Design preview · adopts the Kaharagian design system
An official training service of the State of the Kaharagians
Royal Army CollegeRoyal Army CollegeRoyal Kaharagian ArmyThe College of the Army
SIG 220 Communications Security and Digital Discipline
Lesson 5 of 10SIG 220

Digital Discipline and Device Security

Lesson Overview

The four lessons before this one taught security on the radio: the threats of interception, direction finding, traffic analysis, and deception, and the countermeasures of emission control, brevity, authentication, and net discipline. The thread that ran through them all was that security on amateur and licence-free radio comes from discipline, not from gadgets, because the law forbids you to encrypt your traffic. This lesson carries the same disciplined mindset off the airwaves and onto the devices and accounts that run the Army's digital tools, above all the Team Awareness Kit. The threats change shape, the tools change, and on these bearers encryption is allowed and expected, but the habit of mind is exactly the one you have been learning: assume an adversary is interested, give away nothing you need not, and treat access as something to be guarded.

A phone, a tablet, or a laptop that carries the Army's map, its chat, and its position reports is now a piece of signals equipment as surely as a radio is, and it deserves the same care. A lost handset, a guessed password, a tapped link in a message, or a certificate left lying about can hand an adversary the very picture the radio discipline of the earlier lessons worked so hard to protect. This lesson teaches the plain, practical hygiene that keeps those devices and accounts safe: strong unique passwords and multi-factor authentication, keeping software and devices updated, recognising and reporting phishing, protecting certificates like the keys they are, the drill for a lost or stolen device, and the discipline of holding and sharing only what is needed. It is the natural bridge to the Information Systems and Cyber Security speciality, and like that speciality it is defensive and lawful throughout: we protect the Principality's people, members, and systems, and we never attack, surveil, or intrude upon anyone else.

This is the knowledge layer. Setting up multi-factor authentication on a real account, installing a certificate into ATAK, and rehearsing the lost-device report are practised and signed off in person or on airsoft milsim exercises, alongside any hands-on operating; and where radio is actually transmitted on an exercise, it is transmitted only by licensed members or on licence-free, low-power sets. By the end you will be able to explain why a connected device is now signals equipment that must be secured, build and manage strong unique passwords and turn on multi-factor authentication, keep your software and devices updated and recognise and report phishing, protect your TAK certificate and other credentials like keys, carry out the lost-or-stolen device drill so accounts and certificates can be revoked at once, and apply data minimisation by holding and sharing only what the task needs.

Key Terms

  • Digital discipline: the habit of securing the devices, accounts, and credentials that run the Army's digital tools, the same disciplined mindset taught for the radio carried onto connected devices.
  • Credential: anything that proves who you are to a system and grants access: a password, a one-time code, a certificate, a key. Credentials are guarded like keys because they open doors.
  • Strong unique password: a long, hard-to-guess password used for one account only, so that the loss of one account cannot unlock the others; in practice held in a password manager rather than in the head.
  • Password manager: a trusted application that generates, stores, and fills strong unique passwords behind one strong master password, so a member can use a different password everywhere without memorising any of them.
  • Multi-factor authentication (MFA): requiring more than one kind of proof to sign in, typically something you know (a password) plus something you have (a code from an app or a hardware key), so that a stolen password alone is not enough.
  • Authenticator app: an application that generates short-lived one-time codes for multi-factor authentication, preferred over codes sent by text message, which can be intercepted or redirected.
  • Phishing: a message, by email, text, chat, or call, crafted to trick you into giving up a credential or installing something harmful, usually by impersonating someone trusted and creating urgency.
  • Certificate (the TAK .p12): a cryptographic credential, in the Army's case a per-user .p12 file, that proves a device's identity to the TAK server and grants it access to the shared map. It is a key, and is protected like one.
  • Patching / updating: applying the software updates that fix security flaws; an unpatched device is a known, open door, so prompt updating is a security task, not a chore.
  • Data minimisation: holding and sharing only the information a task actually needs, so that a lost device or a breached account exposes as little as possible.
  • Revocation: cancelling a credential, an account, a certificate, so it no longer grants access; the standing remedy when a device or credential is lost, stolen, or compromised.

Why a Connected Device Is Now Signals Equipment

Begin with the change in mindset, because everything else follows from it. The Royal Kaharagian Army fields a real digital capability. It runs its own self-hosted OpenTAKServer at tak.kaharagia.org, and members operate the Team Awareness Kit, ATAK on Android, WinTAK on Windows, iTAK on iOS, or WebTAK in a browser, to share a common operating picture: team positions, markers, routes, and chat. A phone running ATAK shows, and carries, the same kind of information a radio net carries: who is where, what they are doing, and what is about to happen. The phone is therefore a piece of signals equipment, and a careless phone undoes careful radio discipline.

Consider what is at stake on that single handset. It holds the live map of the team's positions, the chat, and, in the form of a certificate, the credential that lets it onto the Army's server in the first place. Lose control of the device or its accounts and an adversary gains, without ever touching a radio, exactly the common operating picture that the emission control and brevity of the earlier lessons were meant to deny them. Worse, a stolen certificate can let an imposter join the net as a trusted member, the digital cousin of the intrusion and spoofing taught in Lesson 03, injecting false markers and chat that look entirely genuine. Direction finding has a digital cousin too: a device that beacons its position is a transmitter, and a compromised one beacons to whoever is listening.

There is one important distinction from the radio lessons, and it is good news. On amateur and licence-free radio the law forbids you to encrypt, so security must come from discipline alone. On these digital bearers, the internet, a virtual private network, the traffic between TAK clients and the Army's server, encryption is lawful and is used. The TAK server uses certificates and encrypted connections by design. So digital discipline does not replace that protection; it guards the things the encryption depends on. Encryption protects the message in transit, but it cannot protect a password written on a sticky note, a certificate emailed to the wrong person, or a phone left unlocked on a train. Those are the gaps digital discipline closes. The encryption is the locked door; this lesson is about not leaving the key under the mat.

Passwords: Strong, Unique, and Managed

The password is the oldest credential and still the most abused. Three rules govern it, and the third is the one most often broken.

First, make it strong, which today means long more than it means complicated. Length defeats guessing better than a scatter of symbols does, so a long passphrase of several unrelated words, awkward and memorable, beats a short string of substitutions an attacker's software expects. Avoid anything guessable from you: names, dates, the unit, the obvious word with a number on the end. Second, make it unique: one password for one account, never reused. The reason is the way real breaches work. Credentials leak from some unrelated website, and attackers then try those same email-and-password pairs against every service they can reach, banking on reuse. Reuse means that one careless website's breach hands over your Army account too. A unique password per account contains the damage to the one account that leaked.

Third, and this is the rule that makes the first two practical, use a password manager. No one can invent and remember dozens of long unique passwords, and a member who tries will quietly start reusing or simplifying them. A password manager, a trusted application, solves this honestly: it generates a different strong password for every account, stores them all encrypted, and fills them in for you, so that the only password you must actually remember is the one strong master password that locks the manager itself. Make that master password long, unique, and never reused anywhere, and protect the manager with multi-factor authentication too. The habit to build is simple: every new account gets a fresh password from the manager, and no password is ever typed from memory if the manager can fill it.

A few supporting habits round this out. Change a password at once if you have any reason to think it has leaked, and never share one, not with a teammate, not with someone who phones claiming to be support, because a credential shared is a credential no longer controlled. Treat the recovery questions and backup email on an account as credentials in their own right, since they are another way in. And remember the distinction from the radio lessons: a password protects access on a digital bearer where such protection is lawful and expected; it is not the place to be coy, it is the place to be strong.

Multi-Factor Authentication: A Second Lock

A password, however strong, is a single lock, and single locks are picked. Multi-factor authentication, MFA, adds a second lock of a different kind, so that stealing the first is no longer enough to get in. The principle is to combine factors of different types: something you know, your password; something you have, a code from an app on your phone or a small hardware key; and sometimes something you are, a fingerprint or face. An attacker who phishes or guesses your password still cannot sign in, because they do not have the second factor in their hand.

Turn MFA on for every account that offers it, and certainly for anything that touches the Army: the password manager, email, and any account tied to TAK or the Army's systems. When you choose the second factor, prefer an authenticator app that generates short-lived one-time codes, or better still a hardware security key, over codes sent by text message. Text-message codes are better than nothing, but they can be intercepted or redirected by an attacker who hijacks a phone number, so where a choice exists, choose the app or the key. When you set MFA up, the service gives you a set of one-time backup recovery codes: write these down and keep them somewhere safe and offline, because they are how you get back in if you lose the phone that holds your authenticator, and they are themselves credentials to be guarded.

One modern trap deserves naming, because it defeats people who have done everything else right. Attackers who already hold a stolen password will sometimes trigger login after login, flooding your authenticator app with approval prompts, and bank on you tapping "approve" out of irritation or by reflex to make the buzzing stop. This is MFA fatigue. The rule is simple and absolute: if a prompt appears that you did not start, do not approve it. An unexpected approval request means someone has your password and is trying to walk through the second door behind you. Deny it, and treat it as a sign to change that password at once and report it.

Keeping Software and Devices Updated

An update is not a nuisance to be postponed; it is, very often, a security repair. Software has flaws, some of them holes an attacker can climb through, and when a flaw becomes known the maker issues a fix as an update. From the moment a fix is published, the flaw it repairs is public knowledge, and attackers race to exploit unpatched devices before they update. An unpatched device is therefore not merely old; it is a known, advertised, open door. Prompt updating, patching, closes the door before the attacker reaches it, and is one of the single most effective things a member can do for security.

The discipline is undramatic. Keep the operating system of every device current, phone, tablet, and laptop alike. Keep the applications current too, and especially the ones that matter to the Army: the TAK client, the password manager, the authenticator, the browser. Where a device offers automatic updates, turn them on, so the work happens without you having to remember it; where an update must be applied by hand, apply it promptly rather than dismissing the reminder for the tenth time. Restart when an update asks you to, because many fixes only take effect after a restart. And retire devices and software that no longer receive security updates at all: a phone too old to get patches is a permanent open door, and no amount of care elsewhere closes it.

Two cautions guard the practice itself. First, get your updates only from the proper place, the device's own update mechanism or the official application store, never from a link in a message or a pop-up urging you to install an "update," because that is a classic delivery method for the very malware updates exist to prevent. Second, keep an honest inventory in your head of what runs your Army tools, so that when you hear an update matters you know which of your devices it touches. The aim is a fleet of personal devices that are quietly, continuously current, presenting the adversary with closed doors rather than open ones.

Recognising and Reporting Phishing

Most digital compromise does not begin with a clever technical attack; it begins with a message that tricks a person. That is phishing: a message, by email, text, chat, or even a phone call, crafted to make you hand over a credential or install something harmful, usually by pretending to be someone you trust and pressing you to act before you think. It is the digital relative of the radio deception in Lesson 03, a hostile station imitating a friendly one, and it is defeated the same way, by a habit of verifying before you trust.

Learn the tells, because they recur. Phishing manufactures urgency: your account will be closed, a delivery is held, payment has failed, act now. Urgency is the lever, because a hurried person does not check. It impersonates something trusted: a familiar service, a colleague, a superior, the Army itself, often with a convincing logo and tone. It asks for what it should not, a password, a code, a certificate, a payment, that a genuine sender would never request by message; remember that no legitimate service and no Army authority will ever ask you to type or send your password or your multi-factor code. It hides its real destination behind a tidy-looking link or attachment: the visible text may read like a trusted address while the actual link goes elsewhere, and the attachment may carry malware. And the more dangerous examples are targeted, written with real detail about you, your role, or the Army, scraped from rosters, social media, or earlier leaks, which is one more reason the data minimisation and operational security of this course matter.

The defence is a steady habit. Slow down when a message pushes you to hurry, because urgency is the attack. Verify out of band: if a message appears to come from a person or a service and asks for anything sensitive, confirm it by a different, known channel, a phone number or address you already hold, not the contact details in the suspect message. Do not click or open when in doubt; go to the service yourself by an address you know, rather than through the link you were sent. And when you meet a phishing attempt, especially one aimed at the Army, report it to your chain of command or the relevant Army contact, even, indeed especially, if you think you may have fallen for it. A phishing attempt against one member is usually aimed at several, and an early report lets the Army warn everyone and revoke anything that may have been exposed. Reporting is not an admission of failure; it is the countermeasure.

   IS THIS MESSAGE PHISHING? A QUICK CHECK BEFORE YOU ACT

   URGENCY    Is it rushing me? "Act now, or else" is the lever.   -> SLOW DOWN
   SENDER     Do I really know who sent this, by a trusted channel? -> VERIFY
   ASK        Is it asking for a password, a code, a certificate,
              or a payment? No real service or authority ever will. -> REFUSE
   LINK       Does the real link or attachment match what it says?
              Unsure? Go to the service by an address I already know. -> DON'T CLICK
   FEEL       Does anything feel off, odd wording, wrong details?    -> TRUST THAT

   If two or more fire, treat it as phishing. Do not click, do not
   reply, do not give anything. REPORT it up the chain. Reporting a
   message you may have fallen for is the right move, not a failure.

Protecting Your Certificate Like a Key

The Army's TAK capability rests on certificates. Each member is issued a per-user certificate, a .p12 file, that proves their device's identity to the OpenTAKServer at tak.kaharagia.org and grants it onto the shared map. Understand plainly what that file is: it is a key. It is not a setting or a convenience; it is the credential that opens the Army's net, and whoever holds it can join as you. Treat it exactly as you would treat a physical key to a secure store, because that is what it is.

That understanding dictates how it is handled. Never share your certificate, and never send it where it could be intercepted: not by ordinary email, not over a chat, not on a messaging app, not on a memory stick passed around. It is installed onto your device through the proper, secure channel the Army provides, and it stays there. Protect it with its password, the import password set when the certificate is issued, and treat that password with all the care of any strong unique credential, held in your password manager, never written beside the file it unlocks. Keep it to its device: a certificate belongs on the authorised device it was installed on, not copied around to spares and personal kit, because every extra copy is another way it can leak. And let it benefit from everything else in this lesson, the device locked with a strong passcode, kept patched, free of the malware that phishing delivers, so that the key cannot be lifted off the device by some other route.

If you ever have reason to think your certificate has been exposed, copied, sent to the wrong place, or carried off on a lost device, treat it exactly as you would a compromised key to a building: report it at once so it can be revoked. Revoking a certificate cancels its access, so that even if an adversary holds the file, it no longer opens the net, and a fresh one can be issued to you. A revoked certificate is a changed lock. The whole value of the Army being able to revoke quickly depends on you reporting quickly, which brings us to the drill.

The Lost or Stolen Device Drill

A device that holds the Army's map, its chat, and above all its certificate can be lost or stolen like anything else, and when it is, the danger is not the cost of the hardware but the access the hardware carries. The standing answer is a drill, rehearsed so it runs by reflex when you are flustered, because a lost phone is a stressful moment and stress is when good habits save you. The governing principle is one word: report at once, so that accounts can be locked and the certificate revoked before anyone can use them. Speed is the whole game; an hour's delay is an hour an adversary has to use what they hold.

The drill runs in a clear order. Report immediately to your chain of command or the Army contact responsible, by any working means, the moment you know the device is gone; do not wait until you are sure it is truly lost rather than mislaid, because the cost of a false alarm is small and the cost of a delay is large. State plainly what was on it: that it held a TAK certificate, what Army accounts it could reach, and what else of sensitivity it carried. Revoke and lock: the certificate is revoked at the server so it can no longer join the net, and the accounts the device could reach have their passwords changed and their sessions ended, so a thief who slips past the screen lock still finds the doors shut. Use remote tools if they are set up: most phones and tablets let you locate, lock, or remotely wipe a lost device from another device or a web page, and a wipe that erases the certificate and data is a sound move once it is clearly lost or stolen, which is one more reason to have those tools enabled before you ever need them. Change credentials that the device held or auto-filled, treating them as exposed. And finally record and learn: report the loss to the civil authorities if it was a theft, note what happened, and let the Army adjust if a pattern emerges.

Two habits make the drill far easier and are set up in advance, not in the moment. Lock every device with a strong passcode or biometric and a short auto-lock, so a found or stolen device is a sealed box rather than an open one, buying the minutes the report needs. And enable the remote find-lock-wipe tools, and the encryption of the device's storage, ahead of time, so that the option is there when you need it. The member who has done these two things before anything goes wrong, and who reports the instant it does, turns a serious compromise into a contained inconvenience.

   LOST OR STOLEN DEVICE: THE DRILL (run it the moment you know)

        device lost or stolen
                 |
                 v
        [1] REPORT AT ONCE  -- chain of command / Army contact, any means.
                 |             Don't wait to be "sure". Say what it held:
                 |             TAK certificate? which accounts? what data?
                 v
        [2] REVOKE + LOCK   -- certificate revoked at the server;
                 |             account passwords changed, sessions ended.
                 v
        [3] REMOTE ACTION   -- locate / lock / wipe from another device,
                 |             if the tools were enabled beforehand.
                 v
        [4] CHANGE CREDS    -- treat anything the device held as exposed;
                 |             rotate those passwords.
                 v
        [5] RECORD + LEARN  -- tell the civil authorities if stolen;
                              note what happened so the Army can adapt.

   SET UP IN ADVANCE: strong passcode + short auto-lock; remote
   find/lock/wipe enabled; device storage encrypted. These buy the
   minutes the report needs, and seal the box if the report is late.

Data Minimisation: Hold and Share Only What Is Needed

The last discipline is the quietest and underpins all the rest. Data minimisation is the habit of holding and sharing only the information a task actually needs, so that a lost device, a breached account, or an intercepted message gives away as little as possible. It is the digital form of brevity, the same instinct that keeps a radio transmission short, applied to what you store and what you send. The information you never held cannot be lost; the detail you never sent cannot be intercepted.

It works in two directions. Hold less. Do not keep on a device, or in an account, information it does not need to do its job: old rosters, full names and contact details, photographs, plans, and notes that have served their purpose should be cleared rather than left to accumulate, because every item retained is an item exposed if the device or account is lost. A handset that carries only the current task's map and chat is a far smaller loss than one that hoards months of the Army's business. Share less. Put into a message, a marker, or a chat only what the recipient needs for the task in hand, and no sensitive surplus. This carries straight over from the radio lessons: just as you would never read exact numbers, full names, or precise plans in clear on an open net, do not scatter them needlessly across digital channels either, and where genuinely sensitive detail must pass, pass it by a properly secure bearer or in person, to the people who actually need it and no wider.

Minimisation reaches your own footprint as well, which is where this lesson hands over to the next. The roster you publish, the photograph you post, the routine an attentive watcher could read from your accounts, all of these are information held and shared, and all of them can help an adversary build a picture without ever breaking a single lock. Holding and sharing only what is needed, on your devices, in your messages, and across your public footprint, is the simplest and broadest protection there is, and it is the bridge into the operational security of the final lesson.

In Practice: A Member Loses a Phone on the Way Home

A Corporal who leads a section returns from an evening's airsoft milsim exercise, where the team had been running ATAK on their phones against the Army's server, sharing positions and chat across the serial. On the bus home, half asleep, the Corporal realises the phone is gone, left on the seat or lifted from a pocket, it is impossible to say which. The hardware is a nuisance, but it is not what tightens the stomach. That phone held the team's map from the evening, its chat, and the Corporal's own TAK certificate, the very key onto the Army's net.

Because the drill had been rehearsed, it runs without much thinking. The phone was locked with a strong passcode that snaps shut after thirty seconds, so it is a sealed box, not an open one, and that buys time. Borrowing a teammate's phone, the Corporal reports it at once up the chain, plainly: phone gone, it held a TAK certificate and reached the Army email account, possibly stolen, possibly only lost. The duty contact does not wait for certainty. The certificate is revoked at the OpenTAKServer, so that even if a thief unlocks the handset, the certificate it holds will no longer join tak.kaharagia.org, the lock is changed. The Corporal's Army email password is changed from the borrowed phone and its other sessions ended, and using the remote-management page the device is set to lock and then wipe, which it will do the moment it next touches a network. The few credentials the phone could auto-fill are treated as exposed and rotated from the password manager, whose own master password lived only in the Corporal's head and on no device. By the time the bus reaches its stop, the access the phone carried is dead, the data is set to erase, and a fresh certificate is already being arranged for a replacement handset.

Reflect on what made the difference, because none of it was luck. The strong passcode and short auto-lock sealed the box and bought the minutes. The remote-wipe tool, enabled long before, was there to use. The certificate was understood as a key, so revoking it was the instinctive first move, not an afterthought. Unique passwords meant the exposed email did not unlock anything else, and the master password, held nowhere but in the Corporal's memory, was never at risk on the lost device. And above all the report went up at once, before the Corporal was even sure the phone was truly stolen, which is exactly when reports do their work. A lost phone became a contained inconvenience instead of a hostile station on the Army's net, because the discipline was in place before it was needed.

Check Your Understanding

  1. Explain why a phone or tablet running the Team Awareness Kit is now to be treated as signals equipment, and what an adversary gains by compromising it, linking your answer to interception, intrusion, and direction finding from the earlier lessons. Then state the key difference between security on amateur radio and security on these digital bearers regarding encryption, and explain what digital discipline protects given that the connection itself is already encrypted.
  2. Set out the rules for passwords (strong, unique, and managed) and explain why reuse is the dangerous habit and why a password manager makes the other two rules workable. Then explain what multi-factor authentication adds, why an authenticator app or hardware key is preferred over text-message codes, and what an unexpected approval prompt (MFA fatigue) means and how you must respond to it.
  3. Describe how you protect your TAK .p12 certificate, explaining why it is treated as a key and what revocation does. Then run the lost-or-stolen device drill in order, explaining why reporting at once matters more than being certain the device is truly gone, and name the two things set up in advance that make the drill work. Finally, define data minimisation and give one example each of holding less and sharing less.

Reflection (write a short paragraph): Take an honest look at your own digital habits against this lesson. Do you reuse any password, and is multi-factor authentication actually turned on for your email, your password manager, and anything that touches the Army? Are your phone and laptop set to update themselves, and locked with a strong passcode that closes quickly? Could you carry out the lost-device drill tonight, do you know who to report to, and have you enabled remote find-lock-wipe before you need it? Think too about what your devices and your public footprint quietly hold and share that they need not. Choose two or three things you could put right this week, and consider how the disciplined mindset you learned for the radio applies, almost unchanged, to the screen in your hand.

Summary

  • A connected device that runs the Army's Team Awareness Kit is now signals equipment: it carries the team's positions, chat, and certificate, so a careless device undoes careful radio discipline, handing an adversary the common operating picture, a route to intrude as a trusted member, and a transmitter that beacons your position. Unlike amateur radio, these bearers are lawfully encrypted; digital discipline guards the credentials and devices the encryption depends on, the key under the mat that encryption cannot protect.
  • Make every password strong (long passphrases beat short complex ones), unique (one account, one password, because reuse spreads one breach to all), and managed (a password manager generates and holds them behind one strong master password). Never share a password, change it the moment it may have leaked, and guard recovery options as credentials too.
  • Turn on multi-factor authentication everywhere, preferring an authenticator app or hardware key over text-message codes, and keep the backup recovery codes safe offline. Never approve a login prompt you did not start: an unexpected prompt (MFA fatigue) means your password is stolen, so deny it, change that password, and report it.
  • Treat updating as security repair, not chore: an unpatched device is a known open door, so keep operating systems and key apps (TAK client, password manager, authenticator, browser) current, enable automatic updates, restart when asked, retire devices too old to be patched, and take updates only from the official source, never a link in a message.
  • Defeat phishing by habit: slow down when rushed, verify out of band before giving anything, never click or open in doubt, and remember no real service or authority ever asks for your password or code. Report every attempt up the chain, especially one you may have fallen for, so the Army can warn others and revoke what was exposed.
  • Protect the TAK .p12 certificate as a key: never share or send it insecurely, guard its password, keep it to its authorised device, and report any exposure so it can be revoked. Run the lost-or-stolen device drill at once (report, revoke and lock, remote action, change credentials, record and learn), set up beforehand a strong passcode, short auto-lock, remote find-lock-wipe, and storage encryption, and report immediately rather than waiting to be certain. Practise data minimisation, the digital form of brevity, by holding and sharing only what the task needs. This lesson is the bridge to the Information Systems and Cyber Security speciality and hands over to Operational Security in the Information Age, where holding and sharing less reaches your roster, photographs, and patterns of life; the radio discipline it builds on is taught across SIG 220 and SIG 201, and the TAK capability it secures supports HCR 220 Emergency Preparedness.

Crown Copyright © 2026 | Published by Authority of H.R.H. The Prince of Kaharagia

Lesson 5 · Knowledge Check

Question 1 of 3

Why is a connected device running the Team Awareness Kit now signals equipment?