Working Against the Tide - The Black Vault

...mt:uL~~~~~~~• .s--IJ 1SOUTH EAST AS IA~rlcdPart OneTHIS DOCUMENT CONTAINS CODEWORD MATERIAL

TOP SECRET UIUBRA NOFOItNCRYPTOLOGIC HISTORY SERIESSOUTHEAST ASIAWorking Against the Tide(COMSEC Monitoring and Analysis)PART ONEI (b)(3)-P.L. 86-36Hiram M. Wolfe, III, ASARaymond P. Schmidt, NAVSECGRUThomas N. Thompson, AFSSJune 1970TOP ~':CR':T U~IBftA NOFOftN

SECURITY NOTICEAlthough the information contained in this journal ranges in securityclassification from UNCLASSIFIED to TOP SECRET CODEWORD,the overall security classification assigned to this issue is TOP SECRETUMBRA. The "No Foreign Nations" (NOFORN) caveat has beenadded to guard against inadvertent disclosure of portions of the textwhich discuss topics normally held to NOFORN channels.While the TSCW NOFORN classification by itself requires carefulhandling, additional caution should be exercised with regard to thepresent journal and others in the series because of the comprehensivetreatment and broad range of the subject matter.TOP SECRET UMBRAHOFORH---.._------ -_.--

TOf SECRET UMBRAnOFOIUlCRYPTOLOGIC HISTORY SERIESSoutheast AsiaSponsorsVice Adm. Noel Gayler, USNMaj. Gen. Charles]. Denholm, USARear Adm. Ralph E. Cook. USNMaj. Gen. Carl W. Stapleton. USAFDirector, NSACommanding General, USASACommander. NAVSECGRUCommander. AFSSJoint StaffJuanita M. MoodyWilliam D. GerhardLawton L. Srernbeck,Hiram M. Wolfe, IIIRaymond P. SchmidtBob W. Rush,Thomas N. ThompsonMary Ann BaconChiefGeneral EditorASAASANAVSECGRUAFSSAFSSEditorTOf SECRET UMBRAHOFORH

'fOP SECRE'f UMBRA?WFORNForewordImportant as it is in peacetime, communications security becomes evenmore important in wartime. Ultimately, we must reckon wartime failureto secure communications against a background of u.s. casualties and ofbattles won and lost. As it did in World War II and the Korean War,the United States in Southeast Asia has failed to provide communicationssecurity of a sufficiently high degree to deny tactical advantages to theenemy. Once more the United States has lost men and materiel as aresult.Working Against the Tide is the story of the attempts of u.S.COMSEC monitors and analysts to bring security to the voluminouswartime communications. As the title suggests, it is not a success story. Itoutlines, instead, the problems confronting COMSEC specialists indealing with communication-prone Americans at all levels of command.It gives insight into and documentation for the damage done to theUnited States and her allies as the enemy's SIGINT organizationcapitalized on American laxity in communications security. The storydescribes the technology applied in Southeast Asia to overcome COMSECdeficiencies and the manner in which that technology evolved during thewar-particularly as monitoring adapted to a new methodology termedCOMSEC surveillance. It further tells of u.s. attempts to applymonitoring knowledge in communications cover and deception operationsagainst the enemy. The volume contains, finally, useful lessons for allwho must communicate in wartime.In addition to the present version of the COMSEC story, the jointNSA-SCA history staff is preparing a NOFORN SECRET-level,noncodeword edition. This will make possible a broad distribution of thematerial through normal military channels where study of the lessonslearned will do the most good.NOEL GAYLERVice Admiral, U.S. NavyDirector, NSA'fOP SECRET UMBRA?WFORH

TOP SECRET mdBRAHOfOIU4PrefaceThe authors of Working Against the Tide drew upon a wide variety ofsource materials in presenting their composite picture of monitoring andanalysis in Southeast Asia. While the major part of these sources was forthe years to 1968, the authors also used source documents from the 1968and 1969 period when the materials were particularly germane to thetopics under discussion. Important source materials included SCAmonitoring reports, operational messages, reports issued by the militarycommands, briefings, special studies, SIGINT, and author interviewswith commanders. One primary source of information was the SCAhistorical publications. The authors drew upon accounts provided by unithistorians of components of the 509th ASA Group and the 6922d AFSSSecurity Wing. From these, the authors extracted sufficient informationto treat in brief form the operations conducted by ASA and AFSSCOMSEC units. Persons desiring information in greater detail on thoseoperations may contact the historical offices of ASA and AFSS. AlthoughNAVSECGRU has not published corresponding historical works, it didprepare for this publication papers that contained somewhat greater detailthan that which appears in the present publication; these more detailedpapers are also available for examination.The authors have many debts to acknowledge. Within ASA, specialthanks are due to Col. Julian W. Wells and Lt. Col. Robert H. Bye foradvice and source materials. Maj. Andrew J. Allen, II, Mr. John Exum,Mr. NormanJ. Foster, Mrs. Beverley K. Jordan, Mr. Robert C. Massey,Mr. Michael E. Mclntire, and Mr. Paul R. Singleton all contributed inone way or another to the preparation of this publication. SP5 James A.Rambo and SP4 Frank K. Ayco of the historical division also made directand valuable contributions. Within NAVSECGRU, Lt. Comdr. WilliamE. Denton, Lt. William D. Kahl, CWO-2 Larry D. Poppe, CTCSThomas E. Perry, CTC John O. Storti, Mr. Nicolas F. Davies, Mr.Richard J. Dennissen, and Mrs. Dorothy L. Prezis gave of their time andknowledge in preparing sections relating to NAVSECGRU COMSECoperations. At AFSS, Mr. Harry V. Hoechten, Lt. Col. Herbert R.TOP SECRET UMBRAUOfiOIU4

viiiMorris, Jr., Mr. Glenn F. Clamp, CMsgt Melvin D. Porter, and Capt.John D. Dowdey deserve special mention for their hel and comments.At NSA Mr. Howard C. Barlowread the draft manuscript and provided comments. Finally, the'L...--:------Iauthors wish to thank Mrs. Ida Ryder, who cheerfully typed the draftmanuscript and countless changes many times before it reached finalform.A few source footnotes appear in text, mainly where the authors haveused directly quoted material. A fully documented version of WorkingAgainst the Tide is available in P2, NSA. Requests for additional copiesof this publication should be directed to P2, NSA.The authors and associated members of the NSA/SCA .history teamassume sole responsibility for the use made of the comments and criticismoffered and for any errors of fact or interpretation of the sources availableto them.May 1970IIHiram M. Wolfe, IIIRaymond P. SchmidtThomas N. Thompson(b) (3)-P.L. 86-36TOP SECRET UMBRltUOFORU

TOP SECREr UMBRA!Wfieft!qContentsChapterPART ONEI. THE PROBLEM.Division of Responsibilities.Enemy SIGINT Threat.Major ProblemsPage12211II.CONVENTIONAL COMSEC MONITORING.Army Security Agency .Naval Security GroupAir Force Security Service19215472PART TWOIII. COMSEC SURVEILLANCE . 87The Concept . 87SILVER BAYONET. 90Guam 96MARKET TIME 109GAME WARDEN. 116ARC LIGHT. 119PURPLE DRAGON 128IV. COMMUNICATIONS COVER AND DECEPTION. 139Communications Cover . 140Communications Deception . 141V. LESSONS LEARNED. 155COMSEC Education . 155The CC&D Paradox. 159New Concepts for Old Problems. 159Full Treatment for the Patient. 163Better Systems, Better COMSEC . 163Command Emphasis. 167rep S:BCR:B'f UNIBltAI~OPORN

xLIST OF ABBREVIATIONSINDEX.169173MapsMajor SCA Units Having COMSEC MissionsGuam.18100ChartsCommunications Circuits Monitored in Guam Survey. 99132133Tables136COMSEC Personnel World-Wide, FY 1967 . 21USASA COMSEC Resources in SEA, 1 January 1968 . 28USASA COMSEC Positions in SEA, 1964-68 . 31Transmissions Monitored by ASA, 1966-67 . 35COMSEC Violations in the FFV II Area, November 1966-June 1967 . 39Reported Rates of Violations, 1966-67 . 42Detachment 5 Mobile Operations, 1966 . 76Seventh Air Force Classification of Information. 81Warning Time Revealed in Teletype Transmissions. 126IllustrationsThe COMSEC Monitor at Work.Captured Enemy Communications Equipment.North Vietnamese Intercept Operator at Work •.Enemy SIGINT Personnel .404th ASA Detachment Operations Building .404th ASA Detachment Officers' Billets .xu4592627TOP SECRET UMBRAHOFORH(b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403 ­(b) (3)-P.L. 86-36

'fOF S£CR£'f UMBRAUOFORNThe COMSEC Monitor at Work (Charcoal by Specialist 5 WayneA. Salge, a member of the ASA Combat Artists Program.)'fOF S£CR£'f UMBRAtriOFORU

TOt" ~I;;CRET UMBRA HOFORf,qCHAPTER IThe ProblemWithout intelligence, one is vulnerable; without security,one is defenseless.-Ancient military axiomA nation's success in military operations often rises and falls on thebasis of how well it communicates. When a nation does not secure itscommunications effectively, its enemies intercept and read itscommunications and win thereby military and diplomatic advantages.In Southeast Asia, the United States and its Allies required electricalcommunications in great volume. The enemy controlled or had access to alarge part of the disputed land area and could destroy or tap land lines.Therefore, radio was the most frequent vehicle for communications. Ifanaccurate measure of the volume of these communications-those passedby the hundreds by U.S. Army, Navy, Air Force, and Allied units-werepossible, that measure would suggest the sands of the sea itself. It was theresponsibility of the communications security (COMSEC) community tokeep the enemy from using these transmissions to the disadvantage of theUnited States and its Allies. The responsibility was an awesome one. TheCOMSEC community had to cope with an ocean tide of problems.Providing communications security for U.S. forces in Southeast Asiaentailed many diverse functions and required many cooperative actions onthe part of the Armed Services and U.S. COMSEC agencies. Designing,manufacturing, and distributing cryptornaterials to satisfy U.S. needs andin some cases those of our Allies, testing U.S. communications facilitiesfor conformity to physical and radiation standards (TEMPEST), trainingU.S. and Allied communicators in COMSEC practices, monitoring andanalyzing U.S. communications in order to evaluate the effectiveness ofCOMSEC measures-these and other functions constituted the broadU.S. program to bring security to U.S. and Allied communications. Asthe heart of Service COMSEC activity, monitoring and analysis not onlyTOt" SECRET UMBRAHOFORH

'fOP S£ER£'f UhtBRAHOfORH2 WORKING AGAINST THE TIDErequired the greatest percentage of manpower but also provided the basisfrom which many COMSEC improvements stemmed.Division ofResponsibilitiesThe Services had full responsibility for COMSEC monitoring andanalysis, though NSA exerted some influence through its annual reviewof the Consolidated Cryptologic Program and other measures. In April1967, Mr. Howard C. Barlow, chief of NSA's COMSEC organization,described the division of responsibilities in this manner: NSA's role wasand should remain that of a wholesaler of COMSEC material-doctrineof use, cryptoprinciples, the operation of an integrated NSA-SCA R&Dprogram, and production of crypto-equipment, keylists, codes,maintenance manuals, and all instructional and procedural documentsthat went along with the systems. The Service Cryptologic Agencies(SCA's), in contrast, were retailers of the cryptornaterials and had fullresponsibility for the security of the communications of their ownServices-including monitoring and associated analytic functions. TheServices also formulated their own requirements, both qualitative andquantitative, and determined for themselves the acceptability of NSA'sproducts.Enemy SICINT ThreatAs in World War II and the Korean conflict, the U.S. and Alliedcommunications in Southeast Asia were deficient in security, and anactive enemy SIGINT organization was taking full advantage of this toacquire valuable intelligence. The prupose of U.S. COMSEC monitoringand analysis operations in Southeast Asia, simply, was to deny thatadvantage to the enemy by improving communications security practices.But COMSEC representatives often had difficulty convincing U.S. as wellas Allied military commanders that the enemy had the ability to interceptand make tactical use of Allied communications. Unconvincedcommanders did not always react positively to recommendations forCOMSEC improvements.The enemy SIGINT threat was real enough. According to thecommunists themselves, they collected almost all the Republic of'fOP S£ERE'f UMBR1\l'JOFORflJ

'fOf ~r:CKr:'f UMBKA UOfORN'THE PROBLEM 3Vietnam Armed Forces (RVNAF) and U.S. traffic passed on selectedRepublic of Vietnam (RVN) traffic lanes, and they also monitoredspecific tactical RVN communications just before and during attacks. Asearly as September 1963, the Guidance Committee of the VietnameseCommunist's Central Office for South Vietnam transmitted a directivewith instructions to intercept, country-wide, enemy (RVNAF)communications.During 1964-65, the Vietnamese Communists conducted successfultactical SIGINT operations against the RVNAF. Often using U.S.equipment captured from Army of the Republic of Vietnam (ARVN)units, they intercepted RVNAF plain language communications, theirmost lucrative source of intelligence. They also were able to read the lowgradeSLIDEX cryptosystem in which the RVNAF encrypted all orsensitive portions of many communications, as well as other low-gradesystems. They gave, on the other hand, no known attention to RVNcommunications encrypted in the KL-7 or PYTHON (one-time tape)systems that the United States provided to South Vietnam.The Viet Cong in this early period are not believed to have targetedEnglish-language communications regularly. They did intercept U.S.Special Forces messages, but those collected at the time were transmittedthrough RVNAF communications channels. This apparent lack ofSIGINT targeting of U.S. communications, it was believed, resulted fromViet Cong inexperience, lack of English linguists, and consideration ofthe Republic of Vietnam as the main enemy. It was even likely that theycould gain all the intelligence they needed on the growing U.S. presencein Vietnam from RVNAF communications.While the Viet Cong may have emphasized RVN communicationsduring 1964 and 1965, the North Vietnamese were enjoying somesuccess against U.S. Navy communications. In the very first week ofregular bombing of North Vietnam, U.S. COMSEC revealed that navalcommunications were possibly giving flight information to the enemy. ANavy COMSEC unit intercepted a plain language transmission from theUSS Hancock on 11 February 1965 indicating the imminent launch ofaircraft and the carrier's intention of conducting recovery operationsfollowing an air strike against shore targets. The COMSEC unitimmediately reported the possible compromise of this combat'fOP SECRE'f UMBRAUOfORH

TOP Sti€RtiT UMfiftA!\'Of'(7ftH'4 WORKING AGAINST THE TIDECommunications Equipment Captured From an Enemy SIGINTUnit. (Top, left to right: a homemade transmitter, a homemadereceiver, two U.S. AN/PRC-25's, and a U.S. AN/PRe-n.Bottom, left to right: radio receiver parts, antenna parts, wire,headphone, and a CHICOM R-139 receiver with headphone.)TOP S~CR~T UMBRA: UOFORU

TOP S~€R~T UMBRA UOFORUTHE PROBLEM 5North Vietnamese Intercept Operator at Work (Captured photograph)information to the carrier strike force and to the Commander in Chief,Pacific Fleet (CINCPACFLT)../TOP e~€R~TUMBRAHOfOItN'(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'fOP SrCRr'f UMBRAN'Ot'ORrq'6 WORKING AGAINST THE TIDEBen Thuy directed North Vietnamese naval units to use camouflage andsystematically disperse before the morning of 11 February.In 1966 and 1967, as the dimension of the war grew and the enemywidened the scope of his SIGINT operations, he continued to rivet hisattention on the plain language communications of the RVNAF and,increasingly, on those of the U.S. forces. Ralliers and defectors attested tothe intelligence content and value of intercepted Vietnamese and Englishplain language messages. Interrogation of these men revealed that theenemy often did not have a sufficient number of English languagespecialists for the work at hand. One rallier, Nguyen Van Lee, whodefected in 1967 after ten years with the Viet Cong, was very muchimpressed not only with the amount of information his unit was able tointercept but also with the accuracy of information from the NorthVietnamese Central Research Directorate, which managed VietnameseCommunist SIGINT operations. He claimed that over a lO-year periodhis unit had never been taken by surprise. Nor were Viet Cong such asNguyen Van Lee alone in their work\ISince the Vietnamese Communists did not differentiate SIGINT fromother intelligence, it was often difficult to label examples of knownenemy-obtained intelligence as being of strictly SIGINT derivation.There were, nevertheless, many cases in which SIGINT was/beyonddoubt the source ofthe intelligence.U.S. forward air controllers (FACs) were certain, for example, thatthe enemy often had prior warning of incoming U.S. aircraft flights andthat the forewarnings must have come from his intercept of U.S. voicecommunications. This was true particularly of night operations. FACsreported that enemy ground vehicles had been observedto move off roadsand turn off their lights following U.S. air-to-air orair-to-ground-to-airvoice communications. For low-flying aircraft, noise could have providedthe tip-off. However, the controllers found it hard to believe that noise oftheir aircraft could be detected when aircraft were operating in a "loiter"TOP SECRET UMBRAPWfOR?J(b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403(b) (3)-P.L. 86-36

TOP SECRET UMBRA?q8fi8It?qTHE PROBLEM 7configuration. Further, FAC and strike crews working at night observedthat after they discussed the geographical direction of an imminent strike,enemy defensive weapons often were oriented in the direction of thecoming attack. Occasional voice spoofing by the FAC and strike forcecommunicators confirmed the observation.Communist foreknowledge of U.S. air strikes, including the B-52bomber operations, also came from ARVN and U.S. ground-to-groundvoice communications. Enemy SIG INT operators often interceptedARVN warnings to pro-ARVN province chiefs of forthcoming air strikesin their areas. Of many examples showing how poor U.S. COMSECpractices limited the effectiveness of the B-52 program, the one below isperhaps typical. The Americans were discussing" heavy artillery" (B-52strikes) in plain English over a radio one day at 0855:1st American: You know heavy artillery warning yet?2d American: Negative.1st American: At coord XT 550 600 315/31 until 1130 hours.The document recording this conversation, which gives up to two hoursand thirty-five minutes advance knowledge of a B-52 strike atunenciphered geographic coordinates, is not from a U.S. monitoringreport from an early period in the war, but from enemy SIGINT materialcaptured by the 1st U.S. Infantry Division only a few months before thisjournal went to press.While the enemy was exploiting to the maximum Allied plainlanguage communications, he was not entirely ignoring encryptedmessages. Captured documents showed that communications encrypted inwidely used "homemade" codes and the U.S.-produced AN seriesoperations code were under cryptanalytic study. There was no evidence,as of January 1968, that the enemy was able to exploit messagesencrypted in the AN-series code. There was, for that matter, no evidencethat enemy SIGINT agencies were reading any messages encipheredin cryptosystems approved by U.S. cryptologic agencies beyond theoccasional solving of misused manual systems. There was considerableevidence, on the other hand, that the enemy was exploiting U.S. communicationsencrypted in home-grown tactical codes through cryptanalysis,and off-line systems through traffic analysis.TOP SECRET UMBRAU8fORU

TOP SECRET Uhf BRAH'Of'Olttq8 WORKING AGAINST THE TIDEBesides working on U.S. communications passively for intelligence ofvalue to his operations, the enemy's experience with thesecommunications was such that he could imitate them when it suited hispurpose. To win tactical advantage, the enemy intruded actively on U.S.nets either to deceive the U.S. operators with false information or toobtain accurate tactical information from them. These ruses often workedbecause U.S. operators usually failed to apply proper authenticationprocedures.As valuable as tactical and strategic intelligence was, imitativecommunications deception (ICD) was the capstone of the enemy'sSIGINT operations. Through the successful use of lCD, the enemyrevealed the success of his own SIGINT operations against U.S.communications. One example involved an attack against the U.S. airbase at Da Nang. After killing a U.S. base guard without being detected,the Viet Cong used the guard's unsecured telephone and, speakingEnglish, briefly announced that the far end of the base was beingattacked. No authentication was demanded. When the guards rushed offto the far end of the field, the Viet Cong attacked according to plan withlittle resistance. The damage to the base and its planes was estimated tobe around $15,000,000. In another instance, the Viet Cong, with goodEnglish and good communications procedures, lured heliborne troops intoa trap by using designated call signs on proper frequencies and thenguiding the aircraft into a properly marked landing zone-but not theright one. The deception was not recognized as such until the helicopterswere fired upon during their landing approach.At Pleiku, by tapping a field telephone circuit supporting the perimeterdefenses of a large storage area, the Viet Cong on another occasionexpertly imitated the Spanish accent of a guard sergeant. Stating that hewas preparing hot food, the imitator asked for a count of the number oftroops in each of the operating bunkers. Fortunately, this time thedeception was recognized as such.The 509th Army Security Agency (ASA) Group in Vietnam made alist of known Vietnamese Communist attempts at deception against U.S.Army units for the period 1 January 1964 through July 1967. The listgave 73 incidents of lCD, of which 23 were at least partly successful,most of them in the 1966-67 period. There were examples ofmisdirection of friendly air and artillery strikes, which on six occasionsTOP SECRET UMBR1\nOFORn

TOP SECRET UMBRAPiOFORPiTHE PROBLEM 9Captured Photograph, Believed toPassing Material to Couriers.'V'I_-:.t P ,Represent a SIGINT Analystdiverted the fire on to friendly positions. In other instances, the enemygained advantage by giving false cease-fire orders. The United States lostat least 8 helicopters during this period as a result of the enemy'ssuccessful communications deception. In addition, the survey detailedover 100 cases of Viet Cong and North Vietnamese Army (NVA)jamming of U.S. communications. In the first four months of 1967, IIIMarine Amphibious Force (MAF) units experienced over 40 attempts atcommunications deception. These had the objective of misdirecting airstrikes and artillery missions.The incidence of enemy ICD efforts against U.S. forces, especially in Iand II Corps Tactical Zones, increased several fold in 1968. For example,on 6 January 1968 in northern Tay Ninh Province there occurred whatbecame known as the"Australian ICD Incident." It is one of the mostsustained and better-documented examples during the war of an enemyattempt-fortunately unsuccessful-at imitative communications'fOP SECRE'f UMBRAPiOFORP.

TOP SECRET UMBRAnOFORn10 WORKING AGAINST THE TIDEdeception. While a battalion of the 2d Brigade, U.S. 25th InfantryDivision, was conducting a search and destroy mission, an intruderentered the battalion command net and for nearly ten hours was engagedin a running tactical exchange of information. The intruder, purportingto be of an Australian unit operating near the 2d Brigade battalion,declared that he wanted to establish liaison so as not to interfere with theU.S. battalion's operations. The intruder gave his position as "about 23meters" to the north of the battalion, and stated he was from the"Australian 173d Unit" on a separated search and destroy mission.Although the intruder's accent seemed to be Australian, although hehad entered the battalion net using the battalion's call sign, and althoughhis methods conformed to normal Allied operational transmissionsprocedures, his responses to challenges and authentications were evasive.Lt. Col. John M. Henchman, the U.S. battalion commander, suspectedan enemy ICD ruse. The "Australian" could not be as close as 23 metersto the battalion, did not know the authentication code, and could not orwould not give his exact location and direction of movement, firstpleading a different set of maps from those used by Colonel Henchman'sbattalion, then stating that his unit was lost.Instructing his radioman to keep the exchange with the "Australian"going, Colonel Henchman, using other communications, checked andfound that there were no Australian units in Tay Ninh Province and nounit called the Australian 173d existed. He thereupon plotted severallocations from which the intruder could be transmitting and called downartillery fire on the areas. Finally reflecting in his transmissions thatHenchman had had a near miss, the intruder asked that the artillery ceasefiring on "friendly forces." A few more rounds of"friendly fire" and the"Australian" suddenly broke off and presumably left the scene. Asubsequent examination of the area of the enemy's operation broughtmoderate contacts with Viet Cong and uncovered some empty enemy basecamp installations, but no "Australian."The result of this enemy ICD attempt was negligible. Incoming trafficthat would have used the battalion command net was interrupted forabout ten hours while the "Australian" was kept on the net at ColonelTOP SECRET UldBRAH'OFORH

TOP 8HERHT UMBRA?(OFORHTHE PROBLEM 11Henchman's pleasure, but battalion operations continued to be directedon alternate company nets. *The enemy's success in posing as a valid U.S. net subscriber was indirect proportion to his intimate knowledge of U.S. communicationsprocedures, frequencies, and the personalities of those whocommunicated. The only way the enemy had of acquiring such deepfamiliarity with U.S. communications was through his own successfulSIGINT operations.Major ProblemsA wide variety of COMSEC problems were related to monitoring andanalysis. While some affected one Service more than another, most weregeneral in nature. There were also problems not specifically related toCOMSEC but that nonetheless posed major constraints on the conduct ofa monitoring and analysis program.The Short- Tour DilemmaThe I-year tour policy prevailing in Vietnam presented a majorchallenge to communications security. With a change in communicatorsevery twelve months, COMSEC units each year saw their modest gainsdissipate. COMSEC specialists themselves rotated in and out of Vietnamannually, and suitably trained personnel often were not available to manthe positions, write the reports, and give the educational briefings.During most of the war years to the end of 1967, the Army SecurityAgency and Air Force Security Service (AFSS) had no field expertise forexecuting or even planning communications cover and deception(CC&O) projects. The MARKET TIME CC&O operation** showed• ASA monitors recorded the complete exchange of communications in this incident, 16pages in all. Colonel Henchman presented a special report of the episode at theHeadquarters, USASA, Annual SIGSEC Work Shop, 3 December 1969.Coincidentally, ABC newsmen and TV crews were at the battalion CP at the time of thelCD, and they filmed and taped the incident, later released, in part, as an ABC 45­minute special on the Vietnam War about March 1968. Interview with Maj. Andrew].Allen, II, SIGSEC Br., ODCSOPS, Hq USASA.• "See below. pp. 144-48.TOP 8HERHT UMBRAnOFOR?q

TOP SECRET UMBRAnOFORn12 WORKING AGAINST THE TIDEthat the Navy Beach Jumpers needed additional training. The I-yeartour worked against high standards for U.S. communicators andCOMSEC specialists alike.Working With AlliesAnother problem with which COMSEC analysts had to deal seemed tohave no real solution. Early in the war, monitoring revealed the problemof achieving operational security at the tactical level when the COMSECof our Allies was poor .1,In the early 1960's, the United States rejected several SouthVietnamese requests for COMSEC support. The United States first hadto decide on the extent of its involvement in Southeast Asia, what SouthVietnamese and other Allied officials it could trust, and to what extent itought to give COMSEC assistance to Allies having limited COMSECsophistication and lax physical and personnel security practices: TheUnited States also needed assurance that, once cryptomaterials were givento an Ally, the Americans would have full cooperation of the Ally in thesecure use of those materials.In mid-1964 the United States supplied M-209 cryptomachines toRVN and ROK forces for use at battalion level, and in January 1965 itdistributed the AN-series operations code for encryption ar any echelon(replacing the SLIDEX). Although RVNAF and ROK COMSECmalpractices did decrease noticeably after the South Vietnamese andKorean forces began using U.S.-produced cryptematerials, U.S.authorities in the 1964-68 period never achieved aneffective means ofconvincing the South Vietnamese that cryptosystemsof their own designand production were insecure. The Americans could/hot share cryptologictechniques with the South Vietnamese as they could with a second partycountry such as Australia, and this limitation /made U.S. COMSECadvice somewhat less convincing than it might otherwise have been.While overcoming the problems of timely and effective release of U.S.cryptornaterials to an Ally was not the responsibility of field monitoringTOP SECRET UMBRANOFORN(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403 ­(b) (3)-18 USC 798

TQP SECRET UMBRAUOFORH'THE PROBLEM 13and analysis personnel, it was their monitoring and analysis operationsthat most effectively documented Allied deficiencies and set the stage forIthat assistance.IIVague GuidelinesU.S. and Allied commanders varied in their use of classificationprocedures and employed diverse criteria in categorizing information forencryption and electrical transmission. Without specific guidance, aCOMSEC analyst supporting a commander had no fixed scale on whichto evaluate monitored communications. Despite the issuance from time totime of specific essential elements of friendly information (EEFI), theanalyst frequently could not tell if existing regulations required securetransmission and encryption of the monitored information-usually plainlanguage-that he had in hand. The monitor and analyst accordinglyhad to rely extensively upon their own judgment. Since the.averagecommunicator tended to believe that he had erred only when Serviceregulations prohibited his action, the monitor and analyst often foundthemselves without a convincing arguing point. The extent of thisproblem varied during the period 1964-67, but it was neverresolved.The Preference for Plain Language CommunicationBy tradition, the military depended upon communicating in plainlanguage-especially in the voice mode-and the tradition was hard tochange, especially when change normally required additional time,trouble, and expense. Thus any recommendations to securecommunications met rebuff after rebuff. On many occasions COMSECunits recommended use of voice ciphony at a time when the equipmentwas not available in sufficient supply for issue in Vietnam. In the absenceof equipment, they had to recommend manual systems, the only otherencryption possibility.In Vietnam, especially during the early years, the U.S. stockedwarehouses with manual systems generally suitable for securing U.S.communications in the war zone. COMSEC monitors quickly showedthat, instead of using these materials, U.S. communicators continued topass altogether too much sensitive material in plain language. WhileTOP SEERET UlvlBRAr,OFORU(b) (1)-(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

14 WORKING AGAINST THE TIDECOMSEC analysts on occasion achieved limited improvement, theproblem remained. At times, COMSEC analysts singled out unprotectedlanes over which unusual volumes of sensitive information passed in plainlanguage and recommended allocation of crypto-equipment to stem theflow. At other times, COMSEC analysts tried to attain reasonablesecurity along with continued use of plain language communications bycreating an awareness of what was and what was not sensitiveinformation. Unfortunately, there was no blotter large enough to dry upsensitive, exploitable plain language communications in Vietnam.The Amateur CryptographerMany a U.S. serviceman became an amateur cryptographer, producinghis own codes designed to serve a particular need. His intention was notto obtain personal privacy in communication but to achieve easy-to-usesystems for his unit's communications. In working with the easy-to-usehomemade codes, communicators avoided the more complex and timeconsumingcryptographic procedures sometimes inherent in approvedsystems. Not realizing that their systems afforded at best only marginalsecurity, the communicators regularly encrypted sensitive information inthem. Commanders failed to prevent the use of the unapprovedcryptographic systems over their communications links, and COMSECspecialists often were unable to persuade commanders to discontinue theiruse.SCA specialists demonstrated over and over the cryptanalyticvulnerability of the home-grown variety of cryptographic systems, but tolittle avail-their continued appearance on the scene has constituted oneof the major COMSEC headaches of the war. Even as late as the springof 1969, the U.S. Air attache in Laos, who was coordinating semicovertU.S. air and other operations in that country, was sending most of hismessages in a code he had made up for himself. Air Force SecurityService COMSEC analysts monitoring the attache's transmissions foundthat they could completely reconstruct his code within 8 to 10 hours aftereach change. Since the attache changed codes only every five weeks, mostof his messages were susceptible to immediate enemy SIGINTexploitation. The appearance and reappearance of codes of this typedemanded constant COMSEC alertness.TOP SECRET UMBRAHOFORf',

TOP SECRET UMBRAUOf01U4THE PROBLEM 15Lack ofCommand EmphasisA commander's attitude toward COMSEC obviously had its effectupon the COMSEC status of his unit. Not all commanders placed the :emphasis on COMSEC required to deny advantages to the enemy. Col.Tom M. Nicholson, Signal Officer, 1st Cavalry Division (Air Mobile),from September 1965 to January 1966, having a good understanding ofCOMSEC matters, elaborated on some of the attitudes and problemsthen confronting a U.S. commander:With regard to COMSEC, it was not good in Vietnam. But, until we canresolve the problem of sufficient frequencies and multiple allocations for tacticalunits, we won't be able to do much toward the basis of COMSEC application. Ifthere were enough frequencies, with alternates allocated to various commands,then we might be able to change frequencies. Until this is possible it is useless,from a COMSEC viewpoint, to change SOI-SSI and call-signs without changingfrequencies. In Vietnam, there were not enough available ...; therefore, thefrequencies never changed, the call-signs were not practicably changeable, andthe first basic principle of COMSEC was defeated. Further, any attempt topreserve the loss of OB information through COMSEC applications in anyforeign area in which USF operates, where part of the people are hostile orunsympathetically motivated, would be an exercise in futility.The extent of communications usage and reliance in SVN, withmultinets-for example, MEDIVAC and troop transport helicopter companiesoperating within hourly time-frames, hundreds of miles apart, in support ofmany international units they did not even know, for which they could notpossibly carry or use all the SOl's involved-e-cornpelled the use of non-changingcall-signs. For example, we changed all call-signs in the 1st Cavalry Divisionwhere there were many air/ground, artillery, transport, logistic, administrativeand command nets involved. The resulting confusion hampered our operations.We ordered a change back to the known call-signs to regain operationaleffectiveness. Further COMSEC problems were derived from the aviators of airsupport elements where rapid reaction operational capability was a necessity. Forexample, a GI could get MEDIVAC immediately in certain areas in SVN bycalling "DUSTOFF" on a frequency known by all. We couldn't afford tochange that, for the soldier-officer-user could not, in emergency, keep up withor look up a new frequency and call-sign when the choppers were needed. It ispossible that "DUSTOFF" was monitored by the enemy; however, its use savedmany lives.TOP SECRET UMBRAHOfORf4

TOP SECRET UMBRArWfORH16 WORKING AGAINST THE TIDETo a great extent, however, clear voice was employed with a reasonabledegree of security consciousness or awareness. Voice communications were usedprimarily by officer-communicators from platoon to division levels. They had anawareness of the probability of enemy intercept and, generally, spoke in theclear only within an operational time-frame-a few hours or that day-fromwhich the enemy could not gain sufficient information to react against our speedand mobility. When discussing forthcoming operations or events of the futuremore than 24 hours away, they used secure means, courier, or codes. All of ourprimary operational communications were passed on KW- 7-secured (LLTT­RA TTl circuits from battalion to FFV levels, and between Operations Centersat superior, subordinate or lateral battalions, brigades and divisions. Thus, forthe more important traffic, we had good security. I know of no instances whereCO MSEC weaknesses contributed to enemy exploitation of USF, or changes ofUSF operations/plans.*COMSEC monitors and analysts had an advisory role only and nopower themselves to effect changes. For a variety of reasons commandersfrequently ignored, or read sympathetically without action, the findingsof the COMSEC units. When the commanders did not appreciate thesignificance of COMSEC-and many of them had not learned of theimportance of COMSEC in tactical operations before being assigned toVietnam-they did not adequately support monitoring and analysisoperations. A forceful Intelligence or Signal staff officer fully sold oncommunications security could partially compensate when thecommander failed to be involved personally, but barring the presence of aCOMSEC-oriented staff officer, disinterest on the part of the commandercould obviously have only an unfavorable effect on the COMSEC statusof his command and an adverse psychological effect upon the monitors.Under these circumstances, attempts to introduce sound COMSECpractices seemed a thankless task.*Interviews conducted by H. M. Wolfe, III, 1967-68, with various officers who hadheld commands in Vietnam. Hereafter cited as Wolfe, Interviews. This and laterquotations are used simply to reflect prevailing attitudes of the period and should in noway be taken as criticism of those concerned.TOF SECRET UMBRArWfORH

"".CHINA~:( LAOS/ r......,I ./'" """,.J \l..,"" ,,\, .. ",Udorn -"',THAILANDro:t'71Korattill,UTOP SECRET Uf;fBRJ'l:tWfORf,

'TOY SfCRf'T UMBRAHOFORHCHAPTER IIConventional COMSEC MonitoringIn conventional COMSEC operations the monitor places himself in therole of the enemy. Selectively, he intercepts the communications of hisown Service and then reports on the intelligence he has-and the enemycould have-gleaned from them. When all goes well-when the U.S.command takes the action implicit in or recommended by the monitor'sreport-the monitor has earned his keep.Maj. Jerry L. Brown, COMSEC officer at the ASA Field Station, PhuBai IIduring the first part of 1968 recalled one instancewhen a compromise. was reported in time to perhaps save the life of theDeputy Chief, Military Assistance Command, Vietnam, Lt. Gen.Creighton W. Abrams.During the formation of MACV FWD, Gen. Abrams made a helicopter tripfrom Saigon to Hue-Phu Bai. The details of the flight, including time, altitude,route and passengers, were. transmitted in the clear on an RTP link. OurCOMSEC monitors picked it.up and reported it immediately. As a result, theflight plan was changed. However, an accompanying craft was not notified ofthe change, and it was shot at the whole way from Saigon to Phu Bai-anunusual effort by the VC, who, did not usually shoot at helicopters on suchflights. This I believe was a certain. example of enemy SIGINT use.*Here several important aspects of a successful monitoring operation comeinto play. Having only limited \coverage of U.S. communications (2percent to 6 percent at best), the 'monitor had heard and recognized aCOMSEC violation, reported it without delay, and realized success whenthe U.S. command changed GeneralAbrams' flight plan. Dramatically,the command's failure to warn the. accompanying aircraft led to ademonstration of the enemy's use ofSIGINT.·Wolfe, Interviews.TOP\5EERET UMBRAHOFORH(b) (1)-_._- (b) (3) - P . L . 8 6 - 3 6(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAPWFORH20 WORKING AGAINST THE TIDEAs early as 1959, questions arose concerning the communicationssecurity status of the U.S. Military Assistance Advisory Group's(MAAG) communications nets in South Vietnam. During an annualinspection of the MAAG cryptocenter at Saigon in 1960, the ASAPacific inspecting officer discussed COMSEC with the Signal Officer,MAAG Vietnam. Later, at the prompting of his Signal officer, the Chief,MAAG Vietnam, Maj. Gen. Charles J. Timmes, asked ASA Pacific tosend a COMSEC monitoring team to South Vietnam to sample MAAGcommunications. Late in 1960 a 6-man team arrived on TOY fromOkinawa. The team's monitoring revealed that there was practically noapplication of COMSEC within South Vietnam on the uncovered U.S.­RVN radio nets operated in support of MAAG. The team learned thatsome advisors had not once used their one-time encryption pads duringtheir entire tour. In other instances where the pads were used, the volumeof "unclassified" clear-text transmissions was sufficient to provide muchusable intelligence to a hostile SIG INT organization. Investigationrevealed that no SCA had been tasked to provide COMSEC assistance inSoutheast Asia. The monitoring team then reported its findings toGeneral Timmes and the Chief of USASAPAC, Col. Robert T. Walker.To improve the situation, Colonel Walker issued crypto-equipment toMAAG teams, stressed the use of one-time pads, recommended theencrypted for transmission only (EFTO) policy, and established controlfor continuing callsign and frequency assignments in Vietnam.In the early 1960's, each SCA developed in Southeast Asia aCOMSEC organization scaled to the need for monitoring thecommunications of its own Service, the Army Security Agency in additionguarding for the joint communications of MAAG and MACV.Responsibility for COMSEC at the COMUSMACV level rested at firstin the J-6 staff, and in mid-1965 shifted to the J-2 staff section, whichin 1967 added a position for a COMSEC officer (MOS 9630). WhileSCA specialists often had other COMSEC functions to perform, by andlarge monitors and analysts predominated in the Southeast Asian as wellas world-wide COMSEC organization. (See table, p. 21.)TOP S£CR£T UJ'vfBRAHOFORH

TOP S£ER£T UbfBRAnOFORnCONVENTIONAL COMSEC MONITORING 21COMSEC Personnel World-Wide(FY 1967)MonitoringAnalysis and transcribingDoctrine (Hq)Technical guidanceCC&DELSECMaintenanceAdministration and logisticsArmyPers %NavyPers %Air ForcePers %Total personnelArmy Security AgencyOrganizationOf the Service Cryptologic Agencies, ASA developed the largest andmost complex COMSEC organization in Vietnam, over the yearsevolving from one stage to another, each more complex than the last, asU.S. troop levels increased. After the 1960 TDY visit of the ASACOMSEC team to Vietnam, the 400th USASA Special Operations Unit(SOU) (Provisional) (covername, 3d Radio Research Unit) was the firstASA organization assigned SIGINT functions in South Vietnam.Arriving in May 1961 and at first staffed with onlyl ~he 400thSOU in the early days of its existence had no format COMSEC sectionbut did perform COMSEC operations in the Saigon. area, monitoringtelephone circuits on the RVNAF-MAAG. switchboard andrecommending COMSEC improvements to the MAAG Vietnam )-6staff. It also had responsibility for the security of CRITICOMM circuitsin Southeast Asia. In September 1961 the ASA unit was redesignated the82d Special Operations Unit.TOP S£ER£T UMBRAnOFORH(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

ITOP SECRET UMBRAUOFORN22 WORKING AGAINST THE TIDEOn 12 October 1961 six enlisted CO MSEC specialists from the lO4thUSASA Security Detachment on Okinawa arrived in Saigon on TOY.After a short stay in the MAAG headquarters compound, the men movedinto 82d SOU facilities at Tan Son Nhut Air Base. With three positionsthat they brought with them, the men monitored the telephone,radiotelephone, teletype, and manual Morse communications of MAAGVietnam. The men formed the nucleus for the 82d SOO's COMSECsection. Headquarters, USASA, formalized the 82d's COMSEC missionby an operations plan in December 1961 under which the commandingofficer of the 82d SOU assumed responsibility for the full scope ofCOMSEC support to both the Chief, MAAG Vietnam, and the Republicof Vietnam Armed Forces.With this modest beginning, the 82d SOU's COMSEC sectiongradually expanded its monitoring of MAAG and MACV militarycommunications. By the summer of 1962, the section had monitoredapproximately 60,000 radiotelephone and teletype messages and reportednumerous transmission security (TRANSEC) violations and dangerouspractices to MACV. After the introduction into Vietnam of the POLLUXoff-line cryptosystem for general use by U.S. military units in the springof 1962, it began the task of examining encrypted communications andreporting on practices found dangerous to security.Soon, the COMSEC section of necessity began operations with mobileequipment to cover the widely dispersed communications of U.S. advisorypersonnel. The first mobile operation, in November 1961 by a 2-manteam with a TPHZ-3 position, monitored the ARVN I Corps MAAGAdvisory Team I (Da Nang) communications. In later months, similaroperations supported other advisory teams at other locations. By the endof 1962, COMUSMACV had levied further requirements on the 82dSOU to provide COMSEC coverage of theJUSMAAG in Thailand.Activation on 1 March 1963 of the lOlst USASA SecurityDetachment (SO) (covernarne, 7th Radio Research Unit) represented asecond stage in the developing ASA COMSEC organization in SoutheastAsia. Assigned to the 82d SOU and having a strength oflIt l1e 101st was organized initially into three/sections-headquarters,security monitoring, and control and analysis. The 101stexercised technicalcontrol over all U.S. Army COMSEC operations inSoutheast Asia until abolltmid-1966, when the/arriving ASA battalionsITOP SECRET UMBRA?401'6ItIq(b) (1)(b) (3)-50 USC 403~~-~~~=~~-(b) (3) -18 USC 798(b) (3)-P.L. 86-36

TOP SECRET UMBRA!WfORHCONVENTIONAL COMSEC MONITORING 23assumed control of the tactical COMSEC functions of the ASA directsupport units (DSU's). Headquarters of the 101st SO was at the siteof the Joint General Staff Compound (Camp Tran Hung Dao, Saigon).'Functioning as a subordinate of the 82d SOU and assuming all COM­SEC functions of the latter's COMSEC section, the 101st SecurityDetachment coped with an expanding mission that by then includedCOMSEC responsibility for MACV, MACTHAI, and the Joint U.S.Military Assistance Advisory Group in Thailand, as well as advisory andtraining support to the RVN Army.With the establishment of the 10 1st Security Detachment, ASA alsoexpanded its mobile operations. By the end of 1963, as many asDmobile teams were operating in such locations as Da Nang, My Tho,BanMe Thuot, Nha Trang, Can Tho, Pleiku, Qui Nhon, and Kontum.Dispersal of the teams to the various combat tactical zones (CTZ's)permitted the COMSEC specialists to cover, on a recurring basis, thecommunications passed by ARVN corps MAAG advisor teams and byusers of the MACV country-wide wire, teletype, and radio circuits.Many problems attended the deployment of the mobile units. Roadtransportation was difficult even when armed convoys were not necessary.Air travel was hard to schedule. Although mobile monitoring teamoperations represented a major portion of the 101st SO's COMSECoperations during fiscal year 1965, the various problems infielding theteams caused a loss of much effective monitoring time. By July 1964 the101st SO strength stood atDfficers and men, and more equipmentbecame available. Later, teams established "permanent" detachments ineach CTZ, reducing the need for short-term mobile operations. MACVgenerally provided air transport, albeit at low priority, to move teams tobases near their monitoring locations.In 1965 tasks assigned the 101st Security Detachment nearly exceededits capabilities, despite the long hours the men ofthe unit worked. At thattime the 101st was supporting MACV and four major commands withcommunications complexes serving division-sized units in addition tonearly 30 other switchboards. By mid-1965 at least.Dmore men wereassigned and another Dcame on TOY from the 104th SecurityDetachment, Okinawa, to help.satisfy the growing requirements. In thismanner, the 101st Security Detachment was gradually acquiring bothadditional specialists and more equipment', to c;pe with an expandingI.dTQP sBcirH UMBRAPJOfORPJ(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOP SECRET UMBRAIq(jJJi(jJftIq24 WORKING AGAINST THE TIDEI Ithose of 1963.mission. By early summer of 1966 manpower and positions were double509th ASA Group In view of the burgeoning commitment of U.S.Army forces to Vietnam, USASA undertook a major upgrading of itsorganization in Vietnam in mid-1966. It discontinued the 82d SOU andorganized the 509th ASA Group, a level of ASA organization needed tosupport a field army. The \\ 509th Group had COMINT, EUNT,ELSEC,* and electronic warfare (EW) as well as COMSEC functions.The group-level of organization called for a strength oflICOMSEC spaces\ with tasks directed toward minimizingorder of battle information divulged; determining the approximateamount of intelligence information available to the enemy throughinsecure communications practices and procedures; determiningcommunications security violations that might compromise plannedoperations, thereby-permitting the' enemy to take counteraction; makingrecommendations to help evaluate and remedy deficiencies incommunications security; assessing the physical security status ofcryptographic facilities and distribution points; and developingcommunications data tosupport manipulative communications deceptionoperations.Components of the 509th working on the expanding COMSECrequirements were the 101st Security Detachment and the COMSECelements of the 303d and 313th ASA Battalions and their direct supportunits.101st Security Detachment Headquarters, l O'lst Security Detachment,and the 1st Platoon werewith the.509th Group at Tan Son Nhut.The 10 1st headquarters operational personnel were divided into the509th Group COMSEC Section and the 101st SD Operations Sectionwith two advisors attached to J-2MACV. The 101st controlled 14 to18 COMSEC positions.The 2d Platoon was colocated withithe 330th ASA OperationsCompany (330th RRC) near Pleiku., The 3d Platoon was near theheadquarters of the 303d ASA Battalion (Corps) at Long Binh. The 4thII*Army uses the expression Signal Security (SIGSEC) to include COMSEC andelectronic security (ELSE C) , the security of noncommunications signals.(b) (1)(b) (3)-50 USC 403___ (b) (3) -18 USC 798(b) (3)-P.L. 86-36

LTOP SECRET UMBRA HOfORHIi~;;CONVENTIONAL COMSEC MONITORING 25Platoon was in Can Tho. Detachment I of the lOIst SD worked in theMACTHAI-]USMAAG compound in Bangkok, Thailand, and an adhoc Capital Monitoring Team of two positions and six men, formed bydirection of MACV, covered switchboards in the Saigon-Cholonheadquarters complex.The 101st had responsiblity for all aspects of COMSEC for MACV,including monitoring and analysis; review of all locally generatedcryptosignal publications; inspection and approval of all cryptofacilities;COMSEC briefings, lectures, training, and command visits; investigationof cryptosecurity violations and deficiencies; passive ELSEC support; andspecialized training for and assistance to the RVNAF on the U.S.cryptosystems loaned to them.313th and 303d ASA Battalions and the Direct Support Units ASAorganization provided for the attachment of direct support units to Armytactical commands for direct SIGINT and COMSEC support to the unitcommanders. COMSEC specialists comprised 10 to 20 percent of theDSU strength, though frequently ASA commanders, under pressure toprovide more SIGINT coverage, temporarily had to divert COMSECspecialists to SIGINT tasks.ASA DSU's began arriving in Southeast Asia during the latter half of1965, either with or shortly after the tactical units to which they wereattached. From 4 DSD's operating in 1965, the number expanded to 16by 1968. The lOlst Security Detachment (on 15 December 1967redesignated the USASA Company, Saigon) directed and helped theDSU's in their work with Field Force Vietnam (FFV) headquarters andthe divisions and brigades that they supported. The DSU's issuedmonitoring reports both to the supported commands and to higher ASAand command authorities.In February 1966 the 313th ASA Battalion (13th RRU), with about60 percent of its authorized strength, began COMSEC support toHeadquarters, I Field Force Vietnam (FFV I). It established liaisonchannels within FFV I and began coordinating the work of itssubordinate DSU's at the division and brigade level, gradually relievingthe 10 1st Security Detachment of this responsibility. The 313th alsoconcentrated on FFV I headquarters telephone switchboards and radiocircuits. After May 1966, the 303d ASA Battalion (l7th RRU) beganparallel COMSEC support to Headquarters, FFV II at Long Binh. TheTOP SECRET UMBRAUOFORU

TOP SECRET UMBRAHOfORH26 WORKING AGAINST THE TIDE404th ASA Detachment (Airborne) Operations Building, BienHoa, 1967headquarters companies of the 303d and 313th ASA Battalions each hadauthorization for a Security Platoon (SIGSEC) of .1I Imen and operated from I Ipositioo'-s,----:'i-n-ad"":'d"":'t:"'"·tt:"'"·o-n-t-operformingawider scope of COMSEC analysis and advisory functions.Subordinated to the 303d and 313th Battalions were the DSUcompanies and detachments. The companies gave COMSEC support todivision commands, usually had an officer and aboutD men forCOMSEC functions, and operated from I Ipositions. The DSUdetachments and platoons gave COMSECassistance /at brigade andbattalion levels. Generally, platoons had aboutOCOMSEC specialistsIlAs an exception, heavy separate detachments served theArmored Cavalry regiment and mechanized brigades. Each heavyseparate detachment hadaCOMSEC officer,1IIn fiscal year 1967 large-scale COMSEC

TOP SECRET UMBRANOFORtqCONVENTIONAL COMSEC MONITORING 27404th ASA Detachment (Airborne) Officers' Billets, Bien Hoa,19671967. In June of that year, authorized COMSEC spaces in the 509thGroup totaleOby-. October 1967 the total had increased t..o../Oofwhich about were present. The COMSEC element of the 509th,reaching full strength in 1968, was the largest organization of its typeever to support a U.S. fieldarmy.OperationsASA's COMSEC units, particularly COMSEC elements of the directsupport units, usually operated in or near the command posts of the forcesthey supported. Close association ofthe COMSEC unit with the militarycommander and his staff, usually the\G-2 or S-2 and the Signal officer,had, of course, many advantages. Northe least among them, it kept themilitary commander apprised of the COMSEC status of communicationsunder his control, facilitated procedural changes urged by the COMSEC'fOP S£ERE'f UMBRAHOFORN(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

'fOP S£ER£'f UMBRArq'OfORN'28 WORKING AGAINST THE TIDEUSASA COMSEC Resources in SEA, I January 1968Unit Designation a Unit Cover Name a Arrived SEA Supported CommandUSASA Company, Saigonuoi« SO) IOlst RRC (7th RRU) Mar 63 COMUSMACV & USARV313th ASA Bn (Corps) 313th RR Bn (13th RRU) Apr 66 IFFV371st ASA Co (AM Div) 371st RRC (10th RRU) Sep 65 l st Air Cav Div374th ASA Co (InfDiv) 374th RRC (Det; 14th RRU) Aug 66 4th InfDiv404th ASA Det (Abn) 404th RRD (Det I, 3d RRU) Jun 65 173d Abn Bde (Sep)406th ASA Det (Abn) 406th RRD (Det 3, 3d RRU) ]u165 l st Bde, 10IstAbnDiv408th ASA Det (Inf Bde) Americal DSC (Prov) Americal Div408th RRD Aug 66 196th Inf Bde415th ASA Det (InfBde) 415th RR Det Dec 67 11th InfBde (Sep)60lst ASA Det (InfBde) 60lst RR Det Oct 67 198th Inf Bde (Sep)303d ASA Bn (Corps) 303d RR Bn (17th RRU) May 66 II FFV265th ASA Co (Abn Div) 265th RRC Dec 67 10 l st Abn InfDiv335th Div Support Co (In£) 335th RRC Jan 67 9th InfDiv337th ASA Co (Inf Div) 337th RRC (Ll rh RRU) Aug 65 l st InfDiv372d ASA Co (InfDivl 372d RRC (16th RRU) Jan 66 25th InfDiv409th ASA Det (Armd) 409th RR Oet Sep 66 lith Arm Cav Regt856th ASA Oet (Inf Bde) 856th RR Oet Dec 66 I 99th Inf Bde (Sep)ASA Field Station, Bangkok(83d SOU) U.S. Field Station, Bangkok Sep 59 COMUSMACTHAIa Earlier names shown parenthetically.Actual strength; authorized strength in parentheses.All officer personnel and 6 enlisted men of 10 I st SO were COMSEC surveillance specialists.a Positions and personnel from ASA Company, Saigon; the Bangkok field station's aurhorizarions forCOMSEC was never filled.specialists, and permitted immediate command reaction to any majorcompromises reported. Further, the continual person-to-personrelationship was indispensable in promoting COMSEC awareness andpersonnel and unit education and training.Platoons of the 10Ist Security Detachment dispatched COMSECteams to cover COMUSMACV and ARVN advisors' communications,TOP SECRET UMBRANOFORU

TOP SECRET UMBRANOt'ORfq-CONVENTIONAL COMSEC MONITORING 29-ContinuedTotal CO/\1SEC Personnel'BaseLocationCOMSECPositions Officers' E/\1 Monitors AnalystsSaigon(Tan Son Nhut)Nha TrangAnKhePleikuPhu HiepPhan RangChu LaiChu LaiChu LaiLong BinhBien HoaBear CatLai KheCuChiXuan LocI~MI Iif:"Cat LaiBangkokTotalsoften deploying them from their platoon bases for extended periods oftime. A team of the 2d Platoon, Pleiku, for example, was in Nha Trangin January 1967, in Da Lat in February, in Phan Thier in March, and atCam Ranh Bay in April, without returning to the base camp. Althoughthe platoon base sites normally had access to ASA CRITICOMMcircuits, communications with detached teams often were delayed.TOP 5B€IHH UMBRAPJOfORU(b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403(b) (3)-P.L. 86-36

TOP SBERBT UMBRAtWFORH30 WORKING AGAINST THE TIDECollection Although ASA monitors used many types of equipment,there were four basic types of positions: MRPZ-3, MJRZ-3, TPHZ-3,and MRQZ-3.* With this equipment, the monitors could copy MM,radiotelephone, radioteletype, multichannel, conventional telephone,FM single sideband, and other communications in the .5-2,000 MHzrange. ICoverage ASA specialists spot-monitored encrypted communicationsto check cryptographic systems and transmission practices for conformityto prescribed procedures. Although machine-enciphered communications(KW-7, KW-26, KY-8 ciphony family, and so forth) did not receivecryptanalytic or traffic analytic attention, COMSEC specialists throughliaison with cryptocenters were able to demonstrate cryptonettingvulnerabilities. Brought to the attention of appropriate authorities, thisresulted in recurrent major cryptonet realignments. Rather thanmonitorin machine enciphered communications,*MRPZ-3 is a 3/4-ton, truck-mounted, manual Morse and radiotelephone position,covering frequencies .5-100 MHz; MJRZ-3 is a 3/4-ton, truck-mounted, multichannelmonitor position capable of covering 12 channels-4 channels/simultaneously-infrequencies 30-2,000 MHz; TPHZ-3 is a 3/4-ton, truck-mounted, conventionaltelephone monitor position, with a 30-line capacity, recording one line at a time;and MRQZ-3 is a 3/4-ton, truck-mounted, manual Morse/and radiotelephone FMsingle sideband, air-to-ground communications monitor position/operating in frequencies.5-400 MHz.TOP SBERBT UMBRlrtWFORt4(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

...'fOP SfJERfJ'f UMBRAUOfOKf4CONVENTIONAL COMSEC MONITORING 31Unit"USASA Security Co, SaigonUSASA FS Bangkok404th ASA Det405th ASA Det303d ASA Bn, HHC313th ASA Bn, HHC337th ASA Co371st ASA Co372d ASACo403d ASA SOD406th ASA Det335th ASA Co374th ASA Co408th ASA Det409th ASA Det856th ASA Det265th ASA Det415th ASA Det601 st ASA DetTotalsUSASA COMSEC Positions in SEA, FY 1964-68a Only units of 509th ASAGroup with COMSEC elements listed. List does notreflect subordination, but is generally chronological. Where units have had severaldesignations, the latest designation is used.b Does not reflect the withdrawal of COMSEC positions from DSU's later in CY68, as realigned under the COMSEC surveillance concept."Read figures as "Authorized/Actual (Employed)." Actual varied with availabilityand mission requirements during annual periods.d Inactivated in FY 1966.e Reactivated in support ofa different unit in FY 1968.f Eliminated in 1967.'fOP S£E.RfJ'f UMBRAPJOFORU(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOP SECRET UMBRAUOfOftfq32 WORKING AGAINST THE TIDEConventional Radio Receivers (R-392 above, R-744 below)used with four basic Army equipment configurations.TOP SECRET UMBRAHOfOftfq

TOP SECRET Uf\lftHMNOfORNCONVENTIONAL COMSEC MONITORING 33MRPZ-3 COMSEC Position at Diep Hoa, with sandbaggedshelter at right and generator trailer at left. Such positions areconnected with field analysis centers.ASA COMSEC elements routinely monitored single-channel, nonmultiplexedradio (AM and FM), radiotelephone and landline (wire)telephone, and multiplexed telephone and radiotelephone transmissions.They monitored wire communications by parch-in at communicationsterminals, single-channel radio communications by radio receptionmethods, and multiplexed communications by both methods.\TOP ~liC~T UMBRA UOFOR~l(b) (1)-(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798,!.oJ

TOP SECRET UldBRA34UOfORUWORKING AGAINST THE TIDEAgainst the TideThe direct support units gave an account of COMSECweaknesses andstatus in written reports and in briefings to commanders and their staffs.If a specific commander's communications compromised a plannedoperation, ASA personnel were at hand to convey the/ necessary warning.Face-to-face presentation of the evidence, even replaying monitoredtapes, at times was not only the quickest but also the most effective meansto convey the warning. While commanders did! not always heed thewarnings, most of them, when convinced, appreciated the support.TOP SECRET UMBRAUOfORU(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRANOFORtJCONVENTIONAL COMSEC MONITORING 35Radio telephoneConventional telephoneRadio teletypeTotalsTransmissions Monitored by ASA19661,430,059228,6056,4041,665,06819676,606,539559,21417,8107,183,563Lt. Col. Grail L. Brookshire, S-2 of the 11th Armored Cavalry fromSeptember 1966 through June 1967, recalled one instance in which hisregiment revised its plans when monitoring showed that transmittingover insecure communications, an attached ARVN unit had given thetime and place of the attack.The commander of the 303d ASA Battalion from April 1967 to April1968, Lt. Col. Norman J. Campbell, reported an incident when aCOMSEC warning went unheeded. While discussing operational matterswith a subordinate unit over a VHF-linked desk phone at Headquarters,1st Infantry Division, one of the staff officers remarked-aside, butaudibly enough for the COMSEC monitor to hear-that a specificoperation was to take place in a location "35 kilometers north of heretomorrow." Although this likely compromise was brought to the staffofficer's attention, the plans were not changed since the landing zone andthe area were suitable for the operation. On landing, the assault force metunexpectedly heavy resistance; U.S. losses were approximately 58 menkilled and 82 wounded. Colonel Campbell regarded the outcome as theresults of an enemy reaction to a security breach.Other incidents continued to reinforce the knowledge that, given achance, the enemy would use U.S. communications to plan his tacticalmoves. For example, a heliborne senior commander contacted a groundpatrol and, on FM in the clear, ordered a rendezvous at a specificcrossroad location. Thirty minutes after the patrol arrived there, it washit by Viet Cong, who had not been known previously to be in that area.While the encounter may have been a coincidence, Lt. Col. Richard B.Blauvelt of the 303d ASA Battalion, which covered the incident insupport of Field Forces Vietnam II, stated that the "COMSEC breachpossibly caused /those/ U.S. casualties." He told of many similariiIIIII-,'IjlI,i'IITOP SECRET UMBRAfqGfiGKfq

TOP SECRET UMBRAIq'OFORh'36 WORKING AGAINST THE TIDEUSASA Company, Saigon, COMSEC Specialists analyzing, transcribing,and reporting on U.S. communications, Tan Son Nhut.instances happening shortly after detected COMSEC violations, not all ofwhich could have been tactical coincidence,II IpWI of VC captured in the DELTA area, . . . indicatedthat the VC usuall were ti ed-off from 3-4 da s in advance oLanIReporting While direct channels were open to disclosecompromisesendangering U.S. tactical operations, COMSEC specialists also usedvarious types of reports to convey theCOMSEC lesson tothe militarycommands they served. At the direct support unit level, analysts at firstprepared draft reports and forwarded them to/higher authority for*Wolfe, Interviews.TOP SECRET UMBRl,tWFORN(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOF SECRET utdBRAHOfORHCONVENTIONAL COMSEC MONITORING 37fpublication, but after March 1967, as did other echelons of ASA'sCOMSEC organization, the DSU's issued their own publications.In contrast to lower echelon DSU's, the battalions served as majorcontrol points for field analysis of monitored communications and forpreparation of individual and summarized field COMSEC reports basedon items from subordinate units. The battalions forwarded their reports,in turn, to the 101st Security Detachment, which reported to MACV andothers.ASA specialists classified COMSEC malpractices, using two basickinds of reports: the Transmission Security Violation Report (TSVR) foractual security violations, and the Practice Dangerous to Security Report(PDSR) for a broader category of procedural violations that might leadto enemy exploitation. These they issued as "spot reports" or periodicallyas required at successive command levels. A third report form, theTransmission Security Analysis Report (TSAR), was published on anaperiodic basis, usually on completion of a task period, mission, oroperation.At the end of each month, the ASA Company, Saigon (and itspredecessor) consolidated all monitoring reports of its subelements intothe special Transmission Security Summary Report (TSSR) for )-2MACV. The 303d and 313th ASA Battalions sent their reports to theField Forces Vietnam and each quarter consolidated all analysis andreports into a quarterly summation for COMUSMACV. The quarterlyreport was especially useful at other levels of command and providedinput to the Headquarters, USASA, annual report to the Department ofthe Army. ASA personnel did not assess intelligence losses. They reportedonly the information of possible intelligence value to the enemy that theyhad observed in monitoring. "The primary mission of COMSECmonitoring is to evaluate the effectiveness of measures taken to maintainand improve COMSEC and to identify or define security weaknesses ormalpractices." *The reporting system produced literally thousands of examples ofdeficiencies. In 1965-68 the instances noted in these many warnings to*CGUSASA Msg to DIRNSA, tAOPS-E (M) 7132835, sub: Status of COMSECSurveillance Activities (D) AGI Nr. 35364 DTG 1222102 May 67,CONFIDENTIAL.TOP S£ER£T UMBRAnOFORn

'fOP SECRET UMBRANOFORN38 WORKING AGAINST THE TICthe commands, and the thousands more that undoubtedly wenundetected, represented a veritable flood of intelligence for enem,SIGINT exploitation and tactical application, a flood that spelled defeator lossesduring many U.S. combat operations.In that flood are examples from the period before large-scale U.S.commitment to Vietnam began, from the later periods, and from alllevels of the U.S. military command. Like the perennial Asian flu, poorCOMSEC practices affected without discrimination all echelons; likethe flu, it also attacked every wave of Americans arriving in Vietnam.In 1964 a 101st Security Detachment mobile team monitored MAAGAdvisory Team 75. It also monitored the ARVN 7th Division operationsand intelligence (0&1) net, the BLUEBIRD Advisor Groupswitchboard, and the FM air-to-ground net used by the advisory team.Team specialists identified nine COMSEC violations. COMSEC reportsoutlined the violations and noted the intelligence compromised.Monitoring revealed in this case the location of an artillery battery,expected time of attack by friendly aircraft 30 minutes before the strike,the imminence and objectives of an air reconnaissance mission, theexpected time of arrival of Chief MAAG in the My Tho area and themode of travel to be used by him and his party, the compromise of thegrid coordinate encryption system contained in the MAAG-ARVN 7thDivision standing operating instructions, and the disclosure of operatingfrequencies and call signs. The monitors recommended increased use ofthe encrypted for transmission only policy, better COMSEC education forBLUEBIRD switchboard users, use of the grid coordinate encryptionsystem, employment of prescribed authentication procedures, andreduction of unnecessary chatter during transmissions.Compromise of tactical information occurred at every echelon, even atthe highest levels. In late summer of 1965, ASA monitors, for example,recorded a conversation that passed over an unsecured conventionaltelephone line between Saigon and Da Nang and revealed information ontroop movements of value to the enemy. The offenders were a generaland a colonel. (See illustration, p. 40.) ASA monitors prepared a TSVRon the violation just as they would have for compromises occurring atlower echelons. (See illustration, p. 41.) Correlating information showedthat other communications had also compromised the operation. Aboutninety minutes before the conversion between the general and the'fOP SECRE'f UhtBftArmFOftH'

TOP SECRET UMBRArq-OflORHCONVENTIONAL COMSEC MONITORING 39COMSEC Violations in the FFV II Area, November 1966-June 1967CategoryNumberUse ofunauthorized codes 312Linkage ofcall signs to frequency or unit 32Compromises of authorized codes 21Types of disclosures of classified informationUnit locations and coordinates in clear 104Communications and general matters 120Reports (cps, intel, after-action, etc.) 73Plans and operations (OPLANS, OPREPS, objectives, etc.) 71Movements (units, convoys, equipment, etc.) 51Results of enemy action 20Personnel matters and unit strengths 17VIP itineraries 16Logistical information and critical shortages 11Unit capabilities 7Unit identifications 2Experimental equipment 1Cryptoviolations 1Number of transmissions monitored:Radio telephone 1,847,852Conventional telephone 182,418colonel, monitors had recorded a conversation between a )-3 MACVrep~esentativeand another colonel. This too had disclosed information onclassified movements and plans for the same military operation and wasthe subject of a separate violation report.The earlier conversation revealed that the 173d Airborne Brigade hadbeen alerted to move as reserve in support of RVNAF forces engaging aregiment of the NVA 320th Division. While the specific coordinates ofthe planned move were not revealed, the enemy would have been able todetermine the approximate location since he knew where his own unitwas fighting. What remedial action, if any, resulted from the twomonitoring reports cannot be ascertained from available records.Management Data As did the other SCA's, ASA specialists workedhard to get at the basic causes of the thousands of compromises theydetected in monitoring. COMSEC specialists needed more than anisolated incident here and there to convince some military commandersthat they had a problem. Accordingly, the specialists studied violationsTOP SECRET UMBRArq-OflORH

'fOP SECRE'f UMBRAHOFORH40 WORKING AGAINST THE TIDEEnclosure (Monitored Telephone Conversation)J-3 SPECIALISTCOLONEL j. . .j PLEASE.ONE MOMENT SIR.COLONEL...GO AHEAD SIR.HELLO.THIS IS GENERAL j. . .jTHIS IS /. ./ SIR.YEH.I'M CALLING WITH RESPECT TO THE SITUATION IN 2 CORPS.YES.GENERAL THROCKMORTON HAS ORDERED AH BUTCH TO MOVEA.S.A.P. NOW THIS WAS BASED ON SEVERAL CONSIDERATIONS. IT WASTHE STRONG RECOMMENDATION OF COLONEL MATAXIS, IT WAS ASTRONG RECOMMENDATION OF GENERAL TONG, WAS BASED ON AGOOD TENTATIVE IDENTIFICATION OF A NEW PAVN UNIT IN THEAREA.I SEE.AND IT WAS BASED ON A FACT THAT ARVN ALREADY HAS SIXGENERAL RESERVE BATTALIONS COMMITTED UP THERE ....YES.SO GENERAL DEPUY RECOMMENDED THIS COURSE OF ACTION .OKAY.TO GENERAL THROCKMORTON AND THEY WILL MOVE WITH TWOBATTALIONS AS SOON AS POSSIBLE AND A DECISION ON THE THIRDTO BE MADE LATER ON AS THE SITUATION DEVELOPES.YES.AND THEIR MISSION WILL BE TO CONDUCT OPERATIONS WEST OFPLEIKU IN SUPPORT OF THE CG OF 2 CORPS.WELL AH I THINK, WELL I THINK YOU'VE TOLD ME AH ENOUGH IFNOT TOO MUCH.RIGHT.AH WHAT IS THE GENERAL SITUATION UP THERE NOW, ARE THEYSTILL IN CONT ACT?YES SIR, AH, THEY'VE HAD ABOUT A HUNDRED AND FIFTYCASUALTIES! THIS IS THE LAST WORD WE RECEIVED.I SEE, ARE THEY GETTING PLENTY OF AIRSTRIKES THERE?SIR-ARE THEY GETTING PLENTY OF AIRSTRIKES?AH THE WEATHER RIGHT NOW IS BAD, SO THEy'RE JUST NOTGETTING MUCH.TOP 5£ER£T UMBRA1fOFORH

TOP SECRET UPdBRAPWFORP.CONVENTIONAL COMSEC MONITORING 41YES.GENERAL DEPUY IS ON HIS WAY UP THERE AND GENERAL TONG IS ONHIS WAY UP THERE AND THEY WILL MEET AND THEY'LL PROBABLYBE SOME MORE FALL OUT OF IT AS SOON AS THEY GET UP THERE.RIGHT, WHAT ABOUT VC AH CASUALTIES?AH WE HAVE NO WORD ON THAT./END OF CONVERSATION/IAPVCSSUBJECT: Transmission Security Violation Report (U)TO:CommanderUS Military Assistance Command, VietnamATTN: MACJ2, CI & S BranchAPO US Forces 962431. (C) The following violation was committed by a member of your command atthe time and date indicated below. This report is submitted for your information andany action deemed necessary.a. Monitored Circuit: Trunk Circuit between DaNang and Saigon.b. Parties Involved: General ... and Colonel ....c. Time and Date of Violation: 1036H - 1038H, 10 August 1965.d. Type of Transmission: Conventional Telephone Conversation.e. Type of Violation: Disclosure of Classified Movements and Plans.£. Violation of: APPENDIX III, AR 380-5.g. Monitored Conversation: See Inclosure.2. (C) The information disclosed in this conversation can be linked with the informationdisclosed during the conversation monitored between 0905H and 0908H,10 August which was previously reported. The information disclosed indicates thatthe 173d Airborne Brigade will deploy to Pleiku and will operate as a reserve toRVNAF Forces engaged with a Regiment of the 320th PAVN Division west ofPleiku.FOR THE COMMANDER:InclasJAMES]. SINGSANKCaptain, AGCAdjutantTOP SECRET UMBRAUOFORN

TOP SECRET UMBRAPWFORti42 WORKING AGAINST THE TIDEYear1965Nr. a1966 1,4301967 6,607Reported Rates of Violations(Per 1,000 transmissions)R/T Conv Telephone RTTYTSV PDS Nr. a TSV PDS Nr. a TSV PDS.7.3.8 229.2 55914. .51.9 1.16 5.518 .74.9.7AverageViolation RatesPer 1,0002.93 b3.3.65a Expressed in thousands.b Average violation rate (incompletely reported) for the last half of 1965.NB. Above figures based on total monitoring, which reflected less than 6 percent ofthe total communications passed. These statistics are not a valid indicator ofCOMSEC status, but provide only an indication of likely trends and averages.and classified them by type. They then were able to give the commandersinvolved information in depth with respect to the COMSEC status oftheir units so that the commanders would have at hand management dataon which to take corrective actions.ASA analysts had specific guidelines for identifying violations-AR380-5 among them-and from such guidelines classified the violations.The table on page 39, for example, shows the number of violations soclassified for FFV II transmissions between November 1966 and June1967. From this, it is easy to see that use of unauthorized codes was amajor problem.In another study ASA specialists, also working within FFV II, reviewed18,000 conventional telephone and 285,000 RTP transmissions for thefirst six months of 1967. From these they identified 83 transmissionsecurity violations and 35 practices dangerous to security. The percentagerates of violations against total transmissions monitored ranged from alow of .053 in February to a high of 1.57 in April. ASA was able toevaluate this violation rate as "fairly good," based on its largerframework of experience.Any comparison of violations for different periods of time always, ofcourse, involves certain limitations. Nevertheless, ASA did find itinstructive to show observed rates of violations-transmission securityviolations (TSV) and practices dangerous to security (PDS)-per 1,000transmissions in the several communications modes ASA monitorsTOP SECRET UfdBRAHOFORH

TOP SECRET UMBRAHOfORHCONVENTIONAL COMSEC MONITORING 43emphasized. The table on page 42 gives the results of the ASA quarterlymonitoring summary reports for all communications monitored inVietnam during 1966-67. Over-all rates of violations showed asignificant and welcome drop between 1966 and 1967. At this time aviolation rate above 2 violations per 10,000 transmissions (.2 per 1,000)was considered excessive.An Example ofCause and Effect In 1967 COMSEC analysts did ayear-long study of the 25th Division's voice radio communications,correlated COMSEC actions with the COMSEC status of the division,and showed that communications could be made secure in relation to the\cryptomaterials' availability, quality, and employment, and to commandemphasis. The study showed that the violation rate per 10,000 voiceradio transmissions was: January, 1.6; February, not reported; March,2.1; April, 1.5; May, .5; June .4; July 9.8; August, 22.3; September,8.0; October, 3.4; November, 1.4; and December, 1.3.The drop in April-June period corresponded to the issuance of theKAC·P/Q, NSA-produced operations codes, which were an improvementover those previously used. When the new codes were issued,ASA conducted classes in their use, and subsequent monitoring showedthat the communicators were at first using them for encoding communications.However, the division communicators complained thatthe system was too complicated, and monitoring in June-August revealedthat homemade codes-SHACKLE, point-of-origin, and an unnamedcode, all of which offered little resistance to cryptanalysis-were onceagain being used.COMSEC analysts alerted the 25th Division's commanding general,Maj. Gen. F. K. Mearns, to the significant rise in communicationssecurity malpractices. General Mearns informed the DSU and his staffthat he would personally review all transmission security violations andthat disciplinary action would be in order for offenders. This positivecommand emphasis had immediate results-in September the rate ofviolations declined. During the decline, monitoring showed an increaseduse of the KAC-P/Q codes and a reduction in the use of unauthorizedcodes. A contributing factor to this decline was the publication anddistribution, throu hout the division, of a -6 MACV am hlet'fOP SECRE'f UMBRA/ HDfORU(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

ITOP S£ER£T UMBRAf,qofORH44 WORKING AGAINST THE TIDEIfindings. In October, the division began to use KY-8ciphony equipment, and this too improved security. In November andDecember, monitoring revealed extensive use of the KAC-P/Q codesand increasing use ofthe KY-8.While no record ofviolation rates for the 25th Division's conventionaltelephone conversations are available for 1967, a graph of them wouldappear almost identical to that of monitored radiotelephone and FMcommunications. A physical inspection of the telephone lines in Octoberof that year revealed, incidentally, evidence of unauthorized wiretapping.Following that revelation, use of the telephone dropped to a very low rateand almost no violations came to the attention of monitors. For thebenefit of the 25th Division, ASA listed the most frequent violations: theuse of unauthorized codes; disclosure of locations in the clear; disclosureof future plans for operations (not found after October); and the mostfrequent practice dangerous-to security, complete failure to authenticatecombined with extremely \long, rambling, conventional telephoneconversations and lengthy radiotelephone transmissions.The monitoring during 1967 reflected the communications of a veryactive division-the 25th was. involved in ten major operations. Themicrowave and troposcatter systems serving the division (over whichmuch tactical clear text was transmitted) included 50-kilowatt transmitterswhose main beam extended 640 miles, with side lobes of410 miles and a back lobe of 300 miles. Thus, the Pleiku-Da Nangpattern extended into mainland China, while transmissions from 1, 10,and 50-kilowatt transmitters at other sites could be heard in Laos,Cambodia, North Vietnam, and otherhostile areas.There were from time to time concerted actions to demonstrate theneed for COMSEC safeguards against a particular source of COMSECweakness. For example, to correct the ever-present COMSEC problem ofsecuring call signs General Denholm, CGUSASA, directed that the fixedsuffix, one-callword principle be field tested in Vietnam so that ASAcould evaluate its worth. In the experiment, the 25th Division used aperiodically changing suffix call word,\..the 1st Cavalry Division(Airmobile) used a similar fixed suffix callword but without periodicchange, and the 1st Infantry Division employed a periodically changingnet call word with a periodically changing suffix call word. Within threeTOP S£ER£T UMBRAHOFORH(b) (1)(b) (3)-P.L. 86-36____ (b) (3) -50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAptOFORnCONVENTIONAL COMSEC MONITORING 45IAPV77SUBJECT: Callword Study (U)23 July 19664. (C) RECOMMENDATIONS: The following recommendations are based onthe conclusion of this study that no reliance should be placed on radical callwordallocation systems as a means to prevent interception, analysis, or intrusion offriendly radio voice communications. Adherance to standard, historical solutions tocallsign security are the best means to impede the actual initial net reconstructionand subsequent derivation of order-of-battle from detailed traffic analysis-regardlessof the callword allocation systems employed.a. Assign callwords and expanders to nets and within nets in a random manner.b. Change callwords and expanders within tactical commands as frequentlyas operational conditions permit, daily if possible, at the start of each new operationas a minimum.c. Change callwords simultaneously with each change of frequency.d. Maintain uniformity of appearance of callwords and expanders withinmajor tactical commands by using authorized callword allocations and manners ofcallword expansion.e. Insure that callwords are not compromised by use in conjunction withsuperseded calls, telephone switching designators, aircraft tail numbers, or withcorresponding plain-text unit designations.FREDERICK B. LOTHROPCaptain, AISCommandingdays, ASA analysts reconstructed the nets of all three divisions. Despitethe popularity enjoyed by the one-callword principle, ASA analystswarned against its use. The lOist Security Detachment report on theresults of the experiment (see above) went to )-2 MACV, G-2and SIGO USARV, and the 303d and 313th ASA Battalions.One of the most serious COMSEC weaknesses was the ever-presenthomemade code. The point-of-origin code, used to hide true mapcoordinates, was one of the continual offenders. In many cases ASACOMSEC analysts, to persuade commanders that such codes were indeedinsecure, broke them, often in less than 30 minutes, using only monitoredoperational traffic. In one instance, when ASA COMSEC analysts brokea division's complete point-of-origin code from normal traffic in less thanTOP 8£ER£T UMBRAnOFORn

TOP SECRET UbfBRAp',OFORn46 WORKING AGAINST THE TIDEtll{' ... 'tC"~ b2jf '~t. "t~ £>7"F.'M?,Enemy Intercept of u.s. 1st Infantry Division Communications.(Note that the intercept operator has converted and penned in theactual coordinates beside the copied point-of-origin code. Source:ASA T AREX unit.)

TOP ~r:eKr:'f UlvfBRA NOrORNCONVENTIONAL COMSEC MONITORING 47TIME OFINTERCEPrU.S. cOMMUNIdATORSDATEVOICENErD2/220745 Stroy 91 Stroy A6h0850 C66 800848 C80 80A660';120 Ey.poider ?7F"0';130 stroy A66 n0955 B66"1000 B661015 B66c66You have new CHi­+Affirmative+ .We found 2 mines at 665320 $ld 664322+J.fy 26 aLement, ret-ur-n my locatiQn ahJ'J.t 02minutes+Pres my location is from ATN (Ut.l 11.2) +Inbound your location. eta 10 minutes.your 66 available~++Roger. my 66 is standfng bytJ.fy lead element move into operationtPres my location is from AR11(Lo.5 Dl.9)«585341) )CV is atCP'l' 35-

TOP SECRET UMBRAHOfORH48 WORKING AGAINST THE TID:three hours, the shaken commander acknowledged the obvious andapplied, at least for a time, greater COMSEC emphasis and enforcement.Although ASA specialists always emphasized that such codes were.insecure, an on-the-spot demonstration was often necessary to convincethe"doubting Thomas." Unfortunately, the doubting Thornases are stillin evidence. In December 1969 a captured enemy SIGINT soldier statedthat Vietnamese Communist analysts not only learned U.S. trooplocations through exploitation of locally produced U.S. point-of-origingrid codes but that, at least within his team, they were able to convertinstantly the intercepted coded equivalents to the true 6-digit coordinates.Education and Training In addition to producing COMSEC reportsand management data to bring about positive COMSEC actions, ASAunits attempted to educate commanders and communicators. Followingthe transfer of COMSEC responsibility from J-6 to the J-2 MACV inmid-1965, a Headquarters, USASA, 2-man SIGSEC advisorteam-Maj. George D. Reichard and Maj. George V. Jarrett-spentthree months TDY with J-2 MACV to help develop a COMSECprogram for MACV. Using the results of local COMSEC monitoring andreporting, Majors Reichard and Jarrett drafted COMSEC regulationsand directives, which MACV and USARV then issued. During their1965 TDY and another one in the following year, the two men visited allmajor commands in South Vietnam and, through interviews withcommanders and staffs, gained a better knowledge of attitudes towardCOMSEC and explored the need for COMSEC education. They alsostudied status reports to determine which deficiencies required priorityattention in COMSEC education. J-2 MACV itself advocated a vigorouseducational program as a means of eliminating the malpractices beingbrought to light by such studies as that made of the SILVERBAYONET operation in 1965.*From early 1966 on, ASA COMSEC units emphasized COMSECeducation. COMSEC teams visited all levels of command from battalionupward, providing guidance, training lectures, and educational classes. Intheir presentations, the teams made effective use of translated documents,interrogation reports, and other materials received from ASA's SIGINT"See below pp. 90-95.TOP SECRET UMBR1\HOfORH

.\.'fOP SECRET UldBRJ'tNOFORNCONVENTIONAL COMSEC MONITORING 49and target exploitation (T AREX) organization in Vietnam. With these,ASA instructors illuminated the increasing enemy SIGINT threat andgave concrete examples of the enemy's tactical use of u.s. COMSECweaknesses. At times the teams played taped recordings of U.S.communications breaches to illustrate the danger to U.S. lives. They alsotrained officers, troops, and communicators in the proper use ofthe KACseries of codes and demonstrated methods of employing KY-8 ciphony insecure nets, always encouraging maximum use of the KY-8's.General William C. Westmoreland, COMUSMACV, backed theASA COMSEC program, issuing directives that ordered COMSECimprovements and gave the basis for moving through progressiveeducational steps toward stated COMSEC goals. Helped by a graduallyincreasing command interest, ASA COMSEC specialists educatedthousands of persons, from generals to radiotelephone operators, incommunications security.The 509th ASA Group's COMSEC elements over the yearsestablished close contacts and working relationships with commanders,Signal officers, intelligence staff officers, and tactical communicators atall levels. In spite of the hectic combat environment, which was thus notconducive to formal education programs, they continued to instruct in theapplication of ciphony, cryptonetting, and other subjects. They alsohelped commanders prepare for secure communications as one aspect ofplanning military operations. In addition, COMSEC advisors drafted forthe commanders command letters, directives, and guidance materials foruse in standing operating procedures.By 1968 the 509th ASA Group had given organizational status to itseducational teams, calling them COMSEC Assistance and AdvisoryTeams (CAAT). The teams, each made up of at least six experiencedCOMSEC NCO's, visited the divisions, in turn, spending from 7 to 14days with each, conducting with staff officers a thorough review of allCOMSEC matters, and applying preplanning or surveillance techniquesto improve communications in forthcoming military actions.In 1968 and thereafter, improvement over the COMSEC status of1965-66 was evident. COMSEC surveillance and CAAT operationswere meeting the continuing COMSEC challenges and bringing aboutsome measure of relief.'fOP SECRE'f UMBRArmfiORfq

TOP SECRET UMBRAUOFORU50 WORKING AGAINST THE TIDEConvincing the Commanders The Army Security Agency found awide variety of responses to their efforts to obtain communications securityin Vietnam. Some understanding commanders applied COMSECsafeguards conscientiously; other commanders did not. Until SILVERBAYONET in October 1965, most U.S. Commanders in Vietnamshowed only a marginal interest in COMSEC, since they doubted that theenemy could conduct successful SIGINT operations. These commandersreasoned that U.S. superiority in training, firepower, and mobility madeCOMSEC of little importance.Commanders during the early months of combat were often frustratedin their efforts even to find the elusive enemy, and at least one officer saidthat he hoped that the enemy would use intelligence gained from insecureU.S. communications-at least then he might attack and thus showhimself. Lt. Gen. Harry W. O. Kinnard, commander the l st CavalryDivision (AM) from September 1965 to May 1966, exemplified thethinking at the time:The DSU and my Signal Officer offered much advice and guidance in this/COMSEC/ area. But, I'm afraid I didn't let them help me much. It wasimpracticable to change SOl-SSI and codes often in the division, because therewere so many nets involved, and normal tactical employment required rapidchanging of control of battalions, even companies, from one subordinatecommand to another, at any time in operations. Our communications gave us thecapability to react and adjust rapidly and flexibly, and I could not afford to riskcommunications (hence tactical) confusion by using changing codes and calls indifferent subordinate commands. I am convinced that, even though the enemymay have gained some OB information from our communications ... theywere not able to glean sufficient usable information from monitoring our nets toreact to their advantage, for our deployments and tactical reactions were toorapid for them to apply what they may have gleaned. This was the choice I hadto make, and I decided that tactical speed and mobility from stablecommunications was more important than possible tactical voice COMSECloss.*Others, including Maj. Gen. Richard T. Knowles of the l st CavalryDivision (I965-66) and Maj. Gen. William E. DePuy, commander of*Wolfe, Interviews.TOP SECRET UMBRAlJOFORU

,LTOP SECRET UMBRArq'OfORIqCONVENTIONAL COMSEC MONITORING 51n lJ) ;.)A,'lt'LE i1£;').:iAGE;.; ANO i·IET/ivO Of (;ui'lr'u,)IJlul.1.1.il'il'1vNLY.U;iEO:IN GENERAL. THE 11th ARMORED CAY RtGT 00£;.; NCTHAVE SET i4ESSAGE FO~MArS VI ITH THE EXCEPT ION Of n/ FEWMESSAGES . STlt.tSAHU ARTILLERY FIRE.K£«AS IN THE TiXT _. HEAVY ART I LL£HYtiTHE 345/44NAUTJCAL HILESHS At·KNOWLEDGE IN,. .'1'«AS IN 'rsxr - I Ii _o."'L I ,.)[1 fJ' .. BAD S'rATlO~S ARTILL£RY w"RNH.G.fiRING ~QOM LEAR TO'GRID XU72.3415 MIG,HT :)HOT 2130 fi.n1900 DEGREES. ~fGHT RANGE 12-5 12M.~ .Page From Enemy SIGINT Instruction Manual1st Infantry Division (1966-67), expressed similar views on COMSEC,sharing in the belief that the enemy could not acquire much help fromunsecured U.S. tactical voice communications. Each also thought the U.S.battlefield maneuverability demanded rapid communications and anonchanging SOLICOMSEC officials at the time1--__:--"""":"'""""":""" ---:----.,;-:------1were also placing unwarranted reliance on the availability (and assumedproper use) of manual codes that were not yet tailored for Vietnam.The situation changed slowly as COMSEC agencies and/Armycommanders gained experience in Vietnam. NSA began production ofmanual codes tailored to Vietnam field requirements. AsA TAREXcollection helped reveal the hostile SIG INT threat, providing a steadystream of examples of enemy SIGINT successes against the United Statesand its Allies. ASA in-country monitoring highlighted for theTOP SECRET" UMBRAHOfORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798iII,Ii

TOP 8BERBT UMBRAHOfOftfq52 WORKING AGAINST THE TIDEcommanders the danger of communications deficiencies, and COMSECpersonnel at the DSU level worked directly with the commands. Capt.Leo M. Melanson, commander of the 371st ASA Company, in 1968spoke of the way in which the DSU's operated to bring about COMSECchanges within the commands:/In/ the field of COMSEC, its ... varying degrees of success among theDivisions in Vietnam can be, and are, directly attributable to the Company'srelationship, /not only with the command and the G2 but / with the DivisionSignal Officer /DSOj. Once /he is/ aware that part of the Radio ResearchCompany's mission is to assist the Division in /COMSEC/ and actuallybelieves it, then a successful program can be achieved the 1st CavalryDivision /had/ continually and blantantly used the point of origin code. It wasnot until the DSO was won over to the COMSEC side that the practice wasstopped completely. Extensive education of ... operators at all levels in theuse of the KAC-Q/P codes, terminating with a command message, finished thepoint of origin code's use in the Division. *As a result of similar COMSEC operations, it eventually became easierto influence most U.S. ground commanders. For example, in early 1967the 325th ASA Company, with the help of the 303d ASA Battalion,monitored for five days the 9th U.S. Infantry Division's nets in theMekong Delta area. Without using any of the available operationalinformation, the 325th analysts reconstructed from the normal tacticalvoice nets about 95 percent of the division's total operation-organization,units, personalities, nets, call signs, frequencies, plans and intentions,movements, and objectives. As a result, Maj. Gen. GeorgeG. O'Connor became a firm believer and a stringent enforcer ofCOMSEC practices. His 9th Division became one of the most securedivisions in Vietnam during that period.Referring to the value of COMSEC indoctrination, Maj. Gen. John R.Deane, Jr., commander of the 173d Airborne Brigade (Separate) fromDecember 1966 through August 1967, stated:I believe that the U.S. COMSEC posture in general in SVN was very poor. Iam a firm believer in good COMSEC practices and applications. However, I wasnot aware of any drastic actions against COMSEC violators ... the DSUregularly reported on COMSEC violations and advised me concerning the*Wolfe, Interviews.'fOP StlCftf'f UMBRAHOfORH

TOP 5BERBT UMBRAPJOfORnCONVENTIONAL COMSEC MONITORING 53picture of friendly operations that had been gleaned from COMSEC analysis,and the dangers thereof if similarly gleaned by enemy COMINT. I used theireducational capabilities to the maximum practicable in the command.He then spoke of problems in the Army COMSEC program:Directives to enforce COMSEC by stringent penalties on individual violatorswill encourage people to absorb the regulations and training afforded, and givenby ASA all the time. If we had better security motivation and if COMSEC hadmore teeth in it, then there would not be so much loss of tactical informationfrom clear voice traffic. However, there is a practical and economic limit towhich we can afford to give every radio an accompanying piece of COMSECequipment. . . . In general, I've seen no great development in COMSECstatus since WW II. Although there have been improvements in COMSECequipment, there is a practical limit to the amount of COMSEC equipment thatwe need, or which can be carried by the combat soldier. In SVN, the use of eventhe KY-38 was not practicable for manpack on the soldier in activecombat. . . . There are still major problems that need to be resolved. *Lt. Col. John L. Heiss, III, SSO J-2 MACV (1966-67), revealedunusual sensitivity to the need for COMSEC:In most operations USF did not want to get ARVN forces involved, for thiswas a definite weak link. Our worst weakness was the tendency to talk toomuch, or talk around classified matters on telephones. Our telephone . . .system was a weakness and, although I have no hard evidence, I can't helpbut believe that the VC attempted to exploit this weakness, I suspect that astudy of the background of some of the ambushes we suffered may representenemy exploitation of U.S. COMSEC weaknesses. *However, despite better education in COMSEC procedures, theavailability of some secure voice equipment, issuance of better codes to fillrequirements, a sizable U.S. monitoring program, and a more generalacceptance by many commanders of the existence of a viable hostileSIG INT threat, significant security malpractices continued, althoughdiminished in volume. These were especially the unnecessary orincautious use of unsecured voice communications, use of unauthorizedand insecure home-grown codes, improper use of call signs, and lack of·Wolfe, Interviews.1=QP 81KRBT UMBRAHOFORfq

TOP S£ER£T UMBRAHOFORH54 WORKING AGAINST THE TIDEauthentication. The weaknesses continued largely because too manycommanders and their communicators still did not know about or wereunwilling to follow operationally acceptable COMSEC practices. To thesecommanders and communicators the fastest possible communications,unencumbered by security practices and equipment, were a necessity ofwar. Education of commanders in COMSEC remained, therefore, as amajor problem.OrganizationNaval Security GroupAt the time of the Gulf of Tonkin incidents in August 1964, the NavyCOMSEC organization in the Western Pacific (WESTPAC) was alreadywell established. Permanent COMSEC components were at the NavalCommunications Station Guam (COMSEC 701), the NAVSECGRUActivity Kamiseya, Japan (COMSEC 702), and the NavalCommunications Station Philippines (COMSEC 703), and were mannedbyIlof which a team of an officer andDenlisted men were on temporary additional duty afloat with the SeventhFleet. The afloat team had begun in January 1963 to assist/ theCommander, Seventh Fleet, embarking on assigned ships. At first theteam was designated COMSEC Team ALF A, later COMSEC/TeamOne.In July 1963 the Navy was planning for the establishment of aCOMSEC component (COMSEC 704)\at the NAVSECGRU ActivityHanza, Okinawa, in order to have a permanent COMSEC listening postmore responsive to Seventh Fleet requirements. Okinawa layclose to theCommunist Bloc countries near which Seventh Fleet ships operated.COMSEC 704 began operations in June 1965 and was fuHy operationalby the end of the following month.To cope with a rapidly changing communications situation inSoutheast Asia, the Navy rearranged its COMSEC organization in thePacific during the winter and spring of 1965. The/new organizationemphasized traffic analysis of monitored communications and centralizedreporting on a broad geographical basis. Under vthe reorganization,COMSEC components called collection and reporting centers performedTOP S£ER£T UMBRA HOfOlUq(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798_________ (b) (3)-P.L. 86-36

TOP SECRET UMBRA?lOfOR1'JCONVENTIONAL COM SEC MONITORING 55monitoring and first echelon reporting, then forwarded raw trafficimmediately to a processing and reporting center (PRe), where detailedanalysis took place. NAVSECGRU Activity Kamiseya served as theprocessing and reporting center for the Western Pacific.COMSEC Team Vietnam +Gf- The Western Pacific COMSECreorganization came simultaneously with the establishment of atemporary Navy COMSEC team at Da Nang. In early March 1965 aNAVSECGRU officer inspected alternative locations in the Da Nangarea to determine the best site for COMSEC operations, investigating theavailability of working areas and equipment for a COMSEC unit thatwould be known as COMSEC Team Vietnam "t€tand have one officerand four enlisted men. COMSEC Team Vietnam (£1 began operationson 31 March 1965 in support of Brig. Gen. Frederic Karch,Commanding General, Ninth Marine Expeditionary Brigade (MEB) andNavy and Marine Corps units in SVN.The team was to operate for a 90-day period. After it becameoperational, however, the Naval Communications Station Philippinesrecommended that it be continued beyond 30 June 1965 if GeneralKarch still needed COMSEC monitoring. Vice Adm. Roy L. Johnson,Commander, Seventh Fleet, supported the recommendation, provided theCOMSEC status of Marine and naval communications warranted it.With the accelerating tempo of military operations at the time, no onedoubted that the team was needed. The team had already identified anumber of COMSEC deficiencies, in particular: permanent assignment ofcode names or nicknames to specific locations for landing zones, therebyincreasing the likelihood of their recovery by the enemy; failure to utilizeauthentication at any time; shortage ofoperations codes and improper useof those available; and use of nonapproved, locally generated codes.On 29 May 1965 Commanding General, Fleet Marine Force, Pacific(FMFPAe), Lt. Gen. Victor H. Krulak, noted that the COMSEC teamat Da Nang had done an outstanding job in helping to tighten security onradio nets of deployed Marine units. The COMSEC support provided toNavy and Marine Corps units at Da Nang amply demonstrated the valueof continuing an active COMSEC program after 30 June. GeneralKrulak stated further that the Marine Corps First Radio Battalion wouldcontinue that COMSEC assistance. Therefore, effective 5 July 1965, theTOP SECRET UMBRArmt'Oftfq------~--

TOP SeCReT UMBRAPWFORH56 WORKING AGAINST THE TIDENavy COMSEC Monitoring Position AshoreNavy COMSEC Team Vietnam (C) was deactivated and its tasks wereassumed by a recently formed Marine COMSEC team of the First RadioBattalion, Fleet Marine Force, Pacific.Sub Unit One, First Radio Battalion Elements of the First RadioBattalion had operated in South Vietnam as early as 1962, givingemphasis to SIG INT. In March 1965 Detachment J of the First RadioBattalion was established in support of the Ninth MEB, and includedDC()MSEC positions among its resources. This detachment carriedon the COM~EC...function-.s. that had been performd.d b, COMSEC TeamVietnam (C). TheDpositions were increased t in January 1966when Detachment}was deactivated and its men and equipment becamepart of Sub Unit One;.First.Radio BattalionI IIIW~ilethe originalDerachment J had reported to its parentcommand in Hawaii,th~?~w subunit came under the direct operationalcontrol of General Krulak. The Airettsupport role of Sub Unit OneTOP SeCReT UMBRl'\PWFORPi(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'fOP SECRE'f UMBRAHOfORHCONVENTIONAL COMSEC MONITORING 57Navy COMSEC Monitoring Position Ashorecorresponded somewhat to that of ASA direct support units then beingadministered by senior-level ASA echelons but under the operationalcontrol of the Army commanders to whom they gave assistance.COMSEC 705 The need for communications security in SoutheastAsia continued to grow with the expansion of communications. InSeptember 1965 AdmiralJohnson, by then Commander in Chief, PacificFleet, expressed a need for continuous COMSEC monitoring of newnaval circuits then being activated at Da Nang. Accordingly, an officerand six enlisted men formed a unit, designated COMSEC Team, NavalSupp'ort Activity Da Nang, that went into operation in October 1965withDmonitoring positions and an indefinite tenure. Its mission wasto provide CO¥SEC support to local naval elements and to determinepossible intelligenceIosses through communications. Specific tasks wereto provide COMSEC support to Naval Support Activity Da Nang and tonaval units in the South China Sea and to monitor and evaluate naval'fOP SECRE'f UMBRAHOfORH(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

'fot" SECRET UMBRAl'JOFORU58 WORKING AGAINST THE TIDEcommunications. By December 1965,Dadditional enlisted billets hadbeen approved and action taken to fill them. In June 1966 the team wasredesignated Detachment Delta, Naval Communications StationPhilippines, and assigned the Navy title COMSEC 705.Thus, by December 1965 NTY C10MSEC personnel in the WesternPacific numberedDofficers and .enlisted men; COMSEC elementstotaled 5 COMSEC components plus a.team afloat.COi\1SEC Team Saigon In 1966 naval operations extended southwardfrom Da Nang. COMSEC Survey-Team Saigon (one officer and oneenlisted man) was formed in the spring of 1966 to conduct a survey ofMARKET TIME communications.*Using the men and facilities ofanother specialist team aboard the USS Jamestown for monitoring andother Navy COMSEC units, the survey team had access to a total ofI Ipositions. The results were startling. The COMSEC deficienciesuncovered. not only stimulated COMSEC improvement through thedistributiori.of more suitable operations codes but also emphasized theneed for Navy COMSEC teams in the area. While there was a concentratedspecial survey to improve MARKET TIME communicationssecurity in the first three months of 1966, MARKET TIME operationsthemselves continued throughout the war, and monitoring of U.S.MARKET TlMlivcomrnunications continued to be a significant partof Navy COMSEC operations.COi\1SEC Team Thr~e (Delta) \\In February 1960enlisted menwere ordered on temporary additional duty (TAD) atVung Tau in SouthVietnam to establish COMSEC Team Delta. Headed by a chief pettyofficer, the team was activated, initially for 45 days, at the CoastalSurveillance Center, Vung Tau, its mission being to provide COMSECsupport to the commander of Task Force 115 and. his units in SoutheastAsia, and to naval elements involved in the MARKET TIME operations.The team also was charged with reporting on the advisability ofestablishing a permanent COMSEC\unit at the mouth of the Mekong*MARKET TIME was a covername given to operations taking place in the offshorewaters of South Vietnam. For the survev. see below. pp.109-16.TOP SECRET UMBRAl'JOFORU(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798- __~~(b) (3)-P.L. 86-36

'fOP :5ECIU:'f UMBHAtWFORP:iCONVENTIONAL COMSEC MONITORING 59USMC Sub Unit One COMSEC MonitorRiver Delta. The work of the team was of value to the chief of the NavalAdvisory Group in Saigon who, in March, took special note of theassistance provided by Team Delta in the MARKET TIME survey. Heconfirmed that the requirement for a COMSEC unit to monitor southernMARKET TIME and Mekong River Delta area communicationscontinued to exist. He stated further that the COMSEC Team Deltawould be invaluable in helping Task Forces 115 and 116 to maintain anaccurate picture of their communications security. Therefore, in April of1966, the team shifted operations from a temporary structure to aspecially configured COMSEC van at Vung Tau, and in July wasredesignated COMSEC Team Three.In January 1967 Admiral Johnson noted that the COMSEC TeamThree had been especially effective in maintaining securecommunications for Navy tactical commanders. Information receivedfrom COMSEC 705 and NAVSECGRU Activity Karniseya substantiatedTOP SECRET UMBRAHOFOHH

'fOP SECRE'f UMBRANOrORN60 WORKING AGAINST THE TIDECOMSEC 705 Location at Foot of Monkey Mountainthe fact that termination of operations at Vung Tau would seriouslycurtail naval COMSEC control in the delta area.Although several attempts were made to establish COMSEC TeamThree as a permanent component, each request for additional billets metwith Defense Department disapproval. Because the team had provenitself to be a valuable COMSEC asset to in-country forces, however, itcontinued its existence wit~.e... rsonnel on temporary duty from COMSEC705's sparse allowance ofUenlisted men.COMSEC Team Two (Bravo) In January 1966 Vice Adm. John T.Hyland, Commander, Seventh Fleet, pointed out the desirability ofembarking a COMSEC team with-naval amphibious forces in SoutheastAsia. Admiral Johnson agreed thar. a full time COMSEC team wouldhelp maintain communications security and could give technicalassistance as needed for manipulative cover and deception in amphibiousoperations. First designated COMSEC Team Bravo and shortly thereafterTOP g~ER~T UMBRA PWrORH(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOP SECRET UMBRAPJOfORPiCONVENTIONAL COMSEC MONITORING 61COMSEC Specialists Assembling an Antenna, Monkey Mountainas COMSEC Team Two, the unit began operations in June 1966 withone officer and Omen, monitoring and evaluating amphibious forcecommunications. Although it was initially planned that the team beassigned to Task Force 76, for transfer with the staff as it rotated amongflagships, COMSEC Team Two was in practice used in support of TaskGroup 76.5 (Group Bravo) and occasionally Task Group 76.4 (GroupAlpha).COMSEC Team Fille COMSEC Team Five was organized on 24March 1967 and (SSired to Beach Jumper Unit (BJU) One. This teamof an officer and enlisted menhad an assigned mission to exchangetechniques, knowledge, and experience with the beach jumper unitthrough an exchange in personnel. As a result of this venture, bothCOMSEC and BJU perseonnel.gained.a keener awareness of the complexitiesinherent in the communications deception operations in whichthe beach jumper units were involved. Although the team was deacti-TOP. SECRET UMBRAHOFOfth T(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOP 5BERBT UMBRAHOfORH62 WORKING AGAINST THE TIDEvated on 22 May 1967, permanent COMSEC components continuedto provide COMSEC technical assistance for BJU operations and servedas points of contact for mutual exchange of information. Anotherresult of Team Five's exchange of personnel was the establishment oftwo permanent COMSEC billets in the BJU personnel allowance, bothof which were filled in the fourth quarter of fiscal year 1969.COMSEC Team Four COMSEC Team Four, with a chief pettyofficer andDenlisted men, commenced limited COMSEC operationson 25 April 1967\and became fully operational during May. Personnelfor the team were provided TAD from various permanent PacificCOMSEC compone.nts. The team operated from a truck-mountedvan-suPfiedl ',b.Y the\N... aval Communications Station Philippines-thatcontained monitoring positions and was based at Vinh Long in theMekong Deltaxarea. Team Four's mission was to provide COMSECsupport in the Mekong River Delta to Riverine Task Force 117 and toextend service also.to GAME WARDEN, Task Force 116. In February1968, during the ret offensive, a mortar shell demolished the van and,although there wereno casualties, operations had to be suspended untilMarch 1969, when anew van was installed on a barge in the MekongRiver.COMSEC 706 As axresult of a preliminary study conducted inDecember 1965, NAVSECGRU Activity Kamiseya recommended that aCOMSEC component be established at the Naval CommunicationsStation Cam Ranh Bay. Planning for a permanent component there withI Ibillets received approvalof the Secretary of Defense in November1966, but difficulties in procuring\ and installing equipment delayedactivation ofthe unit for over a year.\As COMSEC 706, the unit finallybecame operational on 5 January 1968, with the mission of providingCOMSEC close support to Pacific Fleet naval commanders in SoutheastAsia.At the end of 1967, NaVYCOMSElcperonnel authorized for theWestern Pacific were Dofficersand .....enlisted men, of whi('hDofficers andDenlisted men were~ctually enboard.TOP SECRET utdBRAHOfOlH

'fOP SECRE'f UIofBRAshore'facilities for HFcommunicationsshore facilities for HF communicationsshore facilities for HF communicationsVHF communicationsfmfORfqCONVENTIONAL COMSEC MONITORING 63OperationsNAVSECGRU's COMSEC organization monitored and analyzed longhaulnaval communications passed between shore stations and ships at seaand air squadrons. Marine Corps direct support units monitored andreviewed the communications passed by Marine units operating innorthern South Vietnam.Monitoring and analysis were the major aspects of NAVSECGRU'sCOMSEC operations in the war zone and, as in the case of Army, by farthe greater number of Navy personnel assigned to COMSEC duties spenttheir time largely on these functions. Navy COMSEC personnel werethus working on such tasks as: conducting COMSEC surveys; monitoringand analyzing naval communications and preparing CommunicationsImprovement Memoranda; measuring frequencies and preparing offfrequencyreports; training personnel in cryptographic andcommunications procedures, in message drafting, and in physical securitywith emphasis on intelligence losses from unprotected circuits; andhelping communicators to prepare and revise operations plans, operationsorders, and communications plans and to identify and solvecommunications problems as they arose.The Navy increased its COMSEC organization to keep pace with thegrowing volume of communications during the period 1964 to 1968.From a force ofDmen andDpositions, the Navy's Western P~cificCOMSEC organization expanded during this period to.Dmen andDpositions-Dmonitoring,Dfrequency measuring, andDradio fingerprintingpositions.The afloat COMSEC Teams; One and Two continued to monitor bypatching from the host ship a minimum of two CW and/or voiceradiocircuits to the operati!lgspace\ being occupied by the teams. TheCOMSEC monitoring equipment used by Navy and. Marine COMSECelements ineluded:EquipmentUseR-390ASP-600R-274BR-1279 with CV-1750range extenderR-389 low frequency communicationsTQP\ ei~CRBT UMBRA ~WFORH(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

'fOP SnERn'f U1dBRANOFORN64 WORKING AGAINST THE TIDEInitially, NAVSECGRU had problems with the equipment it placedashore in Vietnam. Navy receivers were more suitable for use on ships orin permanent installations than they were for use in tents and small vanswhere dust, mud, rain, and heat affected their operation. Dust, forexample, penetrated the equipment and caused malfunctions. During thetime that the Navy's COMSEC Team Vietnam (C) was operating at DaNang, it was without maintenance personnel, and malfunctioningequipment was shelved, awaiting assignment of repair personnel whocame later.For the most part, the Navy kept its COMSEC monitoring elementsthat were stationed in the Vietnam area fully manned at authorizedstrength. Personnel to man the positions came from the more permanentNaval COMSEC establishments in Hawaii, Japan, and Guam, and as aresult these components farther from the war zone continuously had tooperate below authorized strength. Despite the full manning of theelements ashore in Vietnam, personnel very frequently worked 16-hourshifts.The Navy's COMSEC organization concentrated on communicationspassed during Seventh Fleet naval and naval air, MARKET TIMEcoastal surveillance, naval gunfire support, special mission positiveidentification radar advisory zone (PIRAZ) and search and rescue(SAR), GAME WARDEN, and amphibious operations. While thevolume of traffic collected changed from time to time, the Navymonitored, according to estimates, a relatively high percentage of thecommunications passed. One estimate made in the summer of 1966, for.example, gave these figures:Type ofCommunicationsTF77TF76TF 73 (underway replenishment)TF 115TF 116TG 70.8 (naval gunfire support)TF 72 (patrol aircraft)Ship. to-shoreAir-to-groundHarbor commonEstimated Percentage ofTotal Traffic Monitored1852530202510402350TOP SECRE'f UMBRAHOFORfq:

------------------------~~-·---·~--LITOP SECRET UtdBRAHOl'OlU4CONVENTIONAL COMSEC MONITORING 65The geographic location of NAVSECGRU COMSEC componentspermitted reasonably good coverage of high frequency transmissions offorces operating in Southeast Asia. The afloat COMSEC Teams One andTwo randomly sampled VHF and UHF communications employed byunits of the Seventh Fleet, patching into these communications throughlines leading to their COMSEC space. Shore-based COMSECcomponents monitored VHF and UHF naval communications in theirimmediate areas and long-haul communications of ships moving into andout of the war zone.Sub Unit One, First Radio Battalion Sub Unit One had COMSECpositions at the various locations of its detachments during the years1964-68. In early 1966 it had 2 positions at Chu Lai, 2 at Da Nang,and 1 at Phu Bai. In the fall of 1968 it had 2 at Camp Carroll, 2 at DongHa, 1 at Hill 327 near Da Nang, and 1 at Vandergrift Fire Support Base.While the subunit usually hadc:=JCOMSEC positions in operation, attimes it became necessary to task these positions with SIGINT missions.Sub Unit One detachment commanders worked closely with G-2 andS-2 officers in the supported USMC units to arrange for tasking of theCOMSEC monitors. By and large, Marine COMSEC specialists monitoredlow-level tactical FM radio nets, which they regarded as thosemost likely to compromise U.S. tactical intentions. They also monitoredradio relay circuits, using a r... rycom e...lective voltmeter on loan fromthe NSAPAC Representative Whenever possible, communicationsof units engaged in combat or active patrol had priority. Instatic situations, monitors sampled radio transmissions at combat bases.Marine units kept their positions engaged 16 hours a day, and fromabout 1966 on they copied and analyzed approximately 4,000 transmissionseach week.Against the TideNavy and Marine COMSEC specialists employed much the sameprocedures as did those of the Army and Air Force in alertingcommanders and communicators to dangerous practices and in pointingthe way to improved COMSEC. They conveyed their message in face-tofacepresentations, briefings, and spot and general reports.TOP SECRET UMBRAnOI'ORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'TOr' SECIUi'T UMBRANOrOlHJ66 WORKING AGAINST THE TIDEle. o M s Ec Intercept Vans and Operations Tent,----- Chu LaiPerson-to-person presentations seemed, for the most part, to be themost effective means of settling many of the problems that arose. Beforeits functions were assumed by Sub Unit One, Navy's COMSEC TeamVietnam had established, procedures to deal directly with in-countryMarine communicators. The team participated in weekly communicationsofficers' conferences conducted by the III Marine AmphibiousForce communications electronics officer, in this way dealing directlywith both the communicationsvofficers and their senior NCO·s. TheNCO's took measures to prevent'.recurrence of violations in their unitcommunications and, when time permitted, trained their own operatorsin the field.Sub Unit One continued the practiceof person-to-person presentations.The unit made regular use of live examples in briefings to communicatorsand Signal officers of Marine field units, giving about 200 a year. TheTOP SECRET UMBRlrNOrORN(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAHOFORHCONVENTIONAL COMSEC MONITORING 67• 1_____....IOperations Building at Hill 327, Da Nangunit's briefing program', did much to overcome the "electronic spystigma often borne by a COMSEC organization. Briefers generallyoverlooked minor procedural errors and emphasized combat-associatedsecurity lapses that endangered the lives of the Marines. As a result ofperson-to-person COMSEC\service, better rapport resulted. Unitcommanders at times even requested orientation lectures for their units.Sub Unit One COMSEC reports, when these were made, also had abetter reception.Navy COMSEC specialists were.also at work on a person-to-personbasis. They, too, used actual examples of operational communicationsdeficiencies in their educational briefings for naval personnel ashore andafloat.Both Marine and Navy COMSEC specialists spot-reported significantviolations affecting the tactical posture offriendly units. Navy specialistsinformed the Commander, Carrier Striking Force, Seventh Fleet, forTOP SECRET UMBRAHOFORN(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBKAfq-()p()ltfq-68 WORKING AGAINST THE TIDEexample, of information they had monitored from the Navy's air trafficcoordination circuits that revealed strike plans and other intelligence.Marine Corps spot reports reaching the Special Security Officer, IIIMAF, often were in time to cancel or postpone Marine tacticaloperations.Besides the spot reports, there were periodic COMSEC status reportsthat went to Navy and Marine Corps commanders. Marine specialists atthe platoon level at first reported violations monthly through the Marinechain of command; later reports were made twice monthly. The reportswent to the 1st and 3d Marine Divisions and the l st Marine AirWing. Sub Unit One also issued a monthly report to MACV describingthe emphasis placed on communications security during the month, thenumber of transmissions monitored, and the number of violations found.While only a rough measure of actual violations occurred, these SubUnit One reports provided an indication of COMSEC status reliableenough for value judgments. During the last three months of 1968, theaverage number of monitored transmissions for each month remainedapproximately the same, yet the detected violations in October were 519,while for December only 216 violations were detected. MarineCOMSEC analysts attributed this reduction in violations to increasedemphasis during the period on the lecture method to improve security andto the establishment of closer working relationships between the platoonsproviding the COMSEC support and the supported G-2 and S-2 officers.When he was in command of III Marine Amphibious Force, Lt. Gen.Lewis W. Walt kept abreast of reports on the COMSEC status of Marineunits and took note when he could of progress made by the subunit. In aletter of 28 November 1966 to the commanding general of the FleetMarine Force Pacific, General Krulak, and others, he wrote:It has been noted with pleasure that the communications security posture ofthe III Marine Amphibious Force has shown marked improvement during thepast 11 months. This is apparent in the fact that the number of significantcommunication security violations committed each week by III MarineAmphibious Force units, air and ground, has decreased by 75 percent sinceJanuary 1966. This improvement can only be attributed to extensive commandinterest and concern shown at all echelons of command, increased use ofavailable cryptographic aids, and to the efforts of Sub Unit One, First RadioBattalion in presenting over 200 periods of instruction on this subject to IIIMarine Amphibious Force Units.TOP SECRET UMBRA?WFORN

'TOfl ~:f:CR:f:'T UMBRA HOFORHCONVENTIONAL COMSEC MONITORING 69Navy COMSEC reports also prompted command actions of one kindor another. A major report, the quarterly COMSEC Traffic AnalysisReport, not restricted to but incorporating the Southeast Asia naval.COMSEC reports, gave wide circulation to the COMSEC problems inSoutheast Asia and the Western Pacific in general and provided the basisfor initiating corrective COMSEC actions. Within WESTPAC thereports helped in a variety of COMSEC management steps. The analysisof monitored circuits, as reported, helped managers to determinepriorities in the assignment to voice nets of short-supply secure ciphonyequipment. Monitored findings helped also in the assignment of nonvoicecrypto-equipment to provide cryptocover. For example, in)anuary 1967COMSEC 702, at Karniseya, issued a traffic analysis report that resulted. in authorization for on-line cryptocover of one of the communicationslinks of the Naval Tactical Data System serving many ofthe Navy's shipsin the war area. When reports on a MARKET TIME communicationssurvey revealed a major netting problem and limited code vocabularies,COMSEC managers were able to press for improvements in operationscodes and to recommend the use of improved codes in particular cases,such as communications giving naval gunfire shore targets.Most important, the many reports prompted command actions directedtoward WESTPAC communications discipline. For example, thecommander of the Seventh Fleet issued a general message reiterating andexplaining encrypt-for-transmission-only requirements. At the next higherlevel, the commander in chief of the Pacific Fleet advised subordinatecommanders that unclassified messages originated by shore establishmentsconcerning WESTPAC ships often disclosed movements orindicated impending arrival of ships in Western Pacific ports.Generally, commanders reacted to spot monitoring reports andrecommendations in a spirit of cooperation. But, as in the case of Army,NAVSECGRU COMSEC specialists found that not all commandersappreciated the support. Some high-ranking officers resented reportsconcerning their commands' errors appearing in electrical messages withmultiple addresses. The resentment was more pronounced when themonitoring reports called attention over and over to the samemalpractices. Marine and Navy commanders often felt that goodCOMSEC practices alone could not protect their military operations sincethe enemy did not need to intercept U.S. communications to obtainTQP ~~(;R~T m f8RA HOFOlUf

TOP SECRET UlolBR,'HOfOfUq70 WORKING AGAINST THE TIDEKW-26 and KW-37R in Detachment 5 Cryptocenter, USSConstellation, Gulf of Tonkinintelligence on naval and Marine components-the location of anaircraft carrier standing offshore was obvious, and the presence of fighteraircraft in support of ground operations told the enemy where the U.S.forces were. Application of strict COMSEC techniques therefore seemedto have no real purpose.TOP SECRET UMBRAUOfORU

-'-"~"~--~~-,~"'-~--l,\TOP SECRET UMBRA!q0fi0Rrq-CONVENTIONAL COMSEC MONITORING 71KL-47 in Detachment 5 Cryptocenter, USS Constellation, Gulfof TonkinTo develop better rapport with commanders, monitors did not alwaysfollow strictly the basic instructions to report significant COMSECmalpractices electrically and with multiaddresses. The monitorspreferred, instead, to report repetitive errors in weekly newsletters or inwritten monthly reports, which were less offensive.TOP SECRET UMBRAHOf0R!q- -- -- -- ----

TOF SECRET UMBRAfWfORH'72 WORKING AGAINST THE TIDEAir Force Security ServiceOrganizationHeadquarters, AFSS, at Kelly Air Base in Texas, controlled the AirForce COMSEC programs. Its Pacific headquarters, the Pacific SecurityRegion (PACSCTYRGN) at Wheeler Air Base, Hawaii, operated anumber of security wings (SW) in various parts of the Pacific. Of these,the 6922d Security Wing at Clark Air Base, Philippines, together withits several detachments, was the one principally involved in the VietnamWar in the years to 1968.PACSCTYRGN also controlled other resources not administrativelycommitted to a particular operating security wing, including a mobileTRANSEC* team equipped with an HF position (AG-2761), aUHF/VHF position (AG-88711), a radiotelephone position(AG-274), and a COMSEC hut. PACSCTYRGN's Detachment 2 atHickam Air Base, Hawaii, performed second echelon analysis andreporting and had direct operational control over the 6922d'sdetachments in Saigon, and in Korat, Thailand. After November 1967,Detachment 2 moved from Hickam to the PACSCTYRGN headquarterslocation at Wheeler.The Air Force organization for COMSEC monitoring and analysis inSoutheast Asia grew slowly in the early period of U.S. involvement. Aftersome token monitoring of Air Force communications at Tan Son Nhut inSeptember 1962, not much was done until two AFSS COMSECspecialists monitored VHF, UHF, and HF single sidebandcommunications at Bien Hoa in November and December 1964. Theirmonitoring showed that a si nificant amount of intelli ence was beinpassed unprotectedon the type of aircraft operating out of Bien Hoa Air Base;"----:---;-----'and on the command and control system used in operations.*Air Force personnel use TRANSEC in a manner to be more inclusive than thedefinition, "measures designed to protect the intentionally transmitted signal fromintercept and exploitation by means other than cryptanalysis." Air Force use frequentlyequates to the broader term communications security (COMSECY. To avoid confusionin this volume, COMSEC will be used throughout this section except, of course, whereTRANSEC appears in quotes.(b) (1)(b) (3)-P.L. 86-36TOP SECRET UMBRA HOFORH(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP S£ER£T UMBRAUOfOftf.qCONVENTIONAL COMSEC MONITORING 73Before the end of 1964, the Pacific Air Force (PACAF) authorized anadditional COMSEC study, and Detachment 2, PACSCTYRGN,undertook the work. Although at first only a test was scheduled in orderto establish the need for improvements, so flagrant were the manyviolations observed during the test period that Detachment 2 concludedthe 2d Air Division (forerunner of the Seventh Air Force) tacticalcommunications were receiving only marginal security protection. AirForce COMSEC analysts in Hawaii processed the intercepted tapes andalmost immediately broke the PALMER JOHN operational codeproduced by the 2d Air Division and used by it to pass strike coordinates,times over target, aircraft call signs, and so forth. The analysts also notedinsecure transmission of two messages relating to projected air strikes, aswell as the itinerary of a forthcoming field trip by the 2d Air Divisioncommander, Maj. Gen. Joseph H. Moore. As a result of the test,USAFSS recommended the establishment of a permanent COMSECelement in Southeast Asia. As an interim solution, the Air Force approveduse ofa mobile COMSEC H-l van for the area.Detachment 5, 6922d Security Wing As outgrowth of these earlyactions, on 8 April 1965 PACSCTYRGN deployed al kOMSECteam and a mobile H-l van to the Tan Son Nhut Air Base near Saigon.The deployment was on a TDY basis pending a request to General JohnP. McConnell, the Chief of Staff, USAF, for a personnel ceiling increasein South Vietnam permitting ~ ICOMSEC team.Obtaining the ceiling increase, AFSS activated Detachment 5, 6922dSecurity Wing, at Tan Son Nhut in July 1965 to provide close tacticaltransmission secritYIs'.upport to the 2d A.ir Divisio.. n. Initial strength wasone officer and airmen. Equipment approved for the detachmentincluded c=JI-IF positions (AG-2761), one UHF/VHF position(AG-88711), one radiotelephone position (AG-274), and onetranscribe position (AG-4).Completion of a semipermanent facility for the unit enabled thedetachment to expand monitoring to the extent of doubling of telecornmonitoring lines and adding ·.·...mu'. ltichao.·.· ..•....nel .• monit..ring Iequipment.Initially the new building containedDHF (8761) VHF/UHF(887-EII),c=Jtel~phone(AG-275), and Dtranscribe positions(AG-4). One more telephone positioncame\attheend of 1967.Government Note'fG·p :n:Cftf:'f UMBRAUOfORH(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

'fOfi :3ECKE'f UI\>fBKi\HOFORH74 WORKING AGAINST THE TIDEDetachment 7, 6922d Security Wing, Buildings, KaratDetachment 7, 6922d Security Wing In preparation for a visit toSaigon in July 1965 by Secretary of Defense Robert S. McNamara,MACV proposed to ask for an increase in COMSEC resources for allthree Services. For this, the recently activated Detachment 5, 6922dSecurity Wing, supplied the following assessment of additional Air Forcerequirements: "We needOm.... 0... re R/T (radiotelephone) positions andone more HF position pluDmore personnel. To cover South Vietnamadequately at leastDmore TRANSEC units ofDpersonnel, each with 1HF and one R/T position, would-be necessary." The Secretary reactedfavorably.In specific reply to a 1 September 1965 CINCPAC request for Serviceand SCA review of monitoring requirements, the Thirteenth Air Forcerecommended establishing monitors.in Korat, Thailand, using mobilevans. The plan called for a team not toe~(:.eedDmen with equipmentfor monitoring troposcatter, HF, and UHF/VHF communications.TOP SECRET UMBRA NOFORH (b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOP SECRET UMBRAHOFORHCONVENTIONAL COMSEC MONITORING 75iI{I l[=~.Detachment 7, 6922d Security Wing, Positions, Koratf~~Among locations considered-Takhli, Udorn, and Korat-e-Korat wasthe best location for collection of radiotelephone communications. AFSSwould use mobile vans to collect UHF and VHF singals in the immediateareas of Takhli and Udorn.Detachment 7, 6922d Security Wing, began operations at Korat AirBase on 1 April 1966 supporting, through tactical COMSEC monitoring,the Deputy Commander, 7/13 Air Force, * in operations conducted inand from Thailand. On 4 May the unit had only one officer andD"Seruor U.S. Air Force commander in Thailand. The title denotes his administrativeand logistic relationship to Thirteenth Air Force, based in the/Philippines, and hisoperational relationship to the Seventh Air Force, which had headquarters at Tan SonNhut Air Base, South Vietnam.TOP SECRET UMBRAPWFORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'fOP SECRE'f UMBRA NOFORN76 WORKING AGAINST THE TIDEDetachment S Mobile Operations, 1966DatePlace21 Feb-6 Mar Da Nang AB2 Apr-IS Apr Bien Hoa AB1Jun-lOJun Da Nang AB29 Aug-7 Sep Monkey Mt, site of6924th SS17 Nov-26 Nov Monkey Mt. site of6924th SS17 Nov-26 Nov 6924th SS main site17 Nov-26 Nov Da Nang ABCommunications Targetednonractical VHF frequencies of air basenontactical VHF frequencies of air baseUSAF VHF/UHF tactical frequenciesUSAF VHF/UHF frequenciesVHF/UHF frequenciesHF frequenciestelephone exchangeairmen, but by 30 June the number of airmen had increased tGThiswas still below the authorized strength ofone officer andDairmen.By the end of 1967,DAFSS men were monitoring and analyzingcommunications in Vietnam and Thailand. Other Air Force COMSECelements in Japan, on Okinawa, in the Philippines, in Hawaii, and atKelly Air Base helped monitor and analyze SEA communications.AFSS considered its monitoring resources as of 1967 to be basicallyadequate for Southeast Asia requirements. Nevertheless, during much ofthe time personnel and equipment strengths were less than authorized.Many Air Force circuits were not checked, even periodically, during theentire 1964-67 period. The effect of personnel shortages is illustrated bya Detachment 7 report in 1967:One common problem Det wide, and one which adversely affected theoperations, was the untimely replacernent. of personnel. On 21 April 1967,c::::::::Jpersonnel (NCOs and airmen) were relieved of dutyto effect a 24 April1967 poncaI!. Consequently, on 22 April 1967, trick operations were frozen toa two shift concept of 12 hours on, and 12 hours off The 6922 SCTY WGresponded to the situation with TDY assistance from Det4, 6922 SCTY WG,and Det 7 was able to return to a three shift concept on 26 April 1967.Although this assistance lasted for 59 days, losses. continued to exceedreplacements, and additional'

TOP 5BCRBT UMBRAnOFORnCONVENTIONAL COMSEC MONITORING 77OperationsAs in the case of Army and Navy operations, AFSS monitors selectedcircuits that they regarded the most profitable sources of intelligence tothe enemy SIGINT organizations. They gave little attention to on-lineencryption. Detachment 5 and 7 specialists concentrated, instead, on closerangemonitoring of unsecured radio circuits used by ground crews toservice aircraft. These circuits and the communications of unit protocolofficers normally revealed intelligence useful to an enemy.The Seventh Air Force established essential elements of information(EEl's) to guide the monitoring and reporting of the COMSECdetachments. The EEl's called for reports on violations whenevermonitored communications revealed information on prestrikearrangements, logistics, communications disruption (jamming orsaturation of secure circuits), tactical methods, aircraft performance, pilotand unit capabilities, or other sensitive data.Both Detachment 5 and Detachment 7 had mobile monitor teams.Detachment 5's 1966 record of its mobile operations, as reflected in thetable on page 76, was representative.In December 1965 PACSCTYRGN directed the 6988th to provide aCOMSEC monitor for a COMSEC testIIDetachment 2, PACSCTYRGN, in its Aptil1966Ievaluation of the results of this I Imonitoring recommendedcontinual employment of a COMSEC rnonitorj IHeadquarters, AFSS, agreed to the continual operation'] II I \\ • / iii//L...-__...ICOMSEC monitors.......... \\ ..• iii // Icollected plain .language i communicationspassing over VHF/UHF guardand tactical voice channels, whichcarriedinformation on strikes, MIG andSAMalerts,bombdamageassessments,I'fOP SECRE'TUMBRAnOFORn(b) (1)_(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAl'WfORH78 WORKING AGAINST THE TIDEDetachment 5,6922d Security Wing, Analysts at Work, TanSon Nhuttargets, air refueling, and air-to-air coordination. After some experiencewith these communications, the monitors focused on frequencies usedduring air-to-air refueling operations as communications on theseappeared to be continually revealing the general direction of outgoingfighter-bombers.~S.e..p. tember 1966 Detachment 2, PACSCTYRGN, called theL-..JCOMSEC monitorin the rimar source of its" most lucrativefindings."The COMSEC collectionL,-------......~-----------:'brought attention to communications weaknesses concerning /alertsystems, special navigation-techniques, tactics, and command and controlcommunications-all of which were of high interest to enemy SIGINTunits·1 . / / ICOMSEC,providing information on forward area air communications thatTOP SECRET UfdBRA fWfORIq(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403..........,,.,....,_,,...,.-.-.__~-..... ...,.....__-_--(b) (3) -18 USC 7 9 8

"fOF SECRE"f UMBRAHOfORHCONVENTIONAL COMSEC MONITORING 79KW -26 and KY-8 Crvpto-equipment In Seventh Air ForceOperations Area, Tan Son Nhutcontrolled strikes in northern South Vietnam and the demilitarized zone(DMZ) and information on search and rescue communications.When the AFSS began its COMSEC support of the 2d Air Division,the command had asked for reports directly from the monitoringdetachments within 6 to 14 hours of intercept. In 1964 and 1965, AFSSCOMSEC units were not capable of real-time reporting of monitoredCOMSEC weaknesses-reports that would have permitted the Air Forceto change plans when strike operations, target areas, and so'forth hadbeen compromised. However, during those years some elements of the 2dAir Division did not feel that real-time reporting of COMSEC violationswas necessary since they did not believe that operational plans should bealtered on the basis of reported COMSEC violations. In July 1966Detachment 5 listed some 25 monitored events that perhaps should havecaused a change in plans if an immediate reporting system had beenemployed. Minimum required reporting time was then 4 hours, andregular reporting was possible only during normal duty hours. Underthese conditions, reports often were received too late to affect operations."fOF S£ER£"f UbfBRlt~JOfOlUf

80 WORKING AGAINST THE TIDEIn mid-1966 Detachment 5 recommended that the reports ofmonitored activity, both in-country and out-of-country, be reported"immediately" to appropriate tactical commands and that officials beauthorized to alter plans on the basis of these reports. The Air Forceaccepted these recommendations. In February 1967 AFSS accordinglybegan sending"immediate" reports of detected violations to all levels ofAir Force command down to air division. AFSS also began to include thenames of communications violators when they were so requested by thecommand element involved.AFSS employed various types of reports for notifying commands ofCOMSEC breakdown and for the COMSEC units' own use. Perhaps themost basic of the reports going to the commands was the TransmissionSecurity Message Report (TSMR), the vehicle for immediate reporting.Detachment 7 issued 77 of these in 1967 alone. A variation of theTSMR, the Prestrike Report, came into use for situations in whichinformation on a forthcoming air strike had been divulged 1 hour and 45minutes or more before the strike. When voice ciphony circuits wereavailable, AFSS units used them in communicating the COMSECmessage to the military command concerned. Such reporting made itpossible to change plans and thus offset possible enemy action predicatedon the compromised information. Once a month, AFSS units forwarded aTSMR recap electrically to commanders and senior AFSS echelons,noting any actions taken by Air Force operational commands as a resultof the monitors' reports.Another report going to Air Force operational commands was theTransmission Security Monthly Summary (TSMS), a report giving thestate of COMSEC, noting infractions of procedures by specified elements.In addition to its wide dissemination to Air Force operating elements, thisreport went to PACSCTYRGN, which also used it in dealing withcommand personnel.While these various reports were for use primarily by operationalpersonnel, another category of reports had the objective of aiding themonitoring effort itself. This category included a Daily Activity Summary(DASUM), a report forwarded electrically to PACSCTYRGN. For moreimmediate reporting, a TRANSEC Item of Interest (TIOI) went fromdetachment elements to higher authority when an observed practiceTOP gr:CRr:T U:MBRAPWFORH.wrrrr

CONVENTIONAL COMSEC MONITORINGTOP SECRET UMBRAf40fORf481Seventh Air Force Classification of InformationPlanned or Completed Missions (In-Country) Classified DeclassifySorties scheduled Yes after strikeTarget coordination Yes 1 hour priorTarget description Yes 1 hour priorTime over target Yes 1 hour priorNumber ofaircraft in flight Yes 1 hour priorType of mission Yes after strikeSpecial type missions Yes indefiniteOrdnance being carried Yes 1 hour priorRequest for strikes Yes 1 hour priorRequest for reconnaissance Yes 1 hour priorStrike resultsNoReconnaissance results Yes indefiniteappeared dangerous but not sufficiently alarming to warrant notification ofoperating forces. Similar to the TIOI was the TRANSEC InterimSummary (TSIS), which provided higher headquarters with apreliminary evaluation of a particular observed communication practice.TRANSEC Analysis Notes (TAN's) also documented COMSEC findingsuseful for those working within the COMSEC speciality.Although PACAF and subordinate organizations down to divisionlevel had authority to determine whether a monitored transmission wasor was not a security violation, the lack of guidelines for monitors causedmany problems. Issued EEl's should have helped resolve this problem,but they could not do so completely. The Seventh Air Force guides to theproper classification of information show the complexity of decisionmaking in this regard. (See table above.) Obviously, a one-hour-priorto-strikecriterion was arbitrary rather than truly denotative ofoperational sensitivity. Since most strike requests were made within theone-hour period, the classification guide for the most part permitted suchinformation to be sent as unclassified.TOP SECRET UftfBRAHOfORH

TOP SECRET UMBRAfq-OPOltfq-82WORKING AGAINST THE TIDEAgainst the TideAFSS monitors acquired sensitive information on a number of actionsand very often operational commanders were able to take correctivemeasures on the basis of monitoring reports. One subject of especialconcern was VIP movements. When President Lyndon B.Johnson in thefall of 1966 went to the Pacific and made an unannounced visit toSoutheast Asia, Air Force monitoring uncovered many indications thathis movements were being passed in unprotected communications.Reports containing this evidence went to General McConnell, USAFChief of Staff, who ordered the passing of such information only oversecured lines.At other times monitors reported vital operational informationrevealed in Air Force communications. Through monitoring andanalysis, Detachment 5 reconstructed the entire geographic grid systembeing used for area target identification along with the code namesassigned to identify the grid blocks. The code names were not changeduntil all targets in a particular geographical area had been hit-often amatter of months. Since MACV and operations personnel used the codenames in unsecured communications as much as a month before actual airstrikes, enemy foreknowledge was obviously possible. In each strike theMACV air operations personnel, using unsecured communications, calledthe SAC liaison officer in Saigon about 36 hours before a strike and inapproximately one-third of the conversations used the target code name.The top RVN command used unsecured communications when callingthe U.S. and Allied field forces to alert them to forthcoming RVN airstrikes and also included target identifications through use of the codename approximately one-third of the time. Detachment 5's report toMACV and SAC in September 1966 outlined the dangers of using codenames in this fashion.From mid-1966 through January 1967, monitored U.S. communicationsdisclosed U.S. involvement in the Thai counterinsurgencyoperations (COIN). Unsecured communications disclosed the types ofU.S. aircraft involved and an increased participation. At the time therewas no public acknowledgment that U.S. forces were engaged in COINoperations in Thailand.TOP SECRET UldBRAHOfORH

~..TOP SECRET UMBRAHOFORHCONVENTIONAL COMSEC MONITORING 83In the spring of 1967, AFSS monitored VHFjUHF unsecuredcommunications at the Nakhon Phanom Air Base in Thailand and foundfrequent references to TACAN azimuth and range positioning, thusdisclosing the orbits and operational areas of flareships, FACs, and strikeand other aircraft. Unsecured HF communications contained informationrevealing details on special force and air commando componentsoperating within Laos-including air strike activity in support of LaotianGovernment troops. Six specific recommendations for COMSECimprovement were forwarded with the report of findings.In the fall of 1967, AFSS teams prepared eleven separate reportssetting forth evidence of the misuse or possible compromise of KAC-J, adigital authentication code used for encrypting coordinates and othernumerals in direct support operations. AFSS headquarters sent three ofthese reports to General McConnell to support the need for a replacementcode. In March 1968, General John D. Ryan, the commander in chiefofPACAF also expressed his concern over the situation to Seventh Air Forceand others:TRANSEC message reports (TSMRS) submitted by Det 5, 6922 SW, duringJan and Feb 68 indicate KAC-J code being compromised when encodedcoordinates passed in air strike are later given in plain text in BOA report.PACSCTYRGN cryptanalysts confirm that KAC-J code can be recoveredbecause of this ops procedure. Further, complete compromise occurs whenpreviously encrypted coordinates and TOTS are confirmed by FAC in the clearjust prior to air strike to eliminate possibility of errors in target locations. *In November 1967, following a Detachment 7 semiannual briefing atKorat Air Base, monitors studied two 388th Tactical Fighter Wingtelephone circuits. The monitors were able to recover a substantial part ofthe daily F-I05 and support aircraft status reports and a fair amount ofthe sorties-flown portion ofthe reports.While the list of examples is extensive, there were extenuatingcircumstances. Lack of sufficient cryptosecurity equipment to encryptvoice communications during the years 1964-67 made impossible the*CINCPACAF Msg to 7th Air Force and others, sub: 7AF FAC Code, DTG 2102432Mar 68, SECRET.TOP SECRET UMBRAHOFORH

84 WORKING AGAINST THE TIDEsecuring by crypto-equiprnent of every voice link over which sensitiveinformation was being passed. Corrective action for voice communicationstended to be in the nature of advising the operators as towhat should and what should not be transmitted in the clear, ofsuggesting alternate means of communications that would be secure, andof assuring that appropriate manual cryptosysterns were available andprocedures for their use were understood. As of September 1967, 1,733voice channels were in use in the all- Service Southeast Asia WidebandSystem (SEAWBS). This system, with a 2,775·voice·channel capabilityconsisted of the Vietnam BACK PORCH and the Thailand "PhilcoTrope" systems. At least 660 channels of the system were clearlyvulnerable to intercept from fixed SIGINT sites within North Vietnam.General McConnell and commanders at lower levels often took strongaction to reduce COMSEC violations. In September 1965 GeneralMcConnell approved the releasing of the names of COMSEC violators totheir commands (down to the division level), a new procedure thathelped to curb violations. At a lower command level, the Seventh AirForce in 1966 established a TRANSEC Review Board, which maderegular use of monitor reports to improve various aspects of COMSEC.Despite these and other Air Force actions, there were far too manyinstances where the Vietnamese Communists temporarily evacuated theirpersonnel from a target area just before aircraft arrived over the target.Not all of these evacuations were directly attributable to a lack ofCOMSEC, but enough instances came to light during monitoring andanalysis of Air Force communications to suggest that poor COMSEC wasa major factor.TOP SECRET UMBRAPWFORN

SOUTH EAST ASIAPart TwoTHIS DOCUMENT CONTAINS CODEWORD MATERIAL

I OP ~F:CI{l~'} U?HBRA NOFORNCRYPTOLOGIC HISTORY SERIES·SOUTHEAST ASIAWorking Against the Tide(COlVlSEC Monitoring and Analysis)PART TWOTOP SECRET UMBRA NOFORN

Of SEeKEr UMBKArq;OfOKf..SECURITY NOTICEAlthough the information contained in this journal ranges in securityclassification from UNCLASSIFIED to TOP SECRET CODEWORD,the overall security classification assigned to this issue is TOP SECRETUMBRA. The "No Foreign Nations" (NOFORN) caveat has beenadded to guard against inadvertent disclosure of portions of the textwhich discuss topics normally held to NOFORN channels.While the TSCW NOFORN classification by itself requires carefulhandling, additional caution should be exercised with regard to thepresent journal and others in the series because of the comprehensivetreatment and broad range of the subject matter.rOf SECREr UMBRANOFORN

TOP SECRET UMBRA~JOFORpqTOP SECRET UMBRA~lOF9R~1

TOP SfERfT UMBRAPWFORtfCHAPTER IIICOMSEC SurveillanceThe ConceptIn the mid-1960's, COMSEC specialists began to encourage a newapproach to the problem of insecure communications, one in which therules of the game in monitoring were considerably altered. The newapproach, termed surveillance, called for the inclusion of COMSECsafeguards in planning military operations, thus averting, except foroperator error or other unforeseen circumstances, most securitymalpractices. COMSEC analysts worked with the communicationsplanners and others fully knowledgeable in operations. Most important,they had access to information that would assist them. As normallypracticed under conventional monitoring procedures, monitors andanalysts worked in relative isolation from operational planners and hadlittle access to information about frequencies, call signs, and schedulesemployed by U.S. units unless it had been acquired from previousmonitoring.Initiated in art as a result of a visit by NSA COMSEC specialist Mr.86-36 to CINCPAC in the summer of 1965 and outlined in anIb) (3) -P.L.NSA letter of 23 December 1965 to the three Services, COMSECsurveillance had as its immediate objective the correction of communicationsmalpractices in the Pacific war area, with world-wide applicationas its longer range goal. In December 1965 Admiral Sharp, CINCPAC,issued to his commanders a directive on surveillance that outlined the roleof the COMSEC surveillance specialist.Coordinate with commanders' staffs to determine what traffic must flowduring planning and implementation phases;Amalgamate information derived with that available through previousCOMSEC monitoring and analysis;Determine the participating communications facilities and the relativespeed and security of all communications involved;TOP g~CRBT UMBRA nOrORP,

TOP SECRET UMBRArqOfiOlt!q88 WORKING AGAINST THE TIDEPrepare recommendations for handling operational traffic (e.g., communicationsprocedures and use of cryptornaterials):Conduct selective monitoring during the operation to test the effectivenessof previous actions;Advise participants of results with recommendations for change.*As the first NSA COMSEC representative to be permanently stationedin the Pacific and serving as a member of the Headquarters, NSA Pacific(NSAPAC) staff, I (b) (3)-P.L. 86-36 I helped introduce andpromote COMSEC surveillance. Changing over to the new approach was,however, a slow process, in part because of the shortage of qualifiedCOMSEC specialists. Most of the COMSEC monitors in Southeast Asia,in fact, were still using the traditional approach at the end of 1967.While improvement of COMSEC was the goal of both conventionalmonitoring and surveillance, the new approach was more preventative,and conventional monitoring more curative. Under the new concept,COMSEC units de-emphasized broad monitoring coverage andintensified selective monitoring to achieve specific goals. COMSECpersonnel served more frequently as advisors and preplanners. By the endof 1967, SCA's began to identify some COMSEC personnel assurveillance specialists, distinguishing them from others working strictlyas monitors and analysts. In conventional monitoring the COMSECanalyst, working in isolation from the communications operator, oftenhad an "electronic spy" or policeman's image. As a surveillance specialist,he became a member of the team who helped prevent and overcomecommunications security problems. The COMSEC surveillance conceptreached its best application to that date in the PURPLE DRAGONoperational security survey of 1966-67.** The cutting edge of COMSECsurveillance was that it represented command recognition of theimportance of COMSEC and, in so doing, facilitated change inprocedures when COMSEC considerations demanded them.In the years to 1968 the SCA's, NSA, and the military commandsundertook six major COMSEC monitoring or surveillance operations toattain specific objectives. One dealt with Army communications in·CINCPAC 040354Z Dec 65.• •Seepp. 128-38.TOP SECRET UPdBRliP'lOFOlUJ

"Of SfC:Kf'T UMB:KAHOfORHCOMSEC SURVEILLANCE 89•I,·f..Close Cooperation Between ASA COMSEC Personnel andInfantrymenVietnam, two concerned Navy communications in the offshore watersand riverways of South Vietnam, and three examined the communicationsof all three Services.The six studies, here presented in rough chronological order, show tosome degree the increasing trend toward the use of COMSECsurveillance as opposed to conventional monitoring, although it is notalways possible to distinguish one from the other. The Guam study, thesecond in the series, was a Navy-Air Force-NSA operation employing theNIGHTSTICK concept-inspecting all communications in a given areasimultaneously for over-all COMSEC evaluation. This represented, ofcourse, a departure from the isolated, single-Service study normal inconventional monitoring. Although CINCPAC and NSA weredeveloping the surveillance concept during these years, the key element ofprecommunications COMSEC planning was largely absent from theGuam study and from the SILVER BAYONET, MARKET TIME, and'TOP SECRET UMBRA~JOFmUJ

TOF SECRET UZdBRAfq-OfORH90 WORKING AGAINST THE TIDEGAME WARDEN studies undertaken in 1965 and the first part of1966.For the mid-1966 ARC LIGHT study, Admiral Sharp, CINCPAC,'specifically requested the application of the surveillance concept, and atthe end of that study expressed his dissatisfaction with the methods as'applied. In CINCPACs PURPLE DRAGON operation, the Servicessuccessfully employed the surveillance concept, involving the COMSECspecialists in the preplanning stages of the operation and giving themaccess to all necessary information. PURPLE DRAGON demonstratedfully the merit of the surveillance concept.SILVER BAYONETThe first special COMSEC study involved the Army's SILVERBAYONET operation of late 1965. In the fall of that year the NorthVietnamese 325th Division entered South Vietnam and attacked theU.S. Special Forces Camp at Plei Me on 19-20 October. The 1st CavalryDivision, launching a relief and pursuit operation called SILVERBA YONET against two regiments of the 325th Division, engaged theenemy in the Ia Drang river valley near the Chu Pong Massif, very closeto the Cambodian border. As the engagement developed, the NorthVietnamese Army forces turned out to be larger than anticipated and, incontrast to the Viet Congs normal casual attire, were wearing militaryuniforms. The enemy fought tenaciously and, in contrast to most VietCong actions, held its ground. Between 16 and 24 November, theNorth Vietnamese forces introduced a third regiment and succeeded indrawing a task force from the 1st Cavalry Division's 3d Brigade into ahammer-and-anvil ambush. U.S. losses were heavy. Were it not for U.S.air support, including tactical employment of B-52 aircraft from Guam,and for the 1st Cavalry'S air mobility, the outcome might well have beena U.S. disaster. The majority of. the U.S. losses during the operation-326killed and 602 wounded in action-s-were inflicted in the2-day period of the ambush. Postoperations studies showed that theNorth Vietnamese were prepared for the battle with supply dumps, ahospital, and a rest, recuperation, and replacement camp just across theborder in Cambodia.TOP 8BCRET UMBRAnOFORn

TOP SECRET UltfBR1"NOFORHCOMSEC SURVEILLANCE 91During SILVER BAYONET the 371st ASA Company and additionalASA COMSEC units gave the l sr Cavalry Division limited monitoringsupport, but the 371 st was unable to deploy its COMSEC personnel and.equipment with the division when it originally moved out because thecompany could not get air transportation. On 23 November, whenSILVER BAYONET was almost over, one COMSEC position diddeploy to the forward Division Tactical Operations Center (DTOC) atPleiku, where it monitored 18 to 24 hours a day for two days. Theposition then moved back as the DTOC returned to its base camp at AnKhe in Binh Dinh Province. Thus the volume of traffic from close-inmonitoring was small in comparison with the material actually sent. Inaddition to the two days at the divisional center, for the entire period ofthe engagement other COMSEC personnel monitored the division'sradiotelephone communications from the base camp at An Khe, fromwhich the ASA specialists could hear only one side of the conversationbecause of the two-channel send-receive techniques the divisionemployed.For its communications, the 1st Cavalry Division had the on-lineKW-7 with AN/MRC-95 radios to secure teletype communicationsbetween battalion, brigade, and division tactical operations centers. OfflineKL-7 equipment" was at the division and lower echelons down tocompany. The division had AN/VRC-47 and AN/PRC-25 radios forradiotelephone communications. On these, all traffic went out in plaintext unless encrypted in the manual systems available. The division didmake some use of an operations code, a numerical code, a map coordinatecode, and an authentication system of KAG-24.Monitoring of 1st Cavalry Division communications showed that thedivision did not make full use of the cryptomaterials it had at hand, nordid it exercise discretion in what it sent out in clear language. Althoughthe division had secure KL-7 equipment, records show that thecavalrymen did not use it during this period, nor did they use manualsystems to good effect. Commenting on SILVER BAYONET, one ASAofficer unofficially stated that he did not think any codes were used after"The KL-7 equipment provides much faster encryption and decryption of normal textthan do manual codes. Normally, if a communicator were going to encrypt at all, hewould select the KL-7 rather than a manual code.TOP SECRET U:MBRlt~mfOR~I

TOP SECRET UMBRAHOfORHWORKING AGAINST THE TIDEKL-7 Off-line Cryptographic Equipment (center), which Cavalrymendid not use in SILVER BAYONET.the first shot was fired. * ASA noted in a later official assessment,however, that the KW-7 on-line equipment was used to full advantage.But, even here, study of the KW-7 traffic for the period did not revealthe significant traffic volume peaks to be expected in an operation of thescope of SILVER BAYaNEy. Thus some question arises as to whetheror not the on-line equipment was used to maximum advantage.Since KL-7's were not used for intrabattalion and lower echeloncommunications, these had to be encrypted by manual systems, many ofwhich were cryptographically insecure, being of local construction andnot authorized by ASA or NSA.*Maj. Gen. John R. Deane, Jr., who held command positions in South Vietnam in1966 and 1967, made the following related statement on the use of manual systems:"We made use of the codes and COMSEC equipment available to encode operationalmessages, plans and preparation in advance of forthcoming operations, although, once inaction, we used voice radio largely without formal codes to gain reaction time. We usedconvenience codes and coded location references, but generally, the use of the KACpencil-and-paper OPCODES took too long for tactical requirements."TOP SECRET UMBRANOFORN

TOP SECRET UMBRA140fiORI4COMSEC SURVEILLANCE 93A 10 1st Security Detachment COMSEC study of communicationsmonitored just before, during, and just after SILVER BAYONET gave alarge number of instances in which sensitive information passed in the.dear and in which other insecure practices abounded. The study analyzedSIL VER BAYONET communications for three periods. During the firstperiod, 1-23 October, ASA units monitored 10,902 transmissions inthree types of communication: radiotelephone, radioteletype, and CWoThese revealed a high rate of disclosures of classified information such asU.S. identifications of enemy locations, frequency allocations, plans,t>perations, logistical information, and classified equipment capabilities.Communicators did not use authentication even though such systemswere available. There were many incidents, for example, of operatorsaccepting plain language cancellations of spot reports and of establishinginitial communications contact without offering or presenting a challengefor station or message authentication. l st Cavalry Division units did notchange frequencies and call words, and communicators at all echelonsappeared to have little knowledge of which types of information wouldaid the enemy.During the second period, 24 October-20 November, the ASAspecialists monitored 28,023 radiotelephone transmissions and observedagain many disclosures of classified information, including troopmovements and friendly locations, compromises of call words andfrequencies, and failure to use prescribed authentication procedures. Inone very serious case, a U.S. operator was requested to transmit thelocations of all his units and to make contact with his South Vietnamesecounterpart and ask him to do the same. The exact location of thatcommand and three subordinate units went out in an unauthorized,insecure map coordinate code commonly used throughout the division.The operator had given the requested information without a challengefor authentication. Within 20 minutes the ASA COMSEC element,without the use of collateral information, deciphered the coordinates. Ingeneral, the COMSEC weaknesses in the second period of monitoringwere much the same as those of the first period. COMSEC reports for thefirst period had no significant effect on communications practices.In the third period of monitoring, 21 November-20 December, ASAunits collected 35,000 radiotelephone transmissions. Analysis of theseshowed only a marginal improvement, though the division units were no

'TOP Sr:CRr:'T UMBRAHOfORH94 WORKING AGAINST THE TIDElonger in heavy combat. Authentication was used more frequently, andcommunicators and commanders appeared to be more aware of the needfor COMSEC but, as in the first two periods, classified information on .friendly locations, plans, and operations still appeared in unsecuredcommunications. During this period it was pointed out to the divisionthat there were insufficient callword assignments to the division's radiostations, which resulted in the compromise or linking of the call words,nets, and frequencies in use. Also during the period, an unauthorizedoperations code appeared, as did an unauthorized version of a mapcoordinate code. As an interim corrective measure, ASA advised thedivision to use KAG-21 codes for map coordinates until such time as theKAC-j, an NSA-produced code for encrypting numerals and forauthentication, became available to the division.The Ia Drang battle received wide attention in the U.S. press. Withinthe cryptologic community-at ASA's Washington headquartersespecially-SILVER BAYONET brought about a searching review ofthe status of COMSEC in Army tactical units. Generally, COMSECanalysts recognized that deficiencies observed in SIL VER BAYONETwere not unique to the 1st Cavalry Division but were, with variations,prevalent throughout Army tactical units.SILVER BAYONET dramatically underscored the dangers inherentin unsecured voice communications and the already recognized need forgetting the KY-8 ciphony equipment distributed. SILVER BAYONETmonitoring undoubtedly contributed to the JCS decision that all availableKY -8 equipment would be sent to Vietnam.In addition to those improvements in 1st Cavalry Divisioncommunications noted, actions were taken some weeks later to achievelong-range improvement. On 31 December ASA reviewed thecryptoholdings of the 1st Cavalry Division to determine if any shortage ofcrypto-equipment or keying material existed. ASA did not find anyshortages for the period of SILVER BAYONET itself, except that oneKW- 7 was not operational. The division held 90 KW-7'sand 31KL-7' s. By March 1966 ASA Headquarters was able to report to NSAthat the division no longer used the "very insecure alphabetical gridreference code." ASA also reported that the division was using'TOP Sr:CRr:'T UMBRAfWfORfq-

'fOil :5ECRE'f UMBRAnOrORnCOMSEC SURVEILLANCE 95authentication more frequently, although still not to the extent desired.About the same time, ASA began producing, in coordination with the l stCavalry Division, a new numeral and authentication system combiningSystem 3 of KAC-24 and System VIII of KAC-21. The 1st CavalryDivision put the new system, KAC-Q, into use after NSA approved it.ASA also sent the division a number of authorized codes. These included400 copies of the KAC-F segmented tactical operations code (96 editionsof the code shipped on 12 January 1966 and later shipsments made toallow an 8-month supply) and 1,000 copies of the KAC-J seriescombination numerical code and authentication system (shipped for thedivision requirements on 6 December 1965 with a total of 32 editionsper month, allowing for daily supersession). ASA also sent a total of 36KY-8 ciphony sets (for arrival by 15 January 1966). ASA recognized arequirement from the division for a total of 82 ciphony sets. Beingassigned priority, the 1st Cavalry Division was the first tactical commandin South Vietnam to receive these. On 3 March 1966, the ASAHeadquarters SIGSEC Division, in a briefing to NSA COMSECpersonnel on the status of Army tactical COMSEC in Vietnam, reviewedmany of the corrective steps taken, centering attention on the 1st CavalryDivision and SILVER BAYONET. Documenting its facts withmonitored findings, the SIGSEC Division ended with the statement thatthe COMSEC status of U.S. Army units in Vietnam was "pitifully poor."Thus, the monitoring and analysis during SILVER BAYONETrevealed many deficiencies. The analytic findings were a significant,praiseworthy achievement but, for those acquainted with then prevailingArmy communications practices, the findings should not have beensurprising. Nevertheless, partially as a result of timing and the U.S.reaction to this major engagement, the monitored results were very usefulat the tactical level and at all echelons of the cryptologic community.Within COMSEC circles, the Army's COMSEC practices received widepublicity. Although major improvement in the reduction of insecuritieswas to await arrival of KY-8 equipment, SILVER BAYONET arouseda general feeling in those controlling U.S. COMSEC that something mustbe done. It was obvious to the COMSEC community that poor U.S.COMSEC practices were one of the causes for the enemy success at IaDrang.TOP SBERBT UMBRAnOrORPq

TOF :5fKRnT UMBRA96fqOFORHWORKING AGAINST THE TIDEGuamIn the fall of 1965 and in early 1966, the Navy and Air Force.undertook a major COMSEC study of communications being passed bymilitary installations on the island of Guam in the Mariana Islands. NSAhelped the Navy and Air Force in that part of the study dealing withcompromising emanations (TEMPEST). In all, more thanD=OMSECtrainedpeople participated. The objective was to discover communicationsdeficiencies that might be the cause of enemy. foreknowledgeof SAC B-52 strikes in Vietnam and then to make appropriatechanges in communications practices. A more narrow objective wasthe determination of what intelligence, other than that from visualobservation, might be available to the Soviet SIGINT trawlerson regular patrol just beyond the 3-mile limit off of Apra, the majorharbor of Guam. The Soviet SIGINT vessel lzmeritel, or another trawler,had been on station continuously in these waters since late November1964. During much of this period the USS Proteus, a nuclear submarinetender, was in the harbor and may have been of interest to the Russians.Guam served as a key communications center for much of the Navy'soperations in Southeast Asia and during the early years of the war wasthe only staging area for SAC B-52 bombing flights over Vietnam. Theisland's small size made it relatively easy to study the totalcommunications environment. In contrast to several previous COMSECsurveys concentrating only on monitoring and analysis of plaintextcommunications, analysts during this study also. inspected encryptedcommunications in order to evaluate the total communications withregard to space radiation, conduction of intelligence-bearing signals onpower and signal lines, and the unintended coupling of signals throughinadequate attention to Red/Black criteria.* The analysts did not testthrough cryptanalysis the security of encrypted traffic.AFSS, NAVSECGRU, and NSA participants in the study coordinatedtheir work. In keeping with the requirement to study all military-relatedcommunications on Guam, an AFSS mobile detachment examined Armyelements there, especially those of the 515th Army Ordnance Company*Red/Black criteria designate types of equiprnentv . systems, and areas suitablefor processing ofclassified information (Red) and not suitable (Black).TOP SECRET UfffBRA HOFORH (b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

'TOil SnCltE'T UMBRAHOI'ORHCOMSEC SURVEILLANCE 97Soviet Trawler lzmeritel Off Apra, Guam, 1966and the Strategic Communications ionospheric scatter facilities. In itsreview of Army communications, the AFSS detachment noted that 15channels of the ionospheric scatter facility were passing traffic inencrypted form and one, carrying unclassified NASA traffic, was in cleartext. These and other Army communications, the major part of whichpassed over Navy channels, appeared satisfactory. Primary focus ofthe study would be on Navy and Air Force communications.Naval CommunicationsCoordinating with the AFSS mobile detachment on Guam, the Navy'sCOMSEC component on Guam, COMSEC 701, conducted a 6-weeksurvey (l November-lO December 1965) ofinternal and external Guamcircuits. COMSEC 701 assigned thirty men to the survey, some of whomcame from other Navy COMSEC units.In monitoring Navy unclassified communications, COMSEC 701employed three COMSEC single sideband positions and one VHF/UHF'TOr SECRE'T UMBRAHOFORH

"OF gECRE" UMBRANOFORH98 WORKING AGAINST THE TIDEpositron. In addition, COMSEC 701 installed four audio and four DClines connecting COMSEC spaces with the Naval CommunicationsStation Guam Circuit Control in order to monitor uncovered microwaveand landline links. In all, the COMSEC unit sampled 42 uncoveredcircuits, 30 of which had off-island terminals. Of the latter, about adozen were ships and aircraft. *The monitoring team found that landline and microwave circuitsyielded budget figures for specific projects, cargo and movement detailsfor various ships, relationships between aircraft squadrons and carriers towhich they were assigned, disposition and posture of tactical combataircraft, and information on special airborne missions in Vietnam.References to ship-to-shore frequencies and antenna bearings, theCOMSEC unit found, were passing in the clear over order wires.Although the study called for broad monitoring coverage,radioteletype equipment was in too short supply to cover all links. Tocompensate, NAVSECGRU requested copies of teletype monitor logs.Accurate monitor rolls were often difficult to obtain, since they wereoften edited by communications personnel before they were given to theCOMSEC unit. COMSEC monitoring gets its best results, of course,when communicators are unaware of the monitoring.The COMSEC unit found only a few unauthorized communicationspractices that truly weakened transmission security. It discovered severalunnecessary transmissions that could have aided enemy traffic analysisand identified the circuits carrying those transmissions. It also turned upmany errors in the classification of messages.To improve COMSEC, the NAVSECGRU COMSEC unitrecommended that commands located close to the naval CommunicationsCenter make more use of couriers instead of depending on uncoveredcommunications; that general use be made of air mail letters rather thanelectrical communications when practical; and that order wires becovered when appropriate cryptographic equipment became available.The COMSEC team observed that alternate covered routes for sensitivetraffic were not then available. The only practical countermeasure againstpossible clandestine wire tapping and unauthorized microwavemonitoring appeared to be the securing of all circuits."See chart. page ')9. for pertinent links in the Guam communications complex.TOP SECRET UMBRANOFORN

TOP SECRET UMBRAHOfORP,COMSEC SURVEILLANCE 99Communications Circuits Monitored in the Guam COMSECSurveyCOMSEC 701 also reported in its recommendations that physicalsecurity on Guam lacked proper emphasis. Sensitive naval communicationsactivities needed fences, lights, acoustic conduit seals, positivesecondary disconnect devices for telephones, and tighter control overpublic works maintenance personnel. All telephone lines on Guampassed through the Island Central Telephone Exchange, to whichuncleared local and foreign repairmen and operators had access. Amalpractice mentioned in connection with physical security was theoccasional insecure disposal of unclassified and EFTO messages in aDempster Dumpster along with unclassified trash.In summary, while many physical and communication securityweaknesses identified in the Navy's survey had been previously known,COMSEC reindocrrination of personnel was desirable. As a result of thesurvey, COMSEC 701 was to make periodic sample surveys on a smallscale to maintain vigilance over Navy circuits.TOP SECRET UMBRAHOfORH

TOF SECRET UldBRAHOFORH100 WORKING AGAINST THE TIDEAir Force CommunicationsAFSS directed the Air Force Special Communications Center (AFSCC)to monitor and analyze the transmissions of SACs 3d Air Division,Andersen Air Force Base, Guam, beginning on 30 October 1965.AFSCCs equipment capability permitted only two VHF, three UHF, andsix telephone links to be monitored at anyone time. During themonitoring, which lasted through 30 November, the specialists alsocovered two common user and fourteen dedicated telephone circuits. Alltogether, the AFSCC unit examined VHF/UHF radio usage of fourteenAir Force elements.TOP SECRET UMBRAHOfOORfq

COMSEC SURVEILLANCE'fOP SECRE'f UMBRAHOfOftHWIAntenna Field at the Naval Radio Station, BarrigadaThe monitors uncovered a large number of COMSEC malpracticesand forwarded 25 transmission security message reports. A summaryreport stated that the operation had disclosed "considerable informationon the tactics and procedures employed by the ARC LIGHT B-52Bomber Force as well as the planning and operational support necessaryfor the conduct of the bombing raids on selected targets in RVN."The monitors gained a clear picture of launch times for B-52 strikesfrom (1) traffic analysis of a prestrike encrypted MACV transmission ofa TOP SECRET (FLASH) message to the Strategic Air Command(SAC), CINCPAC, JCS, 3d Air Division, and possibly the Joint StrategicTarget Planning Staff; (2) voluminous cleartext transmissions by aircraftand munitions maintenance personnel on VHF radio nets approximatelyan hour before launch time, including identification of launch aircraft bytail numbers with statements such as "a goer must be ready by 0900";(3) cleartext communications of a 4242d Strategic Wing plane toAndersen Air Force Base, Kadena Air Base, and Saigon during a weatherscouting mission of the SAC air refueling area some 20 hours beforeTOP 8ECltET UMBRAHOfORH

102 WORKING AGAINST THE TIDEbombers were due over target; and (4) cleartext transmissions on radiocircuits just before mission launch informing aircraft coming intoAndersen AFB that the base would be closed for approximately 45minutes for" high priority" traffic.The monitors also turned up other sensitive information such as theStrategic Air Command's consideration of a proposal to permit ARCLIGHT B-52's to perform low-altitude optical bombing and the specificidentification of equipment to be installed to make this possible, as well asSACs plans to introduce a B-52D aircraft into the ARC LIGHTprogram so as to increase the internal bomb load capacity.There were few instances where a sensitive item of information cameonly from one conversation. More frequently, disclosure of a particularitem resulted from numerous attempts to talk around classifiedinformation over unsecured communications channels. This practice.prevailed in long-haul communications such as those from Guam toOkinawa, Hawaii, and SAC headquarters in Nebraska as well as in onbasechannels.Even before the AFSCC survey was completed the Air Force, on 10November 1965, began to use new procedures on the munitionsmaintenance net to eliminate from radio communications the use ofaircraft tail numbers, the upload start and completion times, and personalnames. Later tests showed the procedures were effective in eliminatingthis information, which had allowed continuity on the B-52 uploadoperations, as well as specifying the aircraft to participate in the missions.Similar changes in procedures were recommended for the aircraft maintenancenetwork.The Air Force had other COMSEC recommendations to consider aswell: (l) making secure voice communications facilities available to allechelons to the maximum; (2) providing on-base approved circuits forcoordinating classified activities when voice security equipment was notavailable; (3) using secure teletype (classified or unclassified EFTO)messages when possible in lieu of voice communications; and (4)establishing procedures for the use of operational codes to pass recurringreports (weather, aircraft departures, and so forth) for which securecommunications were not available.TOP SECRET UMBRAPfOFORH

TOP SECRET UMBRAPfOFORUCOMSEC SURVEILLANCE 103In summary, the Air Force had found a number of insecurecommunications practices that made vital intelligence available to theenemy. While the Air Force was unable to correct all the deficiencies thatwere brought to light, it did correct many of them. In one of thoseextremely rare occurrences, the enemy confirmed the effectiveness of atleast one of the COMSEC corrective actions taken as a result of thesurvey. Immediately after being informed of the vulnerability of theweather report from the SAC weather scout aircraft, SAC directed thatsuch transmissions cease and that the weather reports be filed in securecommunications channels after the aircraft returned from its mission.Some time later, a defector from one of the Soviet SIGINT trawlersreported that one of the most reliable advance indicators of B-52 strikeshad been the SAC weather scout reports; he added that these reports haddisappeared in November 1965 and, after that, such extensive priorknowledge of the B-52 strikes had not been available to the Russians.NSA TEMPEST TestsAt the request of the Chief of Naval Operations and the Chief of Staffof the U.S. Air Force, an NSA team conducted several phases of an onsiteTEMPEST test between 30 January and 18 February 1966. (Navyand Air Force units participated in other phases of the survey.) The NSAteam was to monitor selected microwave circuits and HF circuits andtest their vulnerability, with particular emphasis on cipher-signalanomalies susceptible to exploitation. Defined as electrical irregularitiesduring encryption of signals that result from modulation, coupling, orother cause, the anomalies might permit an alert enemy to recover plainlanguage or other data useful to him.The NSA team worked aboard the USS Charles Berry in an S-44-typeshelter containing equipment for monitoring, recording, demodulating,demultiplexing, and analyzing signals in the MF-SHF range (500KHz-I0 GHz). While maintaining a watch over communications in theVHF/UHF range, the team also concentrated for four days onmicrowave links. The Charles Berry was stationed near the SovietSIG INT trawler off Apra harbor for part of the test and then worked itsway around the island for four days, staying three miles offshore.TOP SECRKf' UMBRAfmt

TOP SECRET UMBRAPifOFORN104 WORKING AGAINST THE TIDEDuring this time, the NSA team obtained over 77 ,000 feet of magnetictape recordings.*While in the vicinity of the trawler, the team heard no microwavesignals. Off the north end of the island, however, it was able to hearthree links when the ship's roll brought the team's antennas into directline with the transmitters. Under laboratory conditions, NSA laterevaluated HF communications intercepted by a NAVSECGRU team alsoon board the ship and found that no signals could be definitely identifiedas compromising cipher-signal anomalies. While making the shipboardsurvey, the NSA team noted that Air Force ground maintenance crews ofAndersen Air Force Base could be heard from any point around theisland. The communications were in plain language, and the NSAanalysts could thus predict B-52 mission launchings"at least two hoursprior to take-off."In addition to the operations aboard the Charles Berry, the NSA teamtested on land, monitoring the Finegayan-Barrigada microwave link fromthe naval radio station, recording each active link for later analysis. Theteam discovered that a high ambient noise level was modulating themicrowave signal and masking normal anomalies, and therefore it couldnot definitely identify any compromising cipher-signal anomalies. Theteam also tested with negative results the communications of theCommander, Naval Forces, Marianas station on Nimitz Hill, the navalstation at Apra harbor, and the naval air station at Agana.Using a land position, the NSA team inspected the plain languagevoice circuits of the Air Force 1958th Communications Squadrontransmitter site at Barrigada. The voice microphones for these circuitsoccupied the same spaces as teletypewriters, which were processingclassified plaintext traffic, and it was suspected that audio-acoustic signalswere present on the voice circuits. The NSA team failed to achieveconclusive results because of intercept limitations.*National Security Agency L:]A/1alytic Studies, Special Report No.4, sub:COMSEC Survey Guam, dated 23 June 1966;SECRJ~T.(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36'fOP SECRE'f UMBRAHOFORH'

'fOil :3ECRE'f UMBRAHOfORHCOMSEC SURVEILLANCE 105NSA's TEMPEST Shelter and Power Generator Used in the GuamStudyNavy TEMPEST TestsThe U.S. Naval Security Engineering Facility undertook the Navy'sTEMPEST survey and prepared a number of technical reports in which itmade recommendations for improvements.At the NAVSECGRU headquarters at Finegayan the Navy team, the use of I

TOP SECRET UMBRAHorORH106 WORKING AGAINST THE TIDEfilters, better grounding, and filters on telephone lines leavingcommunications spaces.*At the Communications Center and the 0 erations Control Center ofthe Naval Forces, Marianas, the teamThe~t-ea-m--no-t~e""T'"t""a~t~tTh-e"""To-o-r-s""':'t-o""':'t-w-o-co-p-p-e-r--s"'ih""'i...,eli""di'"e'd-r-o-o-m-s...,.h-o-u""':si-n-g-c ....... ryptoequipmentwere always open./'-- ...IIMarines guarded inside the buildings, but there was no physicalsecurity such as a fence outside the buildings. The team recommendedthat a security fence (preferably patrolled) be installed a minimum offifteen feet from the buildings\ -...,_-..., ...,..At the Naval Communications Station at Finegayan.]The Naval Air Communications Facility at Agana, neatly completed,was being constructed in accordance with DCAC C175-6A installationcriteria. From a TEMPEST point of view, the facility was/themost secure"The sources for the Navy TEMPEST tests are V.S. Naval/Security EngineeringReports: No. 131O-0025!RAS:va, Serial 310-0045, sub: TEMPEST Survey of NavalSecurity Guam, M.l. (D), 21 February 1966, SECRET; Noi 1,1O-0025!DAS:va,Serial 310-0039, sub: TEMPEST Survey of Communications Spaces-at V.S. NavalStation. Guam (V), 10 February 1966, SECRET; No. 131O-0025!RAS:va, Serial 310­0046. subj: TEMPEST Survey of Commander, Naval Forces, M.I., CommunicationsSpaces (V), 21 February 1966, SECRET; No. 131O-00251RAS:.jp, Serial 310-0085.sub: TEMPEST Survey of Naval Communications Station.iFinegavan, Guam, M.I., 27April 1966, SECRET; No. 131O-0025!RAS:va, Serial/ 310~0047, sub: TEMPESTSurvey of Naval Air Station Communication Spaces, Guam. M.l. (V). 21 February1966, SECRET; and No. 1310-0025!DAS:eg, .Serial 31O-TR-007!67, sub:TEMPEST Survey of VSS PROTEVS Secure Cornrriunications Systems (V), 16February 1967, SECRET.TOP SECRET UMBRA tWFORH (b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAnOFORnCOMSEC SURVEILLANCE 107of the facilities surveyed on Guam. However, the team did recommendthat filters be placed on the KW-26 equipment.The team also surveyed the secure communications systems of the USS .Proteus while it was tied up to a pier in Apra harbor. The ship's twoactive KW-26 and its AUTODIN (KG-13) circuits were connected toland lines,\\1...-- _While the various reports show that not all was secure fromintelligence exploitation, the reasonable expectation of enemyexploitation was, in most cases, rather remote. From a COMSEC point ofview, the Navy TEMPEST survey team's operations were quitesuccessful.Air Force TEMPEST TestsAs their part in the TEMPEST survey the U.S. Air Force SecurityService, during November 1965, tested Air Force communicationsfacilities on Guam for compliance with "the intent of Federal StandardNo. 222," the TEMPEST specifications for equipment usage./AFSStested a frequency range from 15 kilohertz to 1 gigahertz, documentingits findings and making specific recommendations in three report£. * Noneof the facilities tested was completely free of TEMPEST problems. AllService communications centers tended, with few exceptions, to containsome hazards to security as a result of equipment design and the methodof installation. The Air Force Guam surveys helped determine' specificallythe extent of these hazards.AFSS surveyed the facilities of the 3d Air Division (SAC), includingthe communications centers of the 27th CommunicationsSquadron andthe Special Security Office, as well as the electronic data processingequipment of the Data Services Division.'·USAFSS TEMPEST Test Reports: 1958th Communications Squadron (AFCS),Andersen AFB, Project 65-2; and 3d Air Division, Andersen AFB, Project 65-2; AirForce Systems Command, Operating Location 10. All three dated November 1965 andmarked SECRET.(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'TOF SECItET UMBItAHOfOItH108 WORKING AGAINST THE TIDEAFSS also examined the facilities of the 1958th CommunicationsSquadron at Andersen, including the PACAF Communications Networkrelay center, another relay communications center, and a terminallocated in Building T -2500 Although the last named showed noelectric field radiation, thel/IAt the PACAF Communications Network relavcenter, the I• All fig"," gi"n below for secure 'On" are for radii.'TOF SECltE'T UMBItAfWfOltf4pi(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRANOFORNCOMSEC SURVEILLANCE 109:'J)'While microwave transmissrons in~--~----~-----"""":""plain language could sometimes be heard at the three-mile limit,they were not intercepted in the location customarily occupied bythe Soviet SIGINTtrawler. Although by the end of 1967 TEMPESTcorrective measures, consistent with funding and equipment limitations,were made for all Navy facilities on the island, the rehabilitation of theNaval Communications Station GuamL...~~--------'wasnot completed untilearly 1969. The Guam findings also gave added incentive to generalcorrective measures in Air Force facilities.MARKETT/MEDuring the first three months of 1966, Navy COMSEC elementsundertook a major study of communications of the U.S.-Vietnam TaskForce 115 MARKET TIME operation.* With headquarters in Saigonand composed of both U.S. and RVN forces, the task force .conductedsurveillance, visit and search, naval gunfire, psychological warfare, and'""The primary sources for this MARKET TIME account were .a report of theCommanding Officer, U.S. Naval Security Group Activity Karniseya, Japan, and areport of the Officer in Charge, Communications Security Survey Team, Saigon. Bothreports were enclosures to J-6 Memorandum for DIRNsAi and others, sub:Communications Security Survey of MARKET TIME .Commurucations, SerialJ-6M-128-66, dated 27 May 1966, CONFIDENTIAL. /A Navy publication,"Communications Security (COMSEC) Traffic Analysis Report for First Quarter CY.1966," is an excellent source for identifying the types of MARKET TIME intelligenceinformation detected through monitoring.TOP SEC'!'tET UMBRANOFORPri(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

"fOP SEClU:"f UMBRAUOFORU110 WORKING AGAINST THE TIDEother operations to secure the coastal regions and major rivers. TaskForce 115 controlled its units through coastal surveillance centers at DaNang, Qui Nhon, Nha Trang, Vung Tau, and An Thoi. Operationsextended along the coast of South Vietnam from the 17th parallel to theCambodian border in the Gulf of Thailand. Since almost all ship-toshoreand ship-to-ship communications were on uncovered voice circuits,they were highly vulnerable to enemy exploitation. The enemy mightthus be obtaining intelligence that would allow him to avoid beingintercepted by the MARKET TIME forces when he shipped supplies tocommunist forces in South Vietnam.The enemy was well aware of the intelligence potential in maritimecommunications.'IFor the MARKET TIME COMSEC survey, the Navy had a teamofficer and one traffic analyst at Saigon; the analysis section of theProcessing and Reporting Center, COMSEC 702, in Kamiseya, Japan;andDmonitoring positions and an analysis section at each of theNavyCOMSECunits located in Guam, at Da Nang, at VungTau, onOkinawa, and aboard the USS Jamestown. The Jamestown monitoredVHF/UHF frequencies and augmented shore station HE/monitoring.COMSEC 703 in the Philippines allottedDmonitoring positions andan analysis section. In all, approximatelyOOMSECspecialists wereIdirectly involved in the study,TOP SeCReT UMBRApmrORN(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

T'OF SECRET' UMBRAHOFORHCOMSEC SURVEILLANCE 111COMSEC 705 Operations Area, Monkey MountainThe COMSEC team officer in Saigon was to ensure the closest possibleliaison with the MARKET TIME operational commander in compliancewith CINCPAC orders: (l) to determine what traffic must flow duringplanning and actual operations; (2) to apply information regardingcommunications weaknesses and strengths gained by previousmonitoring; (3) to determine what facilities were passing traffic andwhat additional facilities were available; (4) to recommend the preferredmeans of passing traffic and the best communications procedures andcryptographic aids to employ; (5) to conduct selective monitoring toevaluate recommended changes; and (6) to advise operationalparticipants and make any additional recommendations.The COMSEC components were to monitor and analyze MARKETTIME communications and to submit first echelon traffic analysis reportsto the Chief, Naval Advisory Group, Saigon-so that he could

TOP SECRET UMBRAHOfORfq-112 WORKING AGAINST THE TIDEimmediately apply important findings to operations-and to theCOMSEC 702 Processing and Reporting Center. To the extent practical,the reports sent to Kamiseya went electrically since ordinary mail tookfrom 20 to 30 days in transit and would therefore arrive too late to be ofvalue in current operations. The COMSEC 702 PRC prepared secondechelon reports based on an analysis of all traffic- both mail andelectrically forwarded-that the participating COMSEC componentsmonitored.In this reporting scheme, the COMSEC units furnished the COMSEC702 PRC with monitoring logs and a narrative of the intelligencerecovered concerning the specific monitor logs. The center then issuedCOMSEC spot reports electrically to any units violating specificcommunication security procedures. On 17 February, the commander ofTask Force 115 listed four areas in which disclosures could be serious:pending operations in MARKET TIME, intended movements onMARKET TIME patrols, geographical or grid positions or immediatearea of operauons while underway, and underway replenishment operations.The PRC and other collection and reporting centers were to issuereports when any of the above disclosures was observed in MARKETTIME communications. While the PRC was unable to produce reportstimely enough to affect current operations, the reports did provide usefulinformation for general study of U.S. Navy communications procedures.The PRC recommended procedures, based upon the MARKET TIMEexperience, that would in the future allow more current second echelonreporting. These recommendations included the electrical transmission ofall first echelon traffic analysis reports to the PRC from which secondechelon reports would be prepared on a weekly basis.The MARKET TIME COMSEC analysts found that a wealth ofvitalintelligence was being revealed over communications nets, HF voicecircuits being the worst offenders. Just a few days after monitoringstarted, the analysts had almost completely recovered Task Force 115'sorder of battle. They were not only able to pinpoint the majority of theMARKET TIME vessels each day but also to recover patrol patterns andto predict positions hours in advance. All types of sensitive informationwere being passed on uncovered frequencies. Especially detrimental wasthe reporting of ship positions using the unsecured UTM gridTOP SECRET UMBRAP

'fOP Sr:CRr:'f UMBRA~mFORHCOMSEC SURVEILLANCE 113coordinates, which not only gave current locations but also identifiedforthcoming operations. Information on naval gunfire support missionswent unprotected in several cases in such a manner as to pinpoint theintended target as much as ten hours in advance and to identify thelocation of the destroyer scheduled to fire the mission. The analysts alsomonitored sensitive information on underway replenishment, actionreports, casualties, and the arrival and training of new units.The compromise of intelligence was so prevalent that during the earlyphases of the survey a CTF 115 message went to all MARKET TIMEand associated units stating: "CTF 115 receives daily analysis ofMARKET TIME traffic monitored by COMSEC units. The scope andaccuracy of these analyses, which are being made by outside observersusing only such information as anyone can obtain by monitoring ourcircuits, is indeed sobering. For example, more detailed informationregarding daily operations is often available from /this/ analysis thanfrom official reports submitted by MARKET TIME units."* Themessage shows not only that the COMSEC monitoring teams had donetheir work well but also that the commander of TF 115 had taken heed.The survey drew attention to a variety of COMSEC problems. Mostarose at least in part as a result of MARKET TIME's inherentorganizational complexity and varied communications structures. Thetask force incorporated elements of the U.S. Seventh Fleet, variousaviation units, and U.S. Coast Guard and South Vietnamese vessels ofvarious sizes. The U.S. vessels ranged in size from destroyers to Swiftboats. Many of the participants had limited crypto-equipment, or none atall, and therefore had to use low-level manual systems. To acquireadequate communications netting, even the better equipped U.S. shipsoften had to use the communications modes and systems of the morepoorly equipped participants. Thus it was difficult to communicate, letalone to communicate securely.The COMSEC team officer at Saigon and the Navy's COMSEC 702element in Japan noted these many problems and supported*Commanding Officer, NAVSECGRU Activity Kamiseya report, title: CommunicationsSurvey of MARKET TIME, 18 April 1966.'fOP SECRr:'f UMBRArq'OfORPq1

'TOfl Sf:CRf:'T UMBRArmfORH114 WORKING AGAINST THE TIDErecommendations and actions taken during the course of the survey.Specific problems and actions taken included:a. Establishment of restrictions on the storage and handling ofcryptomaterial was a problem for the South Vietnamese and/or smallerU.S. vessels.. b. Codes available for U.s. use (KAC-132 and KAC-138) werenot suited, by vocabulary, for this type of operation. KAC-132 wasrestricted, moreover, to large U.S. vessels. KAC-138, a numeral code,was available to encrypt position coordinates (the code was authorized tobe used in this manner, mixing the code groups and plain text); however,it was restricted to use for reporting while within sight of land or foreignvessels. ClNC Pacific Fleet lifted the restriction on KAC-138. Also,starting on 10 March, with CINC Pacific Fleet approval, U.S.MARKET TIME participants began using KAC-140, an operationscode designed for Vietnam.c. Analysis of traffic encoded in KAC-140, upon its introduction,revealed that many units were habitually using stereotype expressions atthe beginning and end of encrypted text. For example, many reportsstarted with the words, "Contact Report Posit," and it was commonpractice to end with the encrypted group for "period." Such practicesweakened the security of the code and consumed unnecessary manhoursin the coding process. COMSEC 702 recommended that all task forceunits ensure that their communications personnel be "thoroughlyindoctrinated in correct communications procedures and trained with thespecific equipment that will be used." Such training service could be hadby addressing the COMSEC elements at Da Nang and Vung Tau.d. Because of the lack of cryptofacilities, especially on-line, it wasoperationally impracticable, and often impossible, for MARKET TIMEunits to establish secure rendezvous positions or submit late requirementsto the replenishment ship. As a result, the major part of this information,including the times of rendezvous and units involved, was being passed inan exploitable manner. It was recommended that CINC Pacific Fleetauthorize encrypted call signs for passing traffic encoded in KAC-132.The authority was granted and Commander, Seventh Fleet, establishedinstructions for passing such communications on the area underwayreplenishment net.'TOP Sf:CRf:'T UMBRAHOfiORfq

COMSEC SURVEILLANCE 115e. KAC-140 provided the first effective code system to protectMARKET TIME operations. However, since its terminology was notextensive enough for detailed fast reporting, the survey team officerrecommended that a new code be designed to fulfill MARKET TIMEsurface and air requirements. NSA produced a new code, KAC-183,which came into use later in 1966.Largely as a result of the COMSEC actions taken, officials estimatedthat the volume of intelligence information subject to compromise onMARKET TIME circuits was reduced by at least 80 percent. Advocationof the minimize communications principle and other COMSECtechniques put forth in COMSEC lectures and training also helped. Thepractice of sending geographic positions with the UTM grid given inplain language almost completely disappeared.Changes in the Navy's COMSEC organization and procedures alsoresulted. An additional eight persons would service MARKETTIME/GAME WARDEN monitoring and analysis requirements at theNAVSECGRU Activity facilities in Kamiseya. The Naval AdvisoryGroup, Saigon, staff would make periodic visits to all coastal surveillancecenters and in-port units to discuss COMSEC policies and problems.Upon receipt of the Navy MARKET TIME COMSEC surveillancereports, the Communications-Electronics Directorate, J-6, of the U.S.Joint Staff, commented favorably on the operation, characterizing thereports as "an exemplary demonstration of what can be accomplished atrelatively low-level tactical echelons with a well-planned and wellexecutedcommunications security operation." NSA also termed the study"an exemplary demonstration of the effective utilization of COMSECsurveillance resources." **J-6 Memorandum for Director of National Security Agency and others, sub:Communications Security Survey of MARKET TIME Communications, SerialJ-6M-128-66, 27 May 1966, CONFIDENTIAL.NSA Memorandum for the Director for Communications-Electronics, Joint Staff, sub:Communications Security Survey of MARKET TIME Communications, Serial N1042,21 July 1966, SECRET.'fOF !iECRE'f Ui\fBRAtmfORH

TOP SECRET UMBRAPWrORH116 WORKING AGAINST THE TIDEThe COMSEC survey improved only U.S. COMSEC. Since SouthVietnamese ships participated in MARKET TIME operations, ideally,the survey should have examined COMSEC problems on Vietnamese'circuits, but this was not done. *Improvements in COMSEC as a result of the MARKET TIME surveywere not permanent. A Navy COMSEC traffic analysis report forOctober-December 1966 showed that old problems neither die nor fadeaway:Plain language traffic passed on MARKET TIME circuits continues to revealintelligence information such as: estimated times of arrivals and departures,positions, patrol reliefs and times of relief, operating areas, and current andintended operations.GAME WARDENGAME WARDEN was the unclassified name for an extended seriesof naval operations designed to prevent Viet Cong infiltration andresupply across the Mekong River Delta and in the Rung Sat SpecialZone-the major shipping channels to Saigon. In GAME WARDENthe U.S. Navy River Patrol Force, together with units of the RVN Navy,had a mission similar to that of the MARKET TIME forces, but withthe added hazard of being constantly within range of weapons along theriver banks. The patrols were to prevent men, equipment, and food fromreaching Viet Cong strongholds in the Central Highlands of SouthVietnam. Task Force 116 units engaged in GAME WARDEN usedsmall craft such as river patrol boats (PBR's), which were served byHF CW/SSB and VHF/UHF voice radio circuits. COMSEC unitsmonitored these circuits from the onset ofGAME WARDEN.Two COMSEC teams supported Task Force 116. The first wasCOMSEC Team Three, located in the Coastal Surveillance Center, VungTau, at the mouth of the main channel entrance to Saigon. CINC PacificFleet exercised operational control of the team, the Naval AdvisoryGroup at Saigon providing working spaces, billeting, and messagefacilities and exercising administrative control. Additional administrative*NSAPACREP Vietnam (C) Msg to DIRNSA, F46D-1365, sub: MARKET TIMECOMSEC SurveyJan thru Mar 1966, 120629Z October 1969, CONFIDENTIAL.TOP SECRET UMBRAPWrORH

,ITOP S£ER£T UMBRA~WFORf,COMSEC SURVEILLANCE 117and logistical support came from COMSEC 705 at Da Nang. From thetime of its activation in February 1966 through the end of December1967, COMSEC Team Three operated with six men and a chief pettyofficer.The second COMSEC unit assigned to support Task Force 116 wasTeam Four, which began operations on 25 April 1967 from Vinh Long,South Vietnam. Team Four had seven men and a chief petty officer, allon 150 days' temporary assignment.Both COMSEC teams providing support to GAME WARDENperformed two major functions. First, they gave practical and effectiveCOMSEC assistance and guidance to communications operators on allNavy circuits in the area; second, they identified communicationsweaknesses and proposed corrective action for all U.S. forces using thefrequencies that they monitored.Both teams made daily first echelon traffic analysis reports onsignificant items of interest via electrical means to the Processing andReporting Center at Karniseya, to the commanders of Task Force 116and 117, and to Commander, Naval Forces Vietnam, with informationcopies mailed to the Chief of Naval Operations and CINC Pacific Fleet.COMSEC TIMELY (rapid reporting of selected EEFI) and SPOTreports went electrically to appropriate addresses. Each month the chiefpetty officer in charge of each team submitted a letter report ofoperationsto CINC Pacific Fleet, with information copies going to Commander,Naval Forces Vietnam, PRC Kamiseya, and other Navy commands.Also, a TRANSEC report summarizing COMSEC team activities went toCOMSEC 705 at Da Nang for submission to the Commander, NavalForces Vietnam, and subsequently to COMUSMACV.Most of the naval vessels engaged in GAME WARDEN were smallwith limited communications capabilities. Cryptofacilities were nearlynonexistent, requiring the use of low-level code systems for transmittingclassified information. One of the communications weaknesses identified,therefore, was attributable to the lack of an adequate cryptographicsystem for protecting information contained in operational reports.Although some units had the KAC-132, it was not suitable because of itslarge size and terminology, and the COMSEC teams thereforerecommended KAC-140, the operations code designed for Vietnam useand approved by CINC Pacific Fleet for use by MARKET TIME andTOP S£ER£T UfdBRA~WfORH- -- --------------------~

TOP SECRET UftlBRAUOfORU118 WORKING AGAINST THE TIDEGAME WARDEN. It was available from COMUSMACV. Not onlydid KAC-140 permit secure transmission of operational reports but it-Iso provided a common cryptochannel among MARKET TIME,GAME WARDEN, USMACV, and USARV units operating in thearea. COMSEC first echelon traffic analysis reports reflected a significantreduction in the availability of intelligence information to the monitorsafter KAC-140 came into use. KAC-140 accorded security to thesecommunications until a new cryptographic system could be devised.KAC-140 was replaced 'on 1 August 1966 by KAC-183, which hadcryptographic features and vocabulary more appropriate to theseoperations.Monitoring continued to uncover many instances of specificinformation of direct value to the enemy. The Chief of Naval Operations'Quarterly Traffic Analysis Report for October-December 1966 gaverepresentative examples of unsecured GAME WARDEN communications:On 12 December PBR "PORPOISE 23" reported that she was aground andwas attempting to free herself. At 23332 the PBR advised "BOLD LAD" thatshe saw no hope of getting off until high tide and that she could use a case of CRations. If this PBR had been visually sighted by the Viet Cong and they hadreceived the previous transmission, they would know that the PBR was going tobe vulnerable for several hours.At 0112452 December "SHARK 8" (PBR) observed spotlights on the bankof a river and called "MOON RIVER," reporting the position as "KVQHX2." At 13142 "MOON RIVER" requested permission from "BOLDLAD" (Army) to fire on coordinates XS 925695, thereby linking the encodedcoordinates (KVQ HX2) to the unencoded positions coordinates, XS 925695.At 0516042 CTE 116.2.1.2 (located at Can Gio) transmitted his 041800H.051800H OPSUM to "MOON RIVER" (Nha Be); the OPSUM revealedthat 20 PBRs were used for patrol, 12 from Cat Lo and eight from Can Gio.The GAME WARDEN force included the following ships: TUTUILA(AGR 4), COMSTOCK, VERNON COUNTY, WESTCHESTERCOUNTY, 3 PACVs, 23 MSBs, 9 MSLs, and at least 92 PBRs.Other communications problems on which Teams Three and Fourworked were the uncovered links between ships and their fire spottersTOP SECRET UMBRAPWfORU

TOP SECRET UMBRAf40f'OlmCOMSEC SURVEILLANCE 119ashore. Until made secure cryptographically, these links were susceptible ..to enemy exploitation.As a result of COMSEC operations in the Saigon area, naval.commanders gained a better awareness of other communicationsweaknesses. COMSEC units were called upon to brief naval forces, usingrecent examples of problems and weaknesses to drive home their lessons.For example, COMSEC Team Three at Vung Tau participated inbriefings and debriefings of units attached to Task Group 115.3.Team members learned that personal visits with communicators weremore rewarding than sending impersonal reports of discrepancies by mail.Once the offending operator realized that the COMSEC team wasinterested in helping him improve his procedures, his training movedalong more rapidly. This lesson had been learned long before GAMEWARDEN, but GAME WARDEN gave two COMSEC teams theopportunit- to apply training and education concepts in an environmentofactual need.ARC LIGHTFirst Year ofCOMSEC OperationsIn June 1965 Strategic Air Command B-52's began missions overSouth Vietnam, a program having the unclassified nickname ARCLIGHT. The SAC bombers traveled approximately 2,500 nautical milesin-bound from their base on Guam and completed their round trips inapproximately 12 hours flying time, including the time required for inflightrefueling. Each B-52 carried 51 bombs or 16 tons, and it was notunusual to have as many as 30 planes on a single raid. Acting onrecommendations from in-country units and his immediate staff, COM­USMACV initiated the requests for ARC LIGHT strike missions. transmittingthem to CINCPAC, who in turn requested final approval fromthe Joint Chiefs of Staff. When the JCS gave approval. a request forexecution went to the 3d Air Division at Andersen Air Force Base onGuam.It took an enormous volume of communications to initiate, approve,and execute a strike mission, and while some communications used toarrange the strikes were basically secure, others equally necessary,'fOf S~Cft:~'f UMBRA nOFO:R~l

TOP S£CR£T UMBRAHOFORrq-120 WORKING AGAINST THE TIDEincluding those to notify U.S. front line units of an impending strike, didnot have proper protection. From the beginning of ARC LIGHT, U.S.officials were aware from ASA and AFSS monitoring reports that manyof the communications were insecure. Some U.S. officials reasoned thatany tip-off from the planes after they were airborne would not give thecommunists time to take positive action. Others were not convinced thatthe Vietnamese Communists had a SIGINT capability sufficient toexploit U.S. communications. Still others showed concern and were tryingto resolve various aspects of the COMSEC problem. As time went on,considerable evidence accumulated showing that this enormous volume ofcommunications with its full measure of COMSEC deficiencies wasworking against the objectives of the ARC LIGHT program. TheServices, acting individually, attacked ARC LIGHT COMSEC problemsand registered some success in eliminating deficiencies,As the only U.S. COMSEC specialists in Vietnam at the beginning of1965, the 101st ASA Security Detachment monitors, among otherthings, reported insecurities on air operations nets connecting the 2d AirDivision with higher headquarters. Additional Army monitoring reportsthroughout 1965, along with Air Force reports, continued to showextensive use of plain language concerning the planning and coordinationof air operations. In summer of 1966, the 10 1st Security Detachmentreponed on disclosures of planned ARC LIGHT strikes in the course ofmonitoring Capital Operations Center switchboard communicationswith air planning commands. From these and other in-country communications,ASA developed considerable information to documentthe COMSEC weaknesses associated with SAC air strikes. Employing allconventional telephone and radio monitoring positions at their disposal,ASA monitors determined that at times strike requests were passing up tocorps level in the clear and that communications giving 48 hours advancenotice to friendly troops operating in the strike areas also lackedprotection. From its monitoring of in-country communications, ASAfound that traffic reflected the enemy could have had from a minimumof one hour to at least 24 hours advance notification of a planned B-52strike; that 21 transmissions monitored revealed strike objectives,participants, locations, times, and prestrike and follow-on operations;that implementing and coordinating procedures for strike planning andcommand and control were revealed in great detail; that traffic patternsTOP S£CR£T UMBRAHOFORH

,.TOP SECRET UMBRAHOfOORHCOMSEC SURVEILLANCE 121established were exploitable-reliable predictions of impending strikescould be based on conversations referring to FLASH messages confirmingthe target, giving or changing the time over target, or changing the targetlocation-and that portions of a TOP SECRET contingency plan for the "defense of South Vietnam were given when it was revealed that GuambasedB-52's were the major striking force, with a reaction timeestimated at 12 hours.During this period, the Air Force was accumulating similar evidencefrom AFSS monitoring of ARC LIGHT-related communications.Following the Guam study (late 1965-early 1966), AFSS monitored tothe extent it could Air Force communications pertinent to groundadministration, air-to-air coordination, air space requirements and flightplan arrangements, weather reconnaissance, tower directions, preflighttesting of equipment, refueling operations, and in-flight reporting.It was necessary operationally for in-flight B-52's to communicate,but the B-52's at the time had nothing authorized or on board forencryption except the manual general encryption code, KAC-72, andTRITON cryptomaterial for authentication. There was no ciphonyequipment. When ARC LIGHT flights began, pilots transmitted in plainlanguage while going to and returning from strikes, but after a fewmonths the pilots were ordered to maintain radio silence at least while enroute to their targets.The Air Force tried in other ways to curtail insecurities in ARCLIGHT communications. It provided KY-3 and KY-9 ciphonyequipment at Kadena Air Base, Okinawa, and at Andersen Air Base,Guam, to protect flight information and discontinued the practice ofpassing prestrike weather Combat Aircraft Report (COMBAR)information from KC-135 aircraft via HF single sideband transmitters.The Air Force also dealt with the major problem of altitude and airreservations. Before SAC missions could be launched toward SoutheastAsia, the Air Force had to receive altitude reservations (ALTREV's)from the host countries over which the SAC aircraft had to fly. Toarrange this, SAC requested altitude reservations from the Manila AreaControl Center (ACe) through the Southeast Asia Military Air RouteFacility (SEAMARF). The Manila ACC then transmitted Notices toAirmen (NOTAM's) over unsecured commercial channels to allinterested ACC's, giving the specific air reservation information. TheTOP S~CRET UMBRAHOFORH

TOP SECRET UMBRAHOFORH122 WORKING AGAINST THE TIDENOTAM's went to the ACes at Hong Kong, Saigon, Bangkok, Taipei,Singapore, and, sometimes, to the Australians. After a NOTAM wasacknowledged by all ACes, the Manila ACC granted the requestedaltitude reservation. SAC aircraft could be launched only after Manila'sfinal approval was received. This procedure, allowing as it did the releaseof premission information at least six to nine hours before time-overtargetof a mission, hardly met COMSEC requirements. The unsecuredcommunications involved in these arrangements presented the enemywith a windfall of information.On 21 April 1966, to tighten the security aspects of obtaining altitudereservations, SEAMARF, SAC, the Thirteenth Air Force, and the PacificAir Force agreed on a number of procedures to reduce the ALTREVinformation in NOTAM's and to make more use of secured channels forcoordination. It was hoped that the new ACC notification procedures,including ALTREV's, would be protected from unsecured transmission(except for local telephone systems at terminal points) untilapproximately two hours before SAC aircraft reached the proximity ofeach country's flight identification boundary. While the various partiesinvolved in the arrangements for the most part met their obligations,prior warning time did not achieve the 2-hour goal the Air Force wanted.CINCPAC's ARC LIGHT SurveyIn mid-1966 SCA monitoring reports outlining ARC LIGHTcommunications insecurities took on added si~nificance.lCiting DIA Intelligence Bulletin #200-66, which gave tangibleevidence of the enemy's exploitation of U.S. communications onforthcoming B-52 bombing missions, Admiral Sharp, CINCPAC, on 28July 1966 sent a brief, pointed message to the Joint Chiefs of Staff.Noting that he considered communications security a. vital part ofmilitary operations, especially when trying to preserve an element ofsurprise in air strikes, Admiral Sharp stated that he needed a tri-Service,concentrated COMSEC survey, along the lines of the recent Navy surveyin the MARKET TIME area. He wanted a survey of at least 30 days, tobegin no later than 15 September.TOP SECRET UMBRAHOFOR'I',q(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

COMSEC SURVEILLANCETOP SECRET UldBRAnOFOanThe)CS approved the request, and Admiral Sharp promulgated ordersto CINCUSARPAC, CINCPACFLT, CINCPACAF, COMUSMACV,and COMUSMACTHAI. The survey was to identify and correct any·communications malpractices involving ARC LIGHT strikes that couldresult in tip-off and advance warning to Vietnamese Communists units.Admiral Sharp set times for the submission of five periodic reports thatwould include recommendations for improvement and corrective actionstaken. The reports would go to General Hunter Harris,)r., CINC PacificAir Force, whom Admiral Sharp designated as executive agent for thesurvey. General Harris, in turn, was to prepare a final report by the endof October for submission to Admiral Sharp.The tri-Service monitoring and analysis elements to conduct the surveywere:Elements1. Det 2, PAC Security Region (USAFSSin support of PACAF)2. 6922d SecurityWing3. Det 5, 6922d Security Wing4. Det 7, 6922d Security Wing5. Det 1, 6988th Security Sq6. Det 1, 6927th Security Group7. 509th ASA Group (ASA in support ofCOMUSMACV)8. Det 1, lOIst Security Detachment(ASA in support ofCOMUSMACTHAI)9. NAvCOMMSTA Guam(NAVSECGRU in support ofCINCP ACFLT)10. COMSEC 705 (NAVSECGRU insupport of CINCPACFLT).11. Commander, Task Element 70.7.7.1(NAVSECGRU in support ofCINCP ACFLT)12. Commander, Task Element 70.7.7.2(NAVSECGRU in support ofCINCPACFLT)PositionsD(including those for theelements 2-6 listed on left)Dradio and.DconventionaJtelephoneunknownunknown123--gTOP SECRET UMBRAPWFORU(b) (1)~(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOfl SECRET UMBRAHOFORlq124 WORKING AGAINST THE TIDEAdmiral Sharp's directive contained specific EEFl and areas of specialinterest. These were:EEFIa. How much time do enemy intelligence organizations have to react to ARCLIGHT tip-off? Indicate the first mention of ARC LIGHT strikes in monitoredtraffic. Indicate dates and times prior to strikes where amplifying informationcould have been obtained from traffic.b. To what extent do communications prior to the ARC LIGHT strikesreveal strike objectives, participants, locations, times, equipment, or follow-onoperations?c. Is classified information transmitted in the clear over unprotected circuits?d. What information is revealed concerning ARC LIGHT operations by theimplementing and coordinating procedures required for strike planning?e. What transmission security procedures have been most effective in securityARC LIGHT information? Give examples of use, changing frequencies,authenticators, call signs, or voice codes.f. Has information been disclosed concerning command and controlprocedures, circuits, personnel, or locations?g. Are 'there indications that tip-off may occur through other thancommunications weaknesses?h. To what extent do communications traffic patterns give advanced warningof pending strikes?i. What other information of special significance was disclosed either prior to,during, or after the ARC LIGHT strikes?Areas ofSpecial Interesta. Assessment of previous strikes,b. Target selection and subsequent coordination,c. Logistics of launch, recover, and alternate air bases,d. Coordination of SAR,e. Route coordination (FAA, Navy, Army, etc.),f. Clearance of friendly forces in strike areas (Army, Marines, Navy, allies),g. Weather reporting.*·CINCPAC Msg, sub: ARC LIGHT TRANSEC Survey (C), 151845Z August 1966,SECRET.TOP S£CR£T UftfBRAHOflORlq

TOP SECRET UMBRl,PiOFORP'JCOMSEC SURVEILLANCE 125During the 30-day survey, SCA monitoring units covered a majority ofthose circuits known to carry ARC LIGHT information. The 509th ASAGroup in Vietnam blanketed common-user lines of the major trunks,Field Force and subordinate unit switchboards, and VHF/UHF, AM,and FM radio nets in Vietnam as well as COMUSMACTHAI localswitchboard circuits to Thailand air bases. N AVSECGRU elementsmonitored 66 tactical and air coordination voice circuits emphasizingvoice communications in and out of Da Nang (Airborne Command PostPANAMA and so forth) and Guam, TTY, and other circuits. PAC­SCTYRGN covered 86 voice, TTY, and other circuits, concentratingon such long-haul voice communications as Guam to PhilippineIslands, Vietnam, and Okinawa, and SAC Omaha to Okinawa.Upon receiving reports from the survey participants, General Harrisprepared for Admiral Sharp a final report outlining recommendationsmade and actions taken. * The report presented voluminous evidence ofinsecurity in ARC LIGHT communications. Perhaps the most tellingargument for the need of COMSEC improvement was a list of over 50monitored teletype transmissions that were related to actual time-overtargetand demonstrated actual warning time available to the enemy. (Fora partial list, see table, page 126.)The COMSEC analysts, in fulfillment of EEFI, believed they hadaccumulated evidence of mission compromise in teletype communicationsfor 26 of a suspected 30 ARC LIGHT strikes during the 30-dayperiod. ** The final report characterized the sensitive information derivedfrom ARC LIGHT communications in this way:~--------An average of approximately seven and one-half hours prior warning of eachARC LIGHT strike is available from teletype monitor. Of those warning timesprovided it was often the case that amplifying information could have beenobtained from in-country telephone or radio-telephone monitors. Thisamplifying information included hints of such things as strike objectives,participants, locations, times and/or follow-on operations. In addition to thisinformation there were other disclosures which provided analysts with a limited*PACAF, Final TRANSEC Analysis Report, 15 September-14 October 1966(SECRET, NOFORN), 28 October 1966.**Actually B-52 strikes were averaging about 50 missions a month: 59 in Septemberand 44 in October, 1966 (DIA SEA Military Fact Book for 1966).TOP SECRET UMBRAPiOFORn

TOP SECRET UMBRANOfOlW126 WORKING AGAINST THE TIDEWarning Time Revealed in Teletype TransmissionsOriginator Time a/Transmittal Time-Over- Target Warning Time aKadena 151110Z Sep 152205Z 10+55Saigon 151550ZSep 152205Z 6+15Saigon 170200Z Sep 170630Z 4+30Kadena 172346Z Sep 180720Z 7+34Saigon 180319Z Sep 180720Z 4+01Clark 201635Z Sep 202215Z 5+30Kadena 201750Z Sep 202215Z 4+25Saigon 202100ZSep 202215Z 1+15Clark 210530Z Sep 211947Z 14+55Kadena 210636Z Sep 211947Z 13+11a Hours plus minutes.insight into the coordinating procedures required for ARC LIGHT strikeplanning. The coordination of this data provided over an extended period oftime could possibly lead toan eventual compilation of ARC LIGHT data:targets, priority assigned to different types of targets, equipment used, etc.,which could eventually restrict the effectiveness of the overall ARC LIGHTprogram."Recommendations in the final report were not as impressive as werethe insecurities found on all sides. The major part of the intelligenceinformation obtained and recorded in the report had seemingly beenpassed in violation of the Pacific Command regulation concerning the useof EFTO procedures. This was noted,' but the report made norecommendation as to how those violations could be corrected. Thereport did recommend that SAC, SEAMARF, the Thirteenth Air Force,and the Pacific Air Force develop a method of completely securinginformation on altitude reservations, and that, where applicable, everymethod at the disposal of user agencies be employed to ensure that codesystems were used in accordance with authorized procedures. The reportrecommended a review of guidance documents governing the discussionof any information pertinent to ARC LIGHT missions to determine*PACAF. Final TRANSEC Analysis Report, cited.TOP SECRET UMBRAUOFORf.

COMSEC SURVEILLANCETOP SIJERIJT UMBRArWFORN127II111uillwhether they did or did not specifically prohibit the transmission ofintelligence similar to that noted. If not, the report recommended morespecific guidance. The report also recommended stern penalties forviolators.CINCPAC subordinates took follow-on actions, apparently as a directresult of the joint monitoring operation. General Westmoreland,COMUSMACV, directed that those command elements cited in the finalreport for having divulged ARC LIGHT information conduct investigationsinto the areas of insecurity. General Westmoreland alsospelled out for subordinate units policies and classification guidelines forARC LIGHT in order to dispel apparent confusion on the subject. Forexample, the AFSS had reported in September that its Detachment 5, inmonitoring unsecured communications, had reconstructed the entiregeographic grid system being used for area target identification alongwith associated code names for discriminating grid blocks. The AFSSdetachment at Tan Son Nhut informed MACV and SAC that they wouldhave to discontinue using the seldom-changed code names to identifytarget areas if any COMSEC improvement were to be realized.*The U.S. Army Vietnam (USARV) gave subordinates 30 days toimprove their COMSEC and report actions taken. USARV emphasizeduse of low-level codes, available secure circuits, and couriers as steps toovercome the voice problem and directed commanders in particular tomake use of available secure voice. Despite these and other measures, thebasic COMSEC problems continued without a significant reduction.In reviewing the ARC LIGHT survey, Admiral Sharp was unable tofind much comfort in the results. The 30-day survey had been asuccessful tri-Service attack on a specific communications problem, and ithad revealed an abundance of information as to what was causing theproblem. In this, it had established a precedent for future tri-Serviceactions, but it had produced no effective solution to the complex problem.Admiral Sharp was also displeased with the manner in which thesurvey had proceeded. In December 1965 he had promulgated the joint"These codenames were not changed for months-until all targets in a particulargeographical area had been hit. Such usage in unsecured communications as much as amonth in advance of actual strike allowed enemy foreknowledge with ample time tominimize the damage or plan counteraction.TOP g~ERET UMBRAnOFORr.

'fOP SECRE'f UMBRAHOFORH128 WORKING AGAINST THE TIDENSA-CINCPAC concept for COMSEC surveillance, but the COMSECunits had employed only conventional monitoring techniques duringARC LIGHT survey. The admiral believed that COMSEC surveillanc..techniques were not generally understood and felt that the stumblingblock to their full use had been the failure of the various Services to issuenecessary technical guidance. He asked the JCS to correct the situation.CINCPAC needed a procedure for bridging the gap between those whoidentified communications security deficiencies and recommendedchanges and those who had to make the changes.In the PURPLE DRAGON survey, which followed on the heels ofARC LIGHT and had much the same objectives, CINCPAC was toapply the surveillance concept to achieve that end.PURPLE DRAGONAt the same time that Admiral Sharp was developing his plans for theARC LIGHT survey to determine from which sources forewarning ofB-52 strikes could be acquired,1 rIn September 1966 JCS approved a plan that D IA had developed Incollaboration with the Joint Staff, the Services, and NSA. The plan calledupon CINCPAC to execute a 4-month field survey to ascertain thesources for enemy forewarnings. On 10 December 1966 the JCSapproved CINCPACs subsequent implementation plan, nicknamedPURPLE DRAGON. Admiral Sharp described the objective oiPURPLE DRAGON as the improvement of operationalieffectivenes~through operational security. To ensure the success/ of PURPIJDRAGON, Admiral Sharp assumed direct operational control an.established a PURPLE DRAGON control group iunder Col. Jam;:Chance, USAF, on theJ-3 CINCPAC staff.The PURPLE DRAGON plan was first to identify all recurring cstereotyped indicators of forthcoming air operations, largely throug;'fOP SECRE'f UMBRAHOFORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

COMSEC SURVEILLANCETOP SECRET UMBRAUOFOH:fq'129Jeep-mounted KY-8 Ciphony Deviceexhaustive examination of U.S. communications passed prior to the airoperations. Once the communications and other indicators had beenestablished, CINCPAC would develop procedures to deny theinformation to the enemy. Along with the study of U.S. communications,PURPLE DRAGON specialists would consider the military operationsthemselves and counterintelligence.The PURPLE DRAGON survey examined three categories of airactions: drones, air operations over North Vietnam, and air operationsover South Vietnam. SAC employed drones in a program nicknamedBLUE SPRINGS (later BUMBLE BUG, BUMPY ACTION) to obtainreconnaissance photography in high risk areas of Communist China andNorth Vietnam. DC-OD's usually launched the drones over Laos or theGulf of Tonkin, and CH-3C helicopters recovered them in midair in thevicinity of Da Nang. All air strike operations over North Vietnam,whether by the Navy or the Air Force, had the nickname ROLLINGTOP SECRET UM8RA~JOfOR~J,-- ,----------------------- --------it'llm~i:';~III.II·~.,~rri!f~~I lillI~~!I 'llHi'~Ii"IIi

1=QP e~CRBT UMBRA nOFORn130 WORKING AGAINST THE TIDETHUNDER. The third category, ARC LIGHT, was, of course, theB-52 strikes over South Vietnam.PURPLE DRAGON operated with seven independent teams, eachfavorably located to carry out its assigned tasks. The Air Force had oneteam at Tan Son Nhut and another at Udorn to study ROLLINGTHUNDER operations. Each had an operations officer, acommunications security officer, and members of the Air Force Office ofSpecial Investigation. The Navy manned another team for ROLLINGTHUNDER coverage, using the Seventh Fleet as its base, with personnelin positions corresponding to those of the two Air Force teams. A thirdAir Force team, based at Kadena Air Base, Okinawa, covered bothROLLING THUNDER and ARC LIGHT operations. Another AirForce team covered ARC LIGHT from Guam. Still another Air Forceteam was at Bien Hoa to cover BLUE SPRINGS operations. These teamsincluded SAC, AFSS, Office of Special Investigation, and PACAFofficers. The remaining team was with MACV in Saigon. It coveredflight route package #1,* forward air control (FAC) missions, and ARCLIGHT operations. In all, 39 men drawn from the Army, Marine Corps,and Air Force served on the Saigon team. Significant to the success ofPURPLE DRAGON were the chiefs of the teams, each a senior airoperations officer familiar with the air operations being investigated.In addition to the seven teams, a CINCPAC )-3 staff unit of 5 menworked at CINCPAC headquarters on the three operational aspects ofPURPLE DRAGON-operations survey, communications-electronics,and counterintelligence. Technical assistance for the )-3 unit came fromthe offices of NSA Pacific and the Defense Intelligence Agency.PURPLE DRAGON was to focus on what an enemy SIGINTorganization might obtain and also on the damage that could be donethrough spy and other agent activity.1TOP SHCRET UMBRAnOFORti/(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

COMSEC SURVEILLANCETOP 5BCRBT UMBRAPWFORP,131II !IIIIiIIIIiiTOP SECRET UMBRAPWfORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

(b) (1)(b) (3)-P.L. 86-36(b) (3)-18 USC 798(b) (3)-50 USC 403I

"Oli :5f:CKf:" UMBKAf(OfOKH'134 WORKING AGAINST THE TIDECorrective ActionsIn the three types of air operations the PURPLE DRAGON teamsexamined, the element of surprise was too frequently lost and along withit the effectiveness of the operations. Of major concern was the increasedthreat to the lives of the ARC LIGHT and ROLLING THUNDERcrews and the safe return of the planes and drones. In each of the threetypes, PURPLE DRAGON initiated some specific corrective action.BLUE SPRINGS In studying drone operations, the Air Force/teamat Bien Hoa found that pre-operations planning messages were goVng viaHF single sideband from Bien Hoa Air Base to Da Nang Air Base withBLUE SPRINGS information encoded in KAC-72, a SAC world-wideoperations code. Disagreement existed among the specialists as towhether the Chinese Communists were actually decoding the messages oronly relating them by traffic analytic considerations (lengths, timing,addresses, and so forth) to the drone reconnaissance missions. Byobserving only the message lengths and external characteristics of HFSSB transmissions encoded in KAC-72, PURPLE DRAGON personnelin December 1966 were able to accurately predict 18 of the 24 missionsthey tested. Of the 6 missions not predicted, 3 were canceled, one wasplanned 42 hours in advance, and the planning messages for 2 went bylandline telephone instead of by HF SSB radio.There was also a general upgrading of COMSEC materials forBLUESPRINGS communications. COMSEC improvement included thereplacement, on 1 June, of KAC-72 with KAC-154:Anew code,KAC-227, later came into use for communications formerly passed inKAC-72 but was not introduced specifically for communications*See page 141.TOP SECRET UMBRl.nOFORPi(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'f'Ofi gr:Cltr:'f' UMBRAHOFORHCOMSEC SURVEILLANCE 135associated with the drone program. For continued cover on the BienHoa-Da Nang link, the Air Force introduced a new code, KAC-238. InJanuary 1968 the Air Force began using a KW-26 securedteletypewriter circuit, a still better method for these communications.Later in 1968, the Air Force installed a HY-2/KG-13 secure voicesystem for use between Bien Hoa and Da Nang for operationalcommunications.L...-__---I1.The PURPLE DRAGON survey was highly successful,therefore, in tightening BLUE SPRINGS security. The resulting increasein operational effectiveness was equally dramatic: the recovery rate of thedrones increased from 35 percent to 70 percent by November 1967.*ARC LIGHTII!\'"--- ----'I.To achieve this success, the Air Forcehad to curtail the dissemination of information to civil aircraft trafficcontrol authorities. Instead ofpassing altitude reservation requests in theclear several hours in advance to both Manila and Saigon, the Air Forcebegan transmitting them only to Saigon and then only in classified formas an immediate action.The PURPLE DRAGON teams dealt with the basic/problems ofgeneral broadcast NOTAM's bydiminating the need .for them. Airtraffic control centers at Hong Kong, Manila, Taipei,/and Bangkok had"Some briefers attributed an even greater percentage increase/in recovery of drones tothe COMSEC measures taken. The percentages .l;iven were/supplied by AFSS. Otherfactors such as the weapon firepower of the various enemy/areas photographed wouldalso affect the percentage of the recovery.'TOP,SECRE'T UMBRAPWfORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798•. ,0.)

(b) (1)1....- (b) (3) - P. L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAfWfORfqCOMSEC SURVEILLANCE 137been including in their unclassified NOTAM's not only flight informationfor overflight of South Vietnam but also the estimated time ofplane arrival (ETA) at PointJuliet, a common rendezvous for planes overwater between Guam and South Vietnam. Using this information,PURPLE DRAGON analysts had been able to swing a time arc andpredict with more than 80 percent accuracy the location and time-overtargetof ARC LIGHT strikes. PURPLE DRAGON recommendationseventually led to the establishing of a corridor for entry into and exitfrom South Vietnam air space and to the declaring of a block of airaltitude reservations on 24-hour reserve for SAC B-52's.To offset the problem of releasing strike information to native villagerswith the probability that the data would reach the enemy, certain areasknown to be basically without friendly elements were declared" free areasfor aircraft bombing." The result was that friendly forces stayed out ofthe free areas, except under special arrangement, and no notices of strikeswere issued to local authorities. The Air Force also discontinued thepractice of having B-52's call in launch reports (unencrypted over singlesideband) to SAC headquarters each time a bomber departed Guam.As a result of these steps, PURPLE DRAGON enjoyed success inrestoring the element of surprise to SAC's B-52 missions, a goal notachieved as a result of the earlier Guam study or of CINCPAC's ARCLIGHT survey. The chart on the opposite page documents the PUR­PLE DRAGON success.ROLLING THUNDER The PURPLE DRAGON teams workingon ROLLING THUNDER could not bring about the dramaticimprovements that those working on the drone and B-52 programsachieved. Although PURPLE DRAGON analysts identified severalforewarning indicators that the enemy might have exploited inROLLING THUNDER, IIL....-~-~ffhePURPLE/DRAGONteams nonetheless suggested a number of general actions to improveROLLING THUNDER operational and communications security.These included reducing the number of recipients offlight information;IITOP S£€RET UMBRAfqOfelm(b) (1)(b) (3)-P.L. 86-36(b) (3)-18 USC 798(b) (3)-50 USC 403

TOP SECRET UMBRAnOFORn\)'2, WORKING AGA\N~'t 'tHE 'tlD"Eshifting, when possible, from unencrypted to encrypted communications;revising callsign usage; applying communications cover; revising codeprocedures; checking adherence to Red/Black criteria; and providingCOMSEC education.Admiral Sharp, CINCPAC, forged in PURPLE DRAGON a viableapproach to attaining operational security (OPSEC) for air operations.By assigning COMSEC specialists to military operational staff elements,Admiral Sharp assured himself of COMSEC results. PURPLEDRAGON monitoring was in accordance with established guidelines forsurveillance. Upon the completion of PURPLE DRAGON, AdmiralSharp asked the )CS to approve the establishment of a ermanent 0 erationssecurity function on the CINCPAC staffapprove an arp create an unit mthe )-3 staff. While the PURPLE DRAGON field teams no hmgllrexisted, it became standard practice for about a third of the )-3 OPSECstaff to be on duty at field locations or in travel between them.The effectiveness of the operations security approach, in/whichCOMSEC surveillance played a major role and in which/ commandemphasis on COMSEC was assured, led to a World-Wide OperationsSecurity Conference held at Arlington Hall Station from 30 Aprilthrough 2 May 1968. The purpose of the conference/was to makeinformation on CINCPACs PURPLE DRAGON op.erations securityprogram generally available and to promote use of the/operations securityconcept in other commands and other geographic areas.(b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403(b) (3)-P.L. 86-36TOP SECRET UMBRA~10fOlU'1

TQP ~eC::ReT UHIJ:R A ~IQfQR~1CHAPTER IVCommunications Cover and DeceptionCommunications cover and communications deception consist of twoseparate but related techniques. Communications cover is the technique ofconcealing or altering the characteristics of communications patterns forthe purpose of denying to the enemy information that would be of valueto him. Communications deception is the deliberate use of communicationsto mislead the enemy and acquire a security, military, orpolitical advantage.Authorized communications cover and deception (CC&O) programsin Vietnam were administered and operated by a relatively small numberof COMSEC specialists who normally were in close touch withmonitoring and analysis programs and who used the product of themonitoring operations in planning CC&O operations. The specialists alsoused the findings of the monitors, I Jin alteringoperations underway and in evaluating them when completed. To assuresecurity for their programs, CC&O specialists tended to compartmenttheir functions or at least apply very rigidly the need-to-know principle.At the tactical level, operational commanders had responsibility forCC&O.Within all three Services, CC&O expertise was scarce in the war zone.Until late 1966 no one in the Army on regular duty status in Vietnamwas qualified to conduct a good communications deception effort. Thoseavailable after that time who did have the necessary experience workedprimarily on other COMSEC tasks. Beach jumper units undertookCC&O functions for the Navy in the war zone. The Air Force did nothave CC&O specialists permanently stationed in the war zone. HigherAFSS headquarters personnel-or those on. TOY in the wararea-supervised those CC&O operations conducted during this period.In comparison with known enemy employmentof CC&D, U.S. forcesmade very little use of communications deception and ignored in largemeasure the possibility of using CC&O techniques to mislead enemySIGINT operations, and hence enemy tactical reactions.TOP SECRET UfoftiRAfqOflOftfq(b) (1)(b) (3)-P.L. 86-36__ ..(b) (3) -18 USC 798(b) (3)-50 USC 403

TOP SECRET UMBRANOFORN140 WORKING AGAINST THE TIDEBJU COMSEC Van at Hill 327, Da NangNSA played a minor role in CC&D operations. It participated in thereview of communications cover plans for operations in Vietnam andprovided advice, through Headquarters, NSAPAC, on CC&D applicationby the Services.Communications CoverWhile the average COMSEC specialist applies his COMSEC skillsprimarily within a limited phase of electrical communications, thecommunications cover specialist employs a wide range of communicationssecurity techniques. In achieving cover, he considers the best applicationof (l) available cryptosystems for a specific communications requirement,(2) any nonelectrical communications, (3) techniques to minimize theintelligence vulnerability of communications, and (4) radio silence.'TOt" :3ECRE'T UfI>fBRJ'tNOFORN

Tefl SIKIU:'f' Ul'dBRANOFORNCOMMUNICATIONS COVER AND DECEPTION 141One often-recommended communications cover technique involves theflattening out of peaks and valleys in the volumes of communicationspassed by using dummy traffic or by minimizing the volume of messagesnormally passed as a result of crisis or just before an operation. Thisflattening of traffic volumes automatically appeared on many circuits inVietnam as a result of near full-circuit utilization in the passing of validtraffic. However, flattening was at times used intentionally. The AirForce employed communications cover, to give one example, for SACBLUE SPRINGS drone reconnaissance flights during 1967. To smoothout traffic patterns over an HF single sideband communications linkbetween Bien Hoa and Da Nang, which was apparently beingintercepted by the Chinese Communists, the control element sent aminimum of three transmissions daily. All of these were encoded inKAC-72 and consisted of a minimum of 45 groups. Communicators sentdummy messages ending with the phrase, "This is a sample message."Before the use of this cover, it was believed that the timing, length, andover-all characteristics of the occasional valid mission orders served as tipoffsto enemy analysts. *Communications DeceptionCommunications deception is of two types. Imitative communicationsdeception (ICD) involves intruding on an enemy's communications withsignals or message traffic in imitation of his own communications for thepurpose of deceiving him. This kind of deception requires great technicaland linguistic skill and is difficult to achieve convincingly. There is noavailable record of any of the Services using ICD in Vietnam.Manipulative communications deception (MCD), the second type ofdeception, is the use of one's own communications so as to cause anenemy to derive, and accept through his SIG INT, false information thatwould be disadvanteous to him. U.S. forces did employ this technique inVietnam with mixed success. On some occasions U.S. forces combinedcommunications cover with manipulative communications deception andreferred to the results as manipulative communications cover anddeception (MCCD).*Seealsop.134.above.TOP 8ECRET UMBRANOFORH

TOP 8BERBT UMBR1\nOFOR~J142 WORKING AGAINST THE TIDEArmyMCDThe Army seldom used MCD during the years to 1968; it was neverused by a major Army command. More often than not, according to509th ASA Group sources, the Army applications consisted primarily ofhomemade efforts attempted below division level and did not involvecryptologically trained personnel. Commanders simply composed andtransmitted clear-text bogus messages over their own command radiosand nets in an attempt to mislead the enemy concerning U.S. intentions.Army commanders rarely involved ASA specialists in these MCDattempts. There were, however, three Army MCD operations worthy ofnote.The first was conducted between 29 March and 14 April 1966 by the3d Brigade of the 1st Infantr Division durin 0 eration ABILENE inpDuring the last days of the operation, the enemy had evaded/~~~----Iall offers ofbattle, strongly suggesting that he might be engaging in closeinintercept of U.S. communications. The commanding officer of the 3dBrigade, assisted by the 337th ASA Company, drew up a communicationsdeception. plan to lure the enemy, if he was monitoring, backinto the area of operations for an ambush. The plan was to make theenemy think the brigade had left the area. Thus, two U.S. companiesstayed in concealed positions and maintained radio silence, while theremainder of the force obviously, and with normal communications,withdrew from the area.xusing several clear-text messages to .reveal thewithdrawal. The two companies were positioned for ready .reacrion incase the ruse succeeded. When the enemy did not reoccupy the area afterthree days, the stay-behind U.S, units also withdrew.A second MCD attempt involved the 11th Armored Cavalry in 1967.One squadron of the regiment, apparently without assistance from itsDSU, the 409th ASA Detachment; tried a similar ruse. The squadronsent out a bogus message in clear text to which the enemy, if listening,might have reacted. The message, from the regimental commander to the2d Squadron, advised the squadron of indications that the enemy mightbe operating in the Quang Buan rubber plantation-near which, infact, an enemy force was suspected-and directed the 2d Squadron toTOP SECRET UMBRAHOFORH(b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403(b) (3)-P.L. 86-36

TOP e~CR~T UM8H:A ~lOfOlH',COMMUNICATIONS COVER AND DECEPTION 143Truck-mounted ASA Reporting and Analysis Centersend a troop to support infantry in that area for the next 36 hours. It washoped that the troop would draw a major ambush in the area, for whicha squadron reaction force was ready nearby. Again, however, there was nosuccess. The 303d ASA Battalion first became aware of this MCDattempt when it monitored and investigated the clear-text message, whichappeared to the ASA unit to have been a gross violation,The third MCD operation did have a successful outcome. The 303dASA Battalion in 1967 wanted to test the extent of VC interception by aplanted, controlled breach of COMSEC. Lt. Col. Norman J. Campbell,the 303d commander at the time, reported:After losing some time attempting to approach the Corps (II FFV) staff onsuch an attempt (they opined they'd have to clear it with MACV, which wouldtake quite a bit of staffi"ng!), the CG, 199th Infantry Brigade (BG Forbes),said he could do this with us, Therefore, in an operation working with the DSU(856th RR Det}, he ordered a battalion in the field to send a message by usual

'fot" SfCRf'f UMBRAuorORP~144 WORKING AGAINST THE TIDEcommunication, ordering several companies to remain out in separate fieldlocations one night, rather than returning to the battalion base. At the sametime, he ordered the companies, by discrete instructions, to disregard themessage and surreptitiously return to the battalion base. This worked,apparently, proving that the VC were monitoring the nets, for the VC attackedthe supposedly weakened battalion base that night, but since all three companieswere in, the VC got clobbered and later relocated. At Corps, LTG Weyandthought this was a good start at /applying/ communications deception planningat Corps level which would be useful tactically to trap further VC reactions, andsent such a recommendation cable to MACV. However, not much appeared tohave been done in this respect before I left SVN.This is the only Army MCD operation in Vietnam in 1964-67 forwhich there is evidence of success.Navy MCCDIn April 1965, withJCS authorization, Admiral Sharp encouraged theuse of manipulative communications cover and deception in support oftactical operations against the Vietnamese Communists. GeneralWestmoreland, over-all coordinator for the operations, and the threeClNCPAC Service component commanders had authority to plan andconduct MCCD operations in accordance with the guidelines thatClNCPAC set down. The CINCPAC directive specifically encourageduse of MCCD on the MACV-CTF 77 coordination circuits. CINCPacific Fleet assigned to the commander of the Seventh Fleet the Navyresponsibility for planning and conducting MCCD operations in theSoutheast Asia area.In June 1965 the commander of the Seventh Fleet held a conferencewith representatives from the Task Force 77 and 71 staffs, tacticaldeception units, and COMSEC units to discuss plans for using MCCD inNavy tactical operations. Although they did not adopt the plan, therepresentatives for a while considered a concept for the use of MCCD inMARKET TIME operations that would lure into a trap the enemy'slarge wooden junks and steel hull cargo vessels approaching fromseaward. The concept called for the formation of a rigid outer barrierpatrol by ships available to the commander of Task Force 71. After agiven period of time, when it could be assumed that the NorthTOP 5£ER£T UMBRAPWrORU

'fOP SECRE'f UMBRAUOFORUCOMMUNICATIONS COVER AND DECEPTION 145Vietnamese had discovered the barrier pattern by analyzing uncoveredcommunications, the ships would leave their patrol stations under totalelectronic silence and take up positions to close the weak points in thebarrier. During this maneuver a tactical deception unit would maintain acommunications picture indicating that the rigid barrier pattern wascontinuing. While this concept had merit and many supporters, it wasnever fully tested because there was no firm intelligence on the mannerby which the North Vietnamese controlled the junks and cargo vessels.The Navy conferees adopted no particular concept as a result of theMCCD meeting in June 1965, but one positive result was arecommendation that went first to CINC Pacific Fleet and then to CINCPacific concerning communications and coordination control for MCCD.As a result, CINCPacific modified its policy in August 1965, delegatingresponsibility for coordinating MCCD operations to Service componentcommanders and enabling Service components further to delegateapproval authority for MCCD to lower echelon tactical commanders.Although the initial MARKET TIME deception concept was neveradopted as such, the commander of Task Force 71 employed a similarMCCD concept in MARKET TIME operations on several occasionsduring July 1965. The objective of the plan was to determine if changesin the location and pattern of the ships patrolling the outer barrier wouldresult in corresponding changes in the infiltration patterns. Informationderived from the operation would help in preparing follow-on deceptionplans.On 20 July Task Force 71 had eight destroyer escorts on patrol in thenorthern portion of the seaward barrier, a thin defense for a large area.Through MCCD, the task force commander hoped to simulate thepresence of eight additional Destroyer Squadron 19 ships in this northernarea. The communications pattern was to give a picture of a strong linealpatrol in the northern area.Two tactical deception teams, aboard two northern patrol ships, hadthe task of manipulating the communications of the Northern MARKETTIME Coordination and Reporting Net in order to present a picture ofthe strong lineal patrol. The net was an uncovered voice net on whichoperational and numerical codes rarely appeared and most traffic was inthe clear. During the first deception period tactical units shifted to analternate frequency so that the regular frequency carried only deceptiveTOP SECRET UMBRAtiOFORU

TOP SECRET UMBRArmf10RH146 WORKING AGAINST THE TIDEtraffic. During the second period the tactical units remained on theregular frequencies and deception traffic was superimposed on the circuit.The deception script called for the traffic to be predominantly plain text,with a small volume of encoded traffic to match actual traffic normallytransmitted on the net.To achieve realism, the tactical deception teams used the actual voicecall signs of eight Destroyer Squadron 19 ships. The ships were actuallyjust entering the WESTPAC area and would not be involved in anyoperations in MARKET TIME during the deception operation. For theperiod of deception, the commander of Destroyer Squadron 19 was torefrain from using these call signs on other than line-of-sight circuits.The COMSEC unit at the Naval Communications Station Philippineswas to monitor the Northern MARKET TIME Coordinating andReporting Net and associated area circuits and report by message to thetask force commander any discrepancies or variations in previouslyobserved patterns or procedures that would inform the enemy that theoperations were of a MCCD nature.During the first few days of the deception operation, the COMSECunit did detect and report deviations from previously observed patternsand departures from realism-misuse of operational and numericalcodes, employment of dummy codes and authentication systems ratherthan actual systems, improper preparation of deception messages,referencing of HFDF positions not coinciding with reported positions,citing of unrealistic underway replenishment schedules and times, andother irregularities suggestive of communications deceptions. TheCOMSEC monitoring reports also showed, as a by product, that theentire barrier operation, including positions, movements, patrol areas,and future plans, was susceptible to reconstruction through intercept andanalysis of communications going over the Northern MARKET TIMEnet.Perhaps the major reason for possible failure of the operation was alack of continuous liaison between the comma nders of DestroyerSquadron 19 and Task Force 71 during the MCCD period. Unknown tothe commander of TF 71, two of the ships of the destroyer squadron wentto Subic Bay and were transmitting on the Subic Harbor CommonNet-a medium frequency net-when the deception operation started.Therefore, the same voice call signs were appearing at the same time onTOP SECRET UltfBRAn0f10Rh'

TOP SECRET UMBRAHOFORHCOMMUNICATIONS COVER AND DECEPTION 147the Subic Harbor Common Net and the MARKET TIME circuits, apoint the enemy could hardly fail to notice.By 24 July, the end of the first deception period, Task Force 71 hadcorrected most of the deficiencies, and the stage was set for anotherMCCD attempt. ClNC Pacific Fleet issued new, completely fictitiousvoice call signs for use by the deception teams in the second phase of thedeception operation. The commander of Task Force 71 objected to thison the ground that it would be immediately apparent to an enemy analystthat these were deceptive calls, but ClNC Pacific Fleet overruled theobjections. Therefore, on 27 July 1965, eight new voice call signsappeared on the communications net as hypothetical ships. Upon theappearance of these eight new voice call signs, the COMSEC unitimmediately tagged them as deceptive, based on observation of theprevious deception effort.Other than the obviously fictitious voice call signs being used, thesecond attempt at deception proceeded very well. The lessons learnedfrom the first attempt were put to good use. The general opinion was thatthe second attempt could have been quite successful had not the enemyalready been alerted to look for deception because of the errors madeduring the first operation. Through use of more sophisticated COMSECtechniques such as HFDF, frequency measurement, and observation andcomparison of background noise associated with the voice, the COMSECunit was able to determine that transmissions purportedly originatingfrom five different units were all emanating from a single platform.The result of the July deception operation was inconclusive. Novariation in the infiltration patterns of the North Vietnamese junks cameto light. However, the MCCD operation probably achieved, as aminimum, CINCPAC's secondary objective of reducing the credibility ofthese communications and consequently making analysis by the enemymore difficult.On 30 July 1965 the commander of Task Force 115, a jointcommander under COMUSMACV, assumed responsibility for theMARKET TIME operations and discontinued deception activity.Although many recommendations for the use of deception were madeand considered, the Navy undertook no other significant MCeDoperation in the years up to 1968, primarily because of a lack of securityin communications, lack of security from visual observation, and rules ofTOP SECRET UMBRAUOFORU

TOP SECRET UMBRA?WfOlm148 WORKING AGAINST THE TIDEengagement requiring detailed coordination with the South Vietnamesebefore each actual operation. However, the Navy did institute a broadCC&D educational program designed to reach all command levelsresponsible for CC&D operations.There is no documentary evidence at hand to indicate that the MarineCorps conducted any major MCCD operations during this period. InOctober 1966 the commander of the III Marine Amphibious Forcedrafted an order setting forth basic policy and procedures for theemployment of deception in support of ground tactical operations, alongwith specific examples and operational areas in which deception could beemployed. The order was submitted through General Westmoreland toAdmiral Sharp but was never approved for execution.The Navy learned several valuable lessons for evaluating its MCCDoperations in 1965. Although the Navy did have the ability to undertaketactical MCCD (and lCD, for that matter) with its trained tacticaldeception units, a general knowledge of how to use these assets wascompletely lacking among commanders, their planning and operationalstaffs, and personnel at all levels. The primary lesson learned was that thesame men who conduct real operations must plan and conduct MCCDoperations, and the commanders must assume MCCD responsibilityrather than assigning it to the technical tactical deception units.Deception operations must also be completely realistic and must begenuinely integrated with actual operations.Air Force M CCDIn World War II and the Korean War, enemy aircraft aggressivelycontested Allied control of the skies; however, in the Vietnam War theair over North Vietnam was relatively free from challenge by enemyaircraft. Most American planes shot down fell to antiaircraft fire andsurface-to-air (SAM) missiles. Until 2 January 1967, the entire 23months of the air war had produced only 27 air-to-air" kills" against theNorth Vietnamese, and only 10 U.S. aircraft had fallen prey to enemyMIG's. Shying away from dogfights, North Vietnamese pilots preferredto harass U.S. fighter-bombers on their runs over North Vietnam,TOP SECRET UMBRAIqOfiOltIq

, ,TOP SECRET UMBRAHOFORHCOMMUNICATIONS COVER AND DECEPTION 149attempting to make the U.S. planes jettison their bomb loads short of thetargets or to burn extra fuel in evasive maneuvers.In December 1966 the Seventh Air Force planned an aerial ambush, .Operation BOLO, to force a confrontation with the enemy's bestaircraft-the MIG-21 Fishbed fighters. * BOLO involved bothelectronic (radar) and manipulative communications deception. Theessential feature of the plan, implemented on 2 January 1967, was adeception that would cause the enemy to assume that a flight of the U.S.1,600-mile-per-hour F-4C Phantom fighters was actually a flight of theslower moving U.S. F-I05 bombers against which the MIG-21 had abetter than equal chance in air-to-air combat.The plan of operation was to fly the superior U.S. F-4C's from basesin Thailand and South Vietnam, using flight paths, speeds, andcommunications duplicating those of the well-established flightcharacteristics of the slower F-105's. It was hoped that the deceptionwould be effective until the F-4C's were in visual contact with theMIG-21 's rising to meet them. When the engagement took place, otherF-4C's, including some that had flown up along the Gulf of Tonkin,were to guard known North Vietnamese airfields for 53 minutes toprevent the enemy aircraft from returning to them.In all, 52 F-4C's and 24 F-105's flew to North Vietnam in OperationBOLO using the Laos and Gulf routes. The first three flights throughLaos proceeded to the northern tip of the mountains located north ofPhuc Yen to engage the Phuc Yen MIG cover air patrol. Two flightsfrom Da Nang hovered northwest of Haiphong in case MIG's tried torun in that direction. Also, SAM suppression flights (IRON HAND)trolled for SAM's northwest of Phuc Yen and north and southeast ofKep.Arranging deception for the operation was not easy. Extreme cautionwas necessary to keep from compromising plans through loose talk orother action such as necessary relocation of aircraft. To the extentpractical, the F-4C's were physically disguised to simulate the larger"Two primary sources were used for this description. The one, a special historical studywritten by the historian at the PACSCTYRGN soon after Operation BOLO, wasforwarded by a USAF letter to NSA, sub: Material for NSA/SCA Cryptologic History,3 July 1969, TOP SECRET Codeword. The other was a USAFSS draft input to theHistory project, Vol V, Part III, Chapter 3, TOP SECRET Codeword, undated.TOP SECRET UMBRAHOFORf,

TOP SECRET UMBRAPWfORPf150 WORKING AGAINST THE TIDEF-105's on the enemy radar screens. While in flight, the F-4Cs flew atspeeds and altitude normal to those of the F-105's. The F-4Cs achievedcommunications deception by using F-105 call signs and standardcommunications frequencies. At the time, the F-4Cs and the F-105'sboth operated in flight without ciphony; for the most part, all communicationswere in plain language.For certain essential information the regular practice was to use redand yellow color codes, which allowed for low-grade encryption ofinformation such as the status of enemy aircraft. For the BOLOoperation, planners introduced several changes. One was the use of new"one-operation" code communications systems. North Vietnameseairfields used by MIG aircraft were each given a code name. Also, fourspecial code words, each with a specific meaning, were assigned to theoperation: LAS VEGAS meant situation as expected, MIG's reacting;EL PASO meant situation not as expected, MIG's quiet; LOSANGELES meant MIG's disengaging; and NEW YORK meantChinese aircraft coming over border.The geographic reference plotting system (GEOREF) '" was to be usedto give MIG locations and consisted of two letters for GEOREF blockdesignation and two numbers (rounded off at the l O's digit). Headings ofenemy MIG's were to be given only to the nearest 10 degrees and givenin two digits. When a MIG heading was unknown, a two-digit numberhigher than 36 would be used. MIG altitudes were to be given inthousand-foot increments and passed as two digits. When the altitudewas unknown, an exceedingly high number would be passed, forexample, 99. Insertion within the GEOREF of odd (l or 3) and even"In the geographic reference plotting system, the world is divided into 288 15-degreequadrangles. Each of these 15-degree quadrangles is identi fied by a two-characterdesignator (row and column coordinates). Each of these I5-degree quadrangles isbroken down into I-degree quadrangles, which are again identified by two-characterdesignators. Characters used for these identification purposes are the letters A throughQ, omitting the letters I and O. When reporting a GEOREF position, the I-degreequadrangle is followed by the longitude minute coordinates of the position within the 1­degree quadrangle. Two I5-degree GEOREF quadrangles (UH and VH) cover themajority of the Southeast Asian area of interest.TOP SECRET UMBRAN'OfOR14

'fOfl :5f:CItt:'f tJMBItAHOFOItHCOMMUNICATIONS COVER AND DECEPTION 151numbers (2 or 4) indicated, respectively, launch and recovery of MIG's.Some specific examples of possible use were:ETHAN BRAVO (daily MIG call word) AG 2715 would mean "MIG'sover mountain heading 270 degrees at 15,000 feet."ETHAN BRAVO Chicago YG 44 99 88 would mean "MIG's landingKep."ETHAN BRAVO Frisco AG 33 85 99 would mean "MIG·s scramblingfrom Phuc Yen."'fOfl SECH:E'f UMBIt/,UOFORU(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOF SECRET UMBRAf(OfORH152 WORKING AGAINST THE TIDE'fOil S:ECR:ET UMBRAUOfORU(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAHOFORfqCOMMUNICATIONS COVER AND DECEPTION 153Operation BOLO, as is frequently the case when MCCD is employed,required that communications facilities be used in an unusual manner andthat there be no pre-operation practice. The revised alert warning and.special code usage also added complexity for communicators during therelatively short time of operation when tension of battle was at its peak.Postoperation analysis indicated that the special techniques for achievingsecurity of communications did not cause any significant difficulty.PACSCTYRGN commended its Southeast Asia units for the initiativethey displayed in response to Operation BOLO, saying that the actionsdemonstrated the unique capability of AFSS to support tactical airoperations. I ,IL..;---;------:-"""":"'"----;---r-.,....,........---r---;---r--..,.....-....,...J,I Equal praise/isdue those who planned and initiated the deception without which theMIG kill would have been impossible. Accounting for 7 MIG-21's irv12minutes-in effect destroying one-third of the enemy's MIG~21inventory-was a remarkable feat.A number of other BOLO-type missions were flown over the ensuingmonths, the first on 23 January 1967, but either there was a pattern thatalerted the North Vietnamese or other factors went wrong. Whatever thereason, none of the later missions achieved the success of BOLO,Although all the Services engaged in communications cover anddeception operations in the 1965-67 period, the sum total/could not becalled a success. However, through their failure and occasional successes,the Services did develop some basic theories upon which they couldpredicate later CC&D operations. CC&D operations) should not beattempted by communications specialists acting alone; they need the fullknowledge and cooperation of appropriate operations personnel, a clearlydefined purpose, and a reasonable chance of achieving desired results.Even though CC&D operations might not require much time, expense, oreffort on the part of communicators, often, especially for CC&D of aTOP 8£CR£T UldBR/.HOFORH(b) (1)- (b) (3)-P.L. 86-36­(b) (3)-50 USC 403(b) (3)-18 USC 798

154 WORKING AGAINST THE TIDEmore strategic nature, they mean putting hard-to-hide military resources(troops, ships, or planes) into a deceptive posture to correspond with falsecommunications fed to the enemy, deployments that could be expensiveand time consuming and could require resources, often in short supply,that conventional operational requirements make unobtainable. Inaddition, good CC&D operations need an effective meansIDofe~aluating the enemy's response during and./fo"Tll""o-w-l-n-g-t"'Th-edeception.Caution must also be used to prevent the enemy fromoverreacting.(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798TOP SECRET UMBRAtWFORH

TOP SECRET UfdBRAHOFORHCHAPTER VLessons LearnedCOMSEC EducationOne major lesson learned from COMSEC monitoring in Vietnam isthat a commander's attitude toward COMSEC determines in largemeasure the degree of COMSEC awareness within his organization.Ironically, for one reason or another it was often difficult to convince acommander that the enem had an effective SIGINT 0 eration tar eteda ainst him.More often than not, it was onlyL.....,...---T"""".....,.....................................----,....,..............w en t e u imp ications 0 C MSEC deficiencies became apparent-sometimespainfully apparent-e-tc him through COMSEC monitoringreports that the commander in Vietnam took steps to improve hisCOMSEC practices.The U.S. COMSEC community should of course take all steps possibleto indoctrinate the U.S. tactical commander in CO,MSEC before hisarrival in the war zone and should not relegate this task to comparativelylow-ranking COMSEC personnel working in the field. The U.S.COMSEC organizations have numerous examples from monitoring andanalysis with which to demonstrate the consequences of poor COMSECpractices to the commander's complete satisfactibn./They need to con-TOP&6CRET .UMBRAlWFORH(b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403(b) (3)-P.L. 86-36

TOP SECRET UMBRAH8f'8RN'156 WORKING AGAINST THE TIDEP>,~.k~l)tr;~\~~Vietnamese Communist Intercept of U.S. Clear-text Communications.The communications give information on future U.S.air strikes (A/S). (Source: ASA TAREX unit.)TOP SECRET UMBRAPWf8RH

'fOP SECRE'f' UltfBRA1,OfOR-ULESSONS LEARNED 157U.S. COMMUNICATORS(calls1gn &suffix)Decot 351835 Fire 90Vague 90Ban:U.t 90.11VOICENET1/1 6\113 have r'enult ViR stroy AO, he .!ill r-elgyfor yout-I~ 9th CQ counterpart 16 in contact at thistimetnequcst poaL td.on Als at coord 51451,.5, oldbase area tomorrow mo~~ning+1250 Sluch 171255 "Fire 3i7~12-69 'D2/282We have mission at :J~,J()' fo .. pnt A.I.,> e.~.5739 you have ~rlenQ)y' areat+You give one Slel'1' ccordinat,e, we ha'J'ilfriendly at coord 57;13'13 you have friendlya,:'e&\-+We have friendly is at 51.l!J.9 grid-!- . =._We took up base camp at 58::14 :1+1530 B60A66 80B66Decot 33""80 B66Sluch 13 Strey 52OWL 83 Stro:r 80D2/2 ,.;>l~ 36 now closed th:.s lvcat.ion, they foundbunker at 662305+~ 26 found 1 wa:l~t at 6533Z3t)Ty 26 at (00.6 '00.2) r\l':ohs"'b-y fir~'f;6- WI­~!y 16 CloSEd I1\Y location+Sluggard 13 cover l'~cat1on rf,y 26 found5 bunker also I"J 26 e ct. up AP at th ~\t;l­We .tant free fire at. 584328?++Negative free fir~lwLllput A/s at 5836 gr1d+Will put A/s at 588356 to the Et+You contact wi.t.h rriY 1'1'1 endly+066?++At Il\Y 1QcatioJl-;-Typescript of InterceptTOP SBCRBT UltfBRAlWfORt,

TOP SECRET UMBRAHOFORH158 WORKING AGAINST THE TIDEvmce the commanders that the enemy has an active, sophisticatedSIGINT program in the war zone,..... ---'They need to assure that the commander going toVietnam understands that COMSEC is, in fact, the only weapon hehas against the enemySIGINT organization.The COMSEC community has taken a few steps to achieve thisindoctrination for service personnel. It has arranged for improvedbriefing materials for use in COMSEC education of higher level Serviceofficers. The Army and NSA have exchanged prepared briefing aids foruse in briefings of this kind, and the National Cryptologic School atNSA, starting about 1967,\has been offering courses to Service personnelthat highlight the enemy SIGINT threat and stress the importance ofcommunications security. The NSA school courses have been ofsignificant value to those vwho have attended, but unfortunatelyattendance has generally been limited to those already serving incryptologic positions; few prospective commanders of combat units haveattended. NSA and SCA headquarters have also prepared educationalbriefings for use by CINCPAC\ and CONUS-based commands. Thereremains, however, no uniform.Acornprehensive COMSEC educationalprogram for tactical commanders.Despite the various constructive 'efforts the COMSEC community hasmade, it has still failed to convince-some tactical commanders that theyneed COMSEC at all. As late as May 1969, NSA received' word that aU.S. Army brigade commander in South Vietnam had requested "that allCOMSEC support to his unit be discontinued." *The COMSEC community must also give attention to Servicecommunicators. When commanders 'are COMSEC-c'onscious, theircommunicators generally adhere to prescribed routines. When thecommander is not so predisposed, Servicecommunicators who are awareof the implications of COMSEC can stillhelp protect! communications.Here again awareness of the enemy's SIGINT operations can provide theInecessary conditioning for acceptanCe of ~bMSEC advice."From a "FACT SHEET," sub: COMSEC Support tolst Bde, 5th Inf Div, preparedby Maj. W. F. Gress, 20 May 1969, CONFIDENTIAL. .'fOP SfCRf'f UhfBRAlqOfORN'(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

.lLESSONS LEARNED 159--- J/As in the case of the commanders, the ideal would be.to indoctrinate communicators before they arrive in the war zone.The CC&D ParadoxEvents have shown that the U.S. Services were not well prepared toemploy communications cover and deception. When CC&D operationswere tried, the deception techniques, difficult to apply successfully evenunder optimum conditions, worked best when they involved. SCApersonnel and when operations staffs and commanders planning theCC&D had direct responsibility for conducting it.It is of interest to note that, except for some "home-grown" deceptionoperations planned and conducted without consultation with SCApersonnel, the Services often seemed reluctant even to use either imitativecommunications deception or manipulative communications deception.Paradoxically, the enemy practiced !CD with frequent success. The U.S.appears to have lost a good opportunity to put the enemy at a militarydisadvantage through communications deception at the tactical level.Success in deception such as that achieved by the Air Force in OperationBOLO, which accounted for the loss of one-third of the NVNMIG-21 's, certainly should have stimulated other major U.S. deceptionoperations.The Armed Forces in Vietnam also had only limited success inapplying communications cover. General overloading of communicationscircuits, a common situation during at least the early war years, inhibitedthe application of communications cover on most traffic lanes. Forsuccessful communications cover operations COMSEC specialistsobviously must first have a communications structure with enoughflexibility to permit the alterations required.New Concepts for Old ProblemsAt the beginning of U.S. combat involvement in Vietnam, the conceptin monitoring called for the U.S. specialist to duplicate what an enemySIGINT analyst might attempt. If the U.S. analyst failed to makeTOP SeCRET UMBRAtmFORt.-------_.- .~-(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TQP SBGlUIT UMBRAl'fOrORU160 WORKING AGAINST THE TIDETIMEOFINTERCEPr:1{;'u .s. COMMUNI~ATORSVOICE1calls1gn & suffix) I MESSAGE DATE !lET~"L£yo - 4.J s:5"'73 c'i: {2c~...J. P.II ~ ~ w;{Q d ..Q.b< "'~ -';:'!!f!iC

TOP 6~CR~T UMBRA nOrORf',LESSONS LEARNED 161:;:IMBOFINTERCEPl'U.S. CO~;ICATORS(callsign & sUffix) MlliSAGE DATE066 Fire 90 At 559368 found bunker and tunnel ldllcheck in the area tomorl'011 morning+D2/282~NET0935 Train 11 Stroy 11Paicher 11 IIAction 111040 Stroy 11 Stroy 6622-11--1969 - 3/11Request u~gent dustoff for 3 u.s. wounded(2 ~"b. 1 litter) by bit boobr trap atcoord. 778344 contact on the ground 081 +We have 6RP cut at this time +Lead cv is at cpt 78. tail cv is at cpt x +Reference from Flame at coord, 6937 hespotted base carr~ and movement. he \1antsNight Hawk took up 1 lima size from Trainelement search area +0905 Sluch 14 Fire 90------Fire 82 Sluch 140910 Sluch 14 Fire 90Fire 066s0930 Fire 90 stroy ABo0935 Race 6 Fire 900950 Fire 066 901005 90 C66s90 C66s13-12-1969 D2/282Come up on your post. give me location forput A/s at 1030 hour++Roger w31t:t·-LOCation put A/S a';. 573408+You have friendly near at that 1eationA/s++We have F at 2 to 5 clicks to the Wareal"iY 54 element AP 1 brocken for coordinationstroy A element sWeep+Road sweep t eam sp return your locationyet?++Affirmative , road t'weep to 00 return D54Loc atd.on«Request du~tofi f"r 1 VN remal", at ncrlocati.orc:-At coord 557367 'I~ found 1 t14"mol 130Mbunker.J-;'}!y A elem'Jr.t sp r:iY :i.ocat~.0!4at this. ct~r~etYour 51.;. element. will work'.ng inte> sa.also your- cP. 46 and 62 eler.:lE

TOP SECRET UMBRAUOfiORH162 WORKING AGAINST THE TIDEheadway in an attack on U.S. communications, then all was presumedwell. However, such was seldom the case since the COMSEC analystnearly always recovered sensitive information from the U.S.communications. In a sense, the COMSEC analyst therefore became apoliceman writing out tickets for violations. One lesson learned in theearly period was that this traditional COMSEC concept had limitationsand that better use could be made of the specialized COMSEC skills. Forbetter use of these skills, a closer working relationship between theCOMSEC specialist and command, staff, and communications personnelbecame necessary.Without changing its objective of securing U.S. communications, theCOMSEC community has gradually been moving toward a new modusoperandi-COMSEC surveillance. Under the new concept, analysts arenot limited to reviewing monitored communications, but have access toall operational information-operational plans, communications modes,cryptographic systems, and other data-to help them in planning withthe Service communicators for secure communication. COMSECofficials, after much consideration, designated a substantial number ofCOMSEC personnel as surveillance specialists. Monitoring thereforebecame as much a review of how well field-level COMSEC specialists hadplanned as it was a check on how well communicators themselves adheredto COMSEC procedures. COMSEC surveillance bridged the gap betweencommunicator and COMSEC specialist and helped erase the image ofthe policeman. The new approach proved highly successful in thePURPLE DRAGON survey and other joint undertakings to achieveoperational security for U.S. forces in Southeast Asia. While not all SCAand NSA personnel were in agreement, by 1968 there was generalrecognition that COMSEC objectives could best be achieved through thenew approach.Monitoring, however, will always be needed in one form or another.COMSEC specialists can arrange for secure equipment, educatecommanders in the importance of communications security, instructcommunicators in the use of codes, ciphers, and machines, enter intoplanning for communications support of the military operations, andparticipate in command actions to improve over-all operational security.But unless communications are monitored in order to measure theeffectiveness of steps taken in the name of COMSEC, the Services willTOP SECRET UMBRAUOFORH

TOP SECRET UMBRANOfOftfqLESSONS LEARNED 163have no means of evaluating the extent to which their communicationsmay be feeding information to a SIGINT-hungry enemy. Despitesophistication in the design and manufacture of cryptomaterials, theUnited States will remain vulnerable to enemy SIGINT activity until theU.S. Services develop a commensurate sophistication and commandemphasis in the use of those cryptomaterials.Full Treatment for the PatientThis review of monitoring and analysis operations to 1968 has shownthat the greatest COMSEC improvement has resulted when there was acombined Service attack on a single problem of general concernhe PURPLE DRAGON, Guam,and MARKET TIME operations produced results far more meaningfulthan would have been the case had each Service performed its monitoringfunctions alone. The assigning of an operations name or nickname to rheoperation and the designation of an executive agent from among theServices, as in ARC LIGHT, or a joint command as in PURPLEDRAGON, seem to act as catalysts upon the participants.Assumption of control at a joint command level brought the mostadvantages. It made possible more specific tasking for COMSECanalysts,improved exchange of COMSEC technology among the Services, andbrought forth more comprehensive reporting by field elements forcryptologic and Service officials at higher levels of command. It alsobrought a more complete component command emphasis to correctdeficient communications practices of all kinds, thus overcoming theusual practice of treating one symptom of a disease but allowing thepatient to die of another. Finally it caused a wider appreciation of thequality and quantity of intelligence that the enemy could gain through laxCOMSEC practices-this, a direct result of more comprehensive reviewof communications by all Services working on common/objectives.Better Systems, Better COMSECThe 1965-67 Vietnam experience was no different from other recentwar experiences in one major respect. So long as a communications system'fOP SEGRE'f UMBRAlWfORN(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'fOF SIKRl':'f UMBRAI40FORH164 WORKING AGAINST THE TIDE...u-.~(.f:~Tlf~...:(.>,."/It'A ~~l{(I!IIJ ....'-1"""" ~.. C ear-text Communitacticaloperations. ..Meetuse of KY-8 ciphonyTOP SECRET UIIlIBRAHOFOlU4

TOP SEERETUMBRArWfORHLESSONS LEARNED 165"TIMEOFINTERcEPru .S. COMMUNICATORS(callsign & suffix)1125 V,'lgue 90 Bandi t 901130 Stroy 80 n1146IIIIII"11 II1150 Ba:ndit 90 Bandit 90Fi.l·e 90Vag

'f'OF StKRf:'f' UMBRAHOFORU166 WORKING AGAINST THE TIDEplaces main reliance on individual restraint by Americans, it will fail inthe long run to have sufficient COMSEC to deny advantages of one kindor another to an enemy. As Americans, we do not appear to learn from.past mistakes. Three primary COMSEC problems existed in World WarII: unnecessary transmissions and operator chatter, excessive use of cleartext when suitable codes and ciphers were available, improper use ofauthorized codes and transmission procedures. That our enemies tookadvantage of our laxity in World War II is well documented. GermanSIGINT operations accounted for much of the cunning of GeneralRommel, the "Desert Fox" of North Africa during World War II.German SIGINT operations help to explain the German successes intheir air defense against Allied bombing from England, in the heavyAmerican losses at Salerno in 1943, and in Field Marshal vonRundstedt's 1944-45 winter campaign known as the Battle of theBulge.While U.S. SIGINT played an important role in the Battles ofMidway and the Coral Sea in the Pacific, Japanese SIGINT-interceptfrom plain language messages-was forecasting the attacks thatAustralian and American forces were planning for the Pacific islands.Despite the documentation from World War II, similar documentationfrom the Korean War, and abundant evidence from Vietnam, too manyAmerican military commanders still fail to believe in the enemy's knownSIGINT capabilities, and therefore still fail to appreciate the value ofgood COMSEC practices.The greatest COMSEC weakness of all results from the Americanpenchant for transmitting a great deal of information rapidly, oftenwithout adequate consideration of intelligence value, at times withoutconsideration even for the need of the communication. In thiscircumstance, there were only two realistic approaches to achieveCOMSEC improvements. The first was to employ more, easier-to-use,cryptosystems to reduce sharply the amount of information being sent inthe clear. The second was to introduce "a whole series of newtransmission systems" to make U.S. traffic difficult to intercept.Introduction of several newly designed manual systems along with theKW- 7 and KY-8 family of voice equipment helped to reduce thevolume of clear-text transmissions, and this brought a measure of relief.Nothing was done, however, to introduce communications or crypto-.'f'OF Sf:ERE'F UMBRAnOFORn

LESSONS LEARNEDTOP SECRET UMBRAnorOM,'167equipment of low interceptability. Neither the KY-8 nor the KW-7equipment has traffic flow security safeguards, although both do allowencryption of message heading information of value to enemy analysts.The use of on-line teletype and voice ciphony (KY-8) reduced thechance of human error and made possible the desired fast but protectedcommunications required by commanders in tactical operations. Thelatter was not available, however, for all authorized levels of commandrequiring communications. As in the case of the 25th Division, *introduction of such easy-to-use, on-line equipment brought decisiveimprovement in COMSEC. The Vietnam experience revalidated theformula "better systems, better COMSEC."Command EmphasisThe most important of lessons learned, implicit in much of whatappears in these pages, is that command emphasis on COMSEC ismandatory. The historical record shows the obvious: commanders whoemphasize COMSEC have secure communications; those who do not,have insecure communications. Command emphasis takes on manyforms-a commander personally reviewing COMSEC violation reports, acommander reprimanding offenders, a senior command releasing thenames of violators, and so forth-but whatever the form, commandemphasis must balance initiatives put forth by the COMSEC communityif the United States is to offset the losses resulting from enemy SIGINToperations.A commander who gambles with COMSEC gambles with the lives ofthe men he commands.*See pp. 43-45 above.TOP .seCReT UAfSRAP'10rOR~1

'TOF :ffiER:E'T UMBRAlWfORUList of AbbreviationsACCarea control centerAFAFSCCALTREVAMARARVNASABJUCAATCC&DCINCPACFLTCINCUSARPACCOMBARCOMSECCTFCTZDATSUMDIADRVDSUDTOCEEFIEElEFTOELSECETAEWFAAFACAir ForceAir Force Special Communications Centeraltitude reservationairmobile; amplitude modulationArmy RegulationArmy of the Republic of VietnamArmy Security Agencybeach jumper unit (Navy)COMSEC Assistance Advisory Teamcommunications cover and deceptionCommander in Chief, Pacific FleetCommander in Chief, U.S. Army, PacificCombat Aircraft Reportcommunications securityCommander, Task Force (Navy)corps tactical zoneDaily Activity SummaryDefense Intelligence AgencyDemocratic Republic of Vietnamdirect support unitDivisional Tactical Operations Centeressential elements of friendly informationessential elements of informationencrypted for transmission onfyelectronic securityestimated time of arrivalelectronic warfareFederal Aviation Administrationforward air controller'TOF SECRET UMBRAnOFOR~'(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAnOFORn170 WORKING AGAINST THE TIDEFFVFMFPACFSHFDFHOC!CDJCSJUSMAAGMAAGMACTHAIMACVMAFMARBKSMCCDMCDMEBMEDIVACMSTSONASNAVFACNAVSECGRUNAVSTANCSNOTAMNRSNSAPACNSCNSDNVANVNOBOPSECPACAFPACSCTYRGNField Force VietnamFleet Marine Force, PacificFederal Standardhigh frequency direction findinghours ofcoverageimitative communications deceptionJoint Chiefs ofStaffJoint U.S. Military Assistance AdvisoryGroup (Thailand)Military Assistance Advisory Group(Vietnam)Military Assistance Command, ThailandMilitary Assistance Command, VietnamMarine Amphibious ForceMarine barracksmanipulative communications and coverdeceptionmanipulative communications deceptionMarine Expeditionary Brigademedical evacuationMilitary Sea Transport Service, OfficeNaval Air StationNaval FacilityNaval Security GroupNaval StationNaval Communications StationNotices to AirmenNaval Radio StationNational Security Agency, PacificNaval Supply CenterNaval Supply DepotNorth Vietnamese ArmyNorth Vietnamorder of battleoperations securityPacific Air ForcePacific Security Region (Air Force)TOP SECRET UMBRAf'ofOFOft:f41 __-

TOP SECRET UMBRAPiOFORPiLIST OF ABBREVIATIONS 171PBRPDSPDSRPRCPWIROKRRCRRUR/TRTPRVNRVNAFSACSAMsexSDSEAMARFSEAWBSSIGOSIGSECSOlSOUSSSSBSSBNSSGSSISVNSWTADTAREXTFnOITRANSECTSARTSISTSMRpatrol boat, riverpractices dangerous to securityPractices Dangerous to Security Reportprocessing and reporting centerprisoner of war interrogationRepublic of Korearadio research companyradio research unitradiotelephoneradioteleprinterRepublic ofVietnamRepublic of Vietnam Armed ForcesStrategic Air Commandsurface-to-air missileService Cryptologic Agencysecurity detachmentSoutheast Asia Military Air Route FacilitySoutheast Asia Wideband Systemsignal officersignal securitysignal operation instructionsspecial operations unitsecurity squadron (Air Force)single sidebandnuclear power ballistic missile submarineSpecial Support Groupstanding signal instructionsSouth Vietnamsecurity wing (Air Force)temporary additional dutytarget exploitationtask forceTRANSEC Item of Interesttransmission securityTransmission Security Analysis ReportTRANSEC Interim ReportTransmission Security Message ReportTOP 8liiCRliiT UMBRAnOFORn

TOP SECRET UhfBRAUOFORU172 WORKING AGAINST THE TIDETSMSTSSRTSVTSVRTTYUSARVVCWESTPACWGWWIITransmission Security Monthly ReportTransmission Security Summary Reporttransmission security violationTransmission Security Violation Reportteletypewriteru.S. Army VietnamViet Cong; Vietnamese CommunistWestern Pacificwing (Air Force)World War IITOP SECRET Ui\JfBRAfiiOfiORfq

TOP SECRET UMBRAtJOFORUIndexABILENE, Operation: 142iAb"m,. Lt, Goo, (Cd:h,"" W" 19Air Force Security ServiceCOMSEC monitoring equipment:72, 73, 74, 75COM SEC operations: 77-84, 89,96-97, 100-03, 107-09, 120,121, 123, 125, 127, 130, 134,139, 149-53COMSEC organization: 20, 72-76COMSEC strength: 73, 74, 75-76SpecialCommunications Center:100-03Air Force Security Service unitsPACSCTYRGN Detachment 2:72,73,76,77,78, 1236922d Security Wing: 72,1236922d Security Wing Detachment4: 766922d Security Wing Detachment5: 72, 73, 74, 77, 79-80, 82,123,1276922d Security Wing Detachment7: 72, 74-76, 77, 80, 83, 1236927th Security Group Detachment1: 1236988th Security Squadron: 776988th Security Squadron Detachment1: 123Air Force units. Seea/so Air ForceSecurity Service units.Pacific Air Force: 73, 122Seventh Air Force: 73,75,77,81,84Thirteenth Air Force: 74, 75, 1222d Air Division: 73,79,1203d Air Division: 100, 107-09, 1198th Tactical Fighter Wing: 151,152-53388th Tactical Fighter Wing: 834242d Strategic Wing: 101-021958th Communications Squadron:104Air operations. See ARC LIGHT;B-52's; BLUE SPRINGS;ROLLING THUNDER.Altitude reservations (ALTREV's):121-22,135Analysis. See Monitoring and analysis.ARC LIGHT, Operation. See B-52's,operations by.ARC LIGHT COMSEC studiesSeptember-October 1966: 122­28, 163December 1966-March 1967:128,129,130,131,135,137Area control centers (ACes): 121-22Army Security AgencyCOMSEC education by: 48-54COMSEC operations: 19, 20, 22,23,25,27-45,48,49,51,91-95,120,123,125,130,139,142,143,158COMSEC organization: 20,21-27COMSEC strength: 20,21,22,23,24,25,26-27monitoring equipment: 22, 30TAREX: 44,49,51,158Army Security Agency units509th Group: 8, 24-25, 27, 49,123,125,142j03d Battalion: 24-27,35,37,52, 143-44TOP SECRET UMBRAtJOFORU(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

TOP 5HERHT UMBRl,174HOFORPoi'WORKING AGAINST THE TIDE313th Battalion: 24-27,37USASA Company, Saigon: 25, 37325th Company: 52337th Company: 142371st Company: 52,91-92WIst Security Detachment:22-25,28-29,37,38,45,93,120,123104th Security Detachment: 22,23409th Detachment: 142856th Detachment: 143-4482d Special Operations Unit: 21,22,24400th SpecialOperations Unit(Prov.): 21Capital Monitoring Team: 25COMSEC Assistance and AdvisoryTeams (CAAT's): 49DSU's, general: 23-27,37,52Army units. Seealso Army SecurityAgency units; Field ForcesVietnam.U.S. Army Vietnam: 127l st Cavalry Division: 44-45,50,52,90-95l st Infantry Division: 35, 44-45,1429th Infantry Division: 5225th Infantry Division: 9-11,43-45,48173d Airborne Brigade (Separate):39,52-53199th Infantry Brigade (Separate):143-44l l th Armored Cavalry: 35,142-43Advisory Team 75: 38"Australian ICD Incident": 9-11B-52'soperations by: 90,96,101,119­20,121-22,128,129B-5L.::2-::D~'s-:-1~0~2~-------~IBACK PORCH: 84Barlow, Howard c.: 2Blauverr, Lt. Col. Richard B.: 35-36BLUEBIRD Advisory Group: 38BLUE SPRINGS: 129, 130, 134~35,141BOLO: 149-53,159Brookshire, Lt. Col. Grail L.: 35Brown, Maj. Jerry L.: 19BUMBLE BUG. See BLUE SPRINGS.BUMPY ACTION. See BLUESPRINGS.C-130's: 77-79Campbell, Lc. Col. Norman].: 35,143-44Captial Operations Center (Saigon): 120Carter, Lt. Gen. Marshall S.: 128Central Office for South Vietnam(COSVN): 3Chance, Col.James: 128CharlesBerry, USS: 103,104Chausteur, Maj. John: 152China. See Communist China.Coast Guard, U.S.: 113Codes. See Cryptosysterns.COIN: 82Combat Aircraft Report (COMBAR):121Command emphasis.See Communicationssecurity, commanders'attitudes toward.Communications, monitoring of. SeeMonitoring and analysis;Violations, causes of.Communications cover and deception(CC&D) operationsAir Force: 139, 148-53TOP SECRET UMBRAHOFORH(b) (1)(b) (3)-50 USC 403(b) (3)-18 USC 798(b) (3)-P.L. 86-36

'fOP SECRE'f UMBRAHOf'OR:f4INDEX 175Army: 139.142-44compared with enemy CC&D:139-40definition of: 139electronicdeception: 149evaluation of: 153-54.159ICD, enemy: 8-11ICD, U.S.: 141Marine Corps: 148MCCD: 11-12.141.144-53MCD: 141.142-44Navy: 11-12.139,144-48responsibility for: 144CommunicationsImprovementMemoranda: 63Communicationssecurity (COMSEC).generalcommanders' attitudes toward: 2.15-16,19.30.34.39.42.43.45.48-49.50-54.55,67,68-71.83,84.88.91,92.93,94,113.119,120,122,127,128,155,158,166,167conventional monitoring: 1-84,91-128division of responsibility: 2during various wars, compared:2,53.163,166evaluation of: 155, 158-59, 162-63, 166-67functionsof: 1shortages of equipment: 98shortages of personnel: 11, 76, 88status of. 1960: 20status of, March 1966: 95status of, 1968,: 49,68strength: 11,20,21,22,23.24,25,26-27,54,55.58.62.63,64,73,74,75-76,88surveillance: 49,87-90,128-38.162-63Compromises, security. See Violations.COMSEC Traffic Analysis Report: 69ConsolidatedCryptologicProgram(CCP): 2CRITICOMM, securityof: 21CryptosysternsAN series: 7,12for BOLO: 150-51compared with those of WorldWar II: 53HY-2/KG-13: 135KAC-F: 95KAC-J: 83,94,95KAC-P/Q: 43,44KAC-Q: 95KAC-Q/P: 52KAC-21: 95KAC-24: 95KAC-72: 121,134KAC-132: 114.117KAC-138: 114KAC-140: 114,115,117-18KAC-154: 134KAC-183: 115,118KAC-227: 134KAC-238: 135KAG-21: 94KAG-24: 9l;KG-13: 107KL-7: 3.91.92.94KW-7: 30, 91. 92, 94, 166-67KW-26:JO, 105-06. 107. 108,135KY-3: 121KY-8: /30,44,49,94.95,166-67KY-9!. 121KY-,8: 53M-209: 12TOP .:SEERET UMBRAPJOFORl'J(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET UMBRAr"OfORN'176 WORKING AGAINST THE TIDEmanpack: 53manual: 13one-time pads: 20PALMER JOHN: 73POLLUX: 22PYTHON: 3SHACKLE: 43shortages of: 83-84. 113. 114.117,121SLIDEX: 3. 12TRITON: 121unauthorized: 7. 14. 44. 45. 48,52.53,55.92,93,94Daily Activity Summary (DASUM): 80Deane. Maj. Gen. John R., Jr.: 52-53Defense Intelligence Agency (DIA),and PURPLE DRAGON:128,130Denholm, Maj. Gen. Charles].: 33-34,44DePuy, Maj. Gen. William E.: 50-51F-4Cs: 149.150.151,152F-105's: 149,150,152Field Forces VietnamI: 25,37II: 25,35-36,37,39,42Fingerhut, Walter c.. 88Fisher, Robert A.: 87Forbes, Brig. Gen. Robert c.: 143GAME WARDENCOMSEC study of: 116-19operations: 64,115,116Geographic reference plotting system,defined: 150nGuam COMSEC study: 89,96-109Hancock, USS: 3Harris, General Hunter,Jr.: 123,125Heiss, Lt. Col.John L., III: 53Henchman, Lt. Col.John M.: 10-11Hyland, Vice Adm.JohnT.: 60Education, COMSECmethods: 34. 43-44, 49, 51-52.. 65-67,68,158problems: 50-54,155,158-59programs: 48-49,99,114,115,Imitative communications deception(ICD). See Communicationscover and deception, lCD,'--- I::~;,,~~E~~.~~cD' USEquipment, crypto-. See Cryptosystems.Equipment, monitoringAir Force: 72. 73, 74, 75Army: 22,30Navy and Marine Corps: 63, 64,65Jame.rtown, USS: 58,110Jarrett. Maj. George V.: 48johnsori.Lyndon B.: 82Johnson, Admiral Roy L.: 55, 57, 59,60TOP SECRET UMBRA UOFORU (b) (1)(b) (3)-18 USC 798(b) (3)-50 USC 403(b) (3)-P.L. 86-36

==TdP ~~Cfl:~'f UMBfl:1t UOfORP,INDEX 177Joint Chiefs of Staffand ARC LIGHT COMSECstudy: 122,123and PURPLE DRAGON: 128Joint U.S. Military Assistance AdvisoryGroup aUSMAAG), Thailand:22,23,25IKarch, Brig. Gen. Frederic: 55IKinnard, Lt. Gen. Harry W.O.: 50Knowles, Maj. Gen. Richard T.: 50Korean War, COMSE(: in: 2, 166Krulak, Lt. Gen. Victor H.: 55, 56,68Lessons learned: 155,158-59,162­63, 166-67___IMalpractices, COMSEC. See Violations.Manipulative communications deception(MCD). See Communicationscoverand deception, MCCDand MCD.Marine CorpsCOMSEC operations: 55-57,63,65,66-68MCCD operations: 148Marine Corps unitsFleet Marine Force, Pacific: 55Ninth Marine ExpeditionaryBrigade: 55III Marine Amphibious Force: 9,66,68,1481st Marine Division: 683d Marine Division: 681st Marine Air Wing: 68First Radio Battalion: 55-56Sub Unit One, First Radio Battalion:56-57,63,65,66-68MARKET TIMECOMSEC survey: 58, 59, 69, 89,109-16MCCD operations: 11-12,144-47tactical operations: 58, 59, 64,109-10McConnell, GeneralJohn P.: 73,82,83,84McNamara, Robert S.: 74Mearns, Maj. Gen. F. K.: 43Melanson, Capt. Leo M.: 52MIG-21's: 149,150,151,152,159Military Assistance AdvisoryGroup(MAAG), Vietnam, COMSECinspectionof: 20Military Assistance Command, Thailand(MACTHAI), COMSEC operationsfor: 23, 25Military Assistance Command, Vietnam(MACV)COMSEC for: 20,22,23,25,28-29,34and increased COMSEC strength:74, 75J-2, and COMSEC: 48Monitoring and analysisIof Air Force ground administration:121AFSS: 72, 73, 76, 77, 83, 89, 96,100-03, 107-09, 120, 121,125,134of air-to-air coordination: 121of air spacerequirements: 121ASA: 22, 23, 25, 29, 30, 33, 34,\ 35,42,43~45,48,91-95,\ 120-21,125,143\ communications not monitored:30,77ITOP SECRET UMBRAnOfORn(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'f~Jl ~f:elt~"f UMBRA nOFOlUJ178concept of conventional: 159, 162concept of surveillance: 87-90,128,162ofcontrol tower directions: 121of encrypted material: 22, 30, 89,96equipment for: 22,30,63-65,72-75ofFM: 30,34ofHF: 72,73,74,83,103,110,112,116,134of in-flight reporting: 121of manual Morse: 22, 30, 93, 116Marine Corps: 65and MCCD operations: 146of MF-SHF range: 103-04of microwave range: 34, 98, 103,104mobile: 22,23,29,30multichannel: 30, 73Naval Security Engineering Facility:105-07NAVSECGRU: 54-55, 58, 64­65,67-68,89,96-99,104,109-19,125,130NSA: 89,96,103-04,109percentage of coverage: 19, 34, 64premanent detachments: 23of preflight testing of equipment:121quantity of: 22,34,42,65,93of plain English: 77,91,96,112,125of radio, general: 33, 35, 43-45,48,65,77,100,120,125of radiotelephone: 19, 22, 25, 30,33,44,73,75,91,93of radioteletype: 22,30,33,34,93,125of refueling operations: 121and refusal to change plans: 19,35WORKING AGAINST THE TIDEof single sideband: 30,34,72,97,116,134successful, causes change of plans:19,35,68of telephone: 22, 25, 30, 33, 35,44,73,98,100,120,125oftroposcatter: 34,74of UHF: 72, 73, 74, 75, 76, 77,83,97,98, 103, 110, 116, 125of VHF: 72, 73, 74, 75, 76, 77,97,99, 101,103,110,116,125of weather reconnaissance: 121Moore, Maj. Gen. Joseph H.: 73National Cryptologic School: 158National Security Agencyand CC&D operations: 140COMSEC responsibility of: 2and COMSEC surveillance: 87,88,89,128and Guam COMSEC study: 89,96, 103-04, 109and PURPLE DRAGON: 128,130Naval Security GroupCOMSEC education by: 63, 65­67,68COMSEC operations: 54-55, 58,63-71, 89, 96-99, 104, 105­07,109-19,123, 125, ~39,144, 146COMSEC organization: 20, 54-62COMSEC strength: 54,55,58,62,63,64monitoring equipment: 63, 64, 65Naval Security Group unitsafloat: 54,58,60-61,63,104,110COMSEC 701: 54,97-99COMSEC 702: 54, 69, 110,112-15'f~fi ~f:eKf:'f UMBKA HOfORH

!LTOP SeClUH· UMBRAnOFORPJINDEX 179COMSEC 703: 54, 146COMSEC 704: 54COMSEC 705: 57-58,59-60,117COMSEC 706: 62COMSEC Team, Naval SupportGroup DaNang: 57-58COMSEC Team One (Alpha): 54,63,65COMSEC Team Two (Bravo):60-61,63,65COMSEC Team Three (Delta):58-60,116-19,123COMSEC Team Four: 62,117-19COMSEC Team Five: 61-62COMSEC Team Saigon: 58COMSEC Team Vietnam (C):55-56,64,66Detachment Delta, Naval CommunicationsStation Philippines:58NAVSECGRU Activity Hanza:54NAVSECGRU Activity Kamiseya:54,55,59-60,62,115NAVSECGRU Headquarters,Finegayan: 105-06shore-based: 54,55-60,62,64,65,~7-99, 104, 105-07,109-19Naval units. Seealso Naval SecurityGroup units.Beach jumper Unit One: 61-62Destroyer Squadron 19: 146Naval Advisory Group, Saigon:59,111-12,115,116Naval Air Communications FacilityAgana: 106-07Naval Communications StationCam Ranh Bay: 62Naval Communications StationFinegayan: 106Naval Communications StationGuam: 54,106, 123Naval Communications StationPhilippines: 54,55,62Naval Forces, Marianas: 106Naval Security Engineering Facility:105-07Seventh Fleet: 54, 55, 113Task Force 71: 144,145-47Task Force 76: 61Task Force 77: 144Task Force 115: 58, 59, 109-10,112-13,147Task Force 116: 59, 62, 116, 117Task Force 117: 62,117Task Group 76.4: 61Task Group 76.5: 61Task Element 70.7.7.1: 123Task Element 70.7.7.2: 123Nicholson, Col. Tom M.: 15-16NIGHTSTICK: 89North Vietnam. See Vietnamese Communistthreat.North Vietnamese Central ResearchDirectorate: 6Notices to airmen (NOTAM's): 121­22,135,137O'Connor, Maj. Gen. George G.: 52Office ofSpecial Investigation (AF):130Olds, Col. Robin: 151,152Operational security (OPSEC): 138Philco Tropo system: 84Positive identification radar advisoryzone (PIRAZ): 64Practice Dangerous to Security Report(PDSR): 37TOP SECRET UMBRAPfOrORtl

1=QP 8~CR::ET UMBRA UOFORH180Prestrike Report: 80Proteus, USS: 96, 107PURPLE DRAGON COMSEC study:88,90,128-38,163Ranger, USS: 5Red/Black criteria: 96Reichard, Maj. George D.: 48Reporting, of malpractices. See a/soreports by name.AFSS: 72,77,79-81,82,83ASA: 36-43Marine Corps: 68NAVSECGRU: 54-55,63,67,68,69-71, 112, 117, 118Republic of Korea, cryptosystemsfor:12Republic of VietnamCOMSEC of: 2-3,6,7,12,20,22,23,25,28-29,38,82and GAME WARDEN: 116and MARKET TIME: 109-10,113,116ROLLING THUNDER: 128-29,131,134,137-38Ryan, GeneralJohn D.: 83Search and rescue (SAR) operations: 64ServiceCryptologic Agencies. See AirForce Security Service; ArmySecurity Agency; Naval SecurityGroup.Sharp, Admiral U. S. G.: 87-88,90,122,123,124,125,127-28,138, 144, 145, 148SILVER BAYONETCOMSEC study: 48, 50,89,91-95operations: 90,94Southeast Asia Military Air RouteFacility (SEAMARF): 121-22,127WORKING AGAINST THE TIDEStrategic Air Command. See ARCLIGHT; B-52's.Surveillance, COMSECand COMSEC studies: 128-38concept of: 87-90,128,162evaluation of: 49, 162-63TAREX (target exploitation): 44,49,51, 158TEMPEST: 1,96, 103-09Tet offensive (1968), and navalCOMSEC operations: 62ThailandCOMSEC operations in: 22counterinsurgency operations(COIN): 82Timmes, Maj. Gen. Charles].: 20TRANSEC Analysis Notes (TAN's): 81TRANSEC Interim Summary (TSIS):81TRANSEC Item of Interest (TIOI):­80-81TRANSEC Review Board (Seventh AF):84Transmission Security Analysis Report(TSAR): 37Transmission Security Message Report(TSMR): 80, 83Transmission Security Monthly Summary(TSMS): 80,101Transmission Security Summary Report(TSSR): 37Transmission Security Violation Report(TSVR): 37,38,41Viet Congo See Vietnamese Communistthreat.TOP SECRET UMBRAUOFORH(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

'fOP SECRE'f UMBRANOFORt,INDEX 181Vietnamese Communist threatIjamming: 9SIGINT operations: 1, 2-11,19,35-36, 43-44, 49, 122, 139,155,158,159and VC COMSEC practices: 110Violations. See also Reporting, of malpractices.Violations, causescipher-signal anomalies: 103, 104communications structures: 113,117correction of: 20, 38, 43-44, 48­49,65-71,82,84,94-95,102-03, 104-05, 106, 107,108,109,113-14,115,116,117-18,121,122,126-27,131,134-35,137-38,162,163, 166-67daily F-105 reports: 83data processing equipment: 107­08EFTO procedures: 126equipment design and installation:105, 106, 107excessive communications: 44, 53,166failure to authenticate: 8, 44, 54,55,93improper use of codes: 55, 58, 83,114, 116lack of command emphasis: 2,15-16, 35-36, 43, 45, 48, 50­54, 55, 67, 69-71, 91, 93,94,120,155,158,167long-term use of code names: 55,82,127organizational complexity: 113refusal to use cryptosystems: 20,91-92, 166shortages of cryptosystems: 83-84,113,114,117,121short-tour dilemma: 11unauthorized codes: 7, 14,44,45;48,52,53,55,92,93,94unencrypted communications: 3,5,6-7,19,20,44,91,93,98,101-02,104,116,120-21,166vague guidelines: 13,81Violations, information revealedin action reports: 113on aircraft operational areas: 83on air operations, general: 3, 5,6-7, 38,68,73,77, 78-79, 82,83, 96, 98, 101-02, 104, 120,125,126,128,134,135,137on air reconnaissance: 38, 72on air refueling: 78on air tactics: 78on air-to-air coordination: 78on antenna bearings: 98on bomb damage assessments: 77on budget figures: 98on call signs: 38, 44-45, 52, 53,73,93,94on carrier-air squadron relationships:98on casualties: 113on classifiedequipment capabilities:93on command and control systems:72on frequencies: 38, 52, 93, 94, 98on grid coordinates: 38, 73, 82,93,94,112-13,118,127on locations of units: 38, 39,44,93,94on logistics: 93on medical evacuation: 15On MIG alerts: 77On naval order of battle: 112, 118on orbits: 83'fOPSECRE'f UMBRAtfOFORU(b) (1)(b) (3)-P.L. 86-36(b) (3)-50 USC 403(b) (3)-18 USC 798

TOP SECRET U~fBRA182f;iOFORHWORKING AGAINST THE TIDEreporting on: 34, 36-43, 54-55,63, 67, 68, 69-71, 72, 77, 79­81,82,83, 112, 117, 118, 123,125on SAM alerts: 77on search and rescue: 79on ships' movements and cargo: 98on special navigation techniques:78on TACAN azimuths: 83on tactical plans, general: 35, 38­39,44,52,93,94,102, 116,120-21,134on tactical operations, general: 93,94, 116, 118-19on time-over-target: 73,83on troop movements: 113on troop training: 113on types of aircraft: 72on underway replenishment: 113on VIP trips: 19,38,73,82Violations, rates of: 42-43,44Violations, sources ofAir Force: 8,14,72,73,77-78,82,83,101-03,104,107-09,120-21,125,126,127,134,135,137Army: 15,19,20,35',38-39,40-41,43-45,48,52,53,54,91-95,125,127MACV: 127Marine Corps: 68Navy: 3,5,55,58,68,98,105,106,107,112-13,114,116,118RVN: 2-3,6, 12,35,38,53,82,110TEMPEST: 103-09Walker, Col. Robert T.: 20Walt, Lt, Gen. Lewis W.: 68Westmoreland, General William C.;49,127,144,148Weyand, Lt. Gen. Frederick c.: 144Wiretappingenemy: 44guarding against: 98World War II, COMSEC in: 2,53, 166World-Wide Operations Security Conference,1968: 138'TOF SfKR:E'T UftfBRAHOFORH