Intelligence in support of strategic signal units

Intelligence in support of strategic signal units

James R. Lint

The views expressed in this article are those of the author and do not reflect the official policy or position of the U.S. Army Intelligence Center, the Departments of the Army and Defense, or the U.S. Government.

The intention of this article is to foment discussion and debate to improve the MI Corps. It is not the author’s intention to beat up soldiers stationed in S2 shops of signal units. By asking questions, we can often garner future improvements to doctrine and utilization of MI soldiers.

Most of us would admit that it is traditionally the S2, particularly in combat arms units, who brings intelligence to the commander, especially intelligence pertaining to the unit’s mission. After all, it is normally the S2 who–

[] Ensures intelligence readiness.

[] Supervises the conduct of the intelligence tasks.

[] Performs intelligence synchronization.

[] Provides other intelligence support such as: orders production, products, updates, advising the command, and MI-unique deconfliction.

[] Coordinates for counterintelligence (CI) activities.

[] Supports security programs.


With most of the above responsibilities, those with experience in combat arms units would definitely state the S2 should provide that information to the supported commander. However, in a signal unit, especially a strategic signal unit, the responsibility seems to shift away from the S2. Some S2s might respond that “we do not have the training, time, or people.” More diplomatic responses might include “We are not staffed for this,” or something similar. However, the military and moral responsibility remains; it is imperative that there be no retreat from the cyber-battlefield.

Many of us have often seen S2s become irritated when the G2 passed intelligence directly to a brigade commander. (They are often officers of equal rank who live in the same neighborhood and attend the same meetings.) This sometimes “blindsides” an S2 who did not have the information. Most would agree that the normal process is for intelligence–especially intelligence affecting the command–to flow through the command S2. However, often in computer network defense (CND) or cyber-matters, the S2s are not in the loop. Should they be the channel for cyber-intelligence or CND? Who should notify the commander that a node or router is under a hacker attack? Is the S2 in the “threat to systems” loop? Does the S2 provide the commander with an intelligence summary (INTSUM) that covers cyber-intelligence? Do military intelligence (MI) and S2s have the mission to conduct cyberthreat analysis in strategic (theater support) signal units? Are we actually ready to support a network-centric Army?

Many will also say that the outstanding work done by the regional computer emergency response teams (CERTs), Army CERT, and the 1st Information Operations (IO) Command (formerly the U.S. Army Land Information Warfare Activity, or LIWA) is an intelligence job, and is all the intelligence product needed, desired, or required for support to a signal brigade. Should that information go through the S2 or directly to the S3 or network operation center? Should there be long-term analysis of cyber-indications and warning (I&W)? Should that information go to the. S2 or S3? This author believes that there must be a change in the S2 office for the S2 personnel to support operations better, or a decision must be made to give up the fight at the Brigade S2 level and “hope” for success. S2 soldiers and personnel require more training specifically targeted to support cyber if they are to be effective in this fight. We see the Chinese military thought in a paper on “Information Warfare,” by Senior Colonel Wang Baocun and Li Fei published in Liberation Army Daily, 13 and 20 June 1995. The authors work at the Academy of Military Science, Beijing. There have been a few good papers translated and put in public domain about the Chinese “new ideas in waging war.” We must be prepared for new methods in future wars. Luckily, the Chinese have put their ideas in paper and it is in public domain.

Editor’s Note: See the article by Timothy L. Thomas on Chinese Information War Theory and Practice in this issue of MIPB.

Lack of Specialized Training

The lack of specialized training is not unique. Often, young intelligence analysts (military occupational specialty [MOS] 96B) arrive at aviation units, where they must suddenly learn about air mobility corridors. (This is not something taught in great detail in their basic courses; they must learn it through unit training for the unit’s specific mission.) When the junior 96B reports to an engineer unit, he must learn about engineer-specific tasks, such as river crossings, also in greater detail. We also see young 96B soldiers move to strategic signal unit assignments where they must then learn the cyber- and signal threat. The U.S. Army is a tactical and strategic Internet service provider (ISP); however, our junior intelligence analysts are not trained for supporting the signal or cyber missions.

In school, S2 personnel learn a bit about enemy electronic warfare (EW). They do not learn anything about prediction or I&W of a cyberattack on a strategic signal unit–mostly because there are no tracked indicators; the worldwide web facilitates global reach and anonymity with no advance notice of intent to perform malicious acts. If an infantry battalion in the 2d Infantry Division is attacked and there were no intelligence warning, that would be an “intelligence failure.” When a strategic signal unit is attacked and the systems administrations must take machines offline, reconfigure them, or reinstall all software with overtime costs and lost mission time, that is a cost not only in money but also in mission readiness and effectiveness. Given the intelligence resources and support dedicated to protect the unit, why should we view this event as anything other than an intelligence failure as well?

Many people question whether the S2 or intelligence analyst should be involved in the cyberthreat development work, which many often dismiss as “too hard to do.” Should we therefore withdraw from producing threat information? The S2 is doctrinally responsible for producing threat estimates and advising the commander on the types of threats that can attack the unit. Therefore, MI and the S2s in strategic signal units must undergo self-training to develop an understanding of the threat and to be able to discuss it intelligently with the supported commander. S2s often see this risky as when their raters are highly knowledgeable in cyber-matters. By falling back to the status quo, the S2s do not have to worry about making errors due to lack of knowledge about the cyber-world, and they have more than enough missions without adding a “new” threat dimension of cyber-warfare. Signal units do not have many MI personnel. Often the battalions have extra signal soldiers but few MI soldiers, so signal soldiers have to learn a new career field and do the best they can. Primarily, they must perform the security manager and physical security missions. The brigade-level S2s will be busy enough with personnel, information, and physical security, leaving no time to learn or develop tactics, techniques, and procedures (TTPs) aimed toward a significant threat to signal units: cyber-warfare. While the Army discusses Transformation, the computer and cyber-world have actually transformed. Has the U.S. Army kept up with the ever-changing technology and threats to that technology? Clearly not. More importantly, is it the responsibility of the signal unit S2, or is this level of detailed and specialized knowledge more appropriately the domain of the aforementioned strategic assets?

One must be realistic and consider that not every analyst needs this training; units’ training budgets are already strained and time spent in training is time that the analysts are not working in their field. Having discussed the issues, the next step is formulation of viable alternatives.

Options for Improvement

ASI. Creating an additional skill identifier (ASI) for all intelligence analyst positions requiring cyberthreat specialized skills would be one solution. Such specialization (while necessary) is opposite the direction the U.S. Army is going with consolidating MOSs and cutting ASIs. The Army has shrunk and needs more “bang for the buck” with multiskilled generalists.

Longer assignments for training. This is an interesting idea, but not feasible Armywide, specifically in short-tour areas. In three-year stabilized assignments, this might work, or at least it could provide a partial solution.

Reenlistment option with stabilization. This option would get motivated people who would be willing to make a commitment in return for the additional training. This might be the best option for units to maximize use of training dollars and, at the same time, have soldiers who may “go the extra mile” to keep current in the everchanging technology field.

Consolidation. This is pulling all MI personnel from the battalions to the brigade for a consolidated intelligence section. This option has potential for Combat Service and Combat Service Support units with few MI soldiers, often just a single MI soldier relegated to the personnel security and electronic personnel security questionnaire (EPSQ) mission. The Intelligence Analyst (MOS 96B) does not learn the EPSQ at school; who would perform it? Indeed, no MOS class learns this function. Since it is an administrative function, one could argue units should relocate this duty with the S1 and the Adjutant General Corps. By consolidating the 96Bs at brigade level, and pushing the intelligence processing of the battlespace, INTSUMs, and other intelligence products back down to the battalions, the Army may achieve more efficient employment of 96Bs. Today, the U.S. Army has the ability to push intelligence from brigade to the battalion. It is not necessary for 96Bs to be in the battalion to support it. After all, platoon, company, and battalion levels do not perform upper-echelon maintenance. In maintenance, the Army consolidates the function; why not also consolidate intelligence?

Distance Learning. Analysts and other personnel assigned to a field that is radically new for them (cyber-warfare), regardless of age, could obtain certification and training via distance learning from either the Intelligence or Signal Centers. This seems to be the most cost-effective method, as web-based learning sites can easily update with new technologies.


Whatever method or combination of methods are chosen, it is vital that the Army deliberately addresses the threat of cyber-warfare and properly trains intelligence personnel on this threat. At a recent briefing, the Deputy Commanding General, U.S. Army Network Enterprise Technology Command (NETCOM), discussed situational awareness for the commander. As MI professionals, we must always ask what we have done today to improve the commander’s situational awareness of all threats. At the same time, plan on improving the commander’s situational awareness in the future.

James Lint (U.S. Marine Corps and U.S. Army, Retired) is an MI Corps Association (MICA) MI Corps Mentor. He has 25 years of MI experience, covering the USMC, U.S. Army, contractor, and civil service. He is the moderator of two listservers: S2_online and the Army Counterintelligence Discussion Group ( and He is currently the Deputy Director for Intelligence and Security, 1st Signal Brigade, and was the Korea Information Assurance Manager-Intelligence, with the U.S. Forces, Korea. J/G2 (USFK/8USA), Korea. His Military Assignments included Security Manager, 308th MI Battalion; Current Operations Noncommissioned Officer in Charge and S3 NCOIC, 524th MI Battalion; First Sergeant, Operational Support Detachment (OSD), 202d MI Battalion; CI Special Agent and Human Intelligence Assessment Team Chief, Joint Operational Support Element, J2, Joint Task Force 160, Guantanamo Bay, Cuba.

COPYRIGHT 2003 U.S. Army Intelligence Center and School

COPYRIGHT 2004 Gale Group