What COMSEC Protects
The discipline, the four domains, and why one weak link breaks the whole system
Where this fits: COM-03 covers the content side of protecting your communications — what is said, who is talking, and whether you can keep talking under pressure. The existence side of that problem — when to transmit, how much power to use, and avoiding direction finding — is a separate discipline called EMCON, covered in its own course (COM-04). This course will mention EMCON where the two overlap, but the depth is over there.
Downloadable reference: COM-03 Student Companion Guide (PDF) ↓ — the full field reference to keep alongside these online lessons: reference tables, worksheets, and the COMSEC Posture capstone template.
Prefer a physical copy? Order the loose-leaf workbook version → — a printed, hole-punched edition of the companion guide ready for your own binder.
Lesson Objectives
- Define COMSEC and explain what it protects: content, context, and continuity
- Identify the four traditional domains of COMSEC and what each one covers
- Explain why COMSEC is a layered system rather than a single tool or product
- Describe how modern adversary capability changes the COMSEC picture for a preparedness group
- Apply COMSEC discipline to two concrete disaster-response situations: situation reports and casualty information, and acoustic security around the radio itself
COMSEC is a discipline, not a product
Communications Security (COMSEC) is the discipline of preventing an adversary from intercepting, exploiting, or deriving intelligence value from your communications, while still getting your message to the people who actually need it, on time. That second half matters as much as the first. A communications plan so locked down that your own group cannot use it reliably has not achieved security — it has achieved silence.
There is no single piece of gear that “does” COMSEC. It is a layered system of procedures, equipment, discipline, and situational awareness. Encryption is one layer. Authentication is another. How you store your key material is a third. How disciplined your operators are about what they say on the air is a fourth. Remove any one layer and the others are left carrying weight they were never designed to carry alone.
Three things COMSEC protects
| Protects | Meaning |
|---|---|
| Content | What is actually said — the message itself, protected by encryption, brevity codes, and simple operational discipline about what goes out over the air. |
| Context | Who is communicating, how often, and when — the metadata around the message, which can reveal as much as the message itself even when the content is unreadable. |
| Continuity | Your ability to keep communicating under degraded or hostile conditions — a communications system that goes silent the first time it is pressured has failed at COMSEC even if no message was ever intercepted. |
COMSEC’s four overlapping domains
COMSEC traditionally breaks into four domains. They overlap in practice, but each one is a distinct skill with its own failure mode.
-
1
Transmission Security (TRANSEC)
Measures that reduce the chance a transmission is detected, intercepted, or jammed in the first place — minimum power, directional antennas, short and irregular transmissions. This is the existence side of the problem, and it is the core subject of the EMCON course (COM-04).
-
2
Emissions Security (EMSEC)
Denying an adversary intelligence from unintended electromagnetic emissions — stray signal leakage from equipment, cabling, or displays that was never meant to transmit anything. Also covered in depth in COM-04.
-
3
Cryptographic Security (CRYPTOSEC)
The proper selection, use, rotation, and destruction of cryptographic systems and keys. This is the heart of this course — Lesson 3 covers it in depth, with a full dedicated course, COM-09, going deeper still, and the One-Time Pad course (COM-07) covering the strongest manual method available.
-
4
Physical Security of COMSEC Material
Protecting the radios, codebooks, keys, authentication material, and crypto devices themselves from loss, theft, or compromise. Covered in Lesson 2 of this course.
One weak domain compromises the whole system. A perfectly encrypted message is worthless if the key was stolen because it was left in an unlocked vehicle. Flawless key discipline means nothing if operators announce troop movements in the clear because no one trained them on content discipline. COMSEC fails at its weakest domain, not its strongest.
Why this matters more now than it used to
Older COMSEC thinking assumed a human intercept operator with headphones, a notepad, and limited bandwidth. That adversary still exists, but is no longer the primary one you should plan against. Modern monitoring capability includes automated spectrum scanning that never sleeps, AI-assisted pattern recognition that flags anomalies across thousands of channels at once, and networked direction-finding that can triangulate a transmitter’s position from multiple receive sites in seconds.
The practical effect: COMSEC failures are detected faster, more broadly, and more quietly than they used to be. A single sloppy transmission that once might have gone unnoticed in the noise floor can now be flagged, geolocated, and correlated against other traffic automatically. This does not mean COMSEC is hopeless for a preparedness group — it means procedural discipline matters more, not less, because the margin for error has shrunk.
Encrypted content still leaks context
Here is the concrete case that ties Part A’s content-versus-context distinction to a real capability: on most digital radio systems, including trunked and DMR systems, the radio ID and talkgroup ID are not encrypted even when the voice content is. A scanner capable of decoding the system’s control channel can see which radio IDs are transmitting on which talkgroups, in real time, whether or not it can hear a single word of the actual conversation. That is enough to build a traffic-pattern picture without ever breaking the encryption — exactly the kind of monitoring INT-02, RTSA, teaches you to perform on your own side of the net. If you suddenly see a sharp increase in activity on a talkgroup you know is assigned to a SWAT team, you can reasonably hypothesize that an operation is underway, purely from who is talking to whom and how often, with zero visibility into content. System assignments, talkgroup labels, and frequency plans for a given radio system are frequently documented by hobbyists at radioreference.com — worth knowing both as a monitoring resource and as a reminder that your own group’s talkgroup structure, if it resembles a public system, may already be mapped somewhere.
Encryption protects content. It does not protect who is talking, how often, or to which group. A fully encrypted talkgroup can still be pattern-analyzed from the outside using nothing but ID and traffic-volume data. This is precisely why COMSEC treats context as a separate protection problem from content — solving one does not solve the other.
Not everyone can fight. Everyone benefits from secure communications. COMSEC discipline is a force multiplier for a group, and it is one of the few preparedness disciplines where consistent, low-cost habits matter more than expensive equipment.
Related curriculum: Everything in this Modern Threat Picture section is exactly what an adversary could be doing to your own group’s traffic. INT-02, Radio Traffic Situational Awareness (RTSA), teaches that same monitoring discipline so you can assess your own net the way an adversary would. COMSEC is also one piece of the broader discipline covered in SEC-02, OPSEC — COMSEC protects communications specifically, while OPSEC protects the full range of critical information about your group.
Two ordinary moments where sloppy COMSEC does real harm
It is easy to treat COMSEC as an abstract discipline until you picture the actual moments where it matters. Two of the most common are worth walking through directly, because neither one requires an adversary with sophisticated equipment — just someone listening.
Situation reports can be a target list
SALUTE reports and similar structured situation reports — covering Size, Activity, Location, Unit, Time, and Equipment — are a normal, useful part of disaster response. They are also, read a different way, a list of which structures are damaged, unoccupied, or unsecured, and where casualties or fatalities are located. A group broadcasting an unencrypted, unauthenticated situation report over an open channel is not just informing its own network — it is potentially broadcasting a target list to anyone with a scanner who wants to know which houses are empty and unguarded. This is a direct, practical reason content protection matters beyond any abstract adversary: the same information that helps your group coordinate a response can help an opportunist plan a burglary.
The practical alternative: put it on a bicycle instead of on the air. If a SALUTE report is sensitive enough that broadcasting it worries you, the simplest fix is often to not broadcast it at all. A written report hand-carried by courier never has to touch a radio. This is a genuinely good task for older kids in a family or group — a bicycle courier run is well within a capable pre-teen or teenager’s ability, gives them a concrete, useful job during a stressful event, and is worth practicing before you need it. Family bike rides around the neighborhood in ordinary times double as reconnaissance: a young courier who already knows every street, cut-through, and dead end from routine rides will move faster and more confidently under real pressure than one seeing the route for the first time. The full doctrine on this method is its own course — COM-08, Dead Drop and Courier Protocols. SALUTE and SPOT reporting itself, independent of how the report gets delivered, is covered in depth in INT-03, SALUTE and SPOT Report Training.
Casualty and fatality information deserves the same discipline
Passing information about the deceased or seriously injured over an open channel, where literally anyone with a receiver can hear it, is simply not good practice — independent of any tactical concern. Family members may be monitoring the same frequency and could learn of a loss secondhand, from a stranger’s radio chatter, before anyone has the chance to notify them properly. Treat casualty and fatality reporting with the same discipline you would want applied if it were your own family being discussed — brevity codes, authentication, and restraint about what goes out in the clear all apply here.
The earpiece is the most overlooked COMSEC control you own
Every tool in this course protects the transmission. None of them protect what happens after the audio comes out of a speaker. If a radio is set to loud speaker output, anyone standing near the operator hears the traffic just as clearly as the intended recipient does — fully encrypted or not. A basic, no-cost precaution is to default to an earpiece or headset rather than a speaker mic, especially any time sensitive information might be passed.
A real-world illustration of this exact failure: many law enforcement agencies run fully encrypted radio systems, yet officers commonly carry a speaker mic clipped to a shoulder strap instead of an earpiece. The encryption is doing its job on the air — but anyone standing near the officer hears everything the radio receives, in the clear, the moment it comes out of that speaker. During a search, this can tell a hiding suspect exactly where the officer is and how close they are getting. It gets worse if a dispatcher radios that a subject has an active warrant while that subject is standing next to the officer — the suspect hears it over the officer’s own speaker mic before the officer has a chance to react, and now has a head start to flee or, worse, a reason to attack first. The encryption did not fail. The acoustic environment around the radio did. This is the exact lesson from Lesson 3’s Enigma case study applied to hardware instead of a cipher machine: the strongest possible technical protection is worthless if the procedure around it — in this case, how the audio is actually delivered to a human ear — leaks the same information anyway.
Related courses: COM-04 EMCON • COM-06 Authentication & Challenge/Reply • COM-07 One-Time Pads • COM-08 Dead Drop & Courier Protocols • COM-09 Cryptographic Security • SEC-02 OPSEC • INT-02 RTSA • INT-03 SALUTE & SPOT Reporting • PLN-04 PREP-CON • PLN-05 COMCON
| ← Overview |