OPSEC and COMSEC
Two key elements in Tactical Operations are OPSEC (operational security) and COMSEC (communications security). Though quite different in overall meaning, both terms go hand in hand and you can not achieve one without the other.
OPSEC means the security of the complete operation. Whether we are talking about security of a SWAT or SRT team, or the personal safety to Search & Rescue Team members, OPSEC is paramount.
COMSEC consists of securing your communications well enough that your internal communications can not be monitored. Once you have achieved COMSEC you can feel free that any use of your radio communications gear will not effect OPSEC. If at any time you feel your radio communications are vulnerable you have completely lost OPSEC.
The only way to achieve COMSEC is through encryption. There are different forms and security levels of encryption. The basic rule of thumb is: the more you spend, the better your encryption. I will outline a few possibilities here, but first, a little background.
Radio Encryption Background
We basically have two types of radio transmission mediums: 1. Analog and 2. Digital. We have two types of Encryption: 1. Analog and 2. Digital. You can use both types of encryption in an Analog medium. You can only use Digital Encryption if you use a Digital medium.
When we talk digital encryption, the length of the key code is listed in bits. The more bits the more secure the code. (have I lost you yet? 🙂 Keep in mind that once you choose an encryption format, all radios in your fleet must have the same encryption.
Standard two way radio that has been around for years. Repeaters are dumb and will retransmit whatever they receive, as a general rule.
Voice inversion encryption (analog encryption) is not very secure, but keeps scanners from listening. There are plugin modules for some radios; it is built into some radio models as a stand standard feature.
Cost: $120.00 per radio
Rolling Code (analog encryption) is fairly secure, with 40 trillion code possibilities. Available as a plugin module for some radios.
Cost: $220.00 per radio
DVP, DVP-XL (digital encryption) is an older Motorola format in Motorola radios only. Very secure, but lowered radio range. Repeater also needs to be DVP capable.
Cost: low on used market. (No new equipment.)
The four main digital mediums today are P25, DMR, NEXDEN/IDAS and D-Star. In basic terms these are the common air interfaces (CAI) that enable the radios and repeaters to work together. You must first choose a CAI then choose an encryption format.
AES-256 encryption is the gold standard today. Employed by most government and public safety departments using P25 today. It is supposedly fool-proof. But it was partially written by the NSA and is not open source. (read: “back door”)
You can buy AES options for most modern digital radios today. Cost: $200 – $700 depending on the model of radio.
Kenwood/Icom have basic encryption included in their NEXDEN/IDAS format, or you can add AES.
Motorola Mototrbo DMR format has 13 bit and 40 bit included. Hytera adds $220 for AES-256.
D-Star is primarily a Ham format so there is not a lot of encryption available.
As for me…
For the record, I use Mototrbo DMR with 40 bit encryption. BUT I change the key very often and would change daily if needed. What do you use?