PROTECTIVE C3CM; AN OPSEC OBJECTIVE

Declassified and Approved For Release 2012/10/26: CIA-RDP90-00530R000701710003-8 JOURNAL of ELECTRONIC DEFENSE ? OCT 84 ? ? 1 TV CCE? 1J :r 1,?-?] An OPSEC Objective WALTER G. pEELEY Deputy Director Communications Security National Security Agency rotective C3CM attempts to prevent an adversary from destroying our crit- ical C3 facilities and to protect our communications against jamming and intrusion. The Na- tional Security Agency (NSA), has a vital interest in this area. It is responsible for US commu- nications security (COMSEC) in- cluding secure communications practices and procedures, and ad- vising on the selection and of COMSEC equipment and systems. It also vigorously fos- ters effective control of emis- sions. These - measures re- duce an adver- sary's capabil- ity to identify and target our C3. A Protective C3CM program must effective- ly identify COMSEC and other security vulnerabilities, and recom- mend correc- tive measures. Over the years, in supporting a wide variety of mil- itary and other government op- erations, NSA has found the Operations Security (OPSEC) process to be the most effective method of accomplishing this objective.* In OPSEC, operational consid- erations, intelligence analysis The National Security Agency devel- oped the data collection and analysis techniques that were used in the first OP- SEC study and were subsequently embo- died in OPSEC methodology. These tech- niques have proven to be the most suc- cessful means of identifying, assessing, and eliminating security weaknesses. use identifying and protecting the in- formation needed to accomplish this, is typical of the type of prob-- lem effectively addressed by OPSEC. Every OPSEC study begins with the development of Blue (friendly) and Red (enemy) force data bases. The collected data is analyzed to identify Blue force's susceptibility to intelligence ex- ploitation and to determine the Red force's ability to detect and exploit them. The results are then analyzed to estimate the relative significance of each type and source of information that the enemy could intercept and use to his ad- vantage. The Blue force data base is developed by interviewing the people who support and carry out an op- eration or func- tion. As a rule, it is not profit- able to rely on adversarial ex- ercises to gath- er information. Empirical stud- ies, such as those conduct- ed by COM- SEC monitors, may well be es- sential to obtaining signal or propagation characteristics, re- solving conflicting allegations, or illustrating a security weak- ness, but the need for such stud- ies should follow from the initial analysis. Reliance on adversar- ial attacks for data base devel- opment is needlessly time con- suming, expensive, and often leads to erroneous conclusions. The information collected is of- ten fragmentary, and seldom af- fords insight into the underlying causes of security weakness. In short, we simply cannot spend the time and money that an ad- trol of the executing force, there may be other peripheral activity, such as radar tracking, which could be observed by an enemy. The susceptibility of each event to exploitation must be de- termined, a process which re- quires the expertise of skilled analysts in each of the pertinent intelligence or security disci- plines. Empirical studies can be arranged at this point to address specific questionable issues, but it will be found that communica- tions-electronics susceptibilities, for the most part, are readily ap- parent to COMSEC analysts. Plain-language communications would be evaluated -from the standpoint of their explicit intel- ligence value, as well as their in- techniques, and a variety of se- ' curity disciplines are brought to bear on specific problems. OPSEC's goal is to enhance operational effectiveness by pro- tecting that information which an adversary must have in order to counter our operations. Early OPSEC surveys tried to identify and eliminate sources of exploit- able information pertaining to our imminent military opera- tions. This objective still figures? prominently in OPSEC, but our experience indicates that the , OPSEC process can be applied to virtually any government opera- tion, program, or function which could be exploited by an enemy. For example, an adversary might try to prevent us from ef- . fectively using our close air sup- port aircraft, or from executing our retaliatory nuclear forces. Countering these obiectives by ferential value in relation to oth- er communications and observ- able events. Communications practices and procedures, such as frequency and callsign usage, would be examined for weakness- es which an adversary could ex- ploit to identify specific organi- zations for targeting or to pre diet forthcoming activity. Since most types of US military activi- ty are often characterized by dis- tinctive patterns in the timing, -volume, and directional flow of their communications, analysts would seek to isolate patterns and determine their significance. Signal characteristics would al- so be addressed to determine if there are susceptibilities to radio- fingerprinting and position lo- cating techniques. After completing this process, each event in the Blue force se- quence that is judged susceptible to intelligence exploitation is ar- rayed against known or esti- mated Red force capabilities. The products of this comparison of susceptibilities and adversary threat capability are statements of vulnerabilities. It is not uncommon to find that a multitude of vulnerabili- ties have been identified. While it is almost axiomatic that an adversary can acquire some in- formation of intelligence value, the critical issue is whether or not he will acquire the informa- tion he needs to achieve his objectives. Because of the complexity of this type of problem, NSA has advocated using operations anal- ysis techniques in all OPSEC assessments to help determine the relative significance of spe- cific vulnerabilities. One such technique, a variation on a com- monly accepted decision analy- sis routine, has proved especial- ly useful. A key feature of the assess- ment process is refinement of the OPSEC objective. "The identifi- cation and protection of infor- mation which an adversary must have to keep us from using our Close Air Support assets effec- tively," is typical of many gen- eral OPSEC objectives. Howev- er, the scope of a problem stated in such terms could require con- sideration of a sizeable number of adversary scenarios aimed at countering CAS operations. By examining the event-se- quence list and vulnerability in- formation developed by the sur- vey portion of the OPSEC study, analysts and command opera- tions personnel are able to iden- tify events which are critically ' important to a successful mis- sion. The purpose is to see if an adversary could exploit specific vulnerabilities to keep those crit- ical events from being accom- plished and also to identify the most likely ways he might attain his objective. In the case of CAS operations, we can focus on those specific vulnerabilities which enable an adversary to destroy critical C3 facilities, jam critical communi- Declassified and Approved For Release 2012/10/26: CIA-RDP90-00530R000701710003:8 //- r ,ft Declassified and Approved For Release 2012/10/26: CIA-RDP90-00530R000701710003-8 ? 1:,!..7:41. .cations links, or intrude on com- munications systems. Operations security analysts, working closely with command operations and intelligence per- sonnel, postulate adversary strategies ? sequential steps of what the adversary must know and do to carry out his attacks successfully. The options avail- able to the adversary for ac- complishing each step are de- fined and probabilities assigned to indicate the likelihood of completing a step successfully. In the somewhat simplistic , example shown in table 2, it is considered that the enemy attempt to undermine CAS op- erations by jamming the critical communications link between the Forward Air Control Party (FACP) and the CAS aircraft. For the purposes of illustration, it is stipulated that the callsigns and frequencies used in plan- ning and executing the CAS mission are unchanged from , thosed used in peacetime exer- cises; further, that the circuit used to request CAS support is unsecured. Given the stipulations of the strategy depicted in table 2, tile' overall probability of the enemy ; successfully jamming the CAS/1 FACP communications link on detection is calculated to be 83 percent; the probability of suc- cessfully detecting and follow- ing frequency changes is 62 per- cent. We consider these figures to be "soft," i.e., they are rough es- timates of high possibilities of enemy success rather than as- sertions of precise probability. , The estimates are nevertheless a valid guide and are of consider- ? able value in demonstrating the benefits of any security meas- ures proposed to counter the enemy strategy. Security measures are selected to keep the enemy from complet- ing one or more steps in his at- tack strategy. If, for example, we could keep the enemy from know- ing that CAS support had been requested for a geographical area or from knowing that the CAS/FACP communications link was critical to successful air support, he might well direct his intercept and jamming assets to other, seemingly more lucrative targets. For the purpose of illustration, however, let us say that OPSEC analysts in collaboration with command operations and com- munications personnel decide to attack step 3 in the adversary's strategy. If changing callsign and fre- quency systems were used in all peacetime CAS exercises and operations, the rapid acquisition' and recognition of CAS/FACP communications would be se- verely inhibited. The probability of the adversary knowing the frequency used on the CAS/ FACP link as a result of inter- cepting the communications of previous exercises is nil. Further, the probability of an enemy agent being able to acquire and ? 1: EVENT , Ground force requests the Tactical Air Control Center STACC to. provide CAS. TACC/Af0C sends Air Tasking Order toying Operations Ce./.!!!; ' WOe i-enda Operations Or-der to the CASsquadron and to the commands that Will provide Electronic Warfare (EW) and - Air Refueling (AR) support to the CAS alrciaft.-::f:?-? cAs alrcpft preparations!; Tanker takeoff EW aircraft takeoff CAS aircraft takeoff t 1'-? Tanker aircraft reach AR track CAS aircraft start refueling CAS aircraft end refueling ? ?????-? Us. , EW eirCraft on station T 24 Hrs. 22 T.?=-15 kfrs..71 ?.?-:-?;.!3 Hrs. T T-1.5 Hrs. T :Z1:2 Firs. ?1.10 14rsA J..-50 Mn: ' T-20 Mm.? ,CAS air'craft, on station In Area of Op' erations (AO) contacts the Forward Air 'Control Party (FACP) P... Enemy., Jective.:Atop/Inihlhit Cik5 bilammIng FACP commUnicafions. " . . Step 1: Know,CAS suppOii requested 0ptIon 1: intercept request for support OptIon 2. Agent relied Optten 3: RECCE detects CAS preparation Step 2: knOW CXii_FACpr.adio ftnk Critical OptionI:-'0Pen'sOUre lOterniatien?? ,J.Option 2 intercept Of peacetime exercises Option 3: :Agent reports Step 3: Know ireCts?irsed orICAS/FACP)14,i .ipption't ?Intercepi of peacetime exercises 'Option2: -Agent reports Step 4:-jarn:CAS/FACp link Step5: Detect and fOlfow'fie'Ci.:Chtinges ithiner pass the frequency fora single forthcoming operation would be very low. Looking again at table 2, if we accordingly set the probability of Option 1 of Step 3 at 0, and the probability of Option 2 at .05, our new computation of the overall probability of the enemy suc- cessfully jamming the CAS/ FACP communications would be less than 5 percent! Using the same method, we could calculate the impact of us- ing other approaches, such as low probability of intercept or anti-jam equipment. Each could give a different measure of ef- fectiveness. CONCLUSION At NSA, we recognize that there are pitfalls inherent in the subjectivity of the assessment process described above. The process is only as good as the analysts working the problem and the validity of the data available to them. We are work- ing, however, to develop more ef- fective means of quantifying the benefits of security to military commanders. Such measure- ments are often a critical con- sideration in ensuring that CONISEC is effectively and eco- nomically applied. We are convinced that it is not necessary to provide uniformly high security to all communica- tions. We know from past expe- rience that substantial gains in security can often be achieved cheaply by procedural changes which impact only slightly on operational efficiency. The prob- lem, however, is to identify the precise security needs for com- manders. In the case of protective C"CM, we want to conceal or otherwise protect our critically important communications links and nodes. We can make some of these communications more dif- ficult for an adversary to ac- quire, we can hide them amid the mass of unimportant electromag- netic activity, and we can build systems which can work through various types of jamming. Criti- cal nodes, our command, con- trol, and communications facili- ties can be concealed by remot- ing of antennas, judicious rout- king of communications, and procedures designed to confuse or mislead an adversary. The means of protection must always answer the threat? the proba- bility that an adversary can achieve his offensive C3CM ob- jectives against us. We believe that the OPSEC process is an ideal method for determining security needs with some precision. NSA, in collabo- ration with the Service Crypto- logic Elements, stands ready to support military commanders in using OPSEC to identify, ana- lyze, and assess their protective C3CM problems. Walter G. Deeley, has been the Deputy Director lor.Communica- tions Security, National Security Agency, since June 1983. He has served with NSA and its predeces- sor organizations since 1948. ? Declassified and Approved For Release 2012/10/26: CIA-RDP90-00530R000701710003-8