Author Topic: How can we implement OPSEC and stay within the rules?  (Read 7713 times)

0 Members and 1 Guest are viewing this topic.

WA4STO

  • Whatcha Gonna do when they come for you?
  • Jr. Member
  • **
  • Posts: 46
  • Karma: 12
    • WA4STO on QRZ
How can we implement OPSEC and stay within the rules?
« on: February 14, 2012, 12:44:49 PM »
Now here's a topic to love!

One of my past duties was to answer/interpret the Part 97 amateur radio regulations, so as to help my fellow amateurs understand those rules.

And, while the term "OPSEC" never was mentioned back then, the term "encryption" most certainly was. 

The rules under which we must operate presently include limitations concerning encryption, at least with regard to the intent or purpose of our operations.

Those who think we should be allowed to encrypt our data (or not!) are invited to view this very interesting article which appeared a while back in CQ magazine.   http://www.qsl.net/kb9mwr/projects/wireless/Data%20Encryption%20is%20Legal.pdf

In any event, the very reason for this posting today is to point out that ... it matters not.  We don't have to try to prevent big gummint from seeing what we're saying; although it would be truly fabulous if we could prevent the masses (zombies?!) from knowing the contents of our transmissions.

And for that, we already have plenty of means of securing our on-the-air data.   Consider: even the beginner in this wonderful radio hobby/service has full use of dozens  of digital modes, none of which are likely to be readable by anybody, other than those in our own groups, or those who have zillions of bucks for such things. 

But it gets better than just choosing a given mode to use on our example network.  With so many modes available, we can agree (offline) that we will use short bursts of Feld Hell on the first of the month, MFSK16 on the second and, well, you get the idea.  Poof!  There's yet another layer of OPSEC built in without even hinting at "disobeying" the rules. 

I've had some experience with this.  While employed at NSA way back when, we had cause to be a "third party" listening in on the digital transmissions of diplomats in Paris and Saigon.  It was standard procedure for the two sides of the conversations to change their transmission parameters on a regular, daily basis, so as to hopefully 'discourage' third parties from nosing around.  It worked very well.  But then, so did our procedures, we had the afore-mentioned zillions!  8)

In summary, enough OPSEC is available to each of us, if we choose to utilize what's given to us, simply by passing those exams.  Think about it....
 


OPSEC hams teach OPSEC friends how not to use voice modes!
« Last Edit: February 14, 2012, 12:59:39 PM by WA4STO »

SigInt

  • Amateur Extra
  • Full Member
  • ***
  • Posts: 122
  • Karma: 13
  • Gender: Male
  • Ground Control 121
    • Can you find me now?
Re: How can we implement OPSEC and stay within the rules?
« Reply #1 on: February 15, 2012, 11:12:14 PM »
Sometimes you will hear a husband and wife talk about their duties they need to accomplish throughout the course of the day on amateur radio. We all know that some of what they are saying is in their own little cryptic language so they don't tell the world things like "no one is home now so break in and steal all of our stuff".

The intent is not to keep others from knowing a code but in someway it is protecting their lives and privacy.

I feel that using a duress or an action code that is meant as means of indicating a situation to another person or a few people is teetering on the edge but if it is meant as a means of protecting yourself from physical harm or your property from theft it may be over looked if anyone could detect the true intent.

I have created ways (providing the assets are still up) of informing others (perhaps third parties) of duress or a means to contact me. APRS is a great tool for that. Mocking your location in APRS is acceptable. Certain locations could have certain meanings. A location you wish to indicate could be off by 0.10.10 x 0.10.10 and those that know, will know where to go. Ambiguity in APRS is a part of the protocol. In a matter "obscuring the message" this could apply but for the reasons mentioned before,  privacy and protection it is acceptable.

I like your idea of a change of modes, frequencies, bands. After all this is a site for the prepared ham. No one says that we have to tell anyone about the sequence in the same manner that closed repeater network operators do not freely give out DTMF sequences or PL tones in order to access their repeaters.

If the 3LA (Three Letter Agencies - I just made that one up because I got tired of typing it elsewhere) want to listen and hear and know what and where the when is happening it would take little effort. We would mainly be learning how to use the radio when the day comes that the word "reconstitution" comes into play.

Practicing like ARES and RACES for critical events should not create any concern. If we are asked by someone needing to know we explain and change. Spread Spectrum is an allowed mode. Who says that we cant spread the spectrum a but wider and with more protocols and modes? :)
« Last Edit: February 15, 2012, 11:13:59 PM by SigInt »
Books I highly recommend:

One Second After
Under the Dome
Earth Abides
The Road
The Stand

WA4STO

  • Whatcha Gonna do when they come for you?
  • Jr. Member
  • **
  • Posts: 46
  • Karma: 12
    • WA4STO on QRZ
Re: How can we implement OPSEC and stay within the rules?
« Reply #2 on: February 16, 2012, 10:05:12 AM »
Handle via COMINT channels only!   :-\

Excellent points, SIGINT.  I had never considered the use of APRS for that sort of thing.  But that may be due to my perception that APRS wouldn't suit my needs for the transmission of larger amounts of data. 

I don't imagine that anybody is concerned with small-time shifting of control data.  It's the content of entire messages that they're worried about.  Still, they've got huger fish to fry up.  My concern is really what the masses know about our resources. And that can hopefully be prevented by appropriate ham radio COMSEC and OPSEC procedures.

73 de WA4STO
"Luck" in Nebraska


idial1911

  • Administrator
  • Hero Member
  • *****
  • Posts: 1164
  • Karma: 67
  • Gender: Male
  • Extra Class and VE
Re: How can we implement OPSEC and stay within the rules?
« Reply #3 on: February 16, 2012, 10:06:59 AM »
The other nice feature of APRS is you can send txt type messages station to station.
The more I learn, the less I know.