LN324-91 F) Other: infiltrators, refugees, prisoners of war, etc. 2) Sabotage A) Military B) Economic 3) Subversion A) Propaganda B) Terrorism C) Political D. Summarize the enemy's intelligence and security weaknesses. Summarize its intelligence gathering weaknesses, for committing sabotage and subversion sabotage. Discuss its internal security posture. Item 3): Implementation A: Make a list of all the countersurveillance measures taken by the field SOP. Emphasize new countersurveillance measures or changing of measures that are part of the SOP. B. In this section, make a list of all the additional countermeasures that are not included in the SOP and are applicable to all the units. These countermeasures are designed to counteract a specific threat by the enemy counterintelligence. Item 4): Miscellany A. Summarize the threat to internal security. Discuss the problems of internal security detected in the command post. B. Establish any special instructions not covered previously as targets of interest for counterintelligence (with priorities and locations). C. Establish the chain of command for counterintelligence. Item 5): Command This item deals with instructions on where counterintelligence is sent to, the link between the various units, location of counter- intelligence personnel, the different dissemination channels, types of reports required, frequency and priorities. 40
LN324-91 OPSEC ESTIMATION Item 1): The Mission of the Unit. (From the Plan of Operations) Item 2): Area of Operations. (Discuss the influence of the area of operations on the enemy capabilities to gather intelligence and commit acts of sabotage and subversion). A. Time/weather. (From the Intelligence Annex) -- The enemy's capabilities for surveillance and ground and air reconnaissance. -- The time/weather is or is not favorable to the enemy's gathering efforts. -- The impact of time/weather on our countermeasures. B. Terrain. (From the Intelligence Annex) -- Surveillance -- Coverage -- Natural and artificial obstacles -- Key Terrain (How the terrain affects the enemy's capability to gather information/intelligence and how it affects our countermeasures). C. Other factors of the zone. -- Political -- Economic -- Sociological -- Psychological -- Transportation Item 3): Current Enemy situation on intelligence, sabotage and subversion activities. A) Intelligence 1) Ground surveillance and reconnaissance. -- Eye observation -- Patrols -- Ground radars -- Infrared surveillance -- Long-range ground sensors -- Other 41
LN324-91 2) Air surveillance and reconnaissance -- Penetration flights -- Distance flights -- Air Sensors -- Reconnaissance satellites 3) Signal Intelligence -- Communication intelligence -- Electronic intelligence 4) Guerrillas and Insurgents 5) Espionage 6) Other: infiltrators refugees, displaced persons, prisoners of war, etc. B) Sabotage 1) Military (installations, line of communication) 2) Economic C) Subversion 1) Propaganda 2) Terrorism 3) Political Item 4: Enemy capability for intelligence gathering and to commit sabotage and subversive actions. A) Intelligence 1) Ground surveillance and reconnaissance. -- Eye observation -- Patrols -- Ground radar -- Infrared surveillance -- Long-range ground sensors -- Other 2) Air surveillance and reconnaissance -- Penetration flights -- Distance flights -- Air Sensors -- Reconnaissance satellites 3) Signal Intelligence 42
LN324-91 -- Communication intelligence -- Electronic intelligence 4) Guerrillas and Insurgents 5) Espionage 6) Other: infiltrators refugees, displaced persons, prisoners of war, etc. B) Sabotage 1) Military 2) Economic C) Subversion 1) Propaganda 2) Terrorism 3) Political Item 5): Conclusions A) Indicate how the enemy will use its capability to gather intelligence and to commit sabotage and subversion actions. B) Indicate the effects of the enemy capability on our course of action. C) Indicate the effectiveness of our current countersurveillance measures. D) Indicate the effectiveness of our current countermeasures. E). Recommend additional countersurveillance measures. F). Recommend additional countermeasures. 43
LN324-91 OPSEC PLANNING GUIDELINES UNIT ______________________________ COMMANDER: __________________________ G3/S2: ______________________ NAME OF OPSEC OFFICER: ____________________ CONTENTS DISCUSSED WITH: ________________________________________________ NAME RANK PERSON COMPLETING REVISION: ____________________________________________ YES NO CAMOUFLAGE A. B. DOCUMENT SECURITY (INFORMATION) A. B. COMMAND POST A. B. COMSEC SIGSEC TRANSSEC 44