A big part of staying prepared for various disasters is implementing procedures that build on the principles of security. Done correctly, you can live a life of avoiding trouble and so no trouble will come to you.
Most of us have heard about being situationally aware or staying in condition yellow, but there are more threats emerging every day since our lives are increasingly online and occupying a digital domain.
Because of this, you might have heard the term COMSEC in passing. What does COMSEC mean and what does it stand for?
COMSEC is an abbreviation standing for “communications security”, specifically referring to protecting telecommunications from interception via any and all means.
Whether you’re transmitting on ham radio or conducting sensitive business on your cell phone while out in public, implementing effective COMSEC strategies and procedures is the only way to keep your business your business on the airwaves.
This, as you might imagine, is an incredibly complex discipline with many facets, and whether you think it’s important or not a new generation of criminals and malcontents is increasingly learning to steal and hurt good people by poaching information electronically and by other means.
That means that you, yes you, need to take COMSEC seriously.
Keep reading and I’ll give you an overview of what you need to know…
COMSEC is Serious Business in the Military
For military and paramilitary organizations, and even some corporations, COMSEC is very serious business.
It is COMSEC that will prevent the interception or access of any sort of telecommunications traffic or information by any means.
A COMSEC failure might allow eavesdropping on sensitive communications or orders, or it might completely compromise entire channels or systems of communications previously thought completely secure and impregnable.
Even folks with the most passing understanding of military history understand the disaster that can unfold if an enemy manages to learn your plans in advance, and especially to do so without your knowledge.
Accordingly, there are entire jobs and units in all modern militaries dedicated to COMSEC, and even the lowliest infantryman has a basic understanding of its importance.
Considering the complexities of modern communications and digital data infrastructure, there are more ways to infiltrate, breach or exploit lapses in COMSEC than ever and gain access, all at once or bit by bit, to precious information.
What are the Different Factors of COMSEC?
As mentioned above, COMSEC is a catch all term for what is an incredibly varied security discipline.
For instance, at its most rudimentary COMSEC is:
- securing physical access to something like protected phones or radio transmitters that might have built-in encryption,
- preventing unauthorized users from listening in or transmitting,
- or extracting physical information about the make, model and operation of such devices.
Even observing someone else operating the device might provide valuable clues to an adversary.
Moving up in complexity, the actual nature of the transmission itself must be protected by various techniques and procedures to make them more difficult to tune into or isolate.
Strategies such as frequency hopping and more are used for this purpose.
More intricate still is cryptography, a means of transmitting information using a code, cipher, or other means which can only be intelligibly reassembled or decoded by a person on the receiving end that is suitably read in or in possession of the appropriate key.
Furthermore, cryptographic security will often include a means to authenticate both the sender and the receiver for added assurance and impenetrability.
And lastly, there is emissions security to consider, protecting, baffling or concealing the very emissions of any given device from detection and reading.
And there are many more elements besides, but if you already have a dizzying array of possibilities in your mind reading over just these four facets, you aren’t alone!
COMSEC is increasingly complicated and requires specialist skills to implement while maintaining modern communications capability and hostile environments or against technologically-savvy adversaries.
Why Should You Implement COMSEC in Your Life?
Now, I know what you’re probably thinking: this is all very interesting, and fine and good for the military, but I don’t need to know a thing about COMSEC; all I run is my smartphone from day to day!
Let me stop you right there, because that smartphone is precisely why you need to understand the principles of COMSEC! Chances are a significant part of your life is tied up in your phone, and if you ever do anything on your phone that can cost you money, or if you ever do any banking on your phone, you definitely have a large enough stake in the game.
Or, if you have an old “brick phone” or don’t even have a phone at all, if you’ve ever waved around your debit card or a credit card out in public to make purchases, you need to understand COMSEC.
Consequences of COMSEC Failure
Lots can go wrong if you have poor or non-existent COMSEC.
Consider that if someone obtains your email address either through a direct attack or some social engineering scheme, and then figures out your password by any means you might be literally handing them the keys to your bank account.
Even at its most innocent, if your device is breached by any means someone can uncover all sorts of sensitive information, including info on your family, friends and other loved ones.
This in turn might lead to you being impersonated, and your family members made victims of some scam or other crime. Even worse, they or you might be targeted directly for kidnapping or worse…
In the case of your credit and debit cards, there are a variety of devices on the market today, all of them freely available and affordable, they can read the emissions these cards produce and store them for later sifting or implementation.
You might go to bed one night and wake up to tons of pending charges or potentially even an empty bank account if you are unlucky! And all because you were too careless with COMSEC.
What are Some Common COMSEC Failures for Civilians?
There are many, many kinds of bad outcomes that you could chalk up to COMSEC failures in the civilian context, but some of the most common are fishing scams and compromised passwords.
Most of us are already savvy when it comes to fishing scams, and are alert for imposter emails from companies and organizations that we might frequent.
Obviously, we know that the sketchy-looking Amazon emails telling us to call customer support to avoid a pending $10,000 charge is probably bogus.
Nonetheless, these scams, originating from the US and overseas, managed to con countless people out of huge sums of money year and a year after, and that’s why they persist.
However, a clever adversary or corporate saboteur might use a breached, cloned or similarly compromised email address or an app appearing to be a peer, associate or superior in your workplace hierarchy in order to convince you to hand over sensitive information without a second thought.
Lacking multiple steps of authentication, or cutting in on an ongoing exchange of communiqués, the hapless mark is usually easily taken and the damage is done before the bamboozle is detected.
There was a rash of exactly this kind of activity in real estate closings throughout the 2010s.
Similarly, many of us have already had either a close call or an unfortunate running with a hacker that has compromised a social media account or any other account associated with a given email, if not the email account itself.
Emails are often easily obtained, and likewise passwords and other user information is leaked more or less continuously as the companies that we trust to store them come under attack by hackers or, sometimes, get sold out by disgruntled or opportunistic employees.
Free WiFi is Highly Vulnerable
One thing you must be aware of as you go about your life out in public is that free Wi-Fi networks tend to be extremely hazardous from a security perspective.
Ultimately, you don’t really know who is hosting any given Wi-Fi network, and much like a watering hole attracts a predator out in the Serengeti, free Wi-Fi it will attract hackers and malicious actors who might take advantage of the prolific quantity of completely unaware victims to do their work.
Merely connecting to one of these networks can open up your phone to direct attack, or worse yet all traffic that is sent over such a network might be collected to be sifted at leisure.
There’s no telling what sensitive information you wind up transmitting at the time, deliberately or not, could come back to haunt you later.
Remember that anything that your phone transmits, by any means and by whatever network, is ultimately vulnerable to a sophisticated enough attacker, but you’ll definitely make their job easier if you haphazardly connect to free Wi-Fi wherever you go.
How Can You Counter These COMSEC Failures?
Establishing good COMSEC procedure and avoiding failures is mostly a matter of relentless tedium and dull, boring chores and that is why most preparedness-minded citizens don’t want to practice it compared to something cool and interesting like first aid or self-defense.
For starters, make it a point to compartment the most important email accounts you use for the most important facets of your life.
These accounts shouldn’t be splashed out freely for coupons, raffles, sign ups, newsletters and so forth as they often get compromised or sold off one way or the other, increasing their overall footprint out in the wild of the internet.
Likewise, all of your passwords and especially passwords for any important things you do online must be extremely strong.
You are very much in an arms race when it comes to password cracking technology and the capabilities and black market availability of stolen passwords.
Any pass that you choose should be many digits long, multiple words and composed of all possible symbols on your keyboard.
I know you’ve heard it and heard it again, but weak, easily guessed or deduced passwords are basically handing over the keys to your kingdom.
Also, make sure you set your smartphone and any other mobile device to a “conservative” or permission-asked mode when it comes to connecting to open networks.
Your phone should never, ever connect automatically to an available, open network.
If your phone isn’t getting adequate reception using the cellular network, think twice and ascertain the legitimacy of any free Wi-Fi network provided by a store or other organization that you are visiting.
Remember that clever hackers and adversaries can easily set up a legitimate looking but nefarious network to fool the unwary.
Lastly, you need to stay on top of breaches that happen at all levels of society that could make your emails, passwords and other personal information available to people who would do you harm or prey on you.
If you don’t know what happened you can’t take action to remediate the danger.
If you do know that it happened and don’t take action, you’re going to get whatever is coming to you.
Don’t Neglect Low-Tech Physical Security!
One last thing: in this increasingly high-tech, constantly connected and interconnected world it can be easy to overlook the simplest COMSEC countermeasures.
You might have an incredibly strong password and a one-of-a-kind email, but if you have your password written down or visible on the screen of your device and someone looks over your shoulder and commits it to memory, it isn’t going to do you any good.
Similarly, if you keep a notebook of passwords in your desk drawer or anywhere else and someone comes into possession of it or takes a picture of it, they can basically ruin your life on command at a time of their choosing.
If they played their cards right you won’t even know that they laid eyes on it…
Likewise, be extremely vigilant that you aren’t overheard if you’re ever forced to discuss any of these security procedures in an unsecure place or where others are around.
Don’t assume that no one is trying to get you or the people simply won’t know what you are talking about.
Only by making good COMSEC a part of your lifestyle can you remain safe in these increasingly uncertain and tumultuous times.
Tom Marlowe practically grew up with a gun in his hand, and has held all kinds of jobs in the gun industry: range safety, sales, instruction and consulting, Tom has the experience to help civilian shooters figure out what will work best for them.