STUDY MANUAL COUNTER INTELLIGENCE PROLOGUELN324-91
The purpose of this booklet is to present basic information on the
mission and activities of Counter Intelligence. But, with the understanding
that the primary mission is to support the commanders of the armed forces.
This booklet is dedicated to the concepts of Counter Intelligence in relation
with its functional areas, the application of these functions, and a specific
dedication and instructions on how to apply these functions. The terms
"special agent of Counter Intelligence" (SA) refers to all those persons who
conduct and contribute to the handling and gathering of information of the
multi-disciplinary intelligence of the hostile services. This booklet is
primarily oriented at those persons involved in the control and execution of
the operations of CI. In like manner, this booklet has a very significant
value for other members of the armed forces that function in the areas and
services of security and other departments of intelligence.
LN324-91 COUNTER INTELLIGENCE
TABLE OF CONTENTS
Prologue
Chapter 1 Introduction to Counter Intelligence
Chapter 2 Operations Security (OP SEC)
Chapter 3 General OP SEC
Chapter 4 Document Security
Chapter 5 Liaison
Chapter 6 Operation of Report on Contact of Liaison
Chapter 7 Introduction - Investigation of Personal Security
Chapter 8 Interrogatory/Technical Phase of Questioning
Chapter 9 Investigation and Interviews of Personal Security
Chapter 10 How to Obtain a Sworn Statement
Chapter 11 Unexpected Interviews
Chapter 12 Witness Interview
Chapter 13 Subject Interview (personal)
Chapter 14 Introduction to Subversion and Espionage
Chapter 15 Interviews of Subversion and Espionage
Chapter 16 Espionage Investigation
Chapter 17 Sabotage Investigation
Chapter 18 Preparing Agent Reports
Chapter 19 Reports/Information for Investigation
Chapter 20 Preparing Summary Information
Chapter 21 Scrutiny of CI of Interrogation
Chapter 22 Interrogation of CI Suspects
Chapter 23 Abstracting Information of CI
Chapter 24 Protecting Targets of CI
Chapter 25 Neutralizing Targets of CI
Chapter 26 Observation and description
Chapter 27 Planning and conduct of a mobile (PIE),
Chapter 28 Terrorism
Chapter 29 Counter-terrorism
Chapter 30 Physical Security
Annex A Prepare Report on Physical Security
CHAPTER 1 LN324-91
CHAPTER 1
INTRODUCTION TO COUNTER INTELLIGENCE
INTRODUCTION
Imagine a circle representing the effort of a total intelligence
conducted by all the agencies of the Armed Forces. Inside this overall field,
we find that counterintelligence is an integral part of the total intelligence
effort.
DEVELOPMENT
DEFINITION OF COUNTERINTELLIGENCE:
Counterintelligence is defined as the activity or activities
collectively organized by an intelligence service dedicated to obstruct the
enemy's source of information by means of concealment, codes, crypto,
censorship and other measures to deceive the enemy by using disinformation,
trickery, etc.
The two measures used by Counterintelligence are DEFENSIVE or OFFENSIVE:
Defensive measures vary normally with the mission of the unit. An
example of these measures are:
Counter-espionage
Counter-sabotage
Counter-subversion
Antiterrorism
Counter-terrorism
Intelligence consists of collection, transmission and dissemination of
military data referring to possible or real enemy and/or to an area of
operations. The military commander uses this intelligence in order to
formulate his possible course of action and to select a course of action in
particular in order to achieve the mission. Thus, the intelligence obtained is
of vital importance to the commander and for the conduct of his mission.
Intelligence is also essential for the enemy as it is for us. The enemy
also uses all sorts of measures at its disposal to become informed about our
capabilities, vulnerabilities and probable cause of action, and also
information about the meteorological conditions of the terrain.
Military Counter Intelligence is that part of Intelligence intended to
deprive the enemy of this knowledge, and in this manner prevent the enemy
activities of espionage, sabotage and subversion, as well as discover possible
5
LN324-91
acts of an adverse nature, treason, or sedition among our own military forces.
Counter Intelligence is a significant aspect in both the strategic
intelligence and combat, and is essential for the favorable application of two
of the nine basic principles of war: security and surprise. The principles of
war are:
Mass
Objective
Security
Surprise
Command
Offensive
Maneuver
Force economy
Simplicity.
Effective Counter Intelligence enhances the security and helps achieve
surprise. Surprise depends not only on the intelligence obtained and the speed
of movement, but also on the effective counter intelligence. Effort to prevent
the enemy from obtaining data, reducing the risk that the command can suffer,
provided it diminishes the enemy's capability of utilizing effectively its
potential of combat against our Armed Forces. Thus, effective counter
intelligence allows security of the unit.
DECEPTION:
Deception in combat is a military operation designed to conceal our
dispositions, capabilities and intentions and deceive the enemy in such a way
that it would be to his disadvantage and to our advantage.
Deception is designed to derail or deceive the enemy through
manipulation, disinformation, or falsifying of evidence in order to induce a
reaction in a way that is detrimental to his own interest.
In order for a deception operation to be successful, the enemy has to
have the capability of collecting information that we would like him to get,
so that we can react according to the information.
The enemy is given the opportunity to obtain information, and thus
creating a deceptive picture. At the same time, counter intelligence goes into
action in order to prevent the enemy from discovering the true purpose of the
operation of deception and to avoid recognition of the true technical
operation or the principle one, which is being supported by the deceptive
operation mainly security.
QUESTION: Why can we consider a soldier as a counter intelligence
agency?
6
LN324-91
ANSWER: An individual solder is an agent of the CI, since he can provide
information on the activities of the intelligence of the enemy, including
subversion. Much of the CI operations depends on the individual soldiers
ability to adequately fulfill the security procedures, camouflage, observation
and information system.
As a prisoner of war, the individual soldier is a soldier of operational
information of the enemy. Therefore, the individual soldier receives training
in the measures of escape and invasion, in case he is taken prisoner or that
he finds himself behind enemy lines. Also he receives training to resist the
interrogations of the enemy and adhere to his rights as a prisoner of war
under the Geneva Convention.
All the units are agents of the CI and they too take measures of CI in
order to deprive the enemy intelligence on our activities, operations and
locations of this positions.
Every officer of the high command and every subordinate command in
effect acts as a Counter Intelligence officer of the Joint High Command. For
example, the transport officer aids the command with the Counter Intelligence
aspects regarding the movement of transport; the health chief accesses the
Counter Intelligence aspect regarding the location of the health
installations.
Some units, such as the units of the censure, have special function of
CI because of the nature of their assigned missions. The CI agent of the Army
has the personal training as specialist in CI and is available for providing
support in all the military operations.
Other government agencies, such as the agencies of intelligence of the
Navy, the Air Force and the Defense Ministry, also use certain functions of CI
that support the CI operations of the Army.
Keep in mind that kind of intelligence is necessary in both times of
peace and war, since espionage, subversion and occasion sabotage are not only
limited to conditions of time of war. All foreign countries, both enemy and
friends, wish to obtain information regarding the Armed Forces, their assets,
disposition, weapons, level of training and future plans for operations peace
time as well as in time of war.
The range of the CI operation extends in proportion to the level of
command.
At the division level the measure of CI generally have to do with
military security.
CI operations at higher levels are similar to those of the inferior
levels. Nevertheless, the operations have a broader range thanks to the
greater number of units in the scope of their areas with a great volume of
7
__________________________________________________________
LN324-91
advance planning. The CI operations at superior levels include:
MILITARY SECURITY
SECURITY OF PORTS, BORDERS AND TRAVEL
CENSORSHIP
SPECIAL OPERATIONS
CIVILIAN SECURITY
Generally speaking, Counter Intelligence is a main part of the
intelligence operation in the theater of operations.
Depriving the enemy of information regarding supplies, installations,
nuclear weapon systems, means of transport, communications is vital in
fulfillment of the mission in the zone of the theater of operations. The great
territorial responsibility of this zone require extensive operation of the CI
of all types.
COMMANDERS' RESPONSIBILITIES:
QUESTION: IN THE MILITARY UNIT, WHAT ARE THE THINGS THAT INTEREST THE
ENEMY?
ANSWER: Military information.
Personnel.
Equipment and installations.
As in all aspects of the military unit, the commanders are responsible
for the implementation and execution of all the measures of military Counter
Intelligence to protect military information, personnel, material and
installation within the unit.
The commander has his high command which can delegate the authority to
carry out these functions; nevertheless, the responsibility rests with the
commander.
The Counter Intelligence officer:
The auxiliary chief of the high command, C-2, is the officer of the high
command responsible for the military information which also includes Counter
Intelligence. This delegation of authority is given to the auxiliary chief of
8
LN324-91
the high command, C-2, who has under his charge and responsibility of the high
command regarding Central Intelligence and CI. The C-2 is responsible for the
implementation and direction of all the measures of CI inside the command.
The planning of military Counter Intelligence is based on ability or
capability of the enemy to obtain information regarding friendly activities.
This planning includes adequate CI countermeasures to prevent the enemy from
discovering the dispositions and activities that can reveal the intentions of
the command or, if interrupted, could endanger the accomplishment of the
mission.
According to the organization and the size of the command, there may be
a CI official of the high command of the C-2. At the division or brigade
level, the official of the CI normally is the chief of the section of security
or the detachment of military intelligence that supports the division of the
brigade. In other words, he wears two hats, as chief of the security section,
and as the CI officer of the joint high command of the C-2.
CATEGORIES OF CI OPERATION
Generally, there are five categories of operations of CI conducted
inside the theater of operation at which the C-2 is responsible or has direct
interest. The categories are:
MILITARY SECURITY
CIVILIAN SECURITY
HARBOR, BORDER AND TRAVEL SECURITY
CENSORSHIP
SPECIAL OPERATION
MILITARY SECURITY
The military security encompasses measures taken by the command to
protect itself from espionage, enemy civilians, supervision and sabotage and
surprise. These include passive CI measures and active ones inside the Armed
Forces and directly pertaining to the same and for specific military
operations. Examples of military securities are:
SECRECY DISCIPLINE: This is the indoctrination/training on a continuous
basis of all personnel against divulging of classified information that is not
authorized or unclassified regarding military activities, and the use of
9
LN324-91
patrol of security in areas frequented by military personnel.
SPECIAL PROTECTION OF CLASSIFIED MILITARY AND EQUIPMENT INFORMATION:
This is the observation of the security measures, such as the security
necessary inside the areas that contain information and classified equipment;
introduction of a system of passes for entering critical areas; the conduct of
studies in inspection of security to determine the strict observation of
prescribed security measures.
SECURITY OF TROOP MOVEMENT: This keeps a certain connection with the
secrecy discipline, preventing inappropriate comments by personnel in the unit
given an order for movement; in returning mail dispatches of the unit in a
certain period of time before the departure of the troops, and restricting all
personnel in the area of the unit.
COUNTER SUBVERSION INSIDE THE ARMED FORCES: This is the overcoming of
suppression of rumors and propaganda and the apprehension of subversive
agents.
THE TECHNICAL MEASURES AS REQUIRED IN THE COMBAT ZONES: This is the use
of the technical troops for the apprehension of the resistance groups, to help
reduce the intelligence subjective and the mop up operations of the guerilla
units.
TRANSMISSION SECURITY: Listening to the administration communication
networks, command operation of intelligence.
SPECIAL HANDLING OF ESCAPEES AND EVADERS: This type of person needs to
be debriefed to obtain the immediate intelligence information. It is of great
importance to make sure that the escapee or evader is not an enemy agent.
CIVILIAN SECURITY: In all cases the mission of the military forces has
priority over the well being of the civilians in the area. Examples of the
civilian security measures are:
Systematic registering of the civilian personnel, including the neutral
foreigners and enemies: This is done by the civilian affairs agency and
includes the distribution of rationing cards, work permits, travel permits and
permits for crossing borders.
Control of the circulation of the civilian personnel and refugees: This
is a very important matter: All civilian personnel must be kept away from the
advance combat zones, which will help prevent their easily finding out about
our forces and inform enemy agents of espionage or sabotage. Also, all
civilian personnel is to be kept at a distance from the major route of supply
to make it easier for the military transport and prevent enemy agents from
infiltrating the military zone.
10
LN324-91
Curfew: Keeping the public away from the streets and routes after certain
hours, thus restricting the movements of enemy agents.
Surveillance of suspect political groups: One should find out whether
other groups are sympathetic to enemy cause. Such groups must always be
considered potential agents.
Investigation of workers security: Local workers employed by the Armed
Forces should be investigated to avoid infiltration of enemy agents in areas
and military units. This include the service personnel of the countryside,
truck drivers and current workers, and interpreters, translators, etc.
Distribution of passes and permits. Passes and permits should be
strictly controlled and reviewed frequently to avoid forgery. Passes and
permits for travel are normally distributed to government functionaries,
political agencies, doctors and workers of public services.
Control of international commerce: Control of commerce in neutral
states. Experience has proven that many commercial companies are in effect spy
agencies that use the company as a cover or front of their operation. The
profits from the trade of these companies can be and is used to pay for the
expenses of espionage operations.
Surveillance of consuls and neutral/high command diplomats: It is
possible that people of this category are using their diplomatic immunity to
act as couriers for an enemy country.
SECURITY OF HARBORS, BORDERS AND TRAVEL: Consists of special
applications of both the neutral security measures as well as civilians for
the control of Counter Intelligence in entry ports and ports of departure for
borders and international lines; all movements of. a non-military character,
of entry and departure in the theater of operations.
SECURITY CONTROL OF MARITIME HARBORS: This is the responsibility of the
Navy and control should be coordinated with the Navy.
SECURITY CONTROL OF AIRPORTS: This is the responsibility of the Air
Force and control should be coordinated with the Air Force.
ESTABLISHMENT OF CROSSING POINTS ON THE BORDER: Normal routes of
movement should be directed to points of crossing located strategically. These
points of crossing should be controlled by military personnel with the help of
local and national agencies as necessary.
SECURITY CONTROL OF THE MERCHANT MARINE AND THE CREWS OF COMMERCIAL
AIRCRAFT: This is important due to such individuals who by virtue of their
occupation can enter and depart legally and frequently from the country and
such individuals can be used as pretext for carrying out fraud operations
(diplomatic pouch).
11
LN324-91
INVESTIGATION OF SECURITY AND CONTROL OF PERSONS WHO LIVE AT THE
BORDERS: Personnel in this category, for example, the farmers who live at the
border and the entire front can be on the border, personnel living on one side
of the border and working on the other side.
CONTROL OF DISEMBARKATION PASSES AND PASSES FOR LANDING, AND FISHING
PERMITS: The fishing boats and small craft of a similar nature that operate in
very shallow water and thus have the capability of landing enemy agents at any
point on the coast of the country where the military operations take place.
CENSORSHIP: Censorship is the control and elimination of communication
with a double purposes: First, to avoid the transmission of information that
can be of interest in helping the enemy; and secondly, to collect and
propagate valuable information in the service of intelligence that helps the
war effort. The term communication includes all types of postal material,
regardless of class;, means of electrical communication and any other tangible
form of communication that can be carried by a person, carried in luggage, or
among personal effects or in any other way can be transmitted from the area
where the censorship is taking place.
THERE ARE FOUR TYPES OF CENSORSHIP IMPLEMENTED DURING WAR CONDITIONS
WHICH ARE:
Censorship of the Armed Forces: This censorship is the control and
examination of all communications sent and received by personnel under the
jurisdiction of the Armed Forces, which include assigned military personnel,
the civilians that can be employed and added to the same. This includes all
war correspondents, representatives of the Red Cross and technical
representatives of the factories.
Civilian Censorship: The civilian censorship is the control and
examination of all communication of the national and civilian population of
the common goal and transit or circulate in a territory which cannot be
liberated, occupied or controlled by the Armed Forces.
Press Censorship: Press censorship is a division of the security of the
news material and other media that are used, including maintenance of
security. This applies primarily to the work that is done by the war
correspondents, radio commentators and press photographers, and also includes
any material prepared on a possible location by the personnel under the
jurisdiction of the Armed Forces.
Censorship of Prisoners or War: Censorship of prisoners of war is
control and examination of the political communication of the prisoners of war
and the civilian detainees under the jurisdiction of the Armed Forces.
SPECIAL OPERATIONS: The final category is the special operations.
Operations that come under this category will be discussed and planned
Back to Top 12
CHAPTER 2 LN324-91
according to the specifications of the commander in keeping with the planning
within the SOP of CI.
OPERATIONS SECURITY [OPSEC]
INTRODUCTION
Operations security is one of the keys for achieving the two war
principles: surprise and security. A military force has the advantage when he
can surprise the enemy. In order to achieve this goal, those military forces
must protect their operations and activities with a continuous implementation
of a security plan that is healthy and effective. The purpose of OPSEC is to
protect the military operations and their activities by negating the
indicators military forces plans and their intentions vis-a-vis the enemy
forces. In other words, the enemy commander should not know or recognize how,
when, where, why and what operations our forces are about to undertake, until
it is too late for the enemy to react effectively against our operations.
OPSEC is the duty of the commander, together with each individual at all
levels of command. The commander determines which are the measures of OPSEC
which should be implemented and the duration of each event. Equally, they
should determine the level of risk that they should be willing to accept. The
elements of intelligence (SD) provide information about enemy threat. The
operation elements (S3) direct the program of OPSEC and recommend measures for
OPSEC. The units of each individual implement those OPSEC procedures. In order
to attain a good OPSEC program, commanders and the members of the joint
command, and each individual should be trained in the proper use of the
procedures and techniques of OPSEC.
This teaching plan provides a guide for the procedures to be used by the
technical units in the OPSEC program. Described OPSEC and provides doctrinaire
direction for the future instructors and trainers.
What is OPSEC?
GENERAL
In order for our military forces to be successful against enemy forces,
information about the activities of our units or plans and operations should
be denied to the enemy until it is too late for him to react effectively.
OPSEC does not occur by itself. Our military forces have to create the
right condition for a good OPSEC program since OPSEC is an integral part of
all the operations and activities. The OPSEC program can be good because it
was implemented effectively in each unit; or it can be a program without
13
LN324-91
effectiveness because the members of the unit did not know the importance of
the program and does not know what it requires.
OPSEC IS ALL ACTION TAKEN BY THE COMMAND TO
DENY INFORMATION TO THE ENEMY ON OUR ACTIVITIES
OR MILITARY OPERATIONS
Generally, OPSEC includes coordination of various techniques and
procedures that deny information to the enemy. It is the common sense applied
systematically to the situation of a unit or a mission. The result is the
security of the military forces. This requires a total effort of integration
by all commanders, and the members of the team, and the units and each
individual. Under the umbrella of OPSEC, there exist basically three types of
action.
COUNTER SURVEILLANCE - These activities are taken to protect the true
purpose of our operations and activities.
COUNTER MEASURES - Those actions taken to eliminate and reduce the enemy
threat and its capability of intelligence and electronic warfare against our
military forces.
DECEPTION - Those actions taken to create the false image of our
activities and operations.
COUNTERSURVEILLANCE
SIGNAL SECURITY (SIGSEC)
The signal security includes communication security (COMSEC) and
electronic security (ELESEC).
COMSEC includes those measures taken to deny the enemy information on our
telecommunications. This includes the cryptographic security, transmissions
security, physical security of COMSEC information, and measures to assure the
authenticity of the communications.
ELESEC is the protection of the electromagnetic transmission, which
includes the communication apparatus. This includes such measures as standard
operations procedures which have been approved, appropriate search,
maintenance procedures, and training programs.
ELECTRONIC COUNTER COUNTERMEASURES
Electronic counter countermeasures (ECCM) are various measures taken to
14
LN324-91
protect the electronic transmissions of our military forces and the detection
capacity, recognizing and identifying the enemy. This includes the proper use
of the command post of the motor, situating the antennas, concealing and
distancing the antennas, a check of the equipment to secure and make sure that
there is no radioactive radiation, and training.
A good electronic counter countermeasure program must ensure the
effective use of the electromagnetic systems of our military forces.
INFORMATION SECURITY (DOCUMENTS)
Information security INFSEC is the protection of information of value
for the enemy forces. This includes two types of information, classified and
unclassified. Some examples are the dispatch documents, requisitions (orders),
plans, orders (directives), reports, charts (maps), map covering material, and
dissemination of verbal information, and the press that may have an adverse
effect on national security and the operation of friendly military forces.
PHYSICAL SECURITY
Physical security (PHYSEC) is the protection of the installations,
command post and their activities, etc., by the members of the Armed Forces,
dogs, and other necessary measures for the restriction and protection of the
area. Some measures include barriers of the perimeters, detective lights,
marked copies of the keys or combinations, bolting mechanism, alarm systems
for the control of intrusion, personal identification, controlled access, and
controlled movement. The PHYSEC also allows the protection against espionage,
sabotage and robbery.
STANDARD OPERATION PROCEDURES (SOP)
As a general rule, the countersurveillance procedures such as
camouflage, concealing and the use of color, light and noise, are concealment
measures discussed in the SOP. The SOP also covers the manner in which the
unit utilizes buildings, roofs, highways and its equipment.
COUNTER MEASURES
Counter measures are selected, recommended and planned in order to
overcome the specific aspects for the operation of intelligence of the enemy.
Once a vulnerability has been identified and the risk is determined to exist,
a counter measure is designed specifically for this threat in order to avoid
exploitation of said vulnerability by the enemy. The counter measures can be
anything from deception to the destruction of the capability of the enemy's
means. The counter measures also include appropriate measures to discover the
vulnerability of the friendly force. For example, the use of smoke, or the
15
LN324-91
use of flak in critical moments. The deception operation also can be planned.
DECEPTION OPERATIONS
Deception operations (DECOP) are carried out in order to deceive the
enemy. These operations include:
Handling of Electronic signatures
Distortion of the friendly activities in order not to make the real
objective known.
Falsifying material, and placed wherever it can be captured or
photographed by the enemy.
Simulated maneuvers
Demonstrations
Simulated equipment
Deception operations can be conducted when the commander sees an
opportunity to deceive the enemy.
? 2
Also, deception can be required when the countersurvei1lance operations are
not sufficient to disorient the enemy so that the operation may be successful.
In any case, knowledge of the friendly military forces provided by security
analysis is necessary in order to create a credible deception plan.
SECURITY ANALYSIS
Security analysis is done in order to support the countersurveillance
and counter measures. OPSEC depends on the commander and his personnel being
informed of a threat that they will confront, in the patterns, weaknesses and
profiles of the friendly force. Intelligence analysts provides information on
the enemy; the analyst assigned to OPSEC section determine which unit or
activity of the friendly forces are vulnerable, and why. The OPSEC analyst
provides the commander and the operators with a risk estimate; this is based
on the efforts of the aggregate of intelligence of the enemy and the
activities of the friendly forces that are known. They can recommend
procedures or procedures of countersurveillance and counter measures.
OPSEC is a condition.
Generally, OPSEC is a condition that seeks to attain security or safety
of the friendly forces. It involves a variety of activities for concealing the
friendly units, or to deceive the capabilities of the enemy analyst and
commander in regard to intelligence gathering. These activities (under the
16
LN324-91
category of countersurveillance, counter measures and deception) can be
accomplished independently by members of each unit. But it is the integration
of these activities by the commanders and the operation officer, which
transforms the OPSEC program for a unit and provides security for the
operations. The elements of security such as SIGSEC, counter intelligence,
military police, and the personnel of each unit, provide the necessary support
to create good conditions for OPSEC in the installations.
THE THREAT
COLLECTIVE CAPABILITIES OF THE ENEMY
HUMAN RESOURCES ELECTRONIC RESOURCES IMAGE RESOURCES
Agents INTELSEN/GE Photography
Infiltrators -- Radio interception Infrared (close and
distant)
Reconnaissance Unit --Radar interception Night vision
equipment
Combat Unit --Interference equipment Image
amplifiers
Patrol --Radar surveillance Visual
Prisoners of war--Telesensors SLAR
Refugees --Acoustics
Figure 1
The intelligence threat against our Armed Forces vary from place to
place, according to operations, missions, contingency plan and the level of
sophistication of the enemy. Therefore, the units to receive information about
the threat in specific situations in the local sections of intelligence. It is
expected that the enemy units will utilize all of their capabilities of
collecting information, as is shown in Figure 1, when they confront our
forces.
The enemy is particularly interested in the different echelons of our
military forces: which are the capabilities of the unit; such as, their fire
17
LN324-91
power, communications, detection capabilities, logistic support, but in the
same way are interested in the location, movements, and intentions of our
military forces. The capability of the threat that is discussed in the
classrooms and the practical exercises of the units should be based on the
capabilities of the enemy and the ones that can have be a fundamental threat
in the operation activities of the unit involved. In other words, the OPSEC
program was developed in order to counteract the specific threats against the
military unit involved.
OPERATIONAL GUIDE
GENERAL
The OPSEC program is conducted by the commander and led by the
operations officer as part of the operations of each unit. Each unit can have
an effective OPSEC program with only the coordinated forces of the commander,
members of the task force and the troops, and the use of various activities of
security and intelligence.
NUCLEUS OF THE OPSEC OPERATIONS
Operations Officer
G1/S1 G3/S3
SIGSEC Commander Troops
Counter espionage G3/S3
MILITARY INTELLIGENCE
18
LN324-91
The OPSEC program is designed to function with the characteristics of
the technical operations, and the requirements of each organization. Each unit
takes the necessary steps to provide the security and maintain the surprise -
keep the enemy without knowledge of what our military forces are doing. For
this reason, OPSEC should be taught in all the military schools at all levels,
and established in the doctrinaire literature of each organization and its
operations. Each manual should describe how military forces can improve the
security of their operations.
In order for the OPSEC program to be effective, the tactical units
should:
Be established by the commander, and led by the operations officer of
the support of the local intelligence officer.
Be based on the operational requirements of the unit.
Be imaginative and adaptable for certain changes.
Be designed to deny valuable information to the enemy regarding
activities and operation.
Be compelled at all levels by the commander in the plans and training,
so that the program can function in operations situations.
OPSEC SUPPORT
The OPSEC support is provided by the unit or sections of the OPSEC which
are found in the organizations of military intelligence. The OPSEC teams are
specialists in security signals in the counter intelligence and should be put
in direct support of the combat brigade, support division commands and the
artillery units. These teams support the unit determining the vulnerability of
each unit, to assist the subordinate units and maintaining the most current
data regarding enemy threats and evaluation of vulnerabilities of such
threats. The support units of OPSEC participate in the conduct of evaluation
of OPSEC. They also recommend certain ways of protecting the procedures which
could provide indicators to the enemy.
The security specialists help in the development of the plans and
procedures of OPSEC, maintaining the archives of OPSEC, and recommending the
deception measures. Commanders can also obtain the support of the units of
OPSEC at the highest echelons of the high command of the Armed Forces. This
support includes services such as the signal security, computerization
security, counter measures of technical surveillance, counter intelligence
investigations and inspection of cryptographic installations.
19
LN324-91
THE OPSEC PROCESS
OPSEC is a continuous process of planning, collecting information,
analyzing and forming, changing data base, issuing orders and instructions and
execution.
OPSEC PROCESS
Planning the gathering --->Information gathering--->Analyzing
Report on Report
results
Executing orders <----Issuing orders <-----Revising the
and instructionsdata Base
NOTE: Once started, the OPSEC process is continuous and more than one
section can do it at any moment.
The OPSEC process is done in a sequence of planning, execution and
reporting the results. The process begins with information already known of
the data base and continues in a logical way resulting from the assessment,
recommendation and operation plan. The plan is carried out by the units. The
OPSEC measures are monitored by members of the different unit and by elements
of the CI to verify the effectiveness of the OPSEC measures. The commander and
the operations officer take action to correct the vulnerabilities based on the
different reports. The process can be illustrated as follows:
THE OPSEC PROCESS
S3/D3 S2/D2
Based on OPSEC profile Estimate of the enemy
Data base or intelligence threat
Condition of
our forces
------------
and
Commander countersurveillance
guideline in effect
20
LN324-91
The Concept of the Commander
of the mission or operation
P --Determine the sensitive aspects of the operation
L --Develop the essential elements of friendly information (EEFI)
A --Advise on our vulnerabilities
N --Analyze the risk
N --Determine countermeasures and requirements of deception
I --Estimate of OPSEC (written or orally)
N --OPSEC plan (written or orally)
G --Deception plan (written or orally)
I
M
P --Units implement Operational Plan (With the OPSEC plan as an Annex)
L --Counterintelligence elements supervise the OPSEC plan
E
M --Inform on indicators that can influence the operations
E
N --Effectiveness of OPSEC program is evaluated
T
A
T
I
0
N
R
E
S --Counterintelligence elements inform the commander and the
U operations officer orally or in a written report.
L
T
S
Figure 1
21
LN324-91
THE DATA BASE
Data base for the planning of OPSEC is maintained by the CI section.
This information on our units and enemy capability for gathering information
is always in the process of evaluation and change.
The intelligence section informs the CI element regarding the capability
of the element to collect information. This information about the enemy is
important because:
Time is not wasted advising an erroneous threat.
Counter measures are not assigned to indicators which the enemy does not
have the capability to collect.
Counter measures are assigned to counteract the capabilities of the
enemy to collect information on our activities.
The CI section establishes the data base to develop the indicators, the
signatures, the patterns and the profile of our forces. This information
indicates how our units appear in the battlefield -- the way they operate, how
they communicate, how they are supplied, etc. The information about our own
unit is important for the planning of our operations because:
It determines the essential elements of information on our forces and
our vulnerabilities.
Counter measures are applicable to the units which need them. In
carrying out and providing advice for OPSEC measures.
Deception can be done effectively. The use of deception depends on
common sense, precise information about enemy intelligence and our
involved units. For example, the units which use deception have to
demonstrate indicators, signatures, patterns and profiles showing the
same characteristics as the type of unit they are trying to imitate.
COMMANDER GUIDE
The concept of the operation and the mission of the commander provides
the direction and guideline for the OPSEC plan. The commander can order
certain general measures of OPSEC or perceive specific procedures of security
during operation. For example, it can establish measures for protecting the
revealing of unit movement, supplies and use of radio. The commander should
announce which part of the operation should be protected for the operation to
succeed.
22
LN324-91
PLANNING
The C3/S3 is assisted by the CI section and other high staff and general
staff officers, realizing the plan described in Figure 1. Although the
different aspects of the planning might not be completed in detail, each one
should be completed as much as possible in a given time.
Determine the Sensitive Aspects of the Operation
Take note of the information which if known by the enemy provides
indicators that reveal our operation. Operational indicators and physical
characteristics are compared constantly with the operation. Once this is done
the planners can --
Determine the Essential Elements of the Elements of
Friendly Information (EEFI)
The essential element of friendly information is information that if it
falls in the hands of the enemy, our operations will fail. The EEFI reflect
the concern of the commander regarding areas that need security. The CI agents
use the EEFI to identify and inform regarding vulnerabilities. The unit uses
the EEFI to plan operations of countersurveillance.
Advice on Our Vulnerabilities
Noting the EEFIs, the CI sections begin to advise on our
vulnerabilities. The CI agents identify the units and activities that are most
vulnerable and detectable by enemy intelligence. This step is necessary for --
Risk Analysis
Risk analysis is a process that compares our vulnerabilities with the
enemy capabilities for gathering of collect.
The CI agent identifies indicators that if detected would result in the
divulging of important combat intelligence regarding our operations. The
purpose is to identify the risk and determine what can be done to reduce them.
This includes an evaluation of the operation of countersurveillance and
counter measures actually in effect for determining what more needs to be
done. The units always employ procedures of counter surveillance. The units
separate and evaluate the effectiveness of countersurveillance as they receive
new information. Based on the new information, they can decide and adjust the
measures for countersurveillance in order to focus on certain techniques and
procedures. This process continues throughout the CI agents structure.
23
LN324-91
Determine the Counter Measures
Counter measures are used to protecting these indicators and EEFI which
are most vulnerable for enemy detection, as a result the counter surveillance
measures which are not adequate. Generally there are five options:
Counter measures are not necessary
Applying a counter measure
Stop the activity
Employ deception operations
Change the operation
Counter measures are not necessary under the following conditions:
A indicator cannot be detected by the enemy
If it is detected, the indicator supports the deception plan.
The commander decides to accept the risk.
The use of counter measures in deception requires common sense,
information over our units and knowledge of the capabilities of the enemy to
gather intelligence. The specific counter measures are directed towards the
capabilities of the enemy in order to collect information.
Counter measures may include the physical destruction of the enemy -s
collection measures. If this is the case, the S3, in accordance with the
commander, has to react quickly in order to counteract the enemy's gathering
capability. For example, it is known that an enemy reconnaissance patrol is
collecting enough information regarding our operation, the 53 can recommend
the increase of combat patrols to destroy the reconnaissance element.
Deception
The planning of deception is integral in the planning operations. A
deception plan can be done because it is a good idea for a specific operation;
because it is a requirement to support a plan of deception at a higher level
as part of the measure against the enemy intelligence threat. In any case,
deception and the OPSEC are inseparable. In order to use deception
successfully, a unit as o have a good knowledge of all of the aspects of
OPSEC.
24
LN324-91
Deception is designed to deceive the enemy by means of manipulation,
distortion, making him react in a way that is detrimental to his interest. In
order for a plan of deception to function, certain conditions have to exist:
-- The plan of deception should be credible. The concept of deception
should be carried out in conjunction with the concepts of operation. Whenever
possible, the operation activities should support the plan of deception.
-- The deception should be part of the technical situation.
-- The enemy should be given the opportunity to react to deception.
-- One should consider all the information gathering capabilities of the
enemy. There is no point in deceiving an enemy resource if it is detected by
another resource. The success depends on the good knowledge of the
characteristics, capabilities and the use of intelligence systems of the
enemy.
-- The units involved in the deception have to accomplish their different
missions. This may not require anything special if the unit is doing its
normal mission. It is possible that it may have enough information and
equipment to project a false image. The subordinate units have to support the
plan of deception of the superior units.
Deception requires good intelligence, OPSEC and an operational
implementation in order for it to be successful. Intelligence units inform
regarding information gathering capabilities of the enemy and possible
reactions. The CI section informs regarding indicators, signatures, patterns
and profiles of the units involving deception; and the operations sections
applies the deception plan of the combat operations. A satisfactory OPSEC
program needs to be established in order for the deception to be successful.
INDICATORS, SIGNATURES, PATTERNS AND PROFILES
General
All the armies have their ways of operating. The normal operating
procedures, the field manuals, the training instructions, and other local
instructions result in similar units functioning in a similar way. The effort
of maintaining the similarities and functioning adds to the effectiveness and
efficiencies of the units. Its weakness is that the units become stereotypical
units, and consequently more predictable. This causes that the analyst of any
intelligence can interpret more easily the indicators, signatures, patterns
and profiles of our military forces.
The commanders and the operation officers should examine and study
carefully how to conduct their military operations. They need to know if they
25
LN324-91
are conducting operations in the same way each time there is an operation, and
advise on the manner the operation should be conducted. This means that they
should revise the actions that occur during the planning phase, execution and
the debriefing after the combat drills. It could be that a comparison of the
activities of various combat drills is necessary.
INDICATORS
Indicators are activities that may contribute to determine a course of
action of our military forces. When preparing combat operations, it is
virtually impossible for a military unit to hide or avoid giving out
indicators. Certain activities must be conducted. Some of these activities are
essential for the operations -- others can be directed by the commander or by
standard operational procedures of the operations. In many cases, these
activities might be detected by the enemy and used to predict possible courses
of action.
Identifying and interpreting specific indicators is a critical task for
the intelligence operations, either for the enemy of for our own armed forces.
The intelligence personnel looks for indicators, analyze the, and make an
estimate of the capabilities, vulnerabilities and intentions. These analyses
have become a requirement for information, plans, and eventually provide the
basis for directives and orders.
Identifying the critical activities of the military forces could
indicate the existence of specific capabilities or vulnerabilities, or the
adjustment of a particular course of action. Determining which indicator is
important, could be the result of previous action analysis. The lack of action
is as important, in certain cases, as actions already taken. For example, if a
unit does nor normally deploy its attack artillery equipment, this information
is important for the analysts to include it in their estimate. In any case,
the indicators that arise requires a concrete knowledge of the organization,
equipment, doctrine of the tactics, the command personalities, and the
logistic methods, as well as the characteristics of the operations. Indicators
are not abstract events. The indicators are activities that result from the
military operations.
Indicators are potential tools for each commander. The indicators are
probabilities in nature, which represent activities that might occur in the
military operations. The interpretations of the indicators require knowledge
of the enemy and the current situation. Some indicators are mentioned below.
It is not intended to be a complete list, or applicable to all situations.
26
LN324-91
Possible Attack Indicators
-- Concentration of mechanized elements, tanks, artillery, and logistic
support.
-- Delivery of combat elements (mechanized, tanks, anti-tank) in echelons.
-- Deployment of tanks, guns, cars to the front units.
-- Extensive preparation of artillery.
-- Artillery positions very much to the front and in concentration.
-- Extensive patrol activity.
-- Change in the level of communications, crypto, codes and frequency.
-- Placement of the air defense forces beyond the normal front.
-- Logistics activities, reinforcement and extensive replacement.
-- Relocation of support unit at the front.
Possible Defense Indicators
-- Withdrawal of defense positions before onset of battle.
-- Successive local counterattacks with limited objective.
-- Counterattack is suppressed before regaining positions.
-- Extensive preparation of field fortifications and mined fields.
-- Firing positions in the front are used; the long-range firing is
started.
-- Movement to the rear of long-range artillery equipment and logistics
echelons.
-- Destruction of bridges, communication facilities and other military
equipment.
27
LN324-91
SIGNATURES
The signatures are a result of the presence of a unit or activity in the
battlefield. The signatures are detected because several units have different
equipment, vary in size, emit different electronic signals, and have different
noises and heat sources. The detection of the individual signatures could be
grouped by analysts to point out the installations, units, or activities.
In general, these are the categories applied to the units: visual,
acoustic, infrared, and electromagnetic. Each one of these areas are discussed
individually. Have in mind, however, that the enemy will try to exploit
several individual signatures grouping them in order to determine a signature
for the unit. Usually, action is not undertaken as a result of the detecting
only one signature. With exception of the detection of critical areas, which
can result of the detection, identification and location of a signature. The
critical areas are key activities such as command posts, communications
facilities and systems, some equipment and its surveillance systems. The
detection of these areas reduces the ability of a military force to conduct
military operations. However, the longer the critical areas are exposed, the
easier would be for the enemy to detect, identify, locate, attack and destroy
these critical areas.
VISUAL
Visual signatures are detected through light photography and by human
eyesight, assisted or unassisted. Visual signatures are equipment, location of
personnel, activity patters, and the frequency of these activities. Also, some
of these visual signatures include vehicle movement, tanks, vehicle marking,
uniform markings, etc. Theoretically, a target is detected when it is seen by
a human eye. The targets might be detected and identified by using photography
by --
-- Its distinct form, or recognizable patters, form, style, size,
design, shadow, and its dimensions of height and depth.
-- A distinct deployment system, possibly involving other targets.
-- The color, hue, shine, tone and texture of the target.
It is possible to detect a target without having to identify it.
Detection is the discovery of a target or activity, while identification
requires an additional step - to establish what the target is, what it does,
or the capabilities of such target. The violence, confusion, and the darkness
in the battlefield introduces variables that might prevent identification or
detection of military targets.
28
LN324-91
Some studies point out that the visual detection is affected by the
following:
-- The size of the target and the time it has been exposed to sight.
-- The degree to which the target has been camouflaged or covered.
-- Light variation, visibility and weather.
-- Number of targets - the more targets there are, it is more
difficult to identify them correctly.
-- Target distance - the longer the distance the more difficult to
identify the target correctly.
-- The contrast of the target against the background -- the less
contrast there is, the more difficult it is to identify the
target.
Some factors help the probability of visual detection. For example, the
probability of detection is increased by knowing previously that a target is
in a particular area. The probability of detection and identification is also
augmented if the target detected in a particular area is associated with other
targets in the vicinity, in other words, find a known target and search for
similar ones in the area. For example, if a tank repair vehicle is detected in
an area, look for tank units or mechanized units in the vicinity.
The identification and visual detection can be enhanced with the use of
photography. Visual location of ground and air observers, of which there is no
specific identification, can be used to lead photographic reconnaissance
missions. Unlike the location in one site only, or having a short view of the
target, photographs provide the opportunity to enlarge and study specific
areas and equipment. Photography is limited mainly because it provides the
record of an area as it was at the moment the photograph was taken.
ACOUSTIC (SOUND)
The acoustic signatures come in two types: The first are noises produced
during battle by explosives and rifle firing. The second sound is associated
with the noise of certain military functions - such as vehicles, equipment and
the activities of the installation. The acoustic signatures are detected by
human hearing, sound detection equipment, or special devices that magnify the
sound.
Acoustic sounds could be very significant because different equipment
and guns have a unique sound. These signatures have considerable importance
for planning countersurveillance, countermeasures and deception. The forces
29
LN324-91
try to prevent escape of signatures in order to reinforce security; a
deception plan must sound as if it were an actual unit.
The noises produced by operations are affected by the weather
conditions, terrain, atmospheric conditions, and the propagation of sound. The
relative direction of wind, the amount of wind, the temperature and humidity
influence the quality of sound. In general, the sound travels better when
projected by the wind, when humidity is relatively high, and during nighttime.
The enemy is not expected to react only to what he hears. The sound only
serves to alert us on what is happening. The acoustic signature, unlike the
visual signature that can stand by itself, normally is used to support other
sensors.
The acoustic sounds are integrated with other information to enhance
intelligence. But have in mind that under certain circumstances, the sound can
travel long distances. While the enemy cannot distinguish between an M-60 tank
and an APC, the sound can alert him that there is movement in the vicinity.
INFRARED (IR)
The infrared signatures are those not visible by the eye. It is the
heat, or light, produced by equipment, person, unit or activity. The infrared
signatures can be detected with the use of several specialized equipment.
The infrared surveillance equipment vary from the individual optical
device to sophisticated aerial systems. Under favorable conditions, the
systems that have been improved will be able to produce images that
distinguish between the equipment of the same quality and type.
The tactical infrared equipment come in two categories -- active and
passive. The active equipment require that the potential target be illuminated
by infrared sources -- light sent in infrared frequencies. These devices are
susceptible of being detected because they emit a distinct and identifiable
signature. The enemy sensors can locate the active sources. The passive
devices detect the infrared radiation of any of these two sources: emissions
created by the target or solar energy reflected by the target. These devices
are more applicable to play the role of surveillance because the equipment
does not produce an identifiable signature. The passive devices are vulnerable
to detection at the level at which their power sources are detectable.
The majority of the military equipment emit an infrared signature of
some type. The equipment more vulnerable to infrared detection are those that
produce a high degree of heat, such as, tanks, trucks, long guns, generators,
air conditioners, furnaces, aircraft, maintenance facilities, artillery fire,
kitchen areas, landing areas and assembly points.
30
LN324-91
Infrared surveillance has limitations. Humidity, fog, and clouds can
cause serious limitations, while smoke and fog can degrade the operations of
some systems. The clouds present a more serious problem because the radiations
emitted can be enough to prevent the operations of the system itself.
Clouds also telltale the infrared radiation of the objects being
targeted by the system.
ELECTROMAGNETIC
The electromagnetic signatures are caused by electronic radiation of
communication and non-communication emitters. In other words, the detection of
specific electromagnetic signatures can disclose the present of an activity in
the area. This allows us to direct our sensors to that area in order to detect
other signatures.
The communication signatures are generally direct -- use a radio and a
signature will be provided. The battalions have certain communication systems;
the brigades have other communication systems, and the elements of higher
echelons also have different communication elements and other additional
systems. To find the bigger units, to which a transmitter belongs, it is the
duty to:
-- detect other transmitters in the area.
-- Use radio-goniometry to determine the location.
-- Categorize signals by a signal analysis.
-- Locate the type of transmitter in the vicinity of the area.
From this type of information, the intelligence can determine the location of
a unit or command, supply point, weapons units, and assembly areas. This is
particularly true when some radios or radars are used exclusively by a
specific unit or weapons system. The movement, information of the order of
battle, the structure of the radio network, tactical deployment, and, in a
lesser degree, the intentions could be derived from the interception of the
communications systems. All these could be detected and identified by knowing
the location of communication equipment, without reading the messages.
The signatures produced by radars are considered from two viewpoints.
First, when radar systems are activated they transmit signals and create
signatures.
This makes our forces vulnerable when we use radar against the enemy.
Secondly, the equipment, buildings and mountains have identifiable
characteristics which the radar can be used to detect and identify. Therefore,
the forces exposed are vulnerable to the detection by radar.
31
LN324-91
The military equipment have a great number of protuberances, angles and
corners which the radar could detect. This refers to what is called the radar
cross-section (RCS). Modern radar surveillance equipment can do more than
solely detect the RCS of a target. Aerial radars with lateral view (SLAR) have
enough resolution to identify certain weapons systems by detailed imagery or
by its pattern. The radar systems can penetrate the fog, cloud and moderate
rain. The surveillance radars are active systems and can operate against
mobile or fixed targets.
The radar systems are limited in that they require an uninterrupted
passage, or visibility points, towards the target area. However, have in mind
that these systems cannot penetrate forests or heavy rain. The radar systems
are susceptible to enemy interception and can become targets because of their
distinctive signature.
PATTERNS
A pattern is the manner in which we do things. Patterns that can be
predicted are developed by commanders, planners and operators. The different
classes of patterns are as numerous as the different procedures in military
operations. Some examples of patterns are:
-- Command and Operations Posts
-- Artillery fire before an attack
-- Command posts located in the same position relative to the
location of the combat units.
-- Reconnaissance patrols repeatedly on a zone before an operation.
The officers need to examine their operations and activities in their
zones of responsibility and reduce the established patterns whenever possible.
PROFILES
The profiles are a result of the actions taken by military units and
individual soldiers. The profile analysis of a unit could reveal signatures
and patterns on the procedures, and, eventually, the intentions of the unit
could be determined, collectively, the profiles could be used by the enemy to
find out our various courses of action. Our counterintelligence units develop
profiles of our units in order to determine our vulnerabilities and thus
recommend the commanders on the correction measures. In order to achieve this,
all activity of the unit has to be identified to see if it presents indicators
to the enemy.
Usually, profiles are developed by means of the gathering of information
on the electromagnetic equipment and on physical actions and deployments.
32
LN324-91
Electromagnetic information identifies the activities of the units by
associating the different signals with the equipment. Physical actions and
deployments are things that the unit does: how a unit appears while it is
performing; how it moves; its configuration during march or when it deploys.
These different factors identify the different units.
In the majority of units, the electromagnetic and physical information
is applicable to 5 areas of importance in order to complete an entire profile.
The five profiles are:
-- Communications and command post
-- Intelligence
-- Operations and maneuvers
-- Logistics
-- Administration and other support
COMMUNICATIONS AND COMMAND POST
Some factors to be considered when developing and profile:
Where are the command posts located with regard to other units -
particularly subordinate units?
-- How does the command post look like?
-- When is it transferred with regard to the other command elements?
-- Is the post surrounded by antennas - thus creating a very visible
target?
-- What type of communications equipment is used and where is it located?
-- What is the amount of communications traffic with regard to the
activities and operations?
-- Are there any road signs that might help the enemy units or agents to
located the command post?
-- Do the logistics and administration communications compromised the
operation?
33
LN324-91
INTELLIGENCE
Profiles on intelligence, surveillance, reconnaissance and elements
identifying targets are developed in order to determine whether our activities
indicate our intentions. Some considerations:
-- How frequently and to which zones have the land and air elements been
assigned for information gathering?
-- Where are the information gathering elements located? (Which
communication methods are used to report? Which are the information channels?
Which are the security measures?)
-- How are the radars used? (For how long are they used before transferring
them?)
-- Are there sensors in the target zone?
-- Have the reconnaissance vehicles (land and air) compromised the location
of future operations?
-- Are the patrol levels been varied?
-- Can the different gathering activities relate to the different stages of
operation - planning, preparation, execution?
OPERATIONS AND MANEUVERS
Activities during the preparation and execution of combat operations can
be identified. Many activities are hard to cover due to the number of men
involved, the noise, dust, tracks of vehicles, heat emitted, etc. However, the
activities for combat operation have to be examined.
-- Can the drilling and instruction of men be easily detected?
-- If there is special training required for the operation, are there any
special security measures?
-- Where are the units located before the operation? Artillery? Aviation?
Reserves? Maintenance and supply? Is the movement indicated towards the front
or the rear during their course of action?
-- How are the same actions carried out for preparation of offensive or
defense operations? Do they indicate intentions?
LOGISTICS
34
LN324-91
Supply, maintenance, transportation and services and facilities
indicating an operation have to be examined.
-- Which movements indicate the starting of an operation?
-- Are material and special equipment visible?
-- Where is the material being stored? When?
-- Is the change of schedule for vehicle and weapons maintenance indicating
the start of an operation?
-- Are new roads being built?
-- Are special munitions being delivered secretly?
ADMINISTRATION AND OTHER SUPPORT
Activities seemingly completely innocent individually could provide
valuable information for the enemy analyst. The administration and support
profile could identify these actions which become obvious because they are
different from what is normal. Some examples follow:
-- Things change before an operation:
* Getting up and meals schedules?
* Directions
* Larger mail volume?
* Frequency of reports:
* Entry of licensed personnel?
-- There is a special request for:
* Personnel?
* Equipment?
* Supplies of all types?
-- How is trash, paper, etc. being destroyed? Can enemy agents locate and
use the waste?
-- Expecting wounded personnel by medical units, do they indicate a pending
operation?
35
LN324-91
36
LN324-91
THE OPSEC PROCEDURE
1) To identify the enemy capability to gather intelligence (D-II/S-II).
2) Identify our EEFI and profiles.
Profiles + Patterns and signatures
Profile: All the characteristics pertaining a unit.
Patterns: Repeated activities established by SOP or by doctrine.
Signatures: Field actions of a unit.
-- visual
-- sound
-- infrared
-- electromagnetic
Profiles: Command Post
-- Communications
-- Operations
-- Logistics
3) Identify the vulnerable profiles that indicate our intentions.
4) Implement a risk analysis and make note of the EEFI.
-- Profiles \
-- Patterns > Indicators
-- Signature /
5) Recommend OPSEC measures
-- Countersurveillance
-- countermeasures
-- Deception
6) Select the OPSEC measures.
7) Apply the OPSEC measures.
8) Apply efforts to monitor OPSEC.
9) Monitor the effectiveness of OPSEC.
10) Recommend OPSEC adjustments.
37
LN324-91
Step (1) --- OPSEC estimates
Step (2) --- OPSEC estimates
Step (3) -- Planning estimates/guidelines
Step (4) --- Estimate/guidelines
Step (5) --- Estimate/guidelines
Step (6) --- Estimate/guidelines
Step (7) --- OPSEC Annex
Step (8) --- OPSEC Annex
Step (9) --- OPSEC Annex
Step (10) --- OPSEC Annex
ESTIMATE --> GUIDELINE --> ANNEX
EVALUATION:YEARLY REPORT
38
LN324-91
OPSEC ANNEX
Item 1): Mission of the unit. (From the Plan of Operation)
Item 2): Summarize the enemy situation in terms of intelligence gathering,
sabotage, and subversion. Discuss the situation with regard to
recent enemy activities and their potential capability. This item
is designed to indicate their capability for intelligence
gathering; while item 3 include the measures to counteract those
efforts. The following factors should be analyzed:
A. Indicate the effect of weather on the enemy's capability to gather
intelligence on our OPSEC measures.
B. Indicate the effect of the terrain on the enemy's capability to
gather intelligence on our OPSEC measures.
C. Resume the enemy's capability to gather intelligence and carry out
sabotage and subversive actions. This includes:
1) Intelligence
A) Ground Observation and Reconnaissance
1) Eye observation
2) Patrols
3) Ground radars
4) Infrared surveillance
5) Long-range ground sensors
6) Other
B) Air Surveillance and Reconnaissance
1) Penetration flights
2) Long-distance flights
3) Reconnaissance satellites
C) Signal Intelligence
1) Communications Intelligence
2) Electronic Intelligence
D) Electronic Warfare
1) Interception and radio goniometry
2) Interruption
3) Destruction
E) Guerrilla, insurgents, agents
39
LN324-91
F) Other: infiltrators, refugees, prisoners of war, etc.
2) Sabotage
A) Military
B) Economic
3) Subversion
A) Propaganda
B) Terrorism
C) Political
D. Summarize the enemy's intelligence and security weaknesses.
Summarize its intelligence gathering weaknesses, for committing
sabotage and subversion sabotage. Discuss its internal security
posture.
Item 3): Implementation
A: Make a list of all the countersurveillance measures taken by the
field SOP. Emphasize new countersurveillance measures or changing
of measures that are part of the SOP.
B. In this section, make a list of all the additional countermeasures
that are not included in the SOP and are applicable to all the
units. These countermeasures are designed to counteract a specific
threat by the enemy counterintelligence.
Item 4): Miscellany
A. Summarize the threat to internal security. Discuss the problems of
internal security detected in the command post.
B. Establish any special instructions not covered previously as
targets of interest for counterintelligence (with priorities and
locations).
C. Establish the chain of command for counterintelligence.
Item 5): Command
This item deals with instructions on where counterintelligence is
sent to, the link between the various units, location of counter-
intelligence personnel, the different dissemination channels,
types of reports required, frequency and priorities.
40
LN324-91
OPSEC ESTIMATION
Item 1): The Mission of the Unit. (From the Plan of Operations)
Item 2): Area of Operations. (Discuss the influence of the area of
operations on the enemy capabilities to gather intelligence and
commit acts of sabotage and subversion).
A. Time/weather. (From the Intelligence Annex)
-- The enemy's capabilities for surveillance and ground and air
reconnaissance.
-- The time/weather is or is not favorable to the enemy's
gathering efforts.
-- The impact of time/weather on our countermeasures.
B. Terrain. (From the Intelligence Annex)
-- Surveillance
-- Coverage
-- Natural and artificial obstacles
-- Key Terrain
(How the terrain affects the enemy's capability to gather
information/intelligence and how it affects our countermeasures).
C. Other factors of the zone.
-- Political
-- Economic
-- Sociological
-- Psychological
-- Transportation
Item 3): Current Enemy situation on intelligence, sabotage and subversion
activities.
A) Intelligence
1) Ground surveillance and reconnaissance.
-- Eye observation
-- Patrols
-- Ground radars
-- Infrared surveillance
-- Long-range ground sensors
-- Other
41
LN324-91
2) Air surveillance and reconnaissance
-- Penetration flights
-- Distance flights
-- Air Sensors
-- Reconnaissance satellites
3) Signal Intelligence
-- Communication intelligence
-- Electronic intelligence
4) Guerrillas and Insurgents
5) Espionage
6) Other: infiltrators
refugees, displaced persons,
prisoners of war, etc.
B) Sabotage
1) Military (installations, line of communication)
2) Economic
C) Subversion
1) Propaganda
2) Terrorism
3) Political
Item 4: Enemy capability for intelligence gathering and to commit sabotage
and subversive actions.
A) Intelligence
1) Ground surveillance and reconnaissance.
-- Eye observation
-- Patrols
-- Ground radar
-- Infrared surveillance
-- Long-range ground sensors
-- Other
2) Air surveillance and reconnaissance
-- Penetration flights
-- Distance flights
-- Air Sensors
-- Reconnaissance satellites
3) Signal Intelligence
42
LN324-91
-- Communication intelligence
-- Electronic intelligence
4) Guerrillas and Insurgents
5) Espionage
6) Other: infiltrators
refugees, displaced persons,
prisoners of war, etc.
B) Sabotage
1) Military
2) Economic
C) Subversion
1) Propaganda
2) Terrorism
3) Political
Item 5): Conclusions
A) Indicate how the enemy will use its capability to gather
intelligence and to commit sabotage and subversion actions.
B) Indicate the effects of the enemy capability on our course of
action.
C) Indicate the effectiveness of our current countersurveillance
measures.
D) Indicate the effectiveness of our current countermeasures.
E). Recommend additional countersurveillance measures.
F). Recommend additional countermeasures.
43
LN324-91
OPSEC PLANNING GUIDELINES
UNIT ______________________________ COMMANDER: __________________________
G3/S2: ______________________ NAME OF OPSEC OFFICER: ____________________
CONTENTS DISCUSSED WITH: ________________________________________________
NAME RANK
PERSON COMPLETING REVISION: ____________________________________________
YES
NO
CAMOUFLAGE
A.
B.
DOCUMENT SECURITY (INFORMATION)
A.
B.
COMMAND POST
A.
B.
COMSEC
SIGSEC
TRANSSEC
Back to Top 44
CHAPTER 3 LN324-91 OPSEC EVALUATION
INTRODUCTION:
OPSEC means Operations Security. It is the duty of the Intelligence/
Counterintelligence Agent to determine the extent to which the security
measures are being followed within the OPSEC program. If the measures have not
been carried out, then nothing has been accomplished and the security of the
command is in serious danger. When the OPSEC measures, developed from the
OPSEC Procedures, are applied to an operation or activity (Commando) there are
several methods to evaluate its effectiveness. All are included under the
subject of "OPSEC Evaluation." The phrase OPSEC EVALUATION is applied to two
different concepts:
a. One concept refers to an evaluation or study of the activity,
unit, or project, using the OPSEC Procedure in order to recommend the OPSEC
measures and create a Data base for Counterintelligence (CI).
b. The second concept is an evaluation of the effectiveness of the
OPSEC measures already recommended. This evaluation might result in
modification or suppression of measures, or the identification of new OPSEC
measures.
OVERVIEW:
1. The OPSEC Evaluations vary, as already mentioned, depending on the
units needs.
2. All evaluations have in common the characteristics of examining
the effectiveness, the failure or the lack of OPSEC measures in a unit.
3. All evaluations are structured in a way that can provide complete
and detailed information as to how the units and agencies are implementing the
OPSEC measures.
4. THE OPSEC EVALUATIONS ARE NOT INSPECTIONS. The evaluations are
presented and must be considered as data finding and/or failure finding.
5. The Evaluation is used to identify those areas of the security
procedure of a unit that need to be improved.
6. When a team of agents carries out an OPSEC evaluation, it must be
done sensibly and not overlook or ignore something, having always in mind that
the evaluation results will be used to improve the system.
7. EVALUATIONS IN PEACE TIME AND IN WARTIME:
45
LN324-91
a. During peacetime the OPSEC Evaluations can be prepared
several months in advance. An OPSEC evaluation of each command (unit) within a
Division or Brigade, must be carried out annually.
b. In addition to a yearly evaluation, a commander may request
it, through the G3/S3, that an OPSEC special evaluation be made of his unit.
c. During wartime, as vulnerabilities and threats are
identified, the evaluations are carried out in response to an emergency
request or urgency by the affected agencies.
8. Each evaluation is unique, since each one reflects the operation
or activity being evaluated. However, there are certain common procedures for
all evaluations, and these are as follows:
a. Planning
b. Evaluation
c. Report/Information
9. Planning of Evaluation:
The main factor in the planning stage of an evaluation is detail.
It must be prepared in detail to carry out an evaluation. Normally, the
planning stage includes the following:
a. Development of the purpose and scope of the evaluation:
The purpose/scope of the evaluation is prepared by the
analysis section of CI, and by the OPSEC element, for approval by G3/S3.
SAMPLES OF POSSIBLE PURPOSES AND SCOPES OF AN EVALUATION:
(1) "This OPSEC Evaluation will discuss the vulnerability of
the Division or Brigade to the multi-disciplinary threats of the enemy. These
threats include Human Intelligence (HUMINT) and Signal Intelligence (SIGINT),
etc.
b. Selection of the team that will carry out the Evaluation:
The team shall be selected by G3/S3, who will request its
units to assign expert personnel in the areas of operations, intelligence,
communications, logistics and administration. The team can be re-structured
according to the type of evaluation to be made.
c. Establish the contacts (link) in the area to be evaluated:
One of the initial steps before evaluation is to contact the
security chief of the installation to be evaluated. He can provide access to
the necessary files needed for an evaluation.
46
LN324-91
d. Compilation of the reference materials:
The team must review the Standard Operations Procedures
(SOP) of the unit to be evaluated. This will make the team familiar with the
mission and the operational procedures of that installation.
e. Review the Essential Elements of Friendly Information
(EEFI):
By reviewing the EEFI, the team may identify the valuable
intelligence data which the commander deems important for the security of the
installation. This information may include any information, classified or not,
which, if revealed to enemy intelligence agent, could result in serious damage
to the installation.
f. Review the threat of hostile intelligence:
The team must be familiar with possible espionage threats,
activities of intelligence gathering by the enemy, by using all the sources in
the area of operations.
g. Become familiar with the activity or installation to be
evaluated:
Members of the evaluation team shall review all the
directives of the installation. The evaluation team leader should be briefed
by the commander of the installation.
h. Prepare organizational charts:
Preparation of organizational charts for evaluation purposes
will facilitate the evaluator's work. The chart should be prepared according
to the area to be evaluated. The charts should include the areas to be
reviewed by the agents and specific notes that might be useful for the
individual evaluator to carry out his duties.
i. Give notice of evaluation:
The final step in the preparation of an OPSEC evaluation is
to notify it. The G3/S3 notifies the installations that will be evaluated by
means of an amendment. The information that might appear in the message is as
follows:
(1) The purpose and scope of the evaluation.
(2) The members of the evaluating team and its access to
classified information.
(3) Necessary briefings and familiarity.
(4) Date and time that will be spent in the evaluation.
(5) Support required from Signal Security (SIGSEC)
47
LN324-91
10. The Evaluation:
After completing the planning stage, the evaluation will be
performed. The following steps, in order, must be carried out at the onset of
the evaluation.
a. Beginning briefing:
This briefing could be formal or informal. It must be given
by the evaluating team leader. The areas to be covered during this briefing
are:
(1) Purpose and scope of the evaluation.
(2) How the evaluation will be conducted.
(3) Summary of the enemy threats and the vulnerability of
the installations to these threats.
(4) Previous OPSEC evaluations, if any, will be discussed.
b. Briefing by the Commander:
This briefing will give the Evaluating Team an opportunity
to receive information on the operations from the viewpoint of the commander
of the installation.
c. The Evaluation: (Information that will be covered later on
by this chapter).
d. Final Briefing:
The purpose of the final briefing is to inform the Commander
of the results of the evaluation and the findings during the evaluation with
regard to the OPSEC system of his installation. Also, the outgoing briefing
could be an informal one.
e. Report:
During this period, the evaluating team, the analysis
section of CI and the OPSEC section, shall evaluate all the information
obtained during the evaluation. The product of this effort shall provide a
data base that can be used to identify the vulnerabilities of the installation
in the OPSEC areas. The evaluation results of the information obtained by the
team will be the basis for recommendations of new OPSEC measures, if
necessary.
48
LN324-91
OPSEC EVALUATION
BROCHURE: TECHNIQUES AND AREAS TO BE COVERED DURING AN OPSEC
EVALUATION.
OPSEC EVALUATION
HUMAN INTELLIGENCE
A. Security of Information:
1. Reproduction machines (copiers):
a. How many machines are there?
b. What is the control on the reproduction of classified
material?
c. Who is authorized to reproduce classified material?
d. Who authorizes reproduction?
e. Has the personnel been instructed that when a document is
copied in a copier, the image of the document remains latent in the crystal
and could emerge if a blank paper goes through.
2. Destruction of classified information:
a. Who does the destruction of classified information?
b. Where is destruction carried out?
c. When and how often is classified information destroyed?
d. How is it destroyed?
e. What security measures exist during the destruction process
of classified material?
3. Emergency Evacuation and Destruction Plan:
a. Obtain a copy of the plan and review it to determine whether
it is effective:
b. How is the plan carried out?
c. Do they have the necessary materials on hand to implement
the plan?
49
LN324-91
d. Has the plan been rehearsed (drilled)?
4. Sensitive unclassified Trash:
a. Is there a procedure with regard to the handling of
sensitive unclassified trash?
b. Is there any mention of it in the SOP?
c. Is the SOP specification carried out?
d. How can they be sure that the command instructions are
carried out with regard to sensitive unclassified material?
e. Is all the personnel aware of the importance of controlling
the sensitive unclassified trash? How were they instructed?
5. Requests for information:
a. How are requests for information processed?
b. What is the procedure if the request originates from another
military or civilian command, or foreign country?
c. How do they control publication of information on activities
evaluated by other sources?
d. Is there an Officer for Public Relations (PRO)?
e. What are the responsibilities of the PRO in this program?
f. How is unsolicited mail handled?
6. Open Publications:
a. Which are the open publications of the installation? (A
publication which is unclassified and anybody can have access to it.)
b. Obtain copies and determine whether the publication has any
EEFI information.
c. How are open publications controlled?
7. EEFI:
a. Obtain copy of the current EEFI list.
b. On what was this list based?
50
LN324-91
c. Is all the necessary personnel aware of what is included in
the EEFI list? Is this information denied to some personnel?
d. Is the EEFI list realistic, does it in fact contain
everything that the unit wants to protect?
8. Reports of Previous Inspections/evaluations or Studies:
a. Obtain copies of all the inspections, evaluations, studies,
of physical security, personnel, OPSEC, that has pertain to the installation.
b. Review all the reports and determined which measures have
been taken to correct problems identified previously.
9. Special Access Material:
a. Which materials requiring special access are used by the
installation?
b. What security measures are enforces to protect and safeguard
the material?
10. Classification guidelines:
a. Obtain copy of the classification guidelines for classified
material of the installation.
b. Are these guidelines effective?
c. Are they written in an efficient way, providing the
necessary information?
d. Is the personnel knowledgeable of this classification
guideline?
11. Casual Conversation.
a. During the evaluation of the installation, try to listen to
conversation carried out in areas where classified or sensitive matters should
not be discussed; also be on the alert to conversation between persons that
have access and the need to know certain information with persons that do not
have the need to know nor the access.
b. Which is the procedure of the unit/installation regarding
casual conversation?
c. Does the installation have an instruction program to brief
its personnel with regard to the danger of casual conversation?
51
LN324-91
12. Security Education Program:
a. Which is the level of security education of the evaluated
installation?
b. Is there an education program in the areas of sabotage and
espionage against the armed forces, OPSEC, SigSec, Humint, and imagery
intelligence?
c. If there is a program, is it effective? (Does the personnel
respond to the teachings?)
d. Has the installation informed on any attempt of sabotage and
espionage or incident to the SEAAF?
e. Is the personnel contacted aware of the purpose of OPSEC?
Could they identify an approach to SEAAF if it would happen to them?
B. Physical Security
1. Inspections after working hours:
a. Are inspections of the installation carried out after
working hours?
b. If they do, what do they look for?
c. How often are these inspections performed?
d. What happens if they find loose classified material or any
other security violation?
2. Effectiveness of Physical Security:
a. What is the concrete effectiveness of the physical security
of the installation?
b. Are the current physical security measures adequate?
c. Examine doors, gates, fences, barriers, etc. and determine
its weakness and strong points.
3. Inspection Program of the Security Inspector:
a. Does the installation have an inspection program by the
Security Supervisor?
b. When the security supervisor carries out an inspection, is
it announced or unannounced?
c. Is the personnel performing the physical security
inspection, assigned to the same installation which they are inspecting?
d. What do they look for when inspecting?
e. What happens when they discover a vulnerability?
4. Access Control:
52
LN324-91
a. Pretend you are a hostile intelligence agent and determine
how could you manage to enter the installation. Plan it from the outside to
the inside and how far could you penetrate. Try to obtain classified material
or try to listen to casual classified conversation. Use your imagination. The
enemy will do the same.
b. Are the gates adequate?
c. Is there a cleared zone beyond the perimetry fences?
d. Is there an adequate number of guards? Are they duly
trained? (How do they communicate among themselves?
e. Are the fences adequate?
f. Are the outer doors adequate?
g. Is the alarm system adequate? (Do they have an alarm
system?)
h. Is there a control of visitors and their vehicles?
i. Do the guards have an established routine of movement that
will make them vulnerable to an attack?
j. Is there a reserve/support group that could assist in case
of a surprise attack?
k. Prepare a scenario of how you could penetrate the
installation, include a detailed account of the weak and strong points of the
security program of the installation.
5. Pass system:
a. Is it adequate?
b. Can the passes be reproduced easily?
c. Is there another system that could be used in case the first
one is compromised?
d. How are passes destroyed?
e. What happens when they are informed that a pass has been
lost?
f. Do they allow for one pass to have access to the entire
installation, or are there restrictions?
53
LN324-91
g. If the pass is not shown, is he made aware by the other
individuals, or is he allowed to walk without problem or question?
h. Are all the passes always visible?
i. How is the access to classified information certified or
verified of an individual visiting the installation?
j. Are visitors escorted through the installation?
k. Is there a record of the passes?
l. How many times a year is the pass system changed?
6. Visitors control:
a. What kind of access is authorized to visitors?
b. How are their level of access to classified information
verified?
c. Are the visitors required to sign at the entrance? What
information are they required to provide?
d. What other controls are applied for visitors?
7. Foreign Liaison Visitors
a. Are their access or authority for visiting verified?
b. Who is notified of their visit to the installation?
c. Which areas are they allowed to access?
d. What type of information is exchanged?
e. Is a briefing offered to the personnel that will have
contact with the foreign visitors?
8. OPSEC Support - Physical Security Plan:
a. Review and determine whether the plan is effective,.
b. Does this plan provide the support/information/guidelines
needed?
c. Can a Study of Physical Security be carried out?
d. What do the personnel know of the Physical Security Plan?
54
LN324-91
e. Is it reviewed and updated frequently?
9. Instructions for the Guards
a. Are the instructions to guards adequate?
b. Do the instructions to guards indicate which are their
responsibilities?
c. Are emergency plans included in the instructions?
d. What do the guards know about the plan?
e. Do the instructions include how to proceed in case of a bomb
threat, sabotage, espionage, events of interest for the CI, and the
destruction of government property?
f. Do the guards understand what they have to do if they are
involved in an incident that concerns the military intelligence?
C. Personnel Security
1. Human Reliability Program: (This program is used to determine the
reliability of persons in sensitive posts. The subject is discussed in the
Chapter entitled "Security Investigation of Personnel")
a. Does the installation have such a program?
b. If it does, how is it checked?
c. What has this program offered to the Commander?
d. How is access to classified information validated?
e. Where do personnel whose access has not been approved yet
work?
2. Travel Abroad by Staff Personnel:
a. Where to and when do these individuals travel to foreign
countries?
b. What is the procedure to notify the commander of these
trips?
c. Are the travel schedules controlled/evaluated?
d. Is the personnel travelling abroad briefed?
55
LN324-91
e. What kind of information do they carry and what kind of
information can they exchange?
f. Are trips abroad reported to military intelligence?
3. List of Accesses to Classified Information:
a. Is there a list of all the persons who have access to
classified information?
b. Do the personnel have access to the necessary information to
carry out their tasks?
c. Revise the access list and determine whether there is any
individual with access to information who should not be allowed.
d. How does the command verify the access to classified
information of other agencies?
4. OPSEC Program:
OPSEC SOP:
a. Does the installation have an OPSEC SOP?
b. Is it adequate?
c. Does the SOP of OPSEC describe the responsibilities of
everybody down to the individual level?
OPSEC Officer
a. Does the officer in charge of OPSEC working full-time for
OPSEC, or does he have other primary functions?
b. Which are the responsibilities of the OPSEC officer?
c. What kind of support is given to him?
d. Does he have the experience/education/reference material
necessary to carry out his tasks?
e. What importance does the Commander bestow on the OPSEC
program?
OPSEC Analyst
a. Is the command aware of what is an OPSEC analyst?
56
LN324-91
b. Does the command know what an Analyst can do for them?
c. Have they requested support by the OPSEC Analyst, and what
kind of support was requested?
d. Have they received in the past any support by an OPSEC
Analyst?
e. Is the OPSEC Analyst effective?
4. OPSEC Consciousness:
a. Does the personnel know what OPSEC means, what OPSEC can do
for them to protect their mission and work material?
b. Is OPSEC considered a daily routine in this installation?
c. Is OPSEC considered before, after and during a military
exercise?
d. What kind of OPSEC training have been given to the
personnel?
e. Does the personnel believe in the importance of OPSEC?
f. Which is your (the agent's) opinion of the total
consciousness of OPSEC in the installation?
D. Signal Intelligence
1. SOP:
a. Obtain and review all the SOP's of SIGSEC. (are they
adequate?)
b. Are they reviewed and updated periodically?
2. Support by Signal Intelligence:
a. What kind of support has the installation received from
Signal Intelligence?
b. What kind of signal intelligence support does the
installation need?
3. Safe Communication:
a. What are the means for safe communication?
57
LN324-91
b. Are they adequate?
c. Is there a backup system in case the primary one stops
working?
4. Inspections of Safe Communications and Signal Security:
a. When was the last SIGSEC/COMSEC inspection done and what
were the results?
b. Does the system need to be improved? (Were the improvement
measures carried out?)
c. Is there a need currently to improve the SIGSEC and COMSEC
systems?
5. Security Education:
a. Is the installation personnel trained on communications
security?
b. If they are trained, how is instruction given, is it
accepted or rejected?
c. Is there a need to improve the security education program?
6. ADP Security:
(ADP: is a security system used to protect the computer communication)
a. Is the personnel trained on COMSEC?
b. Is a key code used? How can an unauthorized person be
prevented to access the computer system?
c. Do unauthorized persons use the system?
d. What is the software used? What classification does it have?
e. What is the procedure for controlling the computer output?
f. What physical security measures are used to protect the
computer terminals that are outside the computer room?
g. Which procedure is used for the necessary maintenance?
58
LN324-91
h. If the system contains classified information, how can they
get the cleared personnel to carry out the computer maintenance?
i. Is there a Security Officer assigned for the computer room?
j. Are the computer operators trained on the need to protect
the systems security?
k. Can classified information be obtained through the
terminals?
l. Are visitors escorted while visiting the computers area?
m. Is there a pass system for the computers area?
n. Does the installation share the use of computers with other
installations or agencies?
E. Imagery Intelligence
1. Aerial Photography:
a. Is the personnel conscious of the existence/threat of aerial
photography?
b. Is the installation vulnerable to this threat?
c. What precautions are taken for protection against this
threat?
d. What kind of written information do they have to protect
themselves against this threat?
2. Manual Photography by an Agent:
a. Is the personnel conscious of this kind of threat?
b. What physical security precautions are taken to protect
themselves against this threat?
c. How vulnerable is the installation?
d. Are the guards aware of this threat and know how to prevent
it?
3. Outside Tryouts
59
LN324-91
a. Does the installation conduct tryouts outside the building
that could be vulnerable to the threat of imagery intelligence?
b. Has the command considered using camouflage before the
tryouts are carried out?
c. Does the SOP contain something with regard to the protection
against this threat?
F. Vulnerabilities/Recommendations of Signal Intelligence
G. Imagery Intelligence
1. Local threat:
2. Vulnerabilities/Recommendations:
H. Other Vulnerabilities and recommendations as appropriate:
I. Remarks:
(General remarks are included which are not qualified as
vulnerabilities.)
J. Conclusions
(Support to be given to the installation in the future.)
I. ANNEXES:
a. Data on Threats in general.
b. Results of the COMSEC evaluation.
c. Study of Signal Security
d. Essential Elements of the Enemy
e. Report of ADP Security
f. BEFI - Evaluation
g. Inspection of Technical Support
h. Other information or reports that might backup the OPSEC
Evaluation.
60
LN324-91
NOTE: Not all the Annexes mentioned above are required in all the reports of
an OPSEC evaluation.
Back to Top 61
CHAPTER 4 CHAPTER IV
DOCUMENTS SECURITY
INTRODUCTION:
The application of this chapter will be based on the following main
principles:
1. It is essential that some official information be given top
protection in order to safeguard the capability of the nation to protect
itself against all hostile and destructive actions.
2. It is also essential that the citizens of the nation be informed
as much as possible on the activities of the government.
3. This chapter should not be interpreted in any way as trying to
withhold information that otherwise could be publicly disseminated.
GENERAL:
A. DEFINITION OF DOCUMENT SECURITY: The degree of protection given to
certain official information for the safekeeping of the nation's capability to
protect itself against hostile or destructive actions.
B. All personnel must be aware that the above-mentioned principles are the
fundamental factors that govern military security and must be deeply
indoctrinated so as to be inherent with the routine performance of their
tasks.
C. ORGANIZATION:
1. Categories of Classification
a. The official information requiring protection in the
interest of national defense will be limited to three categories of
classification, which are, in order of importance, TOP SECRET, SECRET and
CONFIDENTIAL. No other designations shall be used to classify information of
national defense.
2. Other Definitions
a. Information of Defense. It pertains the official information
that requires protection in the interest of national defense that is not of
common knowledge, y which could be valuable military information for a
potential enemy, to plan or sustain war or insurgency against us or our
allies.
b. Classified Material. It is the official information which
has been classified and marked with one of the categories mentioned above.
LN324-91
c. Access to Classified Material. It allows access to
classified material only to those persons authorized to work with classified
information and need to know such information to be able to accomplish their
official duties.
d. Custody. Is the person in possession or that has the
responsibility of protecting and accounting for classified material.
e. Inventory. It is the procedure used to account for
classified material by control of entry and record of the document, or entry
of destruction record, or by signed receipts.
f. Document. Is any recorded information, without considering
its form or characteristics, and includes, without being limited to, the
following:
(1) Handwritten, typewritten or printed material.
(2) All drawn, painted or engraved material.
(3) All sound recordings, voices, tapes or records.
(4) All types of photographs and films, in negatives or
processed, fixed or in motion.
g. Authority for Derived Classification: It is the authority to
classify material as a result of being connected to, or in response to other
material related to the same subject of an already classified material.
h. Material: Means any document, product or substance, on or
within which information can be recorded or included.
i. Properly authorized person: It is a person who has been
authorized to work with classified information, according to the established
norms.
3. TOP SECRET Information. Top Secret classification is limited to
the information of defense or material that require the highest degree of
protection. TOP SECRET information will be applicable only to that kind of
information or material that is extremely important for defense, and the
unauthorized disclosure of which would result in serious danger for the
nation, as for example:
a. Definite severance of diplomatic relationships, that would
damage the defense of the nation; [leading) to an armed attack against them or
their allies or to a war.
63
LN324-91
b. Compromise the military defense plans, or the operations of
military intelligence, or technical or scientific developments vital for the
national defense.
c. As examples of this type of information, there are:
(1) A strategic plan that documents the complete
operations of war.
(2) The documents for war planning.
(3) Plan of operations for an independent operation, or
for a series of coordinated operations.
(4) Documents of military intelligence containing complete
information of a nature that would reveal a big effort of military
intelligence activities by the nation, and that would enable unauthorized
persons to evaluate the success obtained by the military intelligence services
of the nation.
(5) Plans or programs to carry out operations of military
intelligence, or other special operations, when the knowledge of a particular
plan, program or operation would result extremely damaging for the nation.
(6) Important information regarding equipment (war
materiel) extremely important and radically new, whose technical development
constitute vital information for the defense of the nation.
4. SECRET Information. The use of SECRET classification will be
limited to defense or material information whose unauthorized dissemination
could result in serious damage for the nation, such as:
a. Jeopardize international relations of the country.
b. Endanger the effectiveness of a program or policy vitally
important for the national defense.
c. Compromises important military plans for the defense or the
technical development for the national defense.
d. Reveals important operations of military intelligence.
e. Examples of this type of information are:
(1) A war plan or a complete plan for a future war
operation not included under the TOP SECRET classification, and documents that
indicate the disposition of our forces, whose unauthorized publication, by
itself, could compromise such secret plans.
64
LN324-91
(2) Defense plans and other military plans not included
under the TOP SECRET classification, or in the previous paragraph, that
contain plans and development programs or acquisitions, although they do not
necessary include all the emergency plans.
(3) Specific intelligence that, by itself, could reveal
the military capability of degree of preparation of the Armed Forces, but does
not include information whose unauthorized disclosure could compromise a TOP
SECRET plan.
(4) Intelligence that reveals the strength of our forces
involved in war operations; quantity or quality of equipment, or the quantity
or composition of the units in a theater of operations or other geographic
area where our forces might be involved in war operations. During peacetime,
the information that would reveal the strength, identify, composition or
situation of units usually would not require SECRET classification.
(5) Military intelligence or other information whose value
depends on concealing the fact that the nations possesses it.
(6) Details or specific information related to new
material, or modification of material that reveal important military advances,
or new technical development that has direct application of vital importance
for the national defense.
(7) Security measure for communication or cryptographic
material that reveals vitally important information for the national defense.
(8) Intelligence of vital importance for the national
defense, with regard to amounts of war reserves.
f. CONFIDENTIAL INFORMATION. The use of CONFIDENTIAL
classification will be limited to defense information and to the material
whose unauthorized disclosure could be damaging to the interests of the
national defense. As examples of this type of material, there are:
(1) Reports of operations and battles that might have
valuable information for the enemy (The Essential Elements of Friendly
Information).
(2) Reports that contain military intelligence, no matter
what type of information.
(3) Frequencies of military radios and call signals that
have special meaning assigned, or those that are frequently changed because of
security reasons.
(4) Devices and material related to the communications
security.
65
LN324-91
(5) Information that indicates the assets of our ground,
sea and air forces in national territory or abroad, or the composition of the
units, or que quantity of specific equipment units that belong to them. During
peace time a defense classification is not necessary unless such information
reflects the numbers of the total assets or quantity of weapons whose
characteristics are themselves classified.
(6) The documents or manuals that contain technical
information used for training, maintenance or inspection of classified war
material.
(7) Doctrine of tactical or technical operations.
(8) The investigation, development, production and
acquisition of war materiel.
f. Handling of classified documents
(1) Protection of classified material in the hands of
persons that are travelling.
(a) A person receiving travel orders, and who is
authorized to carry classified material, will protect such material by the
following methods:
1- He will contact his commander in order to
obtain, if available, the corresponding means of protection, according to the
particular classification of the material, or;
2- Will keep the material under his personal
control continuously. It is the responsibility of the carrier of classified
material to use his best judgement for his actions, in order to avoid risky
situations that might compromise the classified material.
(b) The personnel on travel mission will not carry
classified material when crossing international borders where the classified
material might be subject to scrutiny by Customs inspectors or other
"unauthorized" persons. Such material, when forwarded previously by diplomatic
pouch or by mail, will not encounter any obstacles on its way.
(2) Covers of classified material.
The cover of classified material is used to call the
attention of the personnel handling it, to the fact that it is a classified
document, and to protect it against unauthorized scrutiny. The cover shall
have the stamp identifying the classification of the document.
(3) Destruction in case of emergency.
66
LN324-91
(a) Plans
The commanders and chiefs that are responsible
for the protection of classified material will make formal plans for the
destruction or safe transfer of all classified material under its
jurisdiction, in case of civilian disturbance, disaster, or enemy action.
(b) On board aircraft or ships
If the aircraft carrying classified material is
forced to land, or a ship runs aground in unfriendly or neutral territory
where capture seems imminent, or in other circumstances when it appears that
the material should be destroyed so as not to be recognized, it is preferable
to burn it or destroy it in a way that will not be recognizable.
(4) Security of the typewriter ribbons: The typewriter
ribbons, whether made of cotton, rayon, paper, or silk, which are used to
write classified information are not safe until they have been written over
twice. Presently, many of the ribbons for typewriter machines can only be used
once, therefore have in mind that the impression of letters remain in the
ribbons and these are significantly valuable for the enemy as is the paper in
which the information was typed. These ribbons should be protected
accordingly.
(5) Classified trash: Trash such as drafts, minutes,
notes, dictaphone recordings, or other recordings, typewriter ribbons, carbon
paper, rolls of film, and similar articles, containing information of national
defense, shall be protected by a responsible person, according to their
classification, until they can be destroyed in an orderly fashion the same as
for material of similar classification. It is necessary to have a certificate
of destruction.
Back to Top 67
CHAPTER 5 LN324-91
CHAPTER V
LIAISON
INTRODUCTION:
The purpose of this chapter is to enable you to plan and carry out
Liaison with Government and civilian Agencies for collection of
information/intelligence required, in compliance with the commanders
requirements, without losing a mutual confidence with the Source.
GENERAL:
A. Before carrying out a Liaison, it has to be determined first which
agency or source will be contacted and the purpose for the contact:
1. Liaison could be carried out with the following sources or
agencies:
a. Government agencies
b. Military units or agencies
c. Civilian agencies and industry
2. The purposes for carrying out the liaison are:
a. To establish a relationship of mutual confidence between the
various government agencies.
b. To develop sources of information for immediate or future
exploitation.
c. To collect and exchange information that might be useful for
future investigation.
d. To obtain assistance in investigations or CI operations.
B. With this in mind, there are two forms or types of Liaison that
can be carried out:
FORMAL LIAISON and INFORMAL LIAISON
1. Formal liaison is carried out to obtain:
a. Specific information for an ongoing investigation.
b. Information related to security violations.
c. Information of threats to the national security.
2. Informal Liaison is carried out to:
68
LN324-91
a. Establish a relationship of mutual confidence.
b. Develop Sources.
c. Obtain information related to specific investigations.
d. Obtain information that has not been requested
specifically but is related to one or more incidents or investigations.
e. Maintain friendly relationship among the Sources of
information and the CI agents.
C. Before starting a liaison, you should review the SOP of the unit to
determine the proper Liaison procedure in your area of operations.
D. Upon reviewing the SOP you should determine the requirements and
establish priorities according to the SOP. Some of these areas are:
1. The priority of intelligence requirements are selected by the
Commander, higher authority or by the mission.
2. The requirements are generated by the direction taken by the
investigation.
3. The priorities that have been established based on the
recommendations by the Commander or the urgency of the mission.
E. Once the requirements have been reviewed, you can establish the liaison
contact.
1. There are three basic methods to establish a contact, and these
are:
a. Personal Approach: This is done by the person (Agent)
actually carrying out the liaison with the Source. This individual (Agent)
introduces personally the new Agent to the Source. This method is preferred
because it has the advantage of transferring the credibility and confidence of
the old Agent directly to the new Agent or contact.
b. Introductory letter: In this method the new Agent obtains a
letter of introduction from a person or old Agent that knows the Source. This
letter is presented to the Source during the first contact. The other method
of introduction letter is to send a letter to the Source indicating that you
wish to visit him.
c. Cold Approach. This is the least effective method since it
involved making the initial contact with a strange person. The first visit of
this approach should always be on a social level and must be a short one.
69
LN324-91
2. When you have not done any personal contact with the Source, you
must take into consideration the following:
a. The Agent must introduce himself and present his official
credentials identifying him as a Special Agent of Officer of Military
Intelligence.
b. Indicate the purpose of the visit.
c. Based on your personal observation of the Source's reaction,
determine if a casual conversation is appropriate.
d. As the Agent you must be alert all the time to the signals
by the Source that might indicate what kind of approach is better to use with
the Source.
e. The Agent must be cordial, professional and sincere.
f. Must show respect for the position or profession of the
Source.
3. If there has been a previous personal contact with the Source, the
actions of the Agent could be more relaxed (calm) according to the
relationship established by previous contacts.
F. During the liaison, you must establish a Relationship of Mutual
Confidence in order to:
1. Establish cooperation between you and the Source. A great deal of
precaution should be used to develop the Source's willingness to cooperate,
because you do not want to compromise the Source.
2. Have in mind that you can obtain information from previous liaison
reports and other documentation that may assist you in determining the type of
approach that would be best for the Source in particular in order to:
a. Adopt the proper attitude.
b. Be ready to change attitude if it is necessary. As the
Source calms down and starts to cooperate, a more relaxed attitude could be
helpful.
3. One of the techniques that you can use is to deal with subjects of
mutual interest.
EXAMPLE: "If a person is a football fanatic, he would very
receptive to talk about that sport instead of another sport that he does not
know, or does not care to about."
70
LN324-91
4. During the liaison contact you must show sincere interest in the
Source's opinions. If the Agent shows that his (Agent's) opinion is better
than the Source's, you might lose the Source's confidence.
5. It is important, also, that you study well the capabilities of the
Source before asking him for information. This might embarrass the Source if a
request is made that he cannot fulfill.
6. You must always be aware of the jealousy existing among the
various Agencies. And remember always that you do not have to compare the
effectiveness of one Agency against the other, this could cause a serious
problem because the Source could also be providing information to other
agencies where you might also have another contact.
7. During the Liaison contact, maintain always your position as a CI
Special Agent and do not fall into discussion of military ranking; this is
very important because you are a direct representative of the government.
8. If you do not have any previous knowledge of the Source, establish
the contact and mutual confidence in the manner already discussed. In this
situation, maintain flexibility and allow the circumstance