AFRICA
C4
Handbook
COMMAND, CONTROL, COMMUNICATIONS,
AND COMPUTERS HANDBOOK
TABLE OF CONTENTS
C4 HANDBOOK INTRODUCTION .....................................................................3
Purpose ....................................................................................................................................... 3
Authoritative Documents .......................................................................................................... 3
Organization .............................................................................................................................. 3
Use............................................................................................................................................... 3
Version Information .................................................................................................................. 3
Disclaimer .................................................................................................................................. 4
Mission Planning Purpose ........................................................................................................ 5
Organizational Chain of Command ......................................................................................... 5
Africa Endeavor 2013 Network Diagram ................................................................................ 5
Mission Planning Procedures ................................................................................................... 6
Frequency Requests ................................................................................................................. 6
Mission Planning Gaps ............................................................................................................. 8
Commander’s Critical Information Requirements (CCIR) ..................................................... 8
Cyber Planning and Information Assurance ............................................................................ 9
MISSION EXECUTION .......................................................................................16
Mission Execution Purpose .................................................................................................... 16
Mission Execution Procedures ............................................................................................... 16
Source Document References ................................................................................................ 16
Routine Reporting.................................................................................................................. 16
Battle Rhythm ........................................................................................................................ 17
Communication Status Report ............................................................................................... 18
Incident Reporting ................................................................................................................. 18
Meaconing, Intrusion, Jamming, and Interference (MIJI) Reporting.................................... 20
Mission Execution Gaps ......................................................................................................... 21
Master Station Log (MSL) .................................................................................................... 21
“P.A.C.E.” Plan ..................................................................................................................... 21
Radio Procedures ................................................................................................................... 22
Radio Guard Chart ................................................................................................................. 27
Last updated: 23 July 2013
1
Cyber Operations and Information Assurance ...................................................................... 27
Brevity Codes ........................................................................................................................ 29
Information Compromise ...................................................................................................... 29
SIGNAL ANNEX ...................................................................................................31
Signal Annex Purpose ............................................................................................................. 31
Signal Annex Instructions ...................................................................................................... 31
Signal Annex Appendix Instructions ..................................................................................... 33
C4 HANDBOOK TABS ........................................................................................40
Tab 1 – CIS Connection Process ............................................................................................ 40
Tab 2 – Connection Authority Memorandum ...................................................................... 41
Tab 3 – System Architectural Description ............................................................................ 42
Tab 4 – Incident Response Form ........................................................................................... 4
Tab 5 – COMSTAT Report .................................................................................................... 4
Tab 6 – Authority to Connect Form ...................................................................................... 4
Tab 7 – Frequency Request Form ......................................................................................... 4
Tab 8 – Master Station Log Template ................................................................................... 4
Tab 9 – LOGSTAT Template ................................................................................................ Tab 12 - PERSTAT Template................................................................................................. Last updated: 23 January 2015
2
C4 HANDBOOK INTRODUCTION
Purpose
The purpose of the Africa Command, Control, Communications, and Computers
(C4) Handbook is to organize C4 efforts amongst the multiple nations participating in the International
exercises. In this handbook you will find critical Standard Operating Procedures (SOP)
that should be considered and implemented to ensure success for this, and any other, exercise or
operation.
Authoritative Documents
The Africa C4 Handbook was compiled as a supplement to the African Standby Force
Command Information Systems manual, the African Union Peace, Security, Operations Division
SOP, and the African Standby Force SOP.
Organization
The C4 Handbook is organized into four sections. The first two correlate with the phases of the
exercise – Mission Planning and Mission Execution. Each of the exercise phases is further
broken down into two sections – exercise procedures and gaps identified in those procedures.
The last two sections include the Signals Annex and a “Tabs” section that includes a number of
templates to help document some of the processes outlined in the Handbook.
Use
The C4 Handbook will serve multiple purposes. It will serve as an additional source document
for exercises, listing procedures, report template, signal annex, etc. It is also
designed as a quick reference guide for procedures listed in the other source documents, as
outlined in the “Mission Execution” paragraph. Finally the C4 Handbook will be provided to the
participating countries’ to use as a reference guide in support of their host nation communications
planning initiatives.
Version Information
This document was last updated on 23 January by AFRICOM J691 Division
Revisions:
23 July, Added network and organizational chain of command diagrams
22 July, Added prowords, guard chart procedures, Master Station Log, frequency request process
& form, disclaimer, conducted final review
5 July, Added inputs from Cyber/IA working group
17 June, Included description of CCIRs, Brevity Codes, Battle Rhythm Reports
7 June, Added sections for the brevity codes and APAN use
Last updated: 23 January 2015
3
Disclaimer
In order to use the hyperlinks that link to documents outside the C4 Handbook, you must save
the documents in the same folder as the C4 Handbook. The documents are named to correspond
with their location in the C4 Handbook (“Tab 4 – Incident Response Form.pdf”) to help identify
which documents need to be downloaded (ex. If the C4 Handbook is on the desktop, all
associated documents need to be as well for the links to work).
Document Modifications
This is a living document. As such, comments, concerns, and recommendations can be provided
to the following individuals at any time:
AFRICOM J69 – [email protected]
Last updated: 23 January 2015
4
MISSION PLANNING
Mission Planning Purpose
To ensure the most effective outcome for an exercise, proper planning must be considered prior
to execution. While every possible scenario and branch plan cannot be identified, there are a
number of contingencies to consider based on prior experiences from real world operations and
exercises. The information below will help planners better plan for any requirement.
Organizational Chain of Command
In any organization, it is extremely important to understand the chain of command and the
organization structure. Included below is the organizational chart for AE13 and can be used as a
template for any similar requirement.
Network Diagram
Understanding the layout of the network is extremely important in any operation or exercise that
involves C4. The example below is the network diagram for AFRICA ENDEAVOR13 and can be used
as a template for any similar requirement.
Last updated: 23 July 2013
5
Mission Planning Procedures
Frequency Requests
It is extremely important to deconflict frequencies prior to an operation or exercise. If proper
planning is not considered for frequency requests, the exercise or operation could be jeopardized
by interference from pre-existing authorizations or future authorizations. The steps below
provide the basic steps required to request frequencies. It is important to note that while this is
the process for AE13, it varies depending on the country the operation or exercise is in. Consult
your frequency manager or higher headquarters to ensure proper procedures are being followed.
1) Complete frequency request form (C4 HANDBOOK TABS - Tab 7) and submit it to the
AU
2) AU will engage with Host Nation and deconflict available frequencies
3) Host Nation will provide requested frequencies, if available, to AU
4) AU will provide frequencies to requesting entity
It is important to start discussion on frequency requests as early as possible. Frequencies may
not be available due to conflicts, and the planners must have time to deconflict with the host
nation to work out a plan that will allow their equipment to operate. Instructions for filling out
the frequency request form (C4 HANDBOOK TABS - Tab 7) are found below:
Section 1) Request a specific number of frequencies within a band.
Last updated: 23 January 2015
6
•
Example: “6 HF frequencies”
Section 2) Enter beginning and ending date frequency will be used (day-month-year).
•
Example: “01 Jan 2013 TO 31 Jan 2014”
Section 3) For Air to Ground to Air and Air to Air requirements only, enter:
•
•
•
Desired geographical clearance in nautical miles in 3 digits including leading zeros
The service height to be protected in thousands of meters in 3 digits
Example: “0.50NM / .3M”
Section 4) Enter:
•
•
•
•
Transmitter location(s) or area
Country code
Specific geographical coordinates
Example: “Lusaka / ZM / 154167S 282833E”
Section 5) Enter:
•
•
•
•
Receiver location(s) or area
Country code
Specific geographical coordinates
Example: “Lusaka / ZM / 154167S 282833E”
Section 6) Enter the appropriate abbreviations for the class of station (fixed base, mobile,
aircraft).
•
Example: “Fixed Base / D”
Section 7) Enter the necessary bandwidth and modulation type .
•
.5kHz, FM
Section 8) Enter:
•
•
•
Letter for the type of power (M=Mean, P=Peak)
Power expressed in dBW
Example: “M / 30 dBW”
Section 9) Enter:
•
•
Antenna gain in dBi
Direction of maximum radiation
Last updated: 23 January 2015
7
For R/R and VHF land/mobile enter the following additional information:
•
•
•
•
•
Polarization
Height above ground
Elevation above main sea level
Horizontal halfpower beamwidth
Example: “03 / 090 / V / 020C / 30m / 60.0 / 60.0
Section 10) Enter the “from” and “to” hours in 4 digits.
•
Example: “0000 / 2359”
Section 11) Enter:
•
•
•
Tuning range of the system,
Tuning increments
Example: 2mHz – 30mHz / .01mHz
Section 12) Enter the type of operation.
•
Example: “S”
Section 13) Enter the date by which frequency is required.
•
Example: “10 Jan 2013”
Section 14) Enter:
•
•
Any necessary information which could not be fitted in points 1 to 14A.
Name of the POC, contact information, and address
Mission Planning Gaps
Throughout the authoritative documents, there are procedures that can be improved upon. These
are defined as “gaps” in this document. The information below will help improve the mission
planning capability to achieve a more successful operation or exercise execution.
Commander’s Critical Information Requirements (CCIR)
In every operation or exercise, there is certain information the Commander will want regular
updates on. This information will be different for each Commander as well as each event. The
CCIRs facilitate timely decision making that enables successful mission accomplishment.
CCIRs should be defined as early as possible in the event and may be refined by the Commander
as the situation changes.
Last updated: 23 January 2015
8
Some examples of CCIRs are:
1)
2)
3)
4)
5)
6)
Arrival of critical supplies
Initial Operations Capability (IOC)
Network setup at 75%
Full Operations Capability
Loss of ventilation/air conditioning in the server area
Less than 50% spare parts in inventory
The CCIRs utilized during AE13 are located in the PSOD Operations Centre Standard Operating
Procedures on page 19.
Cyber Planning and Information Assurance
System Configuration
Prior to any system being connected to the op network, the baseline security configuration must
be implemented. Due to the high volume of vulnerabilities that exist, it is vital to ensure
protection of these assets.
To ensure all systems and OSs are maintained, minimize threat of known vulnerabilities to the
system, and limit unauthorized access to the data, the following configuration from AE should be
followed:
1) OS Requirements
• The OS baseline is Windows Server 2008 for servers and Windows 7 for
workstations
• All deviations to this standard need to be reported to the unit Information Assurance
(IA) Officer
2) Patching/Service Pack
• Systems should have the latest OS patch/service pack and/or hot fixes installed
3) Ports and Running Services
• Ports and running services which are NOT necessary for the exercise, should be
deactivated
• Port Security will be implemented on all devices to ensure only authorized devices
access the network
4) Accounts
• All system default accounts must be disabled, deleted, or renamed and new passwords
must be assigned
• System administrators shall have specific accounts assigned that belong to the
appropriate administrator groups
• The system administrator standard user accounts should not be assigned to privileged
users groups
• The default administrator account should be deleted
• The privileged system administrator accounts should not be used to surf the web or
allow email access
Last updated: 23 January 2015
9
All non-essential accounts should be disabled
All accounts should be password protected
No generic or anonymous LAN accounts will be allowed
Screensavers should be set to automatically engage after 5 minutes of idle
workstation and/or server inactivity
• Screensavers should require password verification before allowing re-use of the
workstation and/or server
• Users should be required to lock their workstations when their workstation is
unattended
Session Controls and Requirements
• All systems (workstations, servers, multi-function devices) shall establish and enforce
network session controls that define rules and conditions
• SESSION LOCK - All systems, network and/or applications, used to process, store,
or transfer data shall automatically initiate a session/screen lock after a limited period
of inactivity, not to exceed 10 (ten) minutes. This must remain in effect until the user
re-establishes access using appropriate identification and authentication
• SESSION TERMINATION - All remote access networked sessions and public facing
applications requiring a logon must automatically TERMINATE the connection after
an inactivity timeout of 10 (ten) minutes. The user must provide appropriate
identification and authentication to reestablish the connection
• Access to, and interconnections with, AE networks from external networks and
systems shall occur through controlled and approved interfaces
Least Privilege Access Controls
• User privileges should be limited to only permit the user to do their job and perform
required mission tasks
Media
• All media used or connected to a working network, must first be approved by
the unit’s senior communications officer
• All USB devices and CD must be virus scanned by a standalone system prior to
connecting to a working Network
Classification
• All information and information systems should have a designated classification
The designated classification can be UNCLASSIFIED
•
•
•
•
5)
6)
7)
8)
•
Identification and Authentication Management
As the complexity and residual risk of Communication and Information Systems (CIS) increase,
the need for identification and authentication of users and processes becomes significant.
Identification and authentication controls are required to ensure only authorized users with a
need-to-know obtain access to the CIS and its information. These measures include Unique
Identification, Logon, Data Controls, Identification Management, and Authentication Method
Protection.
Last updated: 23 January 2015
10
1) Unique Identification and Password:
• Each user must possess a unique user name or token for logon that identifies that
individual
• Users must prevent disclosure of unique identification to non-users
• Group accounts are not authorized logon ability
• Users may not log on with other users’ identification
2) Data Controls
• Each user must be granted permissions to access information and systems
• User shall not attempt to access systems or information to which they have not
received specific authorization
• Data owners are responsible for determining and authorizing users’ access to their
information by using operating system data controls
• System owners are responsible for determining and authorizing users’ access to their
equipment and networks
3) Identification Management
• User accounts must have an expiration date commensurate with the system,
information, and employment requirements
• Users requesting accounts must present valid identification documents before release
of account information to the user
4) Authentication Method Protection
• Each unique user account must possess a strong password for authentication to the
systems and network. Passwords should have at least: 8 characters, 1 upper case, 1
lower case, 1 special character
• Users may not share authentication information with other personnel including
systems administrators
• All administrator passwords should be written down, placed in a shielded envelope
and stored in a protected location where only authorized personnel have access. This
precaution is for emergency situations where the password must be obtained for
network continuity
5) Policy Compliance
• Validation of compliance to this policy will be performed by IA personnel through
manual review of administrator configuration or automated scan
Audit Capability
Underlying requirements
Security auditing involves recognizing, recording, storing, and analyzing information related to
relevant system activities. The audit records can be used to determine which activities occurred
and which user or process was responsible for them. Auditing information involved in Cyber
investigations must be made available to the Cyber personnel. All systems that handle
confidential information, accept network connections, or make access control (authentication and
authorization) decisions shall record and retain audit-logging information sufficient to answer the
following questions as best as possible:
Last updated: 23 January 2015
11
1) What type of activity was performed? (reading email, accessing network, configuring
router, etc…)
2) Who, or what process, performed the activity?
3) Where, or on what system, was the activity performed?
4) When was the activity performed?
5) What tool(s) was the activity performed with? (metasploit, equipment jamming, etc…)
6) What was the status (ex. “successful”, “failed”), outcome, or result of the activity?
Activities to be logged
Logs shall be created whenever any of the following activities are requested to be performed by
the system:
1) Create, read, update, or delete confidential information, including confidential
authentication information such as passwords
2) When a Network connection is initiated or ended
3) Accept a network connection
4) User authentication and authorization for activities covered in 1) such as user login and
logout
5) Grant, modify, or revoke access rights, including adding a new user or group, changing
user privilege levels, changing file permissions, changing database object permissions,
changing firewall rules, and user password changes
6) System, network, or services configuration changes, including installation of software,
patches and updates
7) Application process startup, shutdown, or restart
8) Application process abort, failure, or abnormal end, especially due to resource exhaustion
or reaching a resource limit or threshold (such as for CPU, memory, network
connections, network bandwidth, disk space, or other resources), the failure of network
services such as DHCP or DNS, or hardware fault;
9) Detection of suspicious/malicious activity such as from an Intrusion Detection or
Prevention System (IDS/IPS), anti-virus system, or anti-spyware system
Elements of the log
Logs should identify or contain the following elements at a minimum:
1) Type of action – examples include authorize, create, read, update, delete, and accept
network connection
2) Subsystem performing the action – examples include process or transaction name,
process or transaction identifier
3) Identifiers (as many as available) for the subject requesting the action – examples include
user name, computer name, IP address, and MAC address. Note that such identifiers
should be standardized in order to facilitate log correlation
4) Identifiers (as many as available) for the object the action was performed on – examples
include file names accessed, unique identifiers of records accessed in a database, query
parameters used to determine records accessed in a database, computer name, IP address,
Last updated: 23 January 2015
12
5)
6)
7)
8)
and MAC address. Note that such identifiers should be standardized in order to facilitate
log correlation
Before and after values when action involved updating a data element, if feasible
Date and time the action was performed, including relevant time-zone information if not
in Coordinated Universal Time
Whether the action was allowed or denied by access-control mechanisms
Description and/or reason-codes of why the action was denied by the access-control
mechanism, if applicable
Formatting and storage
The system should support the formatting and storage of audit logs in such a way as to ensure the
integrity of the logs and to support analysis and reporting. Note the construction of a log
management mechanism is outside the scope of this document. Mechanisms known to support
these goals include, but are not limited to, the following:
1) Local Windows logs or local server/system logs will be used to capture data as required
by this appendix
2) Systems should be set to capture at least 8Mb of historical logs
3) Logs kept in a well-documented format sent via syslog, syslog-ng, or syslog-reliable
network protocols to a centralized log management system
4) Logs stored in a database that itself generates audit logs in compliance with the
requirements of this document
Continuity of Operations (COOP) Plan
Brigades need to identify the critical CIS and the critical information that supports the mission.
A COOP needs to be established for all critical CIS meeting all identified requirements
(Operation Requirements, System Backup, System Recovery, Contingency Plan, and Physical
Relocation).
Operation Requirements
Critical CIS need alternate power source ensures (APS) so the system availability is maintained
in the event of a loss of primary power. An APS can also provide a time to perform the
procedures for orderly system shutdown to ensure no loss of data.
System Backup
Critical CIS need to establish procedures for the regular backup of the OS, applications, and
information to ensure continuity of operations. The periodic checking of backup inventory and
testing of the ability to restore information validates that the overall backup process is functional
and adequate. Procedures must be created for the backup to include where the data will be stored
and how it will be provided to the Cyber IA representative.
Last updated: 23 January 2015
13
System Recovery
System recovery addresses the functions that respond to failures or interruptions in operations.
Recovery shall ensure systems are returned to a condition where all security-relevant functions
are operational or system operation must be suspended.
Procedures must be created for the recovery of critical CIS and provided to the Cyber
representatives. Periodic testing of recovery procedures is required to ensure effectiveness. If
any abnormal conditions arise during recovery, the IS shall be accessible only via terminals
monitored by the Cyber representative.
Contingency Plan
A contingency plan is a plan that must be put in place prior to any potential emergencies. It
allows organizations to handle possible future emergencies and continue operations. It pertains
to training personnel, performing backups, preparing critical facilities, and recovering from an
emergency or disaster so operations can continue.
Any continuity operation requirements for the critical CIS that can’t be fulfilled, such as not
having an alternate power source, should be documented in the Connection Authority (CA)
memorandum (C4 HANDBOOK TABS - Tab 2).
Physical Relocation
Due to unforeseen events (flood, power outage, impending attack, etc…), it may be necessary to
relocate to an alternate location to conduct operations. It is important to designate an alternate
facility prior to the operation or exercise and ensure critical services (comm, power,
heating/cooling, etc…) have been tested prior to relocating.
Physical Security and Visual Access
Physical security is every user, every person, and every nation’s responsibility. Safeguards shall
be established that deter, detect, and prevent unauthorized access to any CIS as well as any
unauthorized modification of the CIS hardware and software. Any personnel who do not have a
“need to know” and who are not cleared for access need to be escorted and supervised while in
the area of CIS. Any device that displays information in human-readable form shall be
positioned to prevent unauthorized personnel from reading the information (i.e. shoulder
surfing).
Malicious Code Prevention
Policies and procedures should be implemented to detect and deter incidents caused by malicious
code, such as viruses or unauthorized modification to software.
Last updated: 23 January 2015
14
1) Antivirus software
• Each system should run antivirus software. Open Source Anti-virus software should
be used, at a minimum, with licensed software being preferred
• Antivirus software should be updated manually or automatically daily
• Centralized antivirus management should be used when possible
2) Host Based Intrusion Detection
• User systems should have comprehensive security software installed
• Users, other than administrators, should not change configurations of the information
system
3) Software Configuration
• Software should be configured using the manufacturer’s recommendation applying
the most stringent security setting that allows required functionality
• Software should be configured to fail secure
4) Patch Management
• System administrators should apply all published patches to installed software within
72 hours of release
• Whenever possible, patches and updates should be tested in a laboratory environment
which resembles the operational network
• When possible, systems administrators and Cyber personnel should register with all
installed software manufactures for notification of available patches, updates, and
security concerns
• Patches, updates, and other essential files should only be downloaded from vetted
sources such as a manufacturing vendor or Government agency. No third party
download site may be used for downloading patches or updates
5) Administrator Rights
• Users logged on with administrator rights should not access the internet. Whenever
possible, administrator accounts should be configured to deny internet access
• Administrators should possess limited user accounts (LUA) for daily activity which
does not involve administration of devices or networks
• Patches, updates, and other files downloaded from the internet should be executed
using LUA; not administrator accounts
Authority to Connect
Prior to any CIS being connected to the operational network the connection process needs to be
completed. The steps in the connection process are below:
1) Full IA review of the device
2) Authority to Connect form completed (C4 HANDBOOK TABS - Tab 6)
3) Complete the requirements outlined in the system architectural description tab (C4
HANDBOOK TABS – Tab 3)
4) Member provides CA Memo (C4 HANDBOOK TABS - Tab 2) and other
documentation to the Cyber personnel for review
5) Memo is forwarded to the EMB Approving Official (AO) and/or Delegation Chief
Last updated: 23 January 2015
15
6) The EMB AO or Delegation Chief approves request and coordinates signature from
National or organization security accreditation authorities
Cyber personnel will assist the EMB AO in reviewing any CAs.
MISSION EXECUTION
Mission Execution Purpose
Even the most well-planned exercise will face some unforeseen events. This section contains
both the SOPs for exercise execution as well as some procedures and templates to successfully
report and overcome contingency operations.
Mission Execution Procedures
Source Document References
There are multiple authoritative documents utilized during exercise and real-world operations in
Africa. These documents contain multiple procedures to ensure different countries and forces
operate the same way. The list below is not all inclusive, but contains the majority of the
mission execution procedures listed in each document with a reference to the procedures’
descriptions.
African Standby Force Command Information Systems Manual
No defined procedures
African Union Peace, Security, Operations Division SOP
Incident Reporting – Page 6, section 1.4 and 1.5
Duty Officer Watch Log – Page 27
Maintenance and Preventive Maintenance Log – Page 30
Daily Situational Report – Page 31
African Standby Force SOP
Frequency Document Management - Adobe Acrobat page 386
Communications Security – Adobe Acrobat page 387
Virus Reporting – Adobe Acrobat page 395
Security Incident Reporting – Adobe Acrobat page 154
MIJI Reporting – Adobe Acrobat page 398
Radio Etiquette – Adobe Acrobat page 404
Transmission Procedures – Adobe Acrobat page 405
Routine Reporting
Routine reporting is essential for the success of an operation or exercise. There are numerous
reports due daily to various organizations. The battle rhythm for reports and report templates are
Last updated: 23 January 2015
16
found below with brief descriptions of each. Additionally, each report can be sent electronically
as an email attachment, printed and faxed, or conveyed over a voice medium.
Battle Rhythm
The Battle Rhythm is the sequencing of standardized command and control activities within a
headquarters and throughout the force to facilitate effective command and control. It establishes
the time, frequency, and type of meetings, working groups, boards, and other events, as well as
who attends them. Reports, briefings, meetings, and working groups all require input and
preparation. Additionally, the outputs of certain working groups are inputs for other working
groups. The battle rhythm accounts for such requirements. Staff officers and subordinate units
require a schedule to prepare for each C2 event.
The chart below indicates a typical Battle Rhythm reporting timeline. The respective staff
organization is responsible for generating and submitting their report at the scheduled reporting
time. For example, the COMSAT, or the Communications Status, report is generated by the
Signal (J6) representative. For AE purposes, the following reports listed below (PERSTAT,
LOGSTAT, and LOGREP) will not be required to be generated, however, a fabricated report
will be provided to the member representing each organization for submission at the
scheduled reporting time.
PERSTAT (Personnel Status Report prepared by the personnel staff or the J1) captures military
and civilian personnel who are present for duty, Soldiers on R&R or emergency leave, those
TDY in CONUS, etc. The PERSTAT provides "boots on the ground" numbers and reflect all
civilians (DoD and contractors) and all Service members from each military service who are
assigned, attached, or are under operational control and present in the theater of operations at the
time of the report.
LOGSTAT (Logistic Status Report prepared by the logistics staff or the J4) is submitted to
higher headquarters for the purpose of keeping the Commander informed of the logistics status
of deployed forces. The report will focus on supply status in deployment, equipment status,
shortages and maintenance deficiencies
LOGREP (Logistics Report) takes into account the general logistics situation within the
missions. Based on the information collected, the head of administration or equivalent will draft
a daily LOGREP to HQ.
SITREP (Situation Report) is a report sent by an element to another high or lower element to
inform of its situation. There exist multiple versions and alterations of the SITREP that are used
in various forces and at various levels. It provides a detailed overview over the unit’s entire
situation including location, activity, combat effectiveness, disposition, intelligence and
reconnaissance, logistics, communications and status of personnel.
Last updated: 23 January 2015
17
Sample Battle Rhythm Reporting Timeline
Repot Name
Time Due Current As Of
COMSTAT
0900
0800
LOCSTAT
0900
0800
PERSREP
1100
0800
LOGREP
1200
0900
SITREP
1300
1000
COMSTAT
1200
0900
PERSREP
1400
1100
LOGREP
1500
1200
SITREP
1600
1300
INTSUM
1600
1300
From
BN HQ
BN HQ
BN HQ
BN HQ
BN HQ
AMICA BDE HQ
AMICA BDE HQ
AMICA BDE HQ
AMICA BDE HQ
AMICA BDE HQ
To
AMICA BDE HQ
AMICA BDE HQ
AMICA BDE HQ
AMICA BDE HQ
AMICA BDE HQ
AU PSOC
AU PSOC
AU PSOC
AU PSOC
AU PSOC & BN HQ
Communication Status Report
The COMSTAT report is used to track the current status of all communication capabilities. The
sample and electronic copy of the COMSTAT Report are located in C4 HANDBOOK TABS –
Tab 5.
With the attached COMSTAT Report, a commander has the ability to modify the report to track
any and all capabilities they wish. The individual filling out the report simply has to enter the
system name in the “Status of” line and indicate the status.
As indicated on the report, a status of “G”, or “green”, indicates the system is fully operational
with no issues to report. A status of “A”, or “amber”, indicates the system is running, but at a
degraded capability. A status of “R”, or “red”, indicates the system is not operational at that
time. Finally, a status of “B”, or “black”, indicates no capability or equipment exists to meet the
requirement.
Alternate Methods of COMSTAT Reporting
If electronic capabilities (ie. computer connected to internet) do not exist, the information can be
transmitted via voice by following the instructions below:
Transmission Line 1: “COMSTAT”
Transmission Line 2: Name of reporting organization
Transmission Line 3: Date Time Group (DDHHYY)
Transmission Line 4: System name and status
Transmission Line 5: System name and status
….complete list of systems and their respective statuses….
Transmission Line 6: Status details for any systems not “G”, or fully operational, as required
Incident Reporting
Not all reports will have a due date and time. Some reports will be generated based on an
unforeseen event. The “Incident Response” form is used to capture any C4 incident. Examples
of an "incident" include, but are not limited to, C4 outage, denial of service, virus detection,
Last updated: 23 July 2013
18
intrusion detection, unauthorized device, and espionage. The date and time are EXTREMELY
important and must be included in the report. Include as many details about the event as possible
to ensure appropriate action can be taken
Participants will report security incidents or suspicious activity to their IA representative. As
incidents are resolved, the report will be updated and closed. The Cyber Working Group will
review events, develop responses, and provide analysis associated with the reported incident.
Incident Response Process:
1) Upon detection, the user will disconnect the computer from the network
2) The user will contact the Brigade Cyber Operations Officer
3) Fill out the Incident Response form and provide it to the Cyber IA working group
4) Cyber IA working group will investigate the incident
5) Remove any vulnerabilities identified in the investigation, conduct any refresher training
required, develop a closing report
6) Submit report to Brigade Commander, the EMB, and the Exercise Director
Instructions for filling out the Incident Response form:
1) “From:” field: This is the organization or unit sending the incident form
2) “DTG” field: This includes the date and time the report is being sent in the following
format DDHHmmZMMMYY (ex. 051649ZJUL13
3) “To:” field: This is the organization or unit needing to take action on the incident
4) “Info:” field: This is the organization or unit needing information only about the event
5) “Subject” field: This field contains details about the type of event. This should be as
descriptive as possible (ex. “Virus on the Brigade Commander’s computer” or “HF
interference”)
6) “DTG of Incident” area: This should include the date and time the incident occurred in
the following format: DDHHmmZMMMYY (ex. 051649ZJUL13)
7) “Priority of Incident” area: This should indicate how important the incident is. If the
incident impacted a large # of people or has a significant impact on an operation, it will
have a higher priority than an incident that only impacts a few people and low impact on
an operation (ex. “Serious”, “Medium”, “Low”)
8) “Impact of Incident” area: This section explains the impact the incident has on the
operation (ex. “3 machines are infected by a virus” or “Brigade to Battalion comms are
inoperable”)
9) “Description of Incident” area: This section explains what happened during the incident.
(ex. “HF antenna collapsed during high winds”)
10) “Actions Taken” area: This section explains what actions have been taken to alleviate the
incident. (ex. “2 of 6 antennas have been erected, but 4 remain down due to damage to
the antennas”)
Last updated: 23 January 2015
19
11) “Internal Distribution” field: This section includes any internal organization that needs to
receive the message.
12) “Drafted By” field: This is who filled out the report
13) “Releasing Officer” field: This is who reviewed and authorized the report for release
The electronic copy of the Incident Response form is located in C4 HANDBOOK TABS – Tab
4.
Incident Response Form Uses
The Incident Response form can be used for a number of different incidents. Most of the areas
on the form are standardized, but it is important to capture specific information in the
“Description of Incident” for Cyber Incidents (see “Cyber Incident Management” below).
When dealing with a cyber incident (ex. Denial of Service, Virus Attack, Espionage,
Unauthorized Access), the following information must be included in the “Description of
Incident” area:
1) The name and type of device involved
2) How the incident was detected
This information will help the technicians troubleshoot the issue and ensure they take the proper
initial actions prior to taking any further steps toward resolution.
Alternate Methods of Incident Reporting
If electronic capabilities (ie. computer connected to internet) do not exist, the information can be
transmitted via voice by following the instructions below:
Transmission Line 1: “Incident Report”
Transmission Line 2: Severity of Incident (Serious, Medium, Low)
Transmission Line 3: Date Time Group (DDHHYY)
Transmission Line 4: Member Reporting Incident (Rank & Name)
Transmission Line 5: Member’s Organization
Transmission Line 6: Member’s Phone #
Transmission Line 7: Member’s Email Address
Transmission Line 8: Description of the Incident
Transmission Line 9: Actions Taken
Meaconing, Intrusion, Jamming, and Interference (MIJI) Reporting
MIJI reporting provides the information needed to adequately inform the Mission
Communication Branch of an incident in a timely manner. It is used to make evaluation of
opposing forces actions or intentions easier, and to provide data to implement appropriate
measures.
Last updated: 23 January 2015
20
MIJI incidents are submitted using the Incident Response form, located in C4 HANDBOOK
TABS – Tab 4. Ensure the term “MIJI” is included in the subject field to alert the receiving
organization of the type of indecent.
Alternate Methods of MIJI Reporting
If electronic capabilities (ie. computer connected to internet) do not exist, the information can be
transmitted via voice by following the instructions below:
Transmission Line 1: “MIJI Report”
Transmission Line 2: Reporting Organization
Transmission Line 3: Location
Transmission Line 4: Start Date Time Group (DDHHYY)
Transmission Line 5: End Date Time Group (DDHHYY) if applicable
Transmission Line 6: Equipment
Transmission Line 7: Frequency/Range (if unclassified)
Transmission Line 8: Interference Details
Mission Execution Gaps
Throughout the authoritative documents, there are procedures that can be improved upon. These
are defined as “gaps” in this document. The information below will help improve the mission
execution for operations and exercises.
Master Station Log (MSL)
An MSL is used to track any actions that occur at a specific station throughout the day. The
MSL can be used to refer back to any time a question arises as to what happened throughout
someone’s shift. It is also a good tool to use during shift turnover to ensure any items requiring
action are turned over to the incoming shift. A sample MSL is located in C4 HANDBOOK
TABS - Tab 8.
“P.A.C.E.” Plan
A “P.A.C.E.” plan outlines the different capabilities that exist and aligns them into four
categories - primary, alternate, contingency, and emergency - based on their ability to meet a
defined requirement. Each is explained in more detail below:
Primary: The normal or expected capability used to achieve the objective.
Alternate: A fully satisfactory capability used to achieve an objective which can be used with
minimal impact to the operation or exercise. This capability will be used when the primary
capability is unavailable.
Contingency: A workable capability used to achieve the objective. This capability may not be as
fast or easy as the Primary or Alternate, but is capable of achieving the objective with an
Last updated: 23 January 2015
21
acceptable amount of time and effort. This capability will be used when the primary and the
alternate capabilities are unavailable.
Emergency: This is the last resort capability and typically may involve significantly more time
an effort than any of the other capabilities. This capability should only be used when the
primary, alternate, and contingency capabilities are unavailable.
In order to effectively use a “P.A.C.E.” plan, a planner must establish, prior to the operation or
exercise, what capability exists in each category. Remember there may not always be four
different capabilities to support one requirement.
An example of a “P.A.C.E.” plan for unsecure voice might look like the example below:
Primary
Commercial Telephone
Unsecure Voice
Alternate
Commercial Cell Phone
Contingency
LMR
Emergency
HF Radio
Radio Procedures
The radio procedures listed below will help operators use transmission times more efficiently
and avoid violations of communications policies:
1) Prior to an operation, ensure equipment is properly configured. The technical manual is a
good place to begin. Examples of items to check include tuning, power settings, and
connections.
2) Change frequencies and call signs IAW unit signal operating instructions.
3) Use varied transmission schedules and lengths.
4) Use established formats to expedite transmissions such as sending reports.
5) Encode messages or use secure voice.
6) Clarity of radio communications varies widely, so use the phonetic alphabet and
numbers.
7) Transmit clear, complete, and concise messages. When possible, write them out
beforehand.
8) Speak clearly, slowly, and in natural phrases as you enunciate each word. If a receiving
operator must write the message down, allow time for them to do so.
9) Listen before transmitting to avoid interfering with other transmissions.
10) Long messages risk becoming garbled and create increased electronic signature. The use
of procedure words, or “prowords” is essential in reducing transmission time and
avoiding confusion (see list below)
11) Minimize transmission time.
Proword Examples
A list of proword examples is below. This list is not all-inclusive, but can be used as a good
reference sheet for radio operators.
Last updated: 23 January 2015
22
PROWORD
ALL AFTER
Explanation
AUTHENTICATE
The portion of the message to which I have reference is all that which follows
______.
The portion of the message to which I have reference is all that which precedes
______.
The station called is to reply to the challenge which follows
AUTHENTICATION IS
The transmission authentication of this message is ______.
BREAK
I hereby indicate the separation of the text from other portions of the message.
BROADCAST YOUR NET
Link the two nets under your control for automatic rebroadcast.
CALL SIGN
The group that follows is a call sign.
CORRECT
You are correct, or what you have transmitted is correct.
CORRECTION
An error has been made in this transmission. Transmission will continue with the
last word correctly transmitted.
An error has been made in this transmission (or message indicated). The correct
version is ______.
That which follows is a corrected version in answer to your request for verification.
DISREGARD THIS
TRANSMISSION -- OUT
EXEMPT
This transmission is in error. Disregard it. This PROWORD shall not be used to
cancel any message that has been completely transmitted and for which receipt or
acknowledgement has been received.
Stations called are not to answer this call, receipt for this message, or otherwise to
transmit in connection with this transmission. When this PROWORD is employed,
the transmission shall be ended with the PROWORD "OUT".
Carr out the purpose of the message or signal to which this applies. To be used only
with the executive mode.
Action on the message or signal which follows is to be carried out upon receipt of
the PROWORD "EXECUTE". To be used only with the delayed executive method.
The addressees immediately following are exempted from the collective call.
FIGURES
Numerals or numbers follow.
FLASH
Precedence FLASH
FROM
GROUPS
The originator of this message is indicated by the address designator immediately
following.
This message contains the number of groups indicated by the numeral following.
GROUP NO COUNT
The groups in this message have not been counted.
I AUTHENTICATE
The group that follows is the reply to your challenge to authenticate.
IMMEDIATE
Precedence IMMEDIATE.
IMMEDIATE EXECUTE
INFO
Action on the message or signal following is to be carried out on receipt of the word
EXECUTE. To be sued only with the Immediate Executive Method.
The addresses immediately following are addressed for information.
I READ BACK
The following is my response to your instructions to read back.
I SAY AGAIN
I am repeating transmission or portion indicated.
I SPELL
I shall spell the next word phonetically
I VERIFY
That which follows has been verified at your request and is repeated. To be used
only as a reply to VERIFY.
A message which requires recording is about to follow. Transmitted immediately
after the call. (This PROWORD is not used on nets primarily employed for
conveying messages. It is intended for use when messages are passed on tactical or
reporting nets.)
Transmitting station has additional traffic for the receiving station.
ALL BEFORE
DO NOT ANSWER
EXECUTE
EXECUTE TO FOLLOW
MESSAGE
MORE TO FOLLOW
Last updated: 23 January 2015
23
NET NOW
NUMBER
All stations are to net their radios on the unmodulated carrier wave which I am about
to transmit.
Station Serial Number
OUT
This is the end of my transmission to you and no answer is required or expected.
OVER
PRIORITY
This is the end of my transmission to you and a response is necessary. Go ahead,
transmit
Precedence PRIORITY
READ BACK
Repeat this entire transmission back to me exactly as received.
RELAY (TO)
ROGER
Transmit this message to all addressees (or addressees immediately following this
PROWORD). The address component is mandatory when this PROWORD is used.
I have received your last transmission satisfactorily.
ROUTINE
Precedence ROUTINE
SAY AGAIN
Repeat all of your last transmission. Followed by identification data means "Repeat
_____ (portion indicated)".
The message that follows is a SERVICE message.
SERVICE
SIGNALS
SILENCE
(Repeated three or more
times)
SILENCE LIFTED
The groups which follow are taken from a signal book. (This PROWORD is not
used on nets primarily employed for conveying signals. It is intended for use when
tactical signals are passed on non-technical nets).
Cease transmission on this net immediately. Silence will be maintained until
lifted. (When an authentication system is in force, the transmission imposing silence
is to be authenticated).
SPEAK SLOWER
Silence is lifted. (When an authentication system is in force, the transmission lifting
silence is to be authenticated).
Your transmission is at too fast a speed. Reduce speed of transmission.
STOP
REBROADCASTING
THIS IS
Cut the automatic link between the two nets that are being rebroadcast and revert to
normal working.
This transmission is from the station whose designator immediately follows.
TIME
That which immediately follows is the time or date time-time group of the message.
TO
The addressees immediately following are addressed for action.
UNKNOWN STATION
WAIT
The identity of the station with whom I am attempting to establish communication is
unknown.
Verify entire message (or portion indicated) with the originator and send the correct
version. To be used only at the discretion of or by the addresses to which the
questioned message was directed.
I must pause for a few seconds
WAIT -- OUT
I must pause longer than a few seconds.
WILCO
WORD AFTER
I have received your signal, understand it, and will comply. To be used only by the
addressee. Since the meaning of ROGER is included in that of WILCO, the two
PROWORDS are never used together.
The word of the message to which I have reference is that which follows ______.
WORD BEFORE
The word of the message to which I have reference is that precedes ______.
WORDS TWICE
Communication is difficult. Transmit (transmitting) each phrase (or each code
group) twice. This PROWORD may be used as an order, request, or as information.
Your last transmission was incorrect. The correct version is _____.
VERIFY
WRONG
Types of Radio Networks (“Nets”)
Stations are grouped into nets according to requirements of the tactical situation. A “net” is two
or more stations in communication with each other, operating on the same frequency. Nets can
Last updated: 23 January 2015
24
be for voice and/or data communications. Listed below are some examples of different types of
nets:
Command Net (Command and control the unit's maneuver)
Intelligence Net (Communicate enemy information and develop situational awareness)
Operations and Intelligence Net
Administration and Logistics Net (Coordinate sustainment assets)
Precedence of Transmission
Flash (For initial enemy contact reports)
Immediate (Situations which greatly affect the security of national and allied forces)
Priority (Important message over routine traffic)
Routine (All types of messages that are not priority)
Message Format
Heading--A heading consists of the following information:
1)
2)
3)
4)
Identity of transmitting station and self
Transmission instructions (Relay To, Read Back, Do Not Answer)
Precedence
FROM/TO
Text--Text is used to-1) Separate heading from message with Break\
2) State reason for message.
Ending--An ending consists of-1) Final Instructions (Correction, I Say Again, More to Follow, Standby, Execute, Wait).
2) OVER or OUT (never use both together).
Numerical Pronunciation
1) To distinguish numbers from similarly pronounced words, the proword "FIGURES" may
be used preceding such numbers.
2) When numbers are transmitted by Radio, numbers will be transmitted digit by digit (ex.
135 would be transmitted “1” “3” 5”). Multiples of thousands may be spoken as such.
3) The figure "ZERO" is to be written "Ø".
4) Difficult words, abbreviations and isolated letters may be spelled phonetically. This is
identified by using the proword “I SPELL”.
Call Signs
Call signs have two parts (see diagram below):
Last updated: 23 January 2015
25
1) Designation call sign identifies the major unit (corps, division, brigade, or battalion).
2) Suffix and expanders identify individuals by position.
An example of a call sign chart is shown below.
POSITION
Commander
Assist Division Commander
(ADC) (Manuever/Operation)
DESIGNATION
Zebra 6
Zebra 63
6
63
ADC(Sustainment)
Zebra 64
64
Command Sergeant Major
(CSM) / First Sergeant (1SG)
Chief of Staff (CoS) /
Executive Officer (XO)
Deputy Commander
G1 / S1
G2 / S2
G3 / S3
G3 Air
G4 / S4 / Supply
G5 / S5
G6 / S6 / COMMO
Fire Support Officer (FSO)
Engineer
Flight Operations
Battalion Maintenance
Technician (BMT) /
Maintenance
Zebra 7
7
Zebra 5
5
Zebra 8
Zebra 1
Zebra 2
Zebra 3
Zebra 11
Zebra 4
Zebra 10
Zebra 23
Zebra 14
Zebra 34
Zebra 44
Zebra 17
6
1
2
3
11
4
10
23
14
34
44
17
Chaplain
Chemical Officer
Zebra 28
Zebra 30
28
30
Last updated: 23 January 2015
26
SUFFIX
EXPANDER
A
Radio Guard Chart
A radio guard chart identifies the frequencies that are going to be used during an operation or
exercise, what type of transmission (HF, UHF, VHF, etc…), restoration priorities of each
frequency, and the responsibilities held by each unit with respect to each frequency.
Legend
C – Net Control
X – Guard
W – When Directed
A – As Required
M – Monitor
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
N
E
T
1
2
3
4
5
6
7
8
9
10
11
12
Transmission Type
1 – HF
2 – UHF
3 – VHF
4 – UHF-SATCOM
RESTORATION PRIORITIES
2
3
1
4
5
12
6
9
8
7
11
10
TRANSMISSION TYPE
4
1
3
3
1
3
3
3
3
1
2
1
Regiment
C
C
Battalion
X
X
UNITS
C
C
C
C
C
C
X
X
C
X
X
Echo Co
X
A
X
A
A
A
A
A
A
Fox Co
X
A
X
A
A
A
A
A
A
Golf Co
X
A
X
A
A
A
X
A
A
Weapons Co
X
A
X
A
A
C
A
A
X
Artillery Battery
X
A
X
A
C
A
A
A
X
X
Each organization that is part of the mission has a certain responsibility to listen to the
frequencies on the guard chart. The organization developing the Signal Annex assigns the
appropriate responsibilities to each organization. The developer of the Signal Annex will
delegate the “Net Control” responsibilities to respective organizations. There is only one “Net
Control” for each frequency. The responsibility to “Guard” a frequency is assigned to a single,
or multiple, organization(s). These organizations are required to listen to the frequency 24 hours
a day. “When Directed” indicates an organization is required to listen to a frequency during a
certain period of time.
Cyber Operations and Information Assurance
Cyber Incident Management
Last updated: 23 January 2015
27
Each Regional Working Group should designate a Cyber Operations Officer (COO). The COO
will ensure secure operating practices are observed and conducted within each enclave.
The COO will be the lead for ensuring the minimal-security requirements are fulfilled for their
areas, networks, and systems of responsibility. The COO will identify those requirements that
cannot be met and inform the AE Cyber Working Group. The AE Cyber Working Group will
evaluate the impact and advise the EMB AO on a proposed solution.
The COO will be responsible for informing the AE Cyber Working Group of any relevant
security events and/or incidents. The Cyber Working Group will work with the representatives to
assess the impact of such events and coordinate resolution.
All nations/organizations will ensure a developed, integrated, and coordinated Cyber effort exists
to support the Cyber mission.
AE participants will report security incidents or suspicious activity using any means available.
Users who discover information security incidents will report them using the Incident Response
Form (C4 HANDBOOK TABS - Tab 4). As incidents are resolved, the report will be updated
and closed. The Cyber Working Group will review events, develop responses, and provide
analysis associated with the reported incident.
Below are the type of incidents along with the reporting requirements and processes. AE
security incidents are divided into three categories, based on their severity and possible impact to
the AE infrastructure. Computer Network Defense (CND) cell is located within the Cyber
Working Group.
Timeline (report
received at CND cell)
Category
Reportable Incident/Event
1
- All attacks affecting C4 critical assets
- Denial-of-Service attacks that isolate a critical service or
impede network performance
- Malicious logic (virus) attacks that isolate enclaves
- Root-level access obtained by unauthorized personnel
Within 30 minutes
2
- Significant trends in incidents/events
- Indication of multiple system attacks (successful or not)
- Suspected e-mail spoofing
- Unauthorized probes, strobes, or sweeps on a system
Within 1 hour
3
- Unusual system performance or behavior
- System crashes or component outages of a suspicious
nature
- Suspicious system configuration changes
Within 2 hours
Last updated: 23 January 2015
28
- Suspicious files identified on a server
- Missing data, files, or programs
- Unexplained access privilege changes
- Poor security practices
- Unusual after-hour system activity
- Multiple, simultaneous logins by the same user
- Unauthorized privileged user activity
Malicious logic (virus) attacks
Security Testing
Security testing is the means to verify correct implementation of Cyber IA policies and
procedures and configurations. Security testing will be accomplished on all Operational networks with
the results being analyzed by the units IA representative and provided to the EMB AO.
Brevity Codes
A brevity code is the shortened form of a frequently used phrase, sentence, or group of
sentences, normally consisting entirely of upper case letters. When establishing brevity codes:
1) Use letters that convey the meaning of the language they represent.
2) Do not represent the same word with more than one brevity code.
3) Make the first letter of the brevity code and the first letter of the phrase are the same.
The following are examples of operational brevity words and terms to provide common
understanding and minimize radio transmissions:
1300Z - Base Time
SPIKE - Base Location
1200M - Base elevation
30MIN - Base duration
ABORT - Directive to cease action/attack/event/mission.
BASE (Number) - Reference number used to indicate such information as headings, altitudes,
fuels, etc.
CLEARED - Requested action is authorized
COMSEC - Communications Security
BLIND - No visual contact with friendly aircraft; opposite of term "VISUAL."
MICKEY - Have Quick time-of-day (TOD) signal
REFRAD - Release from Active Duty
SIGINT - Signals Intelligence
SPLASH - Target destroyed (air-to-air); weapons impact (air-to-ground)
Communications Security (COMSEC) Compromise
If a COMSEC keyed radio or COMSEC loading device is lost or captured by enemy, it is
important to report the incident in a timely manner. The greater time between the item being lost
and the report beginning, the greater chance there is for compromising the equipment. The
following steps should be followed in the event of lost COMSEC:
Last updated: 23 January 2015
29
1) Immediate actions by unit:
• Alert units on local net using previously established compromise code word/phrase:
“Code Word”
• Increase unit radio OPSEC procedures
• Contact BDE Communications Officer to alert of a possible compromise.
• Validated that the COMSEC equipment is missing/compromised:
− Confirm incident with subordinate unit
− Direct a 100% accountability inventory
• Once confirmed or denied contact BDE Communications Officer for further
instructions
2) Actions by BDE Communications Officer:
• Determine extent of compromise with BN Communications Officer.
• Coordinate with unit commanders/liaison officers to determine what operations are
affected by compromise.
• If compromise is confirmed continue to Step 2
3) BDE Communications Officer issues order to alert BDE net with “Code Word”
• On Order from BDE Communications Officer, BDE Radio Operator will:
− BDE Radio Operators conducts a Net Call with all Battalion radio operators.
− Only on order issue brevity code: “Code Word”
− Confirm acknowledgement with radio operators and report to BDE BDE.
• Staff Action Checklist
− Brigade Leadership notified
− On order, Command Post sends message through alternate communication.
− Command Post notifies Battalion Command Post to follow battle drill
4) Operations Officer, Intel Officer, and Communications Officer determine affect on
operations.
• Actions by Radio Operators
− On Order, Radio Operators conducts Net call with Battalion Radio Operators.
− Issue previous established code word/phrase: “Code Word 2”
− Radio Operators adjust radios as established in Annex K.
− Radio Operators opens net and reports Acknowledgement to Communications
Officer
• Unit Submits Compromise report
5) BDE Communications Officer notifies Division Communications Officer; determines if
super session is required.
• Actions:
− Communications Officer prepares supersession change to Operations
Order/distributes new COMSEC
− At prescribed time units adjust radios and reestablish their primary means of
communication radios.
− Radio nets reopened
Last updated: 23 January 2015
30
SIGNAL ANNEX
Signal Annex Purpose
The Signal Annex is an annex to an operational or execution order that outlines specific
communication planning concerns. This document should include specific instructions and
information pertaining to an event to ensure coordinated planning and execution occurs amongst
the different participating organizations.
Signal Annex Instructions
COMMAND ISSUING ORDERS
COMMAND ADDRESS
DATE OF ORDERS
SIGNAL ANNEX TO NAME OF OPERATION OR ORDER NUMBER
COMMAND, CONTROL, COMMUNICATION, AND COMPUTER SYSTEMS
References:
a. List documents essential to this annex
b. List documents specifically referred to in this annex. References are complementary
plans, publications, and C4 systems policy documents.
1. Situation
a. Enemy.
(1) Identify enemy counter C2, signal-intercept, and computer system entry
capabilities that may threaten or constrain effective friendly command and
control. Address enemy doctrine and capabilities to gain the initiative, achieve
surprise, bring friendly forces to battle on enemy terms, and disorganize
friendly forces during engagements.
(2) Discuss past enemy uses of OPSEC measures, signal interception, deception,
jamming, and lethal/nonlethal attacks on command, control, communication,
and computer systems.
(3) Identify capabilities that represent a threat to the success of the C4 mission.
(4) List exploitable enemy vulnerabilities.
b. Friendly. Provide an analysis of friendly C4 facilities, resources, and organizations
that affect the planning of subordinate commands. Indicate the manner in which C4
forces not included in the task organization will contribute to the operation. Include
appropriate interoperability considerations for joint, combined, and neutral forces in the
operational area. Place special emphasis on listing applicable international bilateral
arrangements that have been made to obtain or provide C4 support.
c. Assumptions. State the assumptions that establish essential criteria for development of
the C4 annex; for example, availability of mobile or transportable assets and security of
key facilities outside the combat zone.
2. Mission. State clearly and concisely, the “essential” tasks to be accomplished with regard to
the purpose of this ANNEX as it relates to the overall mission stated in the Basic Plan. The
mission statement should address the questions (who, what, when, where and why). Define the
Last updated: 23 January 2015
31
broad tasks and the purpose to establish a basis for “integration” and “coordination” of actions to
be taken. (The C4 mission statement may require several subparagraphs in view of the many
aspects of C4 support.)
3. Execution.
a. Operational Concept. Describe the operation briefly, in narrative form, emphasizing
phasing and aspects of the Basic Plan that establish C4 requirements and that affect C4
capabilities and limitations. Provide OPSEC planning guidance for planning, preparing
for, and executing command and control (C2) functions, particularly guidance for
transmission and LAN/WAN network infrastructure security planning.
b. Tasks. In separate numbered subparagraphs for each subordinate component or other
subdivision of the force, assign individual C4 tasks and responsibilities and include
instructions that apply to that component or subdivision. Cover the entire COA listed in
paragraph 5 of the C4 estimate, giving the task and the unit that is to perform it. Consider
liaison team participation as part of a multinational force to interface C4 operations
during multinational warfare. Use coordinating instructions in the final subparagraph to
frame tasks and considerations common to all forces.
c. Intelligence and Reconnaissance. State intelligence and reconnaissance support
required even if covered in Annexes B and C. If the information is very detailed, prepare
an appendix to the C4 systems annex.
d. Special Measures
(1) Provide a separate lettered subparagraph of information regarding each
special measure or procedure necessary for the support of the mission not
covered in paragraph 3.
(2) Include information on C4 operations that are not part of the main effort.
(Examples of such measures are routing indicator allocations, frequency
plans, electronic identification procedures, and analytical assistance
provisions for electromagnetic compatibility and spectrum planning.)
(3) For Defensive Information Warfare, refer to Appendix 2.
4. Administration and Logistics
a. Logistics
(1) State broad instructions concerning logistic support for C4 operations. Include Annex
D and current logistic instructions in references.
(2) Repeat important logistic coordination matters even if covered in Annex D. (Remarks
in this paragraph will normally pertain to inter-agency C4 supply and maintenance
matters.) If the information is detailed, prepare a logistic appendix to the C4 annex.
(Examples of items that should appear in this paragraph are assignments of logistic or
maintenance responsibilities to a single component or other cross-servicing
arrangements.)
b. Administration. Include requirements for C4 administrative records and reports and
other miscellaneous matters that are significant to joint operations but are not classified
according to any of the subjects above.
5. Command and Control
a. Command. Refer to Annex J for command relationships
b. Command, Control, Communication, and Computer Systems. Refer the appendixes
for C4 requirements.
Last updated: 23 January 2015
32
t/
Major General
Operation Name
Commander in Chief
Appendixes
1 – Command Relationships
2 – Command, Control, Communications, and Computer Planning
3 – Mission diagrams (RF, network, etc…)
OFFICIAL
s/
t/
Colonel
Director, J-6
Note 1: Appendix list is not all-inclusive or specifically required in every OPLAN. Additional
appendixes will be developed as necessary to describe special-purpose networks or systems; e.g.,
meteorological and oceanographic services, air-to-ground, ship-to-shore, air defense.
Signal Annex Appendix Instructions
COMMAND ISSUING ORDERS
COMMAND ADDRESS
DATE OF ORDERS
APPENDIX 1 TO SIGNAL ANNEX TO NAME OF OPERATION OR ORDER NUMBER
REGIONAL COMMAND RELATIONSHIPS
1. Purpose. Define the command relationships and establish reporting requirements to ensure
situational awareness in each region.
2. Execution. Provide status reports to surrounding friendly forces.
3. Tasks and Responsibilities. Identify the command relationships that exist within the region
from the company-level up to AU headquarters. Define supported and supporting
commands/organizations.
4. System Description. None.
5. Planning Considerations. Identify location of surrounding friendly forces to provide
situational awareness of operation. Ensure status reports are provided to, and received from,
surrounding friendly forces and higher headquarters.
Last updated: 23 January 2015
33
COMMAND ISSUING ORDERS
COMMAND ADDRESS
DATE OF ORDERS
APPENDIX 2 TO SIGNAL ANNEX TO NAME OF OPERATION OR ORDER NUMBER
COMMAND, CONTROL, COMMUNICATIONS, AND COMPUTER (C4) PLANNING
1. Purpose. Provide a brief, general statement of the purpose for this appendix referencing the
objectives of Signal Annex.
2. Execution. Provide general procedures for the development and operation of the
communications system.
3. Tasks and Responsibilities. Identify the tasks and responsibilities of the commands and
agencies to provide, install, and/or operate and maintain designated portions of the system.
4. System Description. Describe desired connectivity of the system.
5. Planning Considerations. Provide C4 planners with the minimum mandatory planning items
that must be answered in order to ensure proper C4 planning. The list is by no means definitive.
Each applicable item should be addressed in appropriate appendixes in Signal Annex, or in this
appendix.
a. Common Questions. These questions apply to any mission. They elicit background
information, and each serves as a data point to answer other questions.
(1) Parameters
(a) Are there any satellite landing rights?
(b) When are the operations planning meetings scheduled? How will C4 planning
meetings fit into this schedule?
(c) What are the planning constraints?
(d) What are the special C4 requirements? Who has them? What space-based
assets are required and/or available to support the operation?
(e) What C4 capabilities are available to the joint force; Super-High Frequency
(SHF) and/or Ultra High Frequency (UHF) commercial satellite, high frequency
(HF)/VHF radio, tropospheric and LOS microwave systems, LANs/WANs, land
mobile radio, and personal communications systems?
(f) What frequencies are available for the operations area?
(g) What are the general communications security (COMSEC) requirements?
Which agency will draft the callout message?
(h) Who is the potential adversary? What are their capabilities to conduct
offensive information warfare? Does a plan exist to counter the threat?
(i) What are the releasability requirements for multinational operations? What
procedures and mechanisms exist for screening and releasing information to
participating countries?
(j) What capacity does the joint command center have to monitor, direct, control,
and coordinate US, allied, and HN C4 support throughout the entire operational
area?
(k) What are the handling procedures for the air task order to meet all mission
requirements?
(l) What is the call sign and combat identification process established to improve
friendly coordination and minimize the possibility of fratricide?
Last updated: 23 January 2015
34
(m) What portion of the total asset and in-transit visibility system be established?
(2) Subordinate Component Forces
(a) Where will their C4 nodes be located?
(b) What are their C4 requirements?
(c) What are their C4 capabilities?
(d) What type of C4 systems do they have (power, frequency availability,
bandwidth capabilities, interoperability and compatibility with other subordinate
components’ equipment, and mobility)?
(e) Which agency is the component C4 staff point of contact for planning and
technical management and direction?
(f) What are the special C4 requirements resulting from the mission and the
Commander’s estimate, intent, and concept of operations?
(g) Are subordinate and supporting C4 plans consistent with the supported
Commander’s C4 plan?
(3) Supporting Forces and Activities
(a) What is the mission of the supporting forces and/or activities (this includes
allies and coalitions)?
(b) What are their C4 capabilities?
(c) What information does the supported command need from the supporting
forces and/or activities (intelligence, weather, imagery, mapping, deployment)
and how will it be accessed?
(d) What C4 support will the supporting forces or activities require from the
supported command?
(4) Nonorganic C4
(a) Commercial Networks
1. Are commercial networks available for use? Who can approve access
to them? Are funds available? Has the approving authority been contacted
to ensure required lead times for normal allocations? (1) Satellite (2) Data
(3) Voice (4) Video?
2. What special interfaces are required to access the commercial network
and where are the access points?
3. What are the locations and types of switches in the commercial
network? What are their technical parameters?
4. Where are the locations and types of systems providing the backbone
transmission network?
5. What type of power is used; voltage, current, commercial grid, or
generator?
6. Does the operational area have a cellular network? What are the
transmission media, frequency band, and interface requirements? What are
the system standards? Is the system available for use?
(b) Other C4 Support
1. Is C4 support needed from specialized communications units?
2. Who are the points of contact (POCs), and what are the request
procedures?
3. What are the units’ C4 capabilities and limitations?
Last updated: 23 January 2015
35
b. Planning Activities. This paragraph assumes that the basic questions have been
answered and covers high-level and detailed C4 planning. Although these functions are
listed separately, they are concurrent rather than sequential actions. The planners interact
to refine the planning products, C4 estimates, Signal Annex, and communicationselectronics operating instructions.
(1) High-Level Planning
(a) What nodes will be necessary to provide a global C4 network and where will
they be located?
(b) Which nodes will have to be connected?
(c) What transmission media will be used to interconnect the nodes?
(d) What types of C4 equipment will be located at each node (equipment strings,
interoperability of the equipment)?
(e) What are the frequency requirements for each node? How will the frequencies
be allotted (multinational, and subordinate components)? Are there potential
frequency conflicts?
(f) What are the call signs and/or words for each node?
(g) What units will provide, install, operate, and maintain the equipment for each
node? What is their operational readiness status?
(h) What lift assets are available to deploy these units? When will the units
deploy and activate the nodes or network?
(i) Is the deployment schedule of C4 assets consistent with the phases of the
plan? Will it permit the provision of C4 support when and where needed?
(j) What is the phased buildup of C4I in the operational area?
(k) Has C4 scheduling information been added to the time-phased force and
deployment data and/or time-phased force and deployment list?
(l) Has the Higher Headquarters and J-3 been informed of potential C4 shortfalls
and recommended solutions?
(m) How will keying material be managed (identification of Controlling
Authorities, ordering, generation, storing, distribution, transfer, crypto periods,
and destruction)? What are the procedures for handling compromises and CCI
incidents? Is a COMSEC logistics management activity needed in the joint
operations area? What access will partner nations have to COMSEC?
(n) Are network and node diagrams available?
(o) Have special C4 requirements been addressed (search and rescue, SOF, en
route C4, embarkation and debarkation connectivity)?
(p) How will the subordinate component and supporting forces networks
interface with nonorganic networks?
(q) When and where will the Communications Control Center be established?
(r) Are the subordinate component, special operations task force, and supporting
C4 plans consistent with the joint C4 plan?
(2) Detailed Planning
(a) Circuit Switches
1. Does a circuit switched network diagram exist that shows information
about the switch and circuit switched network connectivity (switch type,
area code, trunk groups, capacity)?
Last updated: 23 January 2015
36
2. How does the switch route calls: flood, deterministic, or circuit switch
routing task execution plan?
3. Where do circuit switches need to be located? How will they be
connected?
4. What special features or restrictions will be imposed on subscribers?
Who will authorize and enforce these restrictions?
5. How will subscriber assistance be handled?
6. Where is the greatest anticipated traffic load? Does sufficient capacity
exist to handle it?
7. What types of status reports are required, and when
and to whom will they be submitted?
8. How will traffic metering and network loading be measured, modeled,
and managed?
9. What agency will publish telephone directories and how will they be
distributed?
(b) Data Networking
1. What are the anticipated organizational component data requirements?
2. Has automation been planned and/or engineered into the network (x.25,
IEEE 802.3, TCP/IP)?
3. What and/or where are the network identifications and gateways?
4. Will data of various classifications "ride" a secure tactical backbone?
How will traffic of various classifications be controlled and managed? Are
multilevel information systems security initiative devices needed and are
resources available?
5. What is the joint architecture topology?
6. Who is the data networks manager?
7. What are the unclassified and classified connectivity requirements?
8. What data networking points of presence will be used? Has a gateway
access request been coordinated?
9. What is the addressing scheme?
(c) Transmission Systems
1. Are the circuit requirements, routing, channelization, and other
parameters identified in high level planning valid? Have satellite access
requests been submitted? Have frequency requests been approved and
published?
2. What are the characteristics and connectivity of multiplexers in the
network? Are they compatible?
3. What are the timing requirements for the network components? How
will timing be accomplished?
4. What types of status reports are required and when and to whom will
they be submitted?
c. Technical Management and Direction
(1) Communications Control Center
(a) What are the operational procedures for the CCC?
(b) How will the CCC be manned?
Last updated: 23 January 2015
37
(c) What reports will be required, how often will they be required, and when will
they be submitted?
(d) How will network reconfiguration be accomplished?
(e) Who are the POCs at the subordinate control centers?
(f) Who will submit the Telecommunications Service Request and
Telecommunications Service Order?
(g) Who will coordinate changes to connectivity with the commercial networks?
(h) What kind of statistics will be kept? Who will analyze them? What will be
done with them?
(i) How will changes caused by the evolving tactical situation be handled?
(j) How does the JCCC direct changes within subordinate component networks to
optimize C4 within the joint operations area?
(k) Where is the boundary between technical direction and operational direction?
(l) How will frequency de-confliction be managed? How can potential conflicts
be anticipated?
(m) Who will control frequency spares and authorize their use?
d. Other Planning Functions
(1) Spectrum Management
(a) What are the provisions and procedures for frequency planning and use for
opposed and/or unopposed entry operations into an operational area?
(b) What frequency allotments and assignments are available for the operational
area?
(c) Can the allotted and assigned frequencies support the equipment deployed to
the operational area (communications, computer LANs and/or WANs, GPS,
airspace control radars)?
(d) Will the frequencies work (propagation and topographic analyses)?
(e) Does the allocation and assignment of frequencies to subordinate component
commands contribute to mission accomplishment?
(f) What are the enemy capabilities to interfere with allotted and assigned
frequencies? Does a plan exist to counter the threat?
(g) How will interference reports be reported?
(h) Will the CCC resolve electromagnetic interference issues?
(i) Will support be required to resolve interference issues?
(j) Are sufficient spare frequencies available?
(k) What emission control measures will be applied?
(l) Is there an electronic deception plan? Are sufficient frequencies available to
support this plan?
(2) Security
(a) Will the cryptographic equipment interoperate?
(b) What are the keying material requirements?
(c) Does a key management plan exist?
(d) How will cryptographic compromises be detected, reported, evaluated, and
corrected?
(e) What computer security measures will be employed on the LANs and WANs
in the operational area?
Last updated: 23 January 2015
38
(f) How will access to the various networks be controlled (electronic and
physical)?
(g) What are the COMSEC emergency destruction procedures?
(h) What is the logistics plan for the cryptographic equipment?
(i) Are equipment and key materials sufficient to support planned and unplanned
operations?
(j) What are the key change times and have they been promulgated?
(k) What are the provisions for over-the-air rekeying, when applicable?
(l) What will we transition to and when?
(m) What is the foreign information warfare threat facing the C4I systems?
(n) Are virus detection software applications installed and operational? Are
passwords issued and in use? Has a contingency plan been developed to guide
recovery actions should data be modified or destroyed by unauthorized
intrusions?
(o) Do remotely accessed computer systems possess features to identify users and
substantiate their identification before allowing information to be processed?
e. Summary. This list of questions is not all-inclusive. These questions should be asked
repeatedly throughout the planning process as C4 planners adapt to an evolving
operational and tactical situation. They provide a framework for supporting C4 planning
for each phase of an operation, focusing C4 planners on the mission, and how the
command intends to accomplish it.
Last updated: 23 January 2015
39
C4 HANDBOOK TABS
Tab 1 – CIS Connection Process
1.0 – Purpose: This document describes the policy under which participating organizations will
connect to Africa Endeavor networks for the purpose of conducting exercise related activities.
2.0 – Scope: Connections between participants fall under this policy, regardless of whether a
commercial circuit, military circuit or VPN technology is used for the connection. Connectivity
to third parties such as the Internet Service Providers (ISPs) that provide Internet access or to the
Public Switched Telephone Network does NOT fall under this policy.
3.0 – Policy
3.1 – Security Review
3.1.1 All new connectivity will go through a security review with the Cyber Working Group. The
reviews are to ensure that all access matches the requirements in a best possible way, and that the
principle of least access is followed.
3.1.2 The security review will be documented by completion of the AE Connection Approval
Checklist and will be kept on file with the Cyber Working Group for the duration of the exercise.
(See Attached Checklist)
3.2 – System Architectural Description
All requests for connection will be accompanied by a System Architectural Description in the
format provided in the attachment.
3.3 – Connection Agreement
All new connection requests require participating Nation representatives agree to and
sign the Africa Endeavor Statement of Security Compliance. This agreement must be
signed by the Security Accreditation Authority or Delegation Chief. The signed
memorandum will be kept on file with the Cyber Working Group for the duration of the
exercise. (See attached example memorandum)
3.4 – Modifying or Changing Connectivity
All significant changes must be accompanied by an updated Connection Approval Checklist
and System Architectural Description and are subject to security review. Changes are to be
implemented via the change management process. The participating Nation is responsible for
notifying the Cyber Working Group when there is a material change in their originally provided
information so that security and connectivity evolve accordingly.
4.0 – Enforcement: Any participants found to have violated this policy may be subject to
disconnection from the network and denial of access to Africa Endeavor information resources.
Last updated: 23 January 2015
40
Tab 2 – Connection Authority Memorandum
Date: [enter date memorandum is signed by SAA or Delegation Chief]
From: [name of National or Organizational Security Accreditation Authority (SAA)
or the Delegation Chief]
Security Accreditation Authority
To:
Exercise Director
Subj: Statement of Security Compliance
Ref: Cyber Policy and Implementation Plan (CPIP)
1. This letter of compliance affirms that our system, [name of system], meets all the
requirements outlined in the Cyber Policy for connection to the operational network for
use during [Name of Exercise or Operation]. [Name of system] is equipped
with security devices to safeguard information stored, processed and transmitted on the
system. The system(s) have up-to-date anti-virus definitions, operating system and
application patches.
2. List any shortfalls with the equipment that may exist and reference the requirements
outlined in the System Architectural Description (C4 HANDBOOK TABS – Tab 3)
3. We affirm that authorized users are aware of the security requirements for
safeguarding information on the network during the duration of Africa Endeavor. Users
who perform unauthorized or illegal acts may be subject to disciplinary action in
accordance with their nation's laws.
4. The Security Point of Contact for [choose one: [Nation] or [Organization]] is:
Rank and Name:
Commercial Phone:
Internet e-mail address:
// Signature //
[name of signatory]
[title of signatory]
Security Accreditation Authority or
Delegation Chief
Last updated: 23 January 2015
41
Tab 3 – System Architectural Description
The steps below are required to ensure the AO/Cyber 7HDP understands how your system(s) will be
connected to the operational network. DO NOT provide/include IP addresses. The information below
should be included in the Connection Authority Memo (C4+ANDBOOK – Tab 2) when submitted to the
AO and/or Cyber 7HDP.
1) Provide a written description of the system. The description should include:
• Purpose or function of the system
• The Operating System and all applications
• Description of Hardware (make, model, technical features)
• Hardware and Software network security controls used by the system (to include
Anti-Virus used)
• Configuration and interconnection of the system (hardware and software) including
radio interfaces
• List IP ports and protocols used by the system and specify whether it is inbound or
outbound
2) Provide a detailed network diagram which provides a corresponding picture of the
system and interconnections described above
Last updated: 23 January 2015
42
Last updated: 23 July 2013
44
Last updated: 23 July 2013
45
a
a
a
a
a
a
a
/a
Last updated: 23 July 2013
46
Last updated: 23 July 2013
47
MASTER STATION LOG
Date/Time
Mission Impacted
Last updated: 23 July 2013
Description of Call
Action Taken
48
Operator’s
Initials
LOG STAT
Unit 1
PAX
Unit 2
Unit 3
Location 1
Location 2
Location 3
Location 4
Location 5
QUANITY ON HAND
Class I
MRE
WTR
QUANITY ON HAND
Class II
QUANITY ON HAND
Class III
FUEL
OIL
QUANITY ON HAND
Class IV
QUANITY ON HAND
Class V
QUANTITY ON HAND
Class VI
EQUIPMENT READINESS
Total
Class VII
Deadlined
%
QUANITY ON HAND
Class VIII
QUANITY ON HAND
Class IX
>24 Hrs
>48 Hrs
>72 Hrs
<72Hrs
Legend
PAX
Class I
Class II
Class III
Class IV
Class V
Class VI
Class VII
Class VIII
Class IX
People
Food, rations, and water
Individual equipment, clothing
Petroleum, oils, and lubricants (fuel)
Construction/Barrier Materials
Ammunition
Personal Demand Items
Major End Items (Equipment)
Medical Material/Medical Repair
Repair Parts
Unit 4
Unit 5
LOG STAT TRACKER
Class I
Class II
Class III
ClassIV
Class V
Class VI
Class VII
Eng
Health Serv
Class VIII Class IX
Unit 1
Unit 2
Unit 3
Unit 4
Unit 4
Legend
PAX
Class I
Class II
Class III
Class IV
Class V
Class VI
Class VII
Class VIII
Class IX
People
Food, rations, and water
Individual equipment, clothing
Petroleum, oils, and lubricants (fuel)
Construction/Barrier Materials
Ammunition
Personal Demand Items
Major End Items (Equipment)
Medical Material/Medical Repair
Repair Parts
LOG STAT TRACKER
Dep & Dist
Supply
Maint
Log Serv
Unit 1
Unit 2
Unit 3
Unit 4
Unit 4
Legend
Dep & Dist
Supply
Maint
Eng
Log Serv
OCS
Health Serv
Deployment and Distribution
Supply
Maintenance
Engineering
Logistic Services
Operational Contract Support
Health Services
OCS
>24 Hrs
>48 Hrs
>72 Hrs
<72Hrs
>24 Hrs
>48 Hrs
>72 Hrs
<72Hrs
USA
USN
Active Military Deployed
USMC USAF USCG Total
Prior
Delta
USAR
USNR
Reserve Military Deployed
USMCR USAFR USCGR Total
Prior
Delta
ARNG
Guard Deployed
ANG
Total Prior
Country 1
Location 1
Location 2
Location 3
Location 4
Country 2
Location 1
Location 2
Location 3
Location 4
Country 3
Location 1
Location 2
Location 3
Location 4
Total
Column A
Column B-F
Column G
Column H
Column I
Column J-Q
Column R-V
Column W
Column X
Column Y
=
=
=
=
=
=
=
=
=
=
Insert name of country and name of cities/town deployed below for each country.
Number of Active Duty Military Personnel. USA (U.S. Army) / USN (U.S. Navy) / USMC (U.S. Marine Corp) / USAF (U.S. Air Force) / USCG (U.S. Coast Guard)
Total number for each row
Prior number from day before
Number difference between Total and Prior. Identify if difference is + or -.
Same as Column B-I but for Reserve Duty Military
Same as Column B-I but for National Guard Duty Military. ARNG (Army National Guard) / ANG (Air National Guard).
Add column G,O and T
Add column H,P and U
Add column I, Q and V
Last row should be total numbers added for each column.
Delta
Total
Total Military
Prior
Delta