Royal Army College

Lesson Overview

The earlier lessons defended communications on the air and in the device: against interception, analysis, jamming, and the leakage of patterns. But communications can be compromised without any of that, by an enemy who never touches the airwaves, because the security of a net also rests on physical things, the radios, the codebooks, the key material, and on people, those who hold the communications plan and operate the net. A radio captured intact, a signals instruction left where it can be read, a callsign list lost, a careless word from someone in the know, any of these can hand an adversary what no amount of on-air discipline would have given. This lesson takes the physical and personnel security of communications: protecting the equipment and the sensitive material that make a net secure, and managing the people who hold its secrets, so that the net is not compromised through the kit or the human rather than the airwaves.

Two ideas run through it. The first is that the most sensitive thing a small force holds is often not a message but the material that secures all its messages: the signals instructions, the callsign and frequency lists, the codes and key material. A single such item, captured or compromised, can unlock not one message but the whole net, which is why this material is guarded far more closely than any individual message and why its loss is treated as a serious compromise. The second is that people are both the strongest and the weakest part of communications security: a disciplined, trustworthy member who guards the kit, the material, and their tongue is the foundation of a secure net, while a careless or compromised one can give away through a lost device or a loose word what every technical measure was protecting. Physical and personnel security are about guarding these two often-overlooked avenues, the thing and the person, by which a net is lost.

This is the knowledge layer. It teaches you the physical security of communications equipment and material and the personnel security of those who hold communications secrets, so that you understand the non-technical avenues by which a net is compromised and how to close them. The actual handling of sensitive material and equipment to the proper standard, and the drills for its protection and destruction, are taught in person under qualified supervision and certified there. Read this to know the physical and human threats; the handling drills are built in person.

By the end you will be able to explain why physical and personnel security matter even when on-air security is perfect, protect communications equipment and account for it, safeguard sensitive signals material and understand why its loss compromises the whole net, apply the principles of personnel security and need-to-know, and respond correctly to the loss or capture of equipment or material.

Key Terms

Physical security: the protection of communications equipment and material from loss, theft, capture, and unauthorised access, as opposed to on-air or digital security.
Personnel security: the management of the people who hold communications secrets, so that access is limited to the trustworthy and to those who need it.
Signals material: the sensitive documents and data that secure a net, including signals instructions, callsign and frequency lists, codes, and key material.
Key material: the codes, keys, and cryptographic material that secure communications, the most sensitive signals material, whose compromise can unlock the whole net.
Need-to-know: the principle that sensitive information is given only to those who genuinely require it for their duty, not to all who might be curious or trusted.
Compromise: the loss of security of equipment, material, or information to an adversary, whether by capture, loss, theft, or disclosure.
Zeroise / destroy: to erase or destroy key material and sensitive data so that captured equipment yields nothing, done when capture is imminent or has occurred.
Accountability: the responsibility for signed-for equipment and material, kept secure and accounted for at all times (the Army's stores discipline, applied to signals).
Insider risk: the danger that a person with legitimate access misuses it or is compromised, managed lawfully through trust, supervision, and need-to-know.
Careless talk: the unintended disclosure of sensitive information through ordinary conversation, online posting, or indiscretion, a common and avoidable compromise.

Why physical and personnel security matter

A force can do everything right on the air, perfect brevity, sound authentication, disciplined patterns, defended against jamming and direction-finding, and still lose its communications security entirely through a captured radio or a loose tongue, because security on the air is only one of the avenues by which a net can be compromised. The adversary who cannot break your transmissions may simply pick up a radio you left behind, read a signals instruction you failed to secure, or learn from a careless member what you are doing. These avenues bypass every on-air measure, because they do not attack the transmission at all; they attack the thing and the person behind it. So physical and personnel security are not lesser concerns to be tidied up after the real comsec is done; they are part of the real comsec, closing avenues that on-air discipline cannot reach.

The point is sharpened for a small force by the concentration of secrecy in a few items and a few people. A small force's communications security often rests on a handful of sensitive items, the signals instructions, the callsign and frequency lists, the key material, and on a handful of people who hold the plan. This concentration is efficient but fragile: because so much security rests on so few things and people, the loss of any one of them is disproportionately damaging, far more so than in a large organisation where secrets are more dispersed. A single captured codebook or a single compromised operator can undo the security of an entire small net, which is exactly why these few items and people are guarded with a care out of proportion to their number.

The reassuring side is that physical and personnel security, unlike some technical threats, are largely within the force's own control: equipment is guarded, material is secured, people are chosen and managed, and these are matters of discipline and procedure rather than of out-spending or out-teching an adversary. A small, disciplined force can hold its physical and personnel security to a high standard by care alone, which makes the effort well repaid: it closes, at low cost, avenues that would otherwise undo all the on-air work.

Physical security of equipment and material

The physical security of communications divides into the equipment and the material, and the material is the graver concern. Equipment, the radios and devices themselves, must be protected from loss, theft, and capture, because a captured radio can give an adversary intelligence about your communications, the frequencies and settings it holds, and, if it holds key material, far more. So the operator secures the set as the signed-for, security-sensitive item it is (as SIG 201 taught), keeps it accounted for at all times, never leaves it where it can be taken, and, where capture is a real risk, is prepared to zeroise or destroy it so that, if it cannot be kept, it yields nothing useful to the enemy. A radio is not only a tool but a thing the enemy would value capturing, and it is guarded accordingly.

Signals material is the more sensitive, and the key material most of all, because this material secures not one message but the whole net. The signals instructions, the callsign and frequency lists, the codes and cryptographic keys, these are the things from which an adversary, given them, could read, imitate, or unlock the net's communications generally, so a single such item compromised is a compromise of the whole system, not of one message. This is why such material is guarded far more closely than any individual message: kept secure when not in use, never left where it can be read or copied, accounted for rigorously, carried only when necessary and protected when carried, and destroyed rather than allowed to fall into hostile hands. The discipline around key material, securing it, accounting for it, and destroying it when threatened, is the most important single element of physical comsec, because the material is the keys to the whole net, and the keys must never be handed over.

The operator's working rule is to treat communications equipment and, above all, sensitive material as things the enemy actively wants, and to guard them on that basis: secured, accounted for, never carelessly exposed, and destroyed rather than surrendered. The lost radio and the captured codebook are not minor administrative failures; they are among the most damaging compromises a net can suffer, and preventing them is squarely the operator's responsibility.

   PHYSICAL SECURITY: GUARD THE THING THE ENEMY WANTS

   EQUIPMENT (radios, devices)      protect from loss/theft/capture;
                                    account for it; ZEROISE/DESTROY rather
                                    than let it be captured intact
                                    ......... a captured set reveals freqs,
                                              settings, and any key material

   SIGNALS MATERIAL (instructions,  the GRAVER concern: secures the WHOLE
   callsign/freq lists, codes,      net, not one message. Kept secure,
   KEY MATERIAL)                    never left readable, rigorously
                                    accounted for, DESTROYED before capture
                                    ......... one item compromised = the whole
                                              net compromised

   Treat equipment and (above all) material as things the enemy wants.
   The lost radio and the captured codebook are major compromises.

Personnel security and need-to-know

Because people hold the communications plan and operate the net, the security of communications also depends on the people, and personnel security is the management of that human dimension. Its foundation is the principle of need-to-know: sensitive communications information, the plan, the callsigns, the frequencies, the codes, is given only to those who genuinely need it for their duty, not to everyone who is trusted or curious. Need-to-know is not distrust; it is the recognition that the fewer people who hold a secret, the fewer avenues exist for it to leak, by carelessness, by capture, or by compromise, so limiting the holders limits the risk. A communications plan known only to those who must work it is far safer than one shared widely out of convenience or courtesy.

Beyond need-to-know, personnel security rests on the trustworthiness and discipline of those who do hold the secrets, and on managing the insider risk, the danger that a person with legitimate access misuses it or is themselves compromised. For a small, lawful, humanitarian force this is handled proportionately and lawfully, through the selection of trustworthy people for sensitive roles, the supervision proper to those roles, and the discipline that members owe, not through suspicion or intrusion beyond what is right. The aim is a body of operators who can be trusted with the net's secrets and who take that trust seriously, which is a matter of character and discipline as much as of procedure.

The commonest personnel-security failure is not treachery but careless talk: the unintended disclosure of sensitive information through ordinary conversation, an indiscreet word to a friend, a detail dropped in public, and, in the information age, a post online, a photograph with too much in it, a profile that reveals a routine. Careless talk gives away, freely and without any enemy effort, what every technical measure was protecting, and it is the avenue this course's final lesson on operational security addresses in full. The operator's personnel-security duty here is simple and constant: hold what they know on a need-to-know basis, guard their tongue and their posts, and never let ordinary indiscretion, the most common and most avoidable compromise of all, give the enemy what discipline elsewhere denied them.

Loss, capture, and the duty to report

However well guarded, equipment and material will sometimes be lost or captured, and the operator must know how to respond, because the response decides how much damage the loss does. The governing rule is that a loss or compromise of communications equipment or material is reported at once, because only then can the damage be limited. A radio or a signals instruction in hostile hands compromises everything it could reveal, and the only way to limit that is to change what has been compromised, the callsigns, the frequencies, the codes, before the enemy can exploit them, which can only happen if the loss is known. The detail of recognising, reporting, and recovering from a compromise is the subject of the next lesson; here the essential discipline is the immediate, honest report of any loss.

This requires the operator to overcome a powerful temptation: to hide a loss out of embarrassment or fear of blame. Losing a radio or a codebook is a serious failure, and the instinct to conceal it, to hope it is not noticed, to avoid the consequences, is strong and entirely human. But concealment is far worse than the loss itself, because the unreported compromise goes on compromising the net silently, with no one able to change the compromised material, while a reported one can be contained. So the operator reports a loss at once and honestly, and a force that wants its losses reported builds the no-blame reporting climate that the safety course described, in which the member who reports a loss promptly is supported for doing the right thing rather than punished into silence, because the prompt report is what saves the net. The worst outcome is not the lost radio; it is the lost radio no one knew was lost.

Where loss is not yet certain but capture is imminent, the discipline is destruction: key material and sensitive data are zeroised or destroyed before they can be taken, so that what cannot be kept yields nothing. The operator prepared to destroy sensitive material rather than let it be captured denies the enemy the compromise entirely. Loss reported and material destroyed, the two responses to physical compromise, are what keep a single captured item from becoming a catastrophe for the whole net.

In Practice: A Lost Instruction and a Captured Set

A signals NCO of the Royal Kaharagian Army handles, in one exercise, the two physical-and-personnel threats this lesson describes, and the contrast with how they might have gone wrong is the lesson itself. A weak force guards its messages on the air and is careless with its kit, its material, and its tongue, and is compromised through all three; the College's NCO closes those avenues.

He treats the signals material as the keys to the whole net that it is: the callsign and frequency lists and the key material are kept secure, never left where they can be read, rigorously accounted for, and carried only when needed. He holds the communications plan on need-to-know, giving it only to those who must work it, so that fewer people can leak it, and he guards against careless talk, his own and his members', knowing that the commonest compromise is not treachery but indiscretion. When a member realises he has lost a signals instruction, the NCO has built the climate where the member reports it at once despite his embarrassment, rather than hiding it, because only a known loss can be contained; the compromised callsigns and frequencies are changed before the adversary can exploit them, and the damage is limited to nearly nothing. The concealment that would have let the loss compromise the net silently never happens, because reporting was supported, not punished.

When, later, a position is about to be overrun and a set with key material cannot be carried out, he does not let it be captured intact: the key material is destroyed so the captured set yields the enemy nothing of value. Through the exercise, the net's security holds not only because the messages were disciplined on the air but because the kit was guarded, the material secured and destroyed when threatened, the plan held on need-to-know, and the loss reported at once, the physical and human avenues closed as carefully as the airwaves. That is physical and personnel security: guarding the thing and the person by which a net is lost, which no amount of on-air discipline can do.

Check Your Understanding

Explain why physical and personnel security matter even when on-air security is perfect, and why the concentration of secrecy in a few items and people makes a small force especially vulnerable to their loss.
Distinguish the physical security of equipment from that of signals material, and explain why key material is the gravest concern, such that one item compromised is a compromise of the whole net. What two disciplines protect material from capture?
Explain the principle of need-to-know and why it is not distrust, the management of personnel security and insider risk in a small lawful force, and why careless talk is the commonest compromise. Then explain the duty to report a loss at once and why concealment is worse than the loss itself.

Reflection (write a short paragraph): This lesson says the worst outcome is not the lost radio but the lost radio no one knew was lost, and that the instinct to hide a loss out of embarrassment is strong and exactly wrong. Why is it so tempting to conceal a security failure, and what does it take, in oneself and in a unit's climate, to report it promptly instead? Then think about need-to-know and careless talk in your own life: how much sensitive information do you hold or share more widely than necessary, and what would change if you treated what you know as something to guard on a need-to-know basis?

Summary

A net can be compromised without any on-air attack, through its equipment, its material, or its people, so physical and personnel security are part of real comsec, closing avenues on-air discipline cannot reach. A small force is especially vulnerable because its security concentrates in a few sensitive items and a few people, so the loss of any one is disproportionately damaging, but this is largely within the force's own control by discipline.
Physical security: protect equipment (radios, devices) from loss, theft, and capture, account for it, and zeroise or destroy it rather than let it be captured intact; and guard signals material, above all key material, far more closely than any message, because it secures the whole net, so one item compromised compromises everything. Secure it, account for it, and destroy it before capture.
Personnel security rests on need-to-know (sensitive information only to those who genuinely require it, limiting the avenues for leakage), on the trustworthiness and discipline of those who hold secrets, and on managing insider risk lawfully and proportionately. The commonest failure is careless talk, ordinary indiscretion and over-sharing, which gives away freely what technical measures protected.
A loss or compromise is reported at once and honestly, because only a known compromise can be contained by changing the affected callsigns, frequencies, and codes; concealment, though tempting out of embarrassment, is far worse than the loss, so a force builds a no-blame climate in which prompt reporting is supported. Where capture is imminent, destroy key material so it yields nothing.
This is the knowledge layer; handling sensitive material and equipment to standard and the drills for their protection and destruction are taught in person under qualified supervision and certified there. This lesson complements the on-air security of Lessons 02 to 07, applies the accountability of SIG 201 and the no-blame reporting of TRG 320, leads into compromise and recovery in Lesson 09, and connects to the operational security of Lesson 10 and the CIS speciality.

Physical and Personnel Security of Communications