• Increase font size
  • Decrease font size
  • Default font size
Home Facts SOA Manuals Counter Intelligence CHAPTER 1
CHAPTER 1 PDF Print E-mail

Imagine a circle representing the effort of a total intelligence
conducted by all the agencies of the Armed Forces. Inside this overall field,
we find that counterintelligence is an integral part of the total intelligence



Counterintelligence is defined as the activity or activities
collectively organized by an intelligence service dedicated to obstruct the
enemy's source of information by means of concealment, codes, crypto,
censorship and other measures to deceive the enemy by using disinformation,
trickery, etc.

The two measures used by Counterintelligence are DEFENSIVE or OFFENSIVE:

Defensive measures vary normally with the mission of the unit. An
example of these measures are:





Intelligence consists of collection, transmission and dissemination of
military data referring to possible or real enemy and/or to an area of
operations. The military commander uses this intelligence in order to
formulate his possible course of action and to select a course of action in
particular in order to achieve the mission. Thus, the intelligence obtained is
of vital importance to the commander and for the conduct of his mission.

Intelligence is also essential for the enemy as it is for us. The enemy
also uses all sorts of measures at its disposal to become informed about our
capabilities, vulnerabilities and probable cause of action, and also
information about the meteorological conditions of the terrain.

Military Counter Intelligence is that part of Intelligence intended to
deprive the enemy of this knowledge, and in this manner prevent the enemy
activities of espionage, sabotage and subversion, as well as discover possible



acts of an adverse nature, treason, or sedition among our own military forces.

Counter Intelligence is a significant aspect in both the strategic
intelligence and combat, and is essential for the favorable application of two
of the nine basic principles of war: security and surprise. The principles of
war are:

Force economy

Effective Counter Intelligence enhances the security and helps achieve
surprise. Surprise depends not only on the intelligence obtained and the speed
of movement, but also on the effective counter intelligence. Effort to prevent
the enemy from obtaining data, reducing the risk that the command can suffer,
provided it diminishes the enemy's capability of utilizing effectively its
potential of combat against our Armed Forces. Thus, effective counter
intelligence allows security of the unit.


Deception in combat is a military operation designed to conceal our
dispositions, capabilities and intentions and deceive the enemy in such a way
that it would be to his disadvantage and to our advantage.

Deception is designed to derail or deceive the enemy through
manipulation, disinformation, or falsifying of evidence in order to induce a
reaction in a way that is detrimental to his own interest.

In order for a deception operation to be successful, the enemy has to
have the capability of collecting information that we would like him to get,
so that we can react according to the information.

The enemy is given the opportunity to obtain information, and thus
creating a deceptive picture. At the same time, counter intelligence goes into
action in order to prevent the enemy from discovering the true purpose of the
operation of deception and to avoid recognition of the true technical
operation or the principle one, which is being supported by the deceptive
operation mainly security.

QUESTION: Why can we consider a soldier as a counter intelligence



ANSWER: An individual solder is an agent of the CI, since he can provide
information on the activities of the intelligence of the enemy, including
subversion. Much of the CI operations depends on the individual soldiers
ability to adequately fulfill the security procedures, camouflage, observation
and information system.

As a prisoner of war, the individual soldier is a soldier of operational
information of the enemy. Therefore, the individual soldier receives training
in the measures of escape and invasion, in case he is taken prisoner or that
he finds himself behind enemy lines. Also he receives training to resist the
interrogations of the enemy and adhere to his rights as a prisoner of war
under the Geneva Convention.

All the units are agents of the CI and they too take measures of CI in
order to deprive the enemy intelligence on our activities, operations and
locations of this positions.

Every officer of the high command and every subordinate command in
effect acts as a Counter Intelligence officer of the Joint High Command. For
example, the transport officer aids the command with the Counter Intelligence
aspects regarding the movement of transport; the health chief accesses the
Counter Intelligence aspect regarding the location of the health

Some units, such as the units of the censure, have special function of
CI because of the nature of their assigned missions. The CI agent of the Army
has the personal training as specialist in CI and is available for providing
support in all the military operations.

Other government agencies, such as the agencies of intelligence of the
Navy, the Air Force and the Defense Ministry, also use certain functions of CI
that support the CI operations of the Army.

Keep in mind that kind of intelligence is necessary in both times of
peace and war, since espionage, subversion and occasion sabotage are not only
limited to conditions of time of war. All foreign countries, both enemy and
friends, wish to obtain information regarding the Armed Forces, their assets,
disposition, weapons, level of training and future plans for operations peace
time as well as in time of war.

The range of the CI operation extends in proportion to the level of

At the division level the measure of CI generally have to do with
military security.

CI operations at higher levels are similar to those of the inferior
levels. Nevertheless, the operations have a broader range thanks to the
greater number of units in the scope of their areas with a great volume of




advance planning. The CI operations at superior levels include:






Generally speaking, Counter Intelligence is a main part of the
intelligence operation in the theater of operations.

Depriving the enemy of information regarding supplies, installations,
nuclear weapon systems, means of transport, communications is vital in
fulfillment of the mission in the zone of the theater of operations. The great
territorial responsibility of this zone require extensive operation of the CI
of all types.



ANSWER: Military information.


Equipment and installations.

As in all aspects of the military unit, the commanders are responsible
for the implementation and execution of all the measures of military Counter
Intelligence to protect military information, personnel, material and
installation within the unit.

The commander has his high command which can delegate the authority to
carry out these functions; nevertheless, the responsibility rests with the

The Counter Intelligence officer:

The auxiliary chief of the high command, C-2, is the officer of the high
command responsible for the military information which also includes Counter
Intelligence. This delegation of authority is given to the auxiliary chief of



the high command, C-2, who has under his charge and responsibility of the high
command regarding Central Intelligence and CI. The C-2 is responsible for the
implementation and direction of all the measures of CI inside the command.

The planning of military Counter Intelligence is based on ability or
capability of the enemy to obtain information regarding friendly activities.
This planning includes adequate CI countermeasures to prevent the enemy from
discovering the dispositions and activities that can reveal the intentions of
the command or, if interrupted, could endanger the accomplishment of the

According to the organization and the size of the command, there may be
a CI official of the high command of the C-2. At the division or brigade
level, the official of the CI normally is the chief of the section of security
or the detachment of military intelligence that supports the division of the
brigade. In other words, he wears two hats, as chief of the security section,
and as the CI officer of the joint high command of the C-2.


Generally, there are five categories of operations of CI conducted
inside the theater of operation at which the C-2 is responsible or has direct
interest. The categories are:







The military security encompasses measures taken by the command to
protect itself from espionage, enemy civilians, supervision and sabotage and
surprise. These include passive CI measures and active ones inside the Armed
Forces and directly pertaining to the same and for specific military
operations. Examples of military securities are:

SECRECY DISCIPLINE: This is the indoctrination/training on a continuous
basis of all personnel against divulging of classified information that is not
authorized or unclassified regarding military activities, and the use of



patrol of security in areas frequented by military personnel.

This is the observation of the security measures, such as the security
necessary inside the areas that contain information and classified equipment;
introduction of a system of passes for entering critical areas; the conduct of
studies in inspection of security to determine the strict observation of
prescribed security measures.

SECURITY OF TROOP MOVEMENT: This keeps a certain connection with the
secrecy discipline, preventing inappropriate comments by personnel in the unit

given an order for movement; in returning mail dispatches of the unit in a
certain period of time before the departure of the troops, and restricting all
personnel in the area of the unit.

suppression of rumors and propaganda and the apprehension of subversive

of the technical troops for the apprehension of the resistance groups, to help
reduce the intelligence subjective and the mop up operations of the guerilla

TRANSMISSION SECURITY: Listening to the administration communication
networks, command operation of intelligence.

be debriefed to obtain the immediate intelligence information. It is of great
importance to make sure that the escapee or evader is not an enemy agent.

CIVILIAN SECURITY: In all cases the mission of the military forces has
priority over the well being of the civilians in the area. Examples of the
civilian security measures are:

Systematic registering of the civilian personnel, including the neutral
foreigners and enemies: This is done by the civilian affairs agency and
includes the distribution of rationing cards, work permits, travel permits and
permits for crossing borders.

Control of the circulation of the civilian personnel and refugees: This
is a very important matter: All civilian personnel must be kept away from the
advance combat zones, which will help prevent their easily finding out about
our forces and inform enemy agents of espionage or sabotage. Also, all
civilian personnel is to be kept at a distance from the major route of supply
to make it easier for the military transport and prevent enemy agents from
infiltrating the military zone.



Curfew: Keeping the public away from the streets and routes after certain
hours, thus restricting the movements of enemy agents.

Surveillance of suspect political groups: One should find out whether
other groups are sympathetic to enemy cause. Such groups must always be
considered potential agents.

Investigation of workers security: Local workers employed by the Armed
Forces should be investigated to avoid infiltration of enemy agents in areas
and military units. This include the service personnel of the countryside,
truck drivers and current workers, and interpreters, translators, etc.

Distribution of passes and permits. Passes and permits should be
strictly controlled and reviewed frequently to avoid forgery. Passes and
permits for travel are normally distributed to government functionaries,
political agencies, doctors and workers of public services.

Control of international commerce: Control of commerce in neutral
states. Experience has proven that many commercial companies are in effect spy
agencies that use the company as a cover or front of their operation. The
profits from the trade of these companies can be and is used to pay for the
expenses of espionage operations.

Surveillance of consuls and neutral/high command diplomats: It is
possible that people of this category are using their diplomatic immunity to
act as couriers for an enemy country.

applications of both the neutral security measures as well as civilians for
the control of Counter Intelligence in entry ports and ports of departure for
borders and international lines; all movements of. a non-military character,
of entry and departure in the theater of operations.

SECURITY CONTROL OF MARITIME HARBORS: This is the responsibility of the
Navy and control should be coordinated with the Navy.

SECURITY CONTROL OF AIRPORTS: This is the responsibility of the Air
Force and control should be coordinated with the Air Force.

movement should be directed to points of crossing located strategically. These
points of crossing should be controlled by military personnel with the help of
local and national agencies as necessary.

AIRCRAFT: This is important due to such individuals who by virtue of their
occupation can enter and depart legally and frequently from the country and
such individuals can be used as pretext for carrying out fraud operations
(diplomatic pouch).



BORDERS: Personnel in this category, for example, the farmers who live at the
border and the entire front can be on the border, personnel living on one side
of the border and working on the other side.

PERMITS: The fishing boats and small craft of a similar nature that operate in
very shallow water and thus have the capability of landing enemy agents at any
point on the coast of the country where the military operations take place.

CENSORSHIP: Censorship is the control and elimination of communication
with a double purposes: First, to avoid the transmission of information that
can be of interest in helping the enemy; and secondly, to collect and
propagate valuable information in the service of intelligence that helps the
war effort. The term communication includes all types of postal material,
regardless of class;, means of electrical communication and any other tangible
form of communication that can be carried by a person, carried in luggage, or
among personal effects or in any other way can be transmitted from the area
where the censorship is taking place.


Censorship of the Armed Forces: This censorship is the control and
examination of all communications sent and received by personnel under the
jurisdiction of the Armed Forces, which include assigned military personnel,
the civilians that can be employed and added to the same. This includes all
war correspondents, representatives of the Red Cross and technical
representatives of the factories.

Civilian Censorship: The civilian censorship is the control and
examination of all communication of the national and civilian population of
the common goal and transit or circulate in a territory which cannot be
liberated, occupied or controlled by the Armed Forces.

Press Censorship: Press censorship is a division of the security of the
news material and other media that are used, including maintenance of
security. This applies primarily to the work that is done by the war
correspondents, radio commentators and press photographers, and also includes
any material prepared on a possible location by the personnel under the
jurisdiction of the Armed Forces.

Censorship of Prisoners or War: Censorship of prisoners of war is
control and examination of the political communication of the prisoners of war
and the civilian detainees under the jurisdiction of the Armed Forces.

SPECIAL OPERATIONS: The final category is the special operations.
Operations that come under this category will be discussed and planned



according to the specifications of the commander in keeping with the planning
within the SOP of CI.




Operations security is one of the keys for achieving the two war
principles: surprise and security. A military force has the advantage when he
can surprise the enemy. In order to achieve this goal, those military forces
must protect their operations and activities with a continuous implementation
of a security plan that is healthy and effective. The purpose of OPSEC is to
protect the military operations and their activities by negating the
indicators military forces plans and their intentions vis-a-vis the enemy
forces. In other words, the enemy commander should not know or recognize how,
when, where, why and what operations our forces are about to undertake, until
it is too late for the enemy to react effectively against our operations.

OPSEC is the duty of the commander, together with each individual at all
levels of command. The commander determines which are the measures of OPSEC
which should be implemented and the duration of each event. Equally, they
should determine the level of risk that they should be willing to accept. The
elements of intelligence (SD) provide information about enemy threat. The
operation elements (S3) direct the program of OPSEC and recommend measures for
OPSEC. The units of each individual implement those OPSEC procedures. In order
to attain a good OPSEC program, commanders and the members of the joint
command, and each individual should be trained in the proper use of the
procedures and techniques of OPSEC.

This teaching plan provides a guide for the procedures to be used by the
technical units in the OPSEC program. Described OPSEC and provides doctrinaire
direction for the future instructors and trainers.

What is OPSEC?


In order for our military forces to be successful against enemy forces,
information about the activities of our units or plans and operations should
be denied to the enemy until it is too late for him to react effectively.

OPSEC does not occur by itself. Our military forces have to create the
right condition for a good OPSEC program since OPSEC is an integral part of
all the operations and activities. The OPSEC program can be good because it
was implemented effectively in each unit; or it can be a program without



effectiveness because the members of the unit did not know the importance of
the program and does not know what it requires.


Generally, OPSEC includes coordination of various techniques and
procedures that deny information to the enemy. It is the common sense applied
systematically to the situation of a unit or a mission. The result is the
security of the military forces. This requires a total effort of integration
by all commanders, and the members of the team, and the units and each
individual. Under the umbrella of OPSEC, there exist basically three types of

COUNTER SURVEILLANCE - These activities are taken to protect the true
purpose of our operations and activities.

COUNTER MEASURES - Those actions taken to eliminate and reduce the enemy
threat and its capability of intelligence and electronic warfare against our
military forces.

DECEPTION - Those actions taken to create the false image of our
activities and operations.



The signal security includes communication security (COMSEC) and
electronic security (ELESEC).
COMSEC includes those measures taken to deny the enemy information on our
telecommunications. This includes the cryptographic security, transmissions
security, physical security of COMSEC information, and measures to assure the
authenticity of the communications.

ELESEC is the protection of the electromagnetic transmission, which
includes the communication apparatus. This includes such measures as standard
operations procedures which have been approved, appropriate search,
maintenance procedures, and training programs.


Electronic counter countermeasures (ECCM) are various measures taken to



protect the electronic transmissions of our military forces and the detection
capacity, recognizing and identifying the enemy. This includes the proper use
of the command post of the motor, situating the antennas, concealing and
distancing the antennas, a check of the equipment to secure and make sure that
there is no radioactive radiation, and training.

A good electronic counter countermeasure program must ensure the
effective use of the electromagnetic systems of our military forces.


Information security INFSEC is the protection of information of value
for the enemy forces. This includes two types of information, classified and
unclassified. Some examples are the dispatch documents, requisitions (orders),
plans, orders (directives), reports, charts (maps), map covering material, and
dissemination of verbal information, and the press that may have an adverse
effect on national security and the operation of friendly military forces.


Physical security (PHYSEC) is the protection of the installations,
command post and their activities, etc., by the members of the Armed Forces,
dogs, and other necessary measures for the restriction and protection of the
area. Some measures include barriers of the perimeters, detective lights,
marked copies of the keys or combinations, bolting mechanism, alarm systems
for the control of intrusion, personal identification, controlled access, and
controlled movement. The PHYSEC also allows the protection against espionage,
sabotage and robbery.


As a general rule, the countersurveillance procedures such as
camouflage, concealing and the use of color, light and noise, are concealment
measures discussed in the SOP. The SOP also covers the manner in which the
unit utilizes buildings, roofs, highways and its equipment.


Counter measures are selected, recommended and planned in order to
overcome the specific aspects for the operation of intelligence of the enemy.
Once a vulnerability has been identified and the risk is determined to exist,
a counter measure is designed specifically for this threat in order to avoid
exploitation of said vulnerability by the enemy. The counter measures can be
anything from deception to the destruction of the capability of the enemy's
means. The counter measures also include appropriate measures to discover the
vulnerability of the friendly force. For example, the use of smoke, or the



use of flak in critical moments. The deception operation also can be planned.


Deception operations (DECOP) are carried out in order to deceive the
enemy. These operations include:

Handling of Electronic signatures

Distortion of the friendly activities in order not to make the real
objective known.

Falsifying material, and placed wherever it can be captured or
photographed by the enemy.

Simulated maneuvers


Simulated equipment

Deception operations can be conducted when the commander sees an
opportunity to deceive the enemy.
? 2
Also, deception can be required when the countersurvei1lance operations are
not sufficient to disorient the enemy so that the operation may be successful.
In any case, knowledge of the friendly military forces provided by security
analysis is necessary in order to create a credible deception plan.


Security analysis is done in order to support the countersurveillance
and counter measures. OPSEC depends on the commander and his personnel being
informed of a threat that they will confront, in the patterns, weaknesses and
profiles of the friendly force. Intelligence analysts provides information on
the enemy; the analyst assigned to OPSEC section determine which unit or
activity of the friendly forces are vulnerable, and why. The OPSEC analyst
provides the commander and the operators with a risk estimate; this is based
on the efforts of the aggregate of intelligence of the enemy and the
activities of the friendly forces that are known. They can recommend
procedures or procedures of countersurveillance and counter measures.

OPSEC is a condition.

Generally, OPSEC is a condition that seeks to attain security or safety
of the friendly forces. It involves a variety of activities for concealing the
friendly units, or to deceive the capabilities of the enemy analyst and
commander in regard to intelligence gathering. These activities (under the



category of countersurveillance, counter measures and deception) can be
accomplished independently by members of each unit. But it is the integration
of these activities by the commanders and the operation officer, which
transforms the OPSEC program for a unit and provides security for the
operations. The elements of security such as SIGSEC, counter intelligence,
military police, and the personnel of each unit, provide the necessary support
to create good conditions for OPSEC in the installations.




Agents INTELSEN/GE Photography

Infiltrators -- Radio interception Infrared (close and

Reconnaissance Unit --Radar interception Night vision

Combat Unit --Interference equipment Image

Patrol --Radar surveillance Visual

Prisoners of war--Telesensors SLAR

Refugees --Acoustics

Figure 1

The intelligence threat against our Armed Forces vary from place to
place, according to operations, missions, contingency plan and the level of
sophistication of the enemy. Therefore, the units to receive information about
the threat in specific situations in the local sections of intelligence. It is
expected that the enemy units will utilize all of their capabilities of
collecting information, as is shown in Figure 1, when they confront our

The enemy is particularly interested in the different echelons of our
military forces: which are the capabilities of the unit; such as, their fire



power, communications, detection capabilities, logistic support, but in the
same way are interested in the location, movements, and intentions of our
military forces. The capability of the threat that is discussed in the
classrooms and the practical exercises of the units should be based on the
capabilities of the enemy and the ones that can have be a fundamental threat
in the operation activities of the unit involved. In other words, the OPSEC
program was developed in order to counteract the specific threats against the
military unit involved.



The OPSEC program is conducted by the commander and led by the
operations officer as part of the operations of each unit. Each unit can have
an effective OPSEC program with only the coordinated forces of the commander,
members of the task force and the troops, and the use of various activities of
security and intelligence.


Operations Officer

G1/S1 G3/S3

SIGSEC Commander Troops

Counter espionage G3/S3




The OPSEC program is designed to function with the characteristics of
the technical operations, and the requirements of each organization. Each unit
takes the necessary steps to provide the security and maintain the surprise -
keep the enemy without knowledge of what our military forces are doing. For
this reason, OPSEC should be taught in all the military schools at all levels,
and established in the doctrinaire literature of each organization and its
operations. Each manual should describe how military forces can improve the
security of their operations.

In order for the OPSEC program to be effective, the tactical units

Be established by the commander, and led by the operations officer of
the support of the local intelligence officer.

Be based on the operational requirements of the unit.

Be imaginative and adaptable for certain changes.

Be designed to deny valuable information to the enemy regarding
activities and operation.

Be compelled at all levels by the commander in the plans and training,
so that the program can function in operations situations.


The OPSEC support is provided by the unit or sections of the OPSEC which
are found in the organizations of military intelligence. The OPSEC teams are
specialists in security signals in the counter intelligence and should be put
in direct support of the combat brigade, support division commands and the
artillery units. These teams support the unit determining the vulnerability of
each unit, to assist the subordinate units and maintaining the most current
data regarding enemy threats and evaluation of vulnerabilities of such
threats. The support units of OPSEC participate in the conduct of evaluation
of OPSEC. They also recommend certain ways of protecting the procedures which
could provide indicators to the enemy.

The security specialists help in the development of the plans and
procedures of OPSEC, maintaining the archives of OPSEC, and recommending the
deception measures. Commanders can also obtain the support of the units of
OPSEC at the highest echelons of the high command of the Armed Forces. This
support includes services such as the signal security, computerization
security, counter measures of technical surveillance, counter intelligence
investigations and inspection of cryptographic installations.




OPSEC is a continuous process of planning, collecting information,
analyzing and forming, changing data base, issuing orders and instructions and


Planning the gathering --->Information gathering--->Analyzing

Report on Report

Executing orders <----Issuing orders <-----Revising the
and instructionsdata Base

NOTE: Once started, the OPSEC process is continuous and more than one
section can do it at any moment.

The OPSEC process is done in a sequence of planning, execution and
reporting the results. The process begins with information already known of
the data base and continues in a logical way resulting from the assessment,
recommendation and operation plan. The plan is carried out by the units. The
OPSEC measures are monitored by members of the different unit and by elements
of the CI to verify the effectiveness of the OPSEC measures. The commander and
the operations officer take action to correct the vulnerabilities based on the
different reports. The process can be illustrated as follows:

S3/D3 S2/D2
Based on OPSEC profile Estimate of the enemy
Data base or intelligence threat
Condition of
our forces

Commander countersurveillance
guideline in effect



The Concept of the Commander
of the mission or operation

P --Determine the sensitive aspects of the operation
L --Develop the essential elements of friendly information (EEFI)
A --Advise on our vulnerabilities
N --Analyze the risk
N --Determine countermeasures and requirements of deception
I --Estimate of OPSEC (written or orally)
N --OPSEC plan (written or orally)
G --Deception plan (written or orally)

P --Units implement Operational Plan (With the OPSEC plan as an Annex)
L --Counterintelligence elements supervise the OPSEC plan
M --Inform on indicators that can influence the operations
N --Effectiveness of OPSEC program is evaluated

S --Counterintelligence elements inform the commander and the
U operations officer orally or in a written report.

Figure 1




Data base for the planning of OPSEC is maintained by the CI section.
This information on our units and enemy capability for gathering information
is always in the process of evaluation and change.

The intelligence section informs the CI element regarding the capability
of the element to collect information. This information about the enemy is
important because:

Time is not wasted advising an erroneous threat.

Counter measures are not assigned to indicators which the enemy does not
have the capability to collect.

Counter measures are assigned to counteract the capabilities of the
enemy to collect information on our activities.

The CI section establishes the data base to develop the indicators, the
signatures, the patterns and the profile of our forces. This information
indicates how our units appear in the battlefield -- the way they operate, how
they communicate, how they are supplied, etc. The information about our own
unit is important for the planning of our operations because:

It determines the essential elements of information on our forces and
our vulnerabilities.

Counter measures are applicable to the units which need them. In
carrying out and providing advice for OPSEC measures.

Deception can be done effectively. The use of deception depends on
common sense, precise information about enemy intelligence and our
involved units. For example, the units which use deception have to
demonstrate indicators, signatures, patterns and profiles showing the
same characteristics as the type of unit they are trying to imitate.


The concept of the operation and the mission of the commander provides
the direction and guideline for the OPSEC plan. The commander can order
certain general measures of OPSEC or perceive specific procedures of security
during operation. For example, it can establish measures for protecting the
revealing of unit movement, supplies and use of radio. The commander should
announce which part of the operation should be protected for the operation to




The C3/S3 is assisted by the CI section and other high staff and general
staff officers, realizing the plan described in Figure 1. Although the
different aspects of the planning might not be completed in detail, each one
should be completed as much as possible in a given time.

Determine the Sensitive Aspects of the Operation

Take note of the information which if known by the enemy provides
indicators that reveal our operation. Operational indicators and physical
characteristics are compared constantly with the operation. Once this is done
the planners can --

Determine the Essential Elements of the Elements of
Friendly Information (EEFI)

The essential element of friendly information is information that if it
falls in the hands of the enemy, our operations will fail. The EEFI reflect
the concern of the commander regarding areas that need security. The CI agents
use the EEFI to identify and inform regarding vulnerabilities. The unit uses
the EEFI to plan operations of countersurveillance.

Advice on Our Vulnerabilities

Noting the EEFIs, the CI sections begin to advise on our
vulnerabilities. The CI agents identify the units and activities that are most
vulnerable and detectable by enemy intelligence. This step is necessary for --

Risk Analysis

Risk analysis is a process that compares our vulnerabilities with the
enemy capabilities for gathering of collect.

The CI agent identifies indicators that if detected would result in the
divulging of important combat intelligence regarding our operations. The
purpose is to identify the risk and determine what can be done to reduce them.
This includes an evaluation of the operation of countersurveillance and
counter measures actually in effect for determining what more needs to be
done. The units always employ procedures of counter surveillance. The units
separate and evaluate the effectiveness of countersurveillance as they receive
new information. Based on the new information, they can decide and adjust the
measures for countersurveillance in order to focus on certain techniques and
procedures. This process continues throughout the CI agents structure.



Determine the Counter Measures

Counter measures are used to protecting these indicators and EEFI which
are most vulnerable for enemy detection, as a result the counter surveillance
measures which are not adequate. Generally there are five options:

Counter measures are not necessary

Applying a counter measure

Stop the activity

Employ deception operations

Change the operation

Counter measures are not necessary under the following conditions:

A indicator cannot be detected by the enemy

If it is detected, the indicator supports the deception plan.

The commander decides to accept the risk.

The use of counter measures in deception requires common sense,
information over our units and knowledge of the capabilities of the enemy to
gather intelligence. The specific counter measures are directed towards the
capabilities of the enemy in order to collect information.

Counter measures may include the physical destruction of the enemy -s
collection measures. If this is the case, the S3, in accordance with the
commander, has to react quickly in order to counteract the enemy's gathering
capability. For example, it is known that an enemy reconnaissance patrol is
collecting enough information regarding our operation, the 53 can recommend
the increase of combat patrols to destroy the reconnaissance element.


The planning of deception is integral in the planning operations. A
deception plan can be done because it is a good idea for a specific operation;
because it is a requirement to support a plan of deception at a higher level
as part of the measure against the enemy intelligence threat. In any case,
deception and the OPSEC are inseparable. In order to use deception
successfully, a unit as o have a good knowledge of all of the aspects of



Deception is designed to deceive the enemy by means of manipulation,
distortion, making him react in a way that is detrimental to his interest. In
order for a plan of deception to function, certain conditions have to exist:

-- The plan of deception should be credible. The concept of deception
should be carried out in conjunction with the concepts of operation. Whenever
possible, the operation activities should support the plan of deception.

-- The deception should be part of the technical situation.

-- The enemy should be given the opportunity to react to deception.

-- One should consider all the information gathering capabilities of the
enemy. There is no point in deceiving an enemy resource if it is detected by
another resource. The success depends on the good knowledge of the
characteristics, capabilities and the use of intelligence systems of the

-- The units involved in the deception have to accomplish their different
missions. This may not require anything special if the unit is doing its
normal mission. It is possible that it may have enough information and
equipment to project a false image. The subordinate units have to support the
plan of deception of the superior units.

Deception requires good intelligence, OPSEC and an operational
implementation in order for it to be successful. Intelligence units inform
regarding information gathering capabilities of the enemy and possible
reactions. The CI section informs regarding indicators, signatures, patterns
and profiles of the units involving deception; and the operations sections
applies the deception plan of the combat operations. A satisfactory OPSEC
program needs to be established in order for the deception to be successful.



All the armies have their ways of operating. The normal operating
procedures, the field manuals, the training instructions, and other local
instructions result in similar units functioning in a similar way. The effort
of maintaining the similarities and functioning adds to the effectiveness and
efficiencies of the units. Its weakness is that the units become stereotypical
units, and consequently more predictable. This causes that the analyst of any
intelligence can interpret more easily the indicators, signatures, patterns
and profiles of our military forces.

The commanders and the operation officers should examine and study

carefully how to conduct their military operations. They need to know if they



are conducting operations in the same way each time there is an operation, and
advise on the manner the operation should be conducted. This means that they
should revise the actions that occur during the planning phase, execution and
the debriefing after the combat drills. It could be that a comparison of the
activities of various combat drills is necessary.


Indicators are activities that may contribute to determine a course of
action of our military forces. When preparing combat operations, it is
virtually impossible for a military unit to hide or avoid giving out
indicators. Certain activities must be conducted. Some of these activities are
essential for the operations -- others can be directed by the commander or by
standard operational procedures of the operations. In many cases, these
activities might be detected by the enemy and used to predict possible courses
of action.

Identifying and interpreting specific indicators is a critical task for
the intelligence operations, either for the enemy of for our own armed forces.
The intelligence personnel looks for indicators, analyze the, and make an
estimate of the capabilities, vulnerabilities and intentions. These analyses
have become a requirement for information, plans, and eventually provide the
basis for directives and orders.

Identifying the critical activities of the military forces could
indicate the existence of specific capabilities or vulnerabilities, or the
adjustment of a particular course of action. Determining which indicator is
important, could be the result of previous action analysis. The lack of action
is as important, in certain cases, as actions already taken. For example, if a
unit does nor normally deploy its attack artillery equipment, this information
is important for the analysts to include it in their estimate. In any case,
the indicators that arise requires a concrete knowledge of the organization,
equipment, doctrine of the tactics, the command personalities, and the
logistic methods, as well as the characteristics of the operations. Indicators
are not abstract events. The indicators are activities that result from the
military operations.

Indicators are potential tools for each commander. The indicators are
probabilities in nature, which represent activities that might occur in the
military operations. The interpretations of the indicators require knowledge
of the enemy and the current situation. Some indicators are mentioned below.
It is not intended to be a complete list, or applicable to all situations.



Possible Attack Indicators

-- Concentration of mechanized elements, tanks, artillery, and logistic

-- Delivery of combat elements (mechanized, tanks, anti-tank) in echelons.

-- Deployment of tanks, guns, cars to the front units.

-- Extensive preparation of artillery.

-- Artillery positions very much to the front and in concentration.

-- Extensive patrol activity.

-- Change in the level of communications, crypto, codes and frequency.

-- Placement of the air defense forces beyond the normal front.

-- Logistics activities, reinforcement and extensive replacement.

-- Relocation of support unit at the front.

Possible Defense Indicators

-- Withdrawal of defense positions before onset of battle.

-- Successive local counterattacks with limited objective.

-- Counterattack is suppressed before regaining positions.

-- Extensive preparation of field fortifications and mined fields.

-- Firing positions in the front are used; the long-range firing is

-- Movement to the rear of long-range artillery equipment and logistics

-- Destruction of bridges, communication facilities and other military




The signatures are a result of the presence of a unit or activity in the
battlefield. The signatures are detected because several units have different
equipment, vary in size, emit different electronic signals, and have different
noises and heat sources. The detection of the individual signatures could be
grouped by analysts to point out the installations, units, or activities.

In general, these are the categories applied to the units: visual,
acoustic, infrared, and electromagnetic. Each one of these areas are discussed
individually. Have in mind, however, that the enemy will try to exploit
several individual signatures grouping them in order to determine a signature
for the unit. Usually, action is not undertaken as a result of the detecting
only one signature. With exception of the detection of critical areas, which
can result of the detection, identification and location of a signature. The
critical areas are key activities such as command posts, communications
facilities and systems, some equipment and its surveillance systems. The
detection of these areas reduces the ability of a military force to conduct
military operations. However, the longer the critical areas are exposed, the
easier would be for the enemy to detect, identify, locate, attack and destroy
these critical areas.


Visual signatures are detected through light photography and by human
eyesight, assisted or unassisted. Visual signatures are equipment, location of
personnel, activity patters, and the frequency of these activities. Also, some
of these visual signatures include vehicle movement, tanks, vehicle marking,
uniform markings, etc. Theoretically, a target is detected when it is seen by
a human eye. The targets might be detected and identified by using photography
by --

-- Its distinct form, or recognizable patters, form, style, size,
design, shadow, and its dimensions of height and depth.

-- A distinct deployment system, possibly involving other targets.

-- The color, hue, shine, tone and texture of the target.

It is possible to detect a target without having to identify it.
Detection is the discovery of a target or activity, while identification
requires an additional step - to establish what the target is, what it does,
or the capabilities of such target. The violence, confusion, and the darkness
in the battlefield introduces variables that might prevent identification or
detection of military targets.



Some studies point out that the visual detection is affected by the

-- The size of the target and the time it has been exposed to sight.

-- The degree to which the target has been camouflaged or covered.

-- Light variation, visibility and weather.

-- Number of targets - the more targets there are, it is more
difficult to identify them correctly.

-- Target distance - the longer the distance the more difficult to
identify the target correctly.

-- The contrast of the target against the background -- the less
contrast there is, the more difficult it is to identify the

Some factors help the probability of visual detection. For example, the
probability of detection is increased by knowing previously that a target is
in a particular area. The probability of detection and identification is also
augmented if the target detected in a particular area is associated with other
targets in the vicinity, in other words, find a known target and search for
similar ones in the area. For example, if a tank repair vehicle is detected in
an area, look for tank units or mechanized units in the vicinity.

The identification and visual detection can be enhanced with the use of
photography. Visual location of ground and air observers, of which there is no
specific identification, can be used to lead photographic reconnaissance
missions. Unlike the location in one site only, or having a short view of the
target, photographs provide the opportunity to enlarge and study specific
areas and equipment. Photography is limited mainly because it provides the
record of an area as it was at the moment the photograph was taken.


The acoustic signatures come in two types: The first are noises produced
during battle by explosives and rifle firing. The second sound is associated
with the noise of certain military functions - such as vehicles, equipment and
the activities of the installation. The acoustic signatures are detected by
human hearing, sound detection equipment, or special devices that magnify the

Acoustic sounds could be very significant because different equipment
and guns have a unique sound. These signatures have considerable importance
for planning countersurveillance, countermeasures and deception. The forces



try to prevent escape of signatures in order to reinforce security; a
deception plan must sound as if it were an actual unit.

The noises produced by operations are affected by the weather
conditions, terrain, atmospheric conditions, and the propagation of sound. The
relative direction of wind, the amount of wind, the temperature and humidity
influence the quality of sound. In general, the sound travels better when
projected by the wind, when humidity is relatively high, and during nighttime.

The enemy is not expected to react only to what he hears. The sound only
serves to alert us on what is happening. The acoustic signature, unlike the
visual signature that can stand by itself, normally is used to support other

The acoustic sounds are integrated with other information to enhance
intelligence. But have in mind that under certain circumstances, the sound can
travel long distances. While the enemy cannot distinguish between an M-60 tank
and an APC, the sound can alert him that there is movement in the vicinity.


The infrared signatures are those not visible by the eye. It is the
heat, or light, produced by equipment, person, unit or activity. The infrared
signatures can be detected with the use of several specialized equipment.

The infrared surveillance equipment vary from the individual optical
device to sophisticated aerial systems. Under favorable conditions, the
systems that have been improved will be able to produce images that
distinguish between the equipment of the same quality and type.

The tactical infrared equipment come in two categories -- active and
passive. The active equipment require that the potential target be illuminated
by infrared sources -- light sent in infrared frequencies. These devices are
susceptible of being detected because they emit a distinct and identifiable
signature. The enemy sensors can locate the active sources. The passive
devices detect the infrared radiation of any of these two sources: emissions
created by the target or solar energy reflected by the target. These devices
are more applicable to play the role of surveillance because the equipment
does not produce an identifiable signature. The passive devices are vulnerable
to detection at the level at which their power sources are detectable.

The majority of the military equipment emit an infrared signature of
some type. The equipment more vulnerable to infrared detection are those that
produce a high degree of heat, such as, tanks, trucks, long guns, generators,
air conditioners, furnaces, aircraft, maintenance facilities, artillery fire,
kitchen areas, landing areas and assembly points.



Infrared surveillance has limitations. Humidity, fog, and clouds can
cause serious limitations, while smoke and fog can degrade the operations of
some systems. The clouds present a more serious problem because the radiations
emitted can be enough to prevent the operations of the system itself.

Clouds also telltale the infrared radiation of the objects being
targeted by the system.


The electromagnetic signatures are caused by electronic radiation of
communication and non-communication emitters. In other words, the detection of
specific electromagnetic signatures can disclose the present of an activity in
the area. This allows us to direct our sensors to that area in order to detect
other signatures.

The communication signatures are generally direct -- use a radio and a
signature will be provided. The battalions have certain communication systems;
the brigades have other communication systems, and the elements of higher
echelons also have different communication elements and other additional
systems. To find the bigger units, to which a transmitter belongs, it is the
duty to:

-- detect other transmitters in the area.

-- Use radio-goniometry to determine the location.

-- Categorize signals by a signal analysis.

-- Locate the type of transmitter in the vicinity of the area.

From this type of information, the intelligence can determine the location of
a unit or command, supply point, weapons units, and assembly areas. This is
particularly true when some radios or radars are used exclusively by a
specific unit or weapons system. The movement, information of the order of
battle, the structure of the radio network, tactical deployment, and, in a
lesser degree, the intentions could be derived from the interception of the
communications systems. All these could be detected and identified by knowing
the location of communication equipment, without reading the messages.

The signatures produced by radars are considered from two viewpoints.
First, when radar systems are activated they transmit signals and create

This makes our forces vulnerable when we use radar against the enemy.
Secondly, the equipment, buildings and mountains have identifiable
characteristics which the radar can be used to detect and identify. Therefore,
the forces exposed are vulnerable to the detection by radar.



The military equipment have a great number of protuberances, angles and
corners which the radar could detect. This refers to what is called the radar
cross-section (RCS). Modern radar surveillance equipment can do more than
solely detect the RCS of a target. Aerial radars with lateral view (SLAR) have
enough resolution to identify certain weapons systems by detailed imagery or
by its pattern. The radar systems can penetrate the fog, cloud and moderate
rain. The surveillance radars are active systems and can operate against
mobile or fixed targets.

The radar systems are limited in that they require an uninterrupted
passage, or visibility points, towards the target area. However, have in mind
that these systems cannot penetrate forests or heavy rain. The radar systems
are susceptible to enemy interception and can become targets because of their
distinctive signature.


A pattern is the manner in which we do things. Patterns that can be
predicted are developed by commanders, planners and operators. The different
classes of patterns are as numerous as the different procedures in military
operations. Some examples of patterns are:

-- Command and Operations Posts

-- Artillery fire before an attack

-- Command posts located in the same position relative to the
location of the combat units.

-- Reconnaissance patrols repeatedly on a zone before an operation.

The officers need to examine their operations and activities in their
zones of responsibility and reduce the established patterns whenever possible.


The profiles are a result of the actions taken by military units and
individual soldiers. The profile analysis of a unit could reveal signatures
and patterns on the procedures, and, eventually, the intentions of the unit
could be determined, collectively, the profiles could be used by the enemy to
find out our various courses of action. Our counterintelligence units develop
profiles of our units in order to determine our vulnerabilities and thus
recommend the commanders on the correction measures. In order to achieve this,
all activity of the unit has to be identified to see if it presents indicators
to the enemy.

Usually, profiles are developed by means of the gathering of information
on the electromagnetic equipment and on physical actions and deployments.



Electromagnetic information identifies the activities of the units by
associating the different signals with the equipment. Physical actions and
deployments are things that the unit does: how a unit appears while it is
performing; how it moves; its configuration during march or when it deploys.
These different factors identify the different units.

In the majority of units, the electromagnetic and physical information
is applicable to 5 areas of importance in order to complete an entire profile.
The five profiles are:

-- Communications and command post

-- Intelligence

-- Operations and maneuvers

-- Logistics

-- Administration and other support


Some factors to be considered when developing and profile:

Where are the command posts located with regard to other units -
particularly subordinate units?

-- How does the command post look like?

-- When is it transferred with regard to the other command elements?

-- Is the post surrounded by antennas - thus creating a very visible

-- What type of communications equipment is used and where is it located?

-- What is the amount of communications traffic with regard to the
activities and operations?

-- Are there any road signs that might help the enemy units or agents to
located the command post?

-- Do the logistics and administration communications compromised the




Profiles on intelligence, surveillance, reconnaissance and elements
identifying targets are developed in order to determine whether

Contact us

SOA Watch
733 Euclid Street NW
Washington, DC 20001

phone: 202-234-3440
email: info@soaw.org