Lesson Overview
Every time you key a radio you do two things at once. You send your message to the friends who need it, and you announce your presence to anyone, friendly or not, who happens to be listening. The first is the reason you transmitted. The second is the price, and the careless operator never counts it. This opening lesson of SIG 220 is about that hidden price: the honest, unglamorous account of what an adversary can learn from your communications, often without ever understanding a single word you said. Before you can defend a net you must see it the way a hostile listener sees it, as a stream of clues about who you are, where you are, how many of you there are, and what you are about to do.
The course you are beginning, SIG 220, is the second course of the Signals and Communications speciality. It follows SIG 201, which made you a disciplined operator, and it builds on FLD 220, which gave every national in uniform an awareness of signals. Where SIG 201 taught you to be understood, SIG 220 teaches you to be safe: to protect the Principality's people, members, and systems by discipline rather than by gadgets. This first lesson sets out the threats so that the countermeasures in the lessons that follow have something concrete to defend against. We cover the communications-security mindset, then the five threats in turn, interception, direction finding, traffic analysis, jamming, and spoofing or deception, and finally what communications security actually protects and why a small force can least afford to be careless.
This is the knowledge layer. Reading about direction finding does not make you hard to find any more than reading about a map keeps you from getting lost. The disciplined habits this course describes, transmitting little, transmitting briefly, authenticating, and saying nothing in clear that an enemy could use, are practised and signed off in person and on airsoft milsim exercises, where a careless net has a visible cost. Live transmission is done only by members who hold the proper licence, or on licence-free and low-power sets where no licence is required. Everything taught here is defensive and lawful: we study how we can be heard so that we give less away, never so that we may listen to or attack others. By the end you will be able to explain the communications-security mindset and why every transmission carries a cost, describe interception and direction finding and what each gives an adversary, explain traffic analysis and how patterns betray intentions without the words, describe jamming and spoofing and the deception they enable, and state plainly what communications security protects and why a small force cannot afford careless transmission.
Key Terms
- Communications security (COMSEC): the protection of friendly communications from an adversary, covering both the content of messages and the fact, pattern, and origin of the transmissions themselves. On radio it is achieved chiefly by discipline, not by encryption.
- Interception: the act of receiving a transmission not meant for you. Because radio is broadcast, any receiver in range can intercept, and no permission or skill beyond tuning in is required.
- Direction finding (DF): locating a transmitter by measuring the direction its signal arrives from at two or more points and crossing the bearings. To transmit is to risk being located.
- Traffic analysis: drawing conclusions from the externals of communication, who talks to whom, how often, how long, at what times, and in what volume, without needing to understand the content at all.
- Pattern of life: the routine of timings, volumes, and behaviours that an adversary builds up by watching over time. A surge or change in the pattern can reveal that something is about to happen.
- Jamming: deliberate transmission on a frequency to drown out or deny its use to others. It is an attack on availability, the ability to communicate at all.
- Spoofing (intrusion, deception): a hostile station imitating a friendly one to inject false orders, sow confusion, or draw out information. It is an attack on trust, the assurance that the station you hear is who it claims to be.
- Emission: any signal you radiate. The single emission you never send is the only one that cannot be intercepted, direction-found, or analysed.
- Critical information: the specific facts about your force, position, strength, intentions, and mission that an adversary most wants and that you most need to protect. COMSEC exists to keep these from leaking.
- Net: a group of radio stations sharing one frequency and therefore one conversation. Everything one station transmits, every station in range hears, friendly or not.
The communications-security mindset
Communications security begins with a change of view. The untrained operator imagines the net as a private room: the people they are talking to are inside it, and the door is shut. The trained operator knows the net is an open field. There are no walls in radio. The moment you transmit, your signal spreads in every direction at the speed of light to the limit of its range, and everyone within that range receives it whether you meant them to or not. The friends you are calling and the adversary you have not noticed are listening to exactly the same broadcast. This is not a flaw in any particular radio; it is the nature of radio itself.
From that single fact follows the central discipline of this course. Because you cannot keep your signal from reaching unfriendly ears, and because, as a later lesson explains, you may not lawfully encrypt your traffic on amateur or licence-free bands, you cannot make the signal secret. What you can control is how much you emit, how long, how often, and what you put into it. Communications security on radio is therefore not a product you buy or a code you switch on. It is a set of habits: transmit little, transmit briefly, transmit only when there is a real need, and never put anything in clear that an enemy could turn against you. The most secure transmission is the one you decided not to send.
The mindset has a second half, which is to think like the adversary on purpose. Before a task, ask what a hostile listener could learn from the way your section will use its radios, then arrange to give as little as possible. This is the defensive twin of operational security, and it runs through every lesson that follows. We never study these threats in order to inflict them on anyone; the RKA is a lawful, defensive, humanitarian force. We study them because you cannot protect a net from a danger you have refused to look at squarely. The rest of this lesson looks at five such dangers squarely, in the order an operator should worry about them.
Interception: assume you are heard
The first threat is the simplest and the easiest to forget: anyone with a receiver can listen to you. A radio transmission is a broadcast. It does not travel down a wire to one address; it fills the air around you, and any receiver tuned to your frequency and within range picks it up. Receivers are cheap, common, and entirely lawful to own and use, because listening requires no licence anywhere. There is no lock to pick and no signal that the listener is there. You will never see the receiver that is copying your traffic, and you must never assume it is absent. The working rule of the trained operator is short and absolute: assume you are always heard.
It is worth being honest about what interception does and does not give an adversary. By itself, interception delivers your words. If your transmissions are long, chatty, and full of clear detail, exact numbers, full names, grid references read out plainly, precise timings and plans, then interception alone may hand the listener almost everything they want. This is why brevity is treated in this course as a security measure and not merely as good manners: a short transmission gives a listener less to copy and less time to copy it. But even a perfectly disciplined transmission, one that says nothing sensitive in clear, can still be intercepted, and the mere fact and shape of it feeds the two threats that follow, direction finding and traffic analysis. Interception is the gateway through which the other threats reach you.
Consider what a careless net hands an interceptor over a single afternoon, set against the disciplined version of the same traffic:
WHAT A CARELESS NET GIVES AWAY WHAT THE DISCIPLINED NET GIVES
------------------------------------ ------------------------------------
"Hi Tom, it's Dave, we've got Two known call signs exchange a
twelve of us at the old mill" short report. No names. No count.
-> identity, strength, position No place spoken in clear.
"We'll move at half three to A brief WILCO. Timings and routes
the river crossing on the east were arranged in person, not aired.
side, same as yesterday" -> nothing on intentions or route
-> intentions, route, a pattern
long, rambling transmissions short, composed transmissions
-> easy to copy, easy to locate -> little to copy, hard to locate
RULE: interception is free to the enemy and invisible to you.
You cannot stop it. You CAN make sure it harvests almost nothing.
The defence against interception is not to wish the listeners away. It is to assume they are present and to make their work yield as little as possible: transmit only when you must, keep it short, and keep sensitive detail off the air entirely. The lessons on emission control and on security without encryption build this into a method. For now, fix the rule: every word you send, you send to the enemy too.
Direction finding: transmitting reveals your position
The second threat turns your own radio into a beacon. Direction finding, or DF, is the technique of locating a transmitter by its signal. A listener with a directional antenna can tell roughly which way a transmission is coming from. Two or more such listeners, in different places, each take a bearing on the same transmission and cross those bearings; where the lines meet is where you are. The principle is old, well understood, and within reach of a determined adversary. The hard consequence for the operator is this: to transmit is to risk revealing your position. The longer and more often you transmit, the easier and more precise the fix becomes.
DF attaches a cost to the act of transmitting that has nothing to do with what you said. Even a transmission an adversary cannot understand, even one perfectly empty of useful content, still radiates a signal that can be located. This is why emission control, the subject of the next lesson, treats the quietest net as the safest net, and why brevity matters twice over: a short transmission gives a DF effort less time to take and cross its bearings before you stop. It is also why operators are taught to move after transmitting where the situation demands it, so that a fix, even if obtained, points to where you were and not where you are.
A simple picture shows how crossing bearings produces a fix:
DIRECTION FINDING: two listeners cross their bearings
DF site A o. .o DF site B
\. ./
\. bearing bearing ./
\. from A from B./
\. ./
\. ./
\. ./
\. ./
\. ./
\X/ <-- YOU: the lines cross
| here. This is your fix.
(your transmitter)
One bearing gives a direction. TWO crossed bearings give a POSITION.
The longer and more often you transmit, the better the fix.
Lesson: the signal you never send cannot be located at all.
The defence against DF is, above all, to transmit less. Lowest power that does the job, shortest transmission that carries the message, fewest transmissions that complete the task, and silence whenever silence will serve. Terrain, antenna direction, and movement all help, and the operator course treats them in detail, but they are refinements on the one decisive measure: emit as little as you possibly can. The signal you never send is the one secret a DF operator can never crack.
Traffic analysis: patterns betray you without the words
The third threat is the subtlest and, for a disciplined force, often the most dangerous, because it defeats brevity and good content alike. Traffic analysis is the art of learning from the externals of communication rather than the content. The analyst may not understand a word you say, and it does not matter. They study who is transmitting, who answers, how often, how long, at what times, and above all how the volume of traffic rises and falls. From these patterns alone they reconstruct your structure and read your intentions, because human activity has a rhythm and that rhythm leaks into the air.
Think about what the externals reveal. The station that everyone reports to is the command station, identifiable as such without a single order being understood, simply because the traffic flows toward it. The station that suddenly appears on the net is a new element arriving. A net that is quiet for days and then bursts into a flurry of short, urgent exchanges is a force about to act; the surge itself is the warning, and it arrives before the first move does. A regular transmission at the same hour every day is a routine, a sentry change or a scheduled report, and a routine is a vulnerability you have handed the adversary for free. None of this requires breaking your words. It requires only watching the pattern of life of your net over time.
TRAFFIC ANALYSIS: reading the net without reading the words
WHO TALKS TO WHOM ------> structure / who is in charge
(all stations report to the station traffic flows TO
one station) is the command station
HOW MUCH, AND WHEN ------> state and intentions
quiet net, then a sudden a surge means something is
surge of short messages ABOUT to happen
HOW REGULAR ------> routine = a vulnerability
same call, same length, a daily fixed transmission
same hour every day is a pattern to exploit
HOW LONG, HOW OFTEN ------> importance and tempo
long or frequent exchanges marks the busy, important
between two stations link worth watching
THE WORDS ARE NEVER NEEDED. The shape of the traffic tells the story.
Defence: keep volume low and steady; vary timings; never let the
net's RHYTHM announce your plan before you make a move.
The defence against traffic analysis is harder than the others, because it cannot be met by a single good habit. It is met by denying the adversary a readable pattern. Keep traffic volume low at all times, so that there is no quiet baseline to surge above. Avoid rigid routines, fixed transmission times, and predictable lengths. Where the situation is sensitive, arrange timings and plans in person beforehand so that nothing about them needs to ride the net at all. And remember that the worst thing you can do is fill a quiet net with chatter and then go silent and busy when the task is real, because that contrast is precisely the signal an analyst is waiting for. A steadily disciplined net gives traffic analysis the least to work with.
Jamming, spoofing, and deception
The first three threats are passive: the adversary listens and learns and you may never know they were there. The last two are active. The adversary transmits, and now the danger is not only that you are read but that your communications are attacked.
Jamming is the deliberate transmission of interference on a frequency to deny its use. A strong enough hostile signal drowns out the friendly ones, and the net falls silent not because no one is transmitting but because no one can be heard through the noise. Jamming is an attack on availability, on your ability to communicate at all. You may meet it as a sudden wall of noise, or as a frequency that simply stops working while others nearby are fine. The operator's first response is to recognise it as jamming rather than equipment failure, to report it, and to fall back, which is exactly what a PACE plan exists to make automatic: when the primary means is denied, the team already knows the next rung to reach for. A force that has rehearsed its fall-backs treats jamming as an inconvenience; a force that has not treats it as a disaster.
Spoofing, also called intrusion or deception, is more insidious. Here a hostile station does not drown your net; it joins it, imitating a friendly station to inject false orders, feed you wrong information, or lure you into revealing what you know. A voice on the right frequency using the right procedure can sound entirely genuine, and on an open net there is nothing in the signal itself to prove who is really speaking. This is an attack on trust. Its defence is authentication: agreed challenge-and-reply tables that let a station prove it is genuine and expose an imposter who cannot answer correctly. Authentication is treated in full in a later lesson; for now, hold the principle that on an open net identity must be proven, not assumed, and that a request that is unusual, that asks you to move, to reveal your position, or to break a plan, is exactly the request to authenticate before you obey.
ACTIVE THREATS: the adversary transmits at you
JAMMING SPOOFING / INTRUSION / DECEPTION
----------------------------- --------------------------------
attacks AVAILABILITY attacks TRUST
drowns the frequency in noise imitates a friendly station
the net cannot be heard injects false orders / fishes
for information
Symptom: sudden wall of noise, Symptom: an odd request, a voice
one frequency dead, others ok that wants you to move, reveal
position, or break the plan
Defence: recognise it, report, Defence: AUTHENTICATE. Make the
fall back on the PACE plan caller prove identity before you
(you already know the next rung) act. Identity is proven, not
assumed, on an open net.
Both active threats reward the same preparation: a rehearsed PACE plan so a denied net does not stop the task, and disciplined authentication so a false voice cannot move you. Neither can be improvised under pressure, which is why they are trained in advance and signed off in person.
What communications security protects, and why a small force cannot be careless
Step back from the five threats and ask what, in the end, they are all reaching for. They are reaching for your critical information: your position, your strength, your intentions, and the mission those serve. Interception tries to take it from your words. Direction finding tries to take your position from your signal. Traffic analysis tries to read your strength and intentions from your pattern. Jamming tries to stop you protecting any of it by stopping you communicating, and spoofing tries to make you give it away or act against it. Communications security is the single discipline that defends all four, by controlling not just what you say but the fact, shape, and origin of your transmitting.
This matters for any force, but it matters most for a small one, and the Royal Kaharagian Army is deliberately small. A large force can absorb a leak; it has depth, reserves, and redundancy enough that an adversary who learns one thing still faces an unknown mass behind it. A small force has no such cushion. If a careless net reveals that twelve people are at a particular place and about to move at a particular time, it may have revealed nearly the entire force and the entire plan in one transmission. There is little behind the first fact to confuse the picture. For a small force, every leak is proportionally larger, every position fix more decisive, every pattern more completely readable. The same discipline that is merely good practice for a large army is survival for a small one.
There is a hopeful side to this, and it is the reason the course exists. The threats are real but the countermeasures are within a disciplined operator's reach and cost nothing but habit. Transmit little, transmit briefly, transmit only when you must, authenticate when identity matters, keep critical detail off the open net, and deny the adversary a readable pattern. Each of these is free, lawful, and available to the smallest section. A small force that communicates with discipline is not one that has been outspent; it is one that has refused to give anything away. That refusal is the whole subject of SIG 220, and it begins with seeing the threat clearly, which you now do.
In Practice: A Corporal Plans a Quiet Net
A section under Corporal Veloso is tasked to assist a small isolated community after a storm has cut its road. Before the section moves, the Corporal thinks not only about how the section will talk but about what an unfriendly listener could learn from that talking. She has just finished SIG 220 Lesson 01, and she walks her own net through the five threats.
Interception first: she assumes everything will be heard, so she decides that the route, the numbers, and the timings will be briefed in person now and never read out on the air. On the net, the section will pass only short, agreed reports. Direction finding next: she sets the policy that every transmission is the shortest that carries the message, on the lowest power that reaches, and that the two licensed members will not sit transmitting at length from a fixed spot. Traffic analysis third: she notices that her instinct, and her soldiers', is to chatter when nervous, so she briefs a quiet net deliberately, a low and steady trickle of traffic with no fixed schedule, so that no surge or routine will announce anything. For jamming she confirms the PACE plan everyone already knows, voice through the repeater, then simplex, then the Meshtastic mesh, so that a denied frequency means a fall-back, not a halt. For spoofing she sets a simple authentication challenge for any request to move or to give a position, so that an unexpected order must be proven before it is obeyed.
On the ground it is undramatic, and that is the point. The section helps the community over two days. The net stays quiet, brief, and steady. When an unfamiliar station comes up asking the section to relocate to a different grid, the Corporal does not argue and does not comply; she issues the authentication challenge, gets no correct reply, and disregards the call, reporting it instead. The task is completed and the section's position, strength, and intentions were never there in the air for anyone to read. Nothing was encrypted, because nothing on those bearers lawfully could be. The security came entirely from discipline: from a Corporal who looked at her own net the way a hostile listener would, and gave that listener nothing worth the watching.
Check Your Understanding
- Explain the communications-security mindset in your own words, including why every transmission carries a cost beyond the message itself, and why, on amateur and licence-free radio, security must come from discipline rather than from making traffic secret.
- Describe interception, direction finding, and traffic analysis, and for each state precisely what an adversary gains from it. Then explain why traffic analysis can defeat an operator who is careful about content but careless about the pattern of their net.
- Name the two active threats, state what each one attacks (availability or trust), and give the main defence against each. Then explain why communications security matters more to a small force than to a large one, naming the four things it ultimately protects.
Reflection (write a short paragraph): You have now seen that every time you key a radio you broadcast to the adversary as well as to your friends, and that an enemy who never understands a word can still locate you, count you, and read your intentions from the shape of your traffic. Think honestly about your own instincts on a radio or a phone: the urge to chatter, to explain at length, to transmit the moment a thought arrives, to assume the only people listening are the ones you meant. Consider which of those instincts would betray a small force, and which single habit, transmitting less, you would find hardest to hold to under pressure. Write, in your own words, what it means to treat the net as an open field rather than a private room, and the standard of discipline you will hold yourself to so that an adversary watching your communications learns as close to nothing as you can manage.
Summary
- Communications security on radio is achieved by discipline, not by gadgets or codes. Radio is broadcast, so you cannot keep your signal from unfriendly ears, and on amateur and licence-free bands you may not lawfully encrypt. What you control is how much, how long, how often, and what you transmit. The most secure transmission is the one you chose not to send.
- Interception is free to the adversary and invisible to you. Any receiver in range can listen, and listening needs no licence. Assume you are always heard. Brevity is a security measure: a short transmission gives a listener less to copy.
- Direction finding locates a transmitter by its signal. Two crossed bearings give a position, so to transmit is to risk revealing where you are. The defence is to emit as little as possible: lowest power, shortest and fewest transmissions, silence when it will serve.
- Traffic analysis reads your structure and intentions from the pattern of your traffic, without the words. Who talks to whom shows who is in charge; a surge after quiet warns that something is about to happen; a routine is a vulnerability. The defence is a low, steady, unpredictable net and arranging sensitive detail in person.
- Jamming attacks availability by drowning a frequency in noise; the defence is to recognise it, report it, and fall back on the PACE plan. Spoofing attacks trust by imitating a friendly station; the defence is authentication, proving identity rather than assuming it.
- Communications security protects position, strength, intentions, and the mission. A small force can least afford to be careless, because a single leak may give away nearly the whole force and plan at once. The countermeasures cost nothing but habit and are within reach of the smallest section.
- This lesson is the threat picture the rest of SIG 220 defends against. Lesson 02 teaches emission control and the quiet net, Lesson 03 authentication and recognising intrusion, Lesson 04 security without encryption, Lesson 05 digital discipline and device security, Lesson 06 traffic analysis and what the pattern reveals, Lesson 07 electronic warfare, jamming, and direction-finding, Lesson 08 physical and personnel security of communications, Lesson 09 when security fails, compromise and recovery, and Lesson 10 operational security in the information age. The course follows SIG 201 · Radio Communications and Message Handling, builds on FLD 220 · Signals and Field Communication, bridges to the Information Systems and Cyber Security (CIS) speciality, and supports HCR 220 · Emergency Preparedness and Civil Resilience, PME 210 · Staff Duties and Written Orders, FLD 230 · Patrolling and Tactical Movement, and FLD 201 · Navigation and Fieldcraft. These skills are mastered by rehearsal and certified in person, including on airsoft milsim exercises.
Crown Copyright © 2026 | Published by Authority of H.R.H. The Prince of Kaharagia