UNITED24 - Make a charitable donation in support of Ukraine!



Operations Security

Operations security (OPSEC) includes essential security measures. These are used to deny the enemy information about planned, ongoing, and completed operations. Threat forces will use many intelligence sources in an effort to get information. They try to determine the location, capabilities, and intentions of US units. Their sources include ground reconnaissance, aerial reconnaissance, and signal intelligence elements. US forces, including Stinger sections, must therefore use OPSEC techniques and procedures. They try to neutralize the Threat intelligence collection effort. These techniques and procedures include deception, information security, physical security, signal security and electronic counter-countermeasures. This appendix covers OPSEC procedures used by Stinger units.


The Threat knows that he must first destroy or neutralize our air defenses before he can successfully use his airpower. Air defense suppression is an effort to destroy or reduce the effectiveness of AD weapons so that coordinated air-ground operations can be completed. Before the Threat can attempt to suppress our AD weapons, including Stinger, he must first determine where they are located. He has many methods in which to do this.


Human intelligence (HUMINT) is the use of people to gather information. These people can be members of the local population, or enemy ground and air observers. They can also be enemy intelligence agents disguised as friendly troops or civilians. Loose talk, information posted on maps and vehicle windshields, and written materials improperly safeguarded are all collected through HUMINT.


Signal intelligence (SIGINT) is the use of devices to intercept and monitor our communications-electronics (C-E) systems. This includes both radio and radar systems. SIGINT is done in peacetime as well as wartime.


Threat Intelligence Collection Measures

Suppressive Attacks

Radio Electronic Countermeasures

Operating on the EW Battlefield

Communications-Electronics Operating Instructions (CEOI)


Photographic intelligence (PHOTINT) is the use of photographic equipment aboard airborne platforms to gain information. PHOTINT, to include infrared imagery, is the most widely used detection method. It provides a permanent record of the exact details of an area. It also permits long-term comparisons to find changes in detail. PHOTINT is the most accurate means of pinpointing target locations.


Electronic warfare support measures (ESM) are one of the three classes of electronic warfare (EW). The other two classes of EW are electronic countermeasures (ECM) and electronic counter-countermeasures (ECCM).

ESM entails the search, interception, identification, and location of C-E emitters. ESM is often confused with SIGINT, which is concerned with monitoring of C-E emitters for intelligence information. ESM, however, is concerned with identifying and locating the emitters, and includes both ground and airborne radio direction finding (RDF).

The enemy can pinpoint radio/radar transmitter locations by using direction finding equipment. The enemy's RDF equipment can locate any radio that transmits. That is, if there is line of sight between the RDF and the radio. This appendix describes only those aspects of electronic warfare which affect Stinger communications and those OPSEC measures which Stinger personnel can use to operate on the electronic warfare battlefield.


After the Threat has located and identified a site, he will try to suppress that site. Remember, AD suppression includes all efforts designed to either reduce AD effectiveness or destroy ADA systems. The Threat will try to do this through physical suppressive attacks and electronic warfare.

The Threat can physically attack an ADA system in three ways --

  • Indirect fire. This includes artillery, mortars, rockets, and surface-to-surface missiles. The Threat can use these weaponsto destroy a position without risking his own troops.
  • Ground attack. The Threat may attempt to destroy a position from the ground by using guerrillas, saboteurs, insertion teams, or other elements operating behind friendly lines.
  • Air attack. Finally, the Threat may decide to attack with high-performance aircraft or attack helicopters. These aircraft may use conventional ordnance (bombs, rockets, cannon, or machine gun fire) or precision-guided munitions (smart bombs and ASMs).

    Electronic countermeasures are all actions taken to reduce an enemy's use of the electromagnetic spectrum. ECM described herein are those applied to radios.

    The two ECM means that the Threat will use to do this are deception and jamming. Deception is the introduction of signals into a radio to deceive the operator. Jamming is the introduction of signals into a radio to hide or override actual information.

    Once the Threat has a clear picture of friendly communications networks, he will try to enter certain nets disguised as a friendly station. This is known as "imitative communications jamming (ICD)." The Threat will use language experts who speak with the latest slang and accent, and are thoroughly drilled in communications procedures. ICD agents are good and they are believable, If they are accepted into a Stinger net, they will direct you to fire at friendly aircraft, drive into ambushes, and displace to the wrong position.

    All the Threat needs to jam a radio is a transmitter tuned to the frequency of the Stinger net, with enough power to override the signal at the receiver. Threat can use many types of jamming signals against Stinger team radios. The more common of these are described below. Don't try to memorize them; just be aware that they and others exist. When reporting jamming, it's more important to describe it accurately than to identify it by name. Following are types of jamming signals that may be used against you.


    Although any transmitter can serve as a jammer, certain types of jamming signals such as those shown below have been considered more effective.


    Jamming is an effective way to disrupt control of the battle.

    The enemy normally will employ three types of jamming:


    You can use five classes of countersuppression measures to increase your survivability and operate on the EW battlefield.


    Deception includes measures which prevent the Threat from spotting a pattern in a unit's actions. Examples of deception techniques are --

    Camouflaging Equipment and Personnel. The most important means of avoiding visual detection is through camouflage and concealment of equipment and personnel. FM 5-20 provides a complete reference for all aspects of camouflage. However, the key points to remember are to break up the silhouette or pattern of equipment, and reduce glare.

    The pattern of the equipment can be broken up by pattern painting, using natural vegetation, and by using the current series of camouflage nets. These nets will break up both the visual and the IR patterns of the equipment. Keep the camouflage natural looking. In fast moving operations, watch for changing vegetation and change your camouflage accordingly.

    Glare can also be reduced by pattern painting and by covering reflective surfaces. Windshields, mirrors, lights, and light-colored surfaces all reflect sunlight to some extent and can be seen by the enemy at far distances.

    Displacing Frequently. Movement is the most important means for Stinger teams to defeat AD suppression. Teams should select alternate positions at least 200-300 meters from the primary position and displace to them when necessary. Whenever possible, teams should move at night and during periods of reduced visibility. This will maximize concealment and capitalize on decreased enemy air activity.

    Preparing False Positions and Using Decoys. The Threat can be fooled if something can be made to look like a real item of equipment. Stinger equipment is relatively small, therefore, decoys can be simple. Anything resembling a 1/4-ton truck can be used: boxes, framework and netting nailed together so that from a distance the outline of the vehicle is seen. Decoys can be as sophisticated as inflatable 1/4-ton trucks, complete with false RF emitters. When using decoys, leave one or two items partially exposed to attract the attention of the Threat. Dummy positions will work only if the real position is well camouflaged.


    Information security measures are taken to prevent disclosure of operational information through written, verbal, or graphic means. The most important information security measures to take are to restrict personnel entry into operational areas and to restrict the release of operational documents and information. These measures will safeguard against unintentional release of data important to the enemy. Other information security techniques to be used are --

  • Brief all platoon personnel on SAEDA.
  • Brief all personnel about an operation at the latest possible moment.
  • Limit "shotgun" message traffic.
  • Limit operational information to persons with a need to know.
  • Refrain from posting operational information (to include radio frequencies and call signs) on vehicle windshields and other nonsecure areas.
  • Clear all signs of vehicular movement into and out of positions. Use existing roads and trails whenever possible; keep new tracks to a minimum.
  • Enforce noise and light discipline.
  • Destroy all classified material after use or when no longer needed.
  • Police all areas thoroughly prior to departure.

    Stinger sections and teams take all available active and passive security measures consistent with the enemy threat. Active measures include establishing listening posts, observation posts, and minefield. Passive measures include the use of cover, concealment, and field fortifications. Deployed teams rely primarily on passive measures. This is because they lack enough personnel to independently implement active measures. Stinger teams should assume positions which are offset from the supported unit to the maximum extent possible. The positions should be consistent with the tactical and technical requirements of the Stinger weapon system. The purpose of this dispersion is to avoid being targeted by association when the defended force comes under direct or indirect fire. In addition, each Stinger section and team uses challenge and password, foxholes, sandbags, and defilade positions.

    Remember when constructing fortifications, not to violate the principles of camouflage and concealment. Make your fortifications blend into the terrain by disposing of freshly dug earth and covering them with foliage or netting.


    Signal security (SIGSEC) protects operational information through the practice of communications security (COMSEC) and electronic security (ELSEC) techniques COMSEC techniques include the use of communications codes, secure radio equipment, and proper RATELO procedures. ELSEC techniques include radio and radar emission control (EMCO) measures. Specific COMSEC and ELSEC techniques you can use are --

  • Disperse radio antennas rather than concentrating them in a group around a command post (CP). A large antenna grouping indicates a high-value asset.
  • Use directional antennas whenever possible.
  • Use the lowest possible transmitter power output. This will allow only minimum radiated power to reach the Threat.
  • Avoid significant increases or surges of radio traffic on your nets. Traffic volume indicates the relative importance of your unit and mission, or the urgency of the situation. On the other hand, don't completely silence your nets. Radio silence on normally active nets will also indicate an upcoming operation to the Threat.
  • Minimize the message length. Preplan your transmissions and keep messages short and to the point.
  • Eliminate unnecessary equipment checks and discourage operator chatter. Always assume your equipment is operational, not nonoperational. Don't contact another station for an equipment check just because you haven't heard anything over the net for a long time.
  • Move radio operators from section to section on a random basis. Just as you recognize certain voices on the telephone, Threat agents at monitoring stations can identify people by their voice and speech patterns.
  • Use couriers, messengers, and wire whenever possible, instead of using radio.
  • Change radio transmission sites often. If a transmitter stays several hours at one location, threat targeting is inevitable.
  • Operate radios on a random schedule, rather than on a fixed pattern. Random transmission will increase the Threat's collection problems.
  • Use terrain features such as hills, vegetation, and buildings to mask your transmissions.

    ECCM are methods used to reduce or eliminate the effects of an enemy's countermeasures, or ECM. How effective these methods are depends on the operator as well as his equipment. Good equipment is useless in the hands of untrained personnel. Remember, "surprise and panic are the greatest threats in the area of electronic warfare." Only through constant training and drill can an operator gain confidence and realize the full capabilities of his equipment.

    Radio ECCM are countermeasures for imitative communications deception (ICD) and radio jamming. Message authentication is the best way to prevent imitative communications deception. Radio operators are required to authenticate when --

  • They suspect the Threat is on the net.
  • Someone challenges them to authenticate.
  • Directing a station to go to radio silence or to break that silence. (Self-authentication can be used if authorized.)
  • Talking about enemy contact or issuing a follow-up report.
  • Transmitting directions which affect the tactical situation, such as: "Move to. . ." or "Turn off your radio." Also, radio operators challenge any directives like these with a request to authenticate.
  • Canceling a message.
  • Opening the net or when they resume transmitting after a long period of silence.
  • Transmitting a classified message in the clear.
  • If an operator is not sure that authentication is required, he should challenge! If a station takes more than 20 seconds to authenticate, rechallenge! Why 20 seconds? Because a Threat agent will try to contact some other station and have it respond to that same challenge. Once he gets the answer, he'll call back and blame the delay on some equipment failure.

    The first thing for Stinger radio operators to do when they experience radio interference is to determine its source. Is the interference unintentional, or is it radio jamming?

    Interference may be caused by atmospheric disturbances, local interference, weak signals, or enemy jamming.

    Jamming may take many forms and may, therefore, be undiscernible to the untrained operator. All potential radio operators should be trained in threat jamming techniques and to determine if jamming is actually taking place. No counter-countermeasures should be taken until it has first been determined if jamming is taking place.

    The operator should use the following steps to determine if his radio is being jammed.

    Detach The Radio Antenna. If the interference continues, it means there is a problem with your radio. If the interference stops, it has to be coming from a source outside the radio -- either jamming or a problem in the antenna.

    Check The Frequencies On Either Side Of The Operating Frequency. Because of the crowded frequency spectrum, the Threat will normally work against selected targets (spot jamming) in order to protect his own communications. If the interference falls off on either side of the operating frequency, then one operator is probably being spot-jammed.

    Move The Radio To A New Location. If the interference varies greatly, your radio may have been too close to a generator or power line. If the interference doesn't vary, you're probably being jammed.

    Once the radio interference has been identified as jamming, take the following steps --

  • Report the jamming, using a different (and secure, if possible) means of communications. Don't announce over nonsecure means that you are being jammed, because this will tell the Threat how successful he is in jamming you.
  • Try to work through the jamming by increasing transmitter power. Move the antenna to a position where it is masked from the Threat and slow down your rate of transmission. Repeat each word and use the phonetic alphabet as necessary. Don't yell into the microphone --this will only create additional side noises.
  • Build and use a horizontally polarized, directional antenna. This will increase the effective radiated power of your radio. For best results, however, antenna polarization should be the same for all the stations on your net. FM 24-1 shows how to build field expedient antennas.
  • Finally, if all your attempts to evade or work through the jamming fail, switch your mode of communications. Wire systems and messengers are always reliable as alternative means of communications.


    The CEOI is a document designed to control communications. Each edition contains the necessary material and information for 1 month. The following list shows the various items which may be found in a CEOI:

  • Handling instructions.
  • Index.
  • Suffixes.
  • Radio call signs and frequencies. Item number identifiers.
  • Sound signals.
  • Panel signals.
  • Wire tagging system.
  • Interference reports.
  • Message reference numbers.
  • Field telephone instructions.
  • Telephone switchboard designators.
  • Pyrotechnic and smoke signals.
  • Signs and countersigns.
  • Transmission security instructions.
  • Key list.
  • Operations code.
  • Authentication instructions.
  • Transmission authentication tables.
  • Numeral cipher/authentication system.
  • This appendix will not explain the use of all of these items. Further information can be found in FM 24-1.


    The CEOI is classified if its contents require it. Normally, operational and contingency CEOIs are classified CONFIDENTIAL. Administrative or training CEOIs are usually classified to make their handling easier.

    Classified CEOIs must be handled with all the precautions associated with any classified document. The CEOI possibly can be compromised. As a precaution, the complete CEOI will not be taken forward of a battalion headquarters. Only a 10-day segment of the CEOI is issued to the user at any one time.

    If compromise occurs, it must be reported through the chain of command immediately. A CEOI is considered compromised when any portion of it is lost, captured, or exposed to unauthorized personnel. Another case is when the contents are so misused they endanger the security of the communications system.


    A call sign is a letter-number-letter combination assigned to a unit. Every unit in an organization has a different call sign.

    The complete call sign is used under the following conditions:

  • When opening a net.
  • When entering a net in which you do not normally operate.
  • When responding to a net call.
  • When requested by NCS or any other station.
  • When radio reception is poor.
  • At other times the last letter of the call sign with the suffix can be used. The last letter will be different for all stations in a net.


    Call sign suffixes are two-number groups assigned to positions or activities within a unit. In a training CEOI, these are usually fixed. In an operational CEOI, they are randomly assigned on a daily basis. An expander letter can be attached to the basic suffix for further identification of positions or activities if required. The call sign and suffix together identify the sender and receiver of a radio message.


    Each radio net is assigned a primary frequency and an alternate frequency. These frequencies change daily unless other instructions are given by the CEOI controlling authority. The daily change time is in the CEOI special instructions.


    These items explain the use of operations codes, the circumstances under which authentication is mandatory, and the use of transmission authentication tables. Columns in the transmission authentication table are also assigned to specific units. The numeral cipher/authentication system is explained as a separate item. Proper use of these items is critical to communications security.



    Join the GlobalSecurity.org mailing list