SIGNALS INTELLIGENCE IN THE INTELLIGENCE PROCESS

12-16. The SIGINT discipline has several unique considerations throughout the continuing activities— generate intelligence knowledge, analyze, assess, and disseminate—and the intelligence process steps— plan, prepare, collect, and produce.

G

I

K

12-17. SIGINT personnel conduct intelligence reach, research (for example, databases, academic studies, products or materials, open-source intelligence [OSINT], or other information sources), and data mining that help determine the adversary’s use of the electromagnetic spectrum in the supported unit’s area of interest. SIGINT personnel must follow all applicable policies and regulations on the collection of information and operations security (OPSEC). The information and intelligence collected are the basis for—

z Developing a comprehensive SIGINT baseline database for the AO. What communications means does the threat use and what are their tactics, techniques, and procedures (TTP)? Do they incorporate civilian systems with military systems?

z Determining key SIGINT collection gaps. Are all the threat’s electromagnetic emanations being collected and results databased? If not, why? If they are being collected, how do we receive or pull the reporting?

z Developing an understanding of the information and intelligence that can be collected with unit SIGINT collection assets and, when appropriate, other SIGINT collection assets in the AO. This also includes how and where the threat emanations may best be collected. Does the terrain support line of sight collection and reporting communications systems?

z Determining a method of understanding when changes to the baseline occur that are of intelligence interest. Does the threat go to radio silence before an offensive operation?

12-18. This information can also be used to determine predeployment training and develop exercises to provide as realistic and relevant training as possible. For tactical SIGINT personnel, the best means to generate intelligence knowledge is by conducting tactical overwatch and participating in SIGINT Foundry. While conducting tactical overwatch, the SIGINT personnel, for example, will know what the specific types of threats, threat equipment, and threat TTP they can expect to encounter when deployed.

A

12-19. The SIGINT analyst evaluates intelligence and information about the enemy’s communications capabilities to determine appropriate SIGINT collection strategies. Conversely, a corresponding analysis of the friendly forces’ SIGINT capabilities must be conducted to ensure the continued effectiveness of, or to improve upon, SIGINT collection. SIGINT analysts also sort through large amounts of signals information and intelligence to identify and use only, that which pertains to the commander’s critical information requirements (CCIRs) (PIRs and friendly force information requirements [FFIRs]).

A

12-20. The primary goal of the assess continuing activity applied to SIGINT is to determine whether the results of SIGINT collection meet the requirements of the unit’s ISR effort. To determine effectiveness, SIGINT producers must assess all facets of SIGINT operations—from receipt of the ISR task to the dissemination of SIGINT reports and products. This assessment is not only directed at SIGINT assets on an individual basis, but also includes the supporting SIGINT architecture and the unit’s entire ISR effort. 12-21. The intelligence officer immediately assesses SIGINT products upon receipt for timeliness, relevance, and accuracy. They must inform the SIGINT producer of the extent to which the product answered the intelligence requirement. Feedback is provided to the SIGINT producer and collector; this reinforces the effectiveness and efficiency of SIGINT.

D

12-22. SIGINT of critical importance to the force, including answers to the CCIRs (PIRs and FFIRs), is disseminated through the most expeditious means possible. Due to the highly perishable nature of SIGINT, the most expeditious reporting means is often immediately augmented with a follow-up report or augmented by a report transmitted through additional means, thus enhancing the probability of receipt. Sometimes the most expeditious means of reporting critical SIGINT information to the commander is face to face. Sanitized SIGINT reports and tactical reports can be sent on lower classification systems, such as the Secure Internet Protocol Routing Network (SIRPNET), to ensure distribution to commanders at lower echelons.

12-23. For intelligence reach operations, SIGINT products are available and disseminated in a variety of forms—hardcopy, softcopy, direct viewing, or broadcast. Time-sensitive reporting keeps NSA, commanders, and non-SIGINT organizations advised on the status of current and potential threats. It is imperative to ensure that SIGINT products are only transmitted over communications systems at the appropriate classification level.

P

12-24. An important SIGINT planning consideration is that, when possible, SIGINT collection should be employed in conjunction with other intelligence disciplines collection systems. SIGINT is often used to cue, and be cued by, other ISR assets.

12-25. During planning, the SIGINT technical control element retrieves, updates, and develops any required SIGINT databases. This includes coordination with air and ground assets, other SIGINT assets, or elements that support the operation, as well as SIGINT assets that will operate in another unit’s AO.

P

12-26. Prepare involves operational direction and control of SIGINT activities, including tasking and the allocation of effort. OPCON of SIGINT assets provides an authoritative prescription for SIGINT activities including the uniform techniques and standards by which SIGINT information is collected, processed, and reported.

12-27. SIGINT operational tasking encompasses the direct levying of SIGINT information requirements by a military commander on designated SIGINT resources. This includes the authority to deploy all or part of the SIGINT resources for which SIGINT operational tasking authority has been delegated.

12-28. The commander ensures the SIGINT unit and asset leaders have conducted all necessary coordination and rehearsals, which includes establishing or verifying the operation of the SIGINT technical architecture.

12-29. The intelligence officer and SIGINT asset commander validate the availability of SIGINT assets and NSA databases and records. SIGINT reporting and dissemination channels and procedures need to be in place. Deploying personnel require deployment training and a current polygraph to qualify for access to resources, appropriate and necessary database access, and connectivity and interoperability with all appropriate SIGINT elements. Courses such as Deployer (DEPL) 2000 help prepare SIGINT Soldiers for deployment.

C

12-30. SIGINT performs two major collection activities: signals intercepts and direction finding (DF). The collect step also includes signals processing.

Signals Intercepts

12-31. Signals intercepts include those SIGINT actions used to search for, intercept, and identify threat electromagnetic signals for the purpose of immediate threat recognition. Signals intercept provides information required to answer PIRs and other intelligence requirements to support the ISR effort.

Direction Finding

12-32. Even when threat radio operators use communications security procedures, SIGINT teams can often intercept and approximate the location of the threat’s signals. SIGINT teams can use DF to determine the movement of threat personnel or equipment, locations of emitters associated with weapon systems and units, new and confirmed emitter locations, and friendly targets the threat might intend to attack (lethal and nonlethal).

12-33. In addition to using DF to intercept and approximate the location of threat forces, DF operations can assist the radio-equipped friendly force by locating and vectoring assets or units during limited visibility, locating downed aircraft and personnel radio beacons, conducting signal security assessments; and locating sources of communication interference and jamming.

Signals Intelligence Processing

12-34. SIGINT processing involves converting signals intercepts into written and verbal reports, automated messages, graphic displays, recordings, and other forms suitable for analysis and intelligence production. Since U.S. forces routinely conduct operations against threats who speak languages other than English, SIGINT processing often also includes translation of these intercepts.

12-35. Due to the complexity of many SIGINT systems, automated processing may occur several times before SIGINT data or information receives any human interaction.

P

12-36. The SIGINT analyst provides SIGINT products to satisfy the intelligence requirements, in the required format and in a timely manner. The quality and timeliness of SIGINT products highly depend on the type of intercept, the collection system, the system’s position in relation to the threat emitter and the weather, as well as the SIGINT operator’s ability to identify the appropriate threat signal activity. SIGINT’s objective is to be used in all-source analytical production.

12-37. There are a number of products generated from SIGINT. SIGINT reports are time-sensitive in nature and will contain anything from a traditional text formatted report to nontraditional reports comprised of color graphics, sound, and/or video clips. SIGINT reports produced have titles such as (although not limited to) klieglights, tactical reports, and tactical ELINT reports and contain caveats that allow or restrict intelligence information to individuals with a need to know.