Cyber, with all of its various suffixes- including warfare, intelligence, space, and security- is a ubiquitous term being dealt with by Congress, analysts, television and newspaper reporters and commentators, and federal judges. Concerns range from the hacking of business enterprises to foreign attempts to influence our political elections and the constitutional right to privacy for those who have information stored on the internet.
Solutions to the problems associated with cyber are usually presented as requirements to improve or increase government controls or technological means of buying more protection or preventing access by foreign powers to our systems. No one seems concerned with the absence of the practice of what used to be called COMSEC: communications security.
Many years ago, I commanded an airborne infantry battalion conducting its annual training test. We went to the field, prepared a defensive position, resisted an enemy attack, launched a counterattack, seized our objective, and received a congratulatory critique and vote of confidence from our umpires. It was all very satisfying until a week or so later, when a report arrived at the regimental commander’s desk from some unknown organization that had listened to our radio traffic during our days of testing.
The report established that an enemy could have listened in and learned of our defensive plan, our attack scheme of maneuver, and the location of our ammo supply and other support installations. Our call signs were corrupted; the units were identified, located, and then followed through their maneuver. It was an eye-opening report, and one I have never forgotten.
I knew the interceptions and the decryption of the German Enigma and Japanese naval codes had been critical contributions to our World War II successes, but I had no knowledge of the surveillance organizations involved in the signal intelligence business. A few years later, after graduating from the U.S. Army Command and the General Staff College, I received orders assigning me to the U.S. Army Security Agency, an unknown organization.
My waggish friends told me I was to be an assistant secretary of the Army. Instead, I would learn about the U.S Army Security Agency and its big brother, the National Security Agency, and finally understand who was that reported on the battalion’s transgressions two or three years earlier.
In those days, both organizations enjoyed a secret existence and complete cover of their missions and operations. It was a secrecy maintained from World War II through the Vietnam war before it was finally exposed to the world, when the news media revealed their successes in finding and tracking al-Qaida operatives and other terrorists through cellphone calls in the early days of our Middle East involvement.
Hence my concern with COMSEC. There is a lack of recognition that the electromagnetic spectrum is a medium to which anyone and everyone has entry if they have a radio, radar and a listening device and are interested in using or penetrating what is to be found there. Every intelligence system in the world is aware of this and is employing every means of monitoring and reading traffic.
What they find is not protected by government regulations or protests, nor by claims of constitutional privacy guarantees. Unless the content is encoded, encrypted or otherwise protected, it is just as available as a proclamation from a soapbox on the mall using free sound waves to carry a message. And no one has ever charged a police officer or an intelligence agent with violating the privacy of a speaker who announces a plan to rob a bank or launch a terrorist attack.
What is generally ignored in all of the current cyber coverage is that the contents of those messages not encoded or encrypted or otherwise disguised may be of interest. The fact that messaging can be or is intercepted is incidental if the information is inconsequential, but we now seem to want to go to great lengths and great expense to prevent the intercept, not control the content. We now have restrictions on the surveillance that the National Security Agency is allowed to maintain, thus establishing the only national agency that cannot listen to our networks.
This is not to dispute that we need technological improvements and solutions in the cyber world. The loss of personal data from the files of the Office of Personnel Management and the U.S. Central Command, and the compromise of patent and copyright material from business and industry, establishes the dire need for better security along with a need for enhancement of our offensive capabilities. But unless our populace and our government agencies learn the need for COMSEC and the ways of controlling the contents of messaging, all the laws, rules, regulations and new technology are not going to guarantee the privacy of transmissions or deny the intelligence systems of the world surveillance of the traffic.
Gen. Frederick J. Kroesen, USA Ret., served as vice chief of staff of the U.S Army and commander in chief of U.S. Army Europe. He is a senior fellow of the AUSA’s Institute of Land Warfare.
This article originally appeared in ARMY magazine, Vol. 67, No. 4, April 2017. Reprinted by permission. Copyright 2017 by the Association of the United States Army, all rights reserved.