COMSEC

March 12, 2013, by Ken Jorgustin

COMSEC

COMSEC (Communications Security)

First, a few technical definitions of COMSEC…

The discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.

The protection resulting from all measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study.

Includes cryptosecurity, transmission security, emission security, and physical security of communications security materials and information.

 
Next, a practical real world translation…

The strict definitions mostly refer to ‘telecommunications’ security, while many people when referring to COMSEC will include the notion of general communications in any form.

I break it down into three areas…

The Message

Understand the ramifications of what it is that you are about to say or communicate (BEFORE you communicate it), and adjust the message content accordingly.

The Recipients

To the best of your ability, know your audience and/or intended recipient(s), and understand the likelihood and results of the communication traveling beyond just them.

The Security

Deliver the message in such a way that is appropriately secure for the intended recipient(s) by using methods that fit the need.

 
Example…

During a casual conversation with your friend Jack, the topic comes around to the subject of the power going out during a recent snow storm. Knowing that you have lots of stored food and supplies, and while feeling proud of that fact, you mention it to Jack and say, “Yeah, I don’t have to worry about that, I have tons of food and supplies at home”.

This may seem innocent enough. But how well do you really know Jack? If TSHTF would you be willing to share what you have with Jack? Maybe you would, maybe you wouldn’t… Maybe Jack and his friends would just come take it… the point is to think about what you’re saying before you blurt it out, because Jack will probably remember what you just said… This is one form of COMSEC.

Example…

You are in a group meeting with the members of the club that you belong to. The club had recently purchased half a dozen new GMRS 2-way radios to be used around the property (you happen to be one of the Users of the new radios), and you mention it to your pals about how nice they are, while talking in your cluster of friends before the meeting gets under way. Another cluster of people nearby happen to overhear your ravings about it. A few days later one of those people happen to mention it to one of their friends while talking on the phone, and the person’s son happened to overhear it. A few days later it was discovered that the new radios were stolen from the club. As it turns out, the son of the person who happened to overhear the ravings from the nearby group at the meeting… well, lets just say ‘the son’ is not an upstanding citizen, and stole the radios.

It may have seemed innocent enough, but maybe if you had spoken a little softer (or not so loudly) when talking to your pals about the new radios, others around you wouldn’t have noticed… Sometimes people just talk too loud and sometimes that information can lead to no good.

Example…

Like everyone else, you have an email account, or two, or three… and like everyone else, you have passwords for each of them. The problem is (like everyone else) you need to remember all of these passwords. To keep things simple, you use the same password for all of your email accounts, which also happens to be the same password for lots of the other things in your life that require a password. One day you happen to be checking your bank balance online, and to your horror you discover money missing… As it turns out, while you were at the coffee shop last week using the free WiFi, someone snooped your password over-the-air while you logged in (easy to do in an unsecured hot spot).

In this example there are a number of ways to better secure your communications (different passwords, encryption technologies , etc), point being that there are a multitude of ways to go about securing your communications, be it delivered electronically or otherwise. Think about it.

 
I could go on and on with examples, but you get the idea… There are times when COMSEC really doesn’t matter much, and there are times when it does matter a great deal.

Know the difference, BE AWARE, and apply it.