President Johnson … expressed concerns over the number of aircraft being lost on Rolling Thunder missions. Between January and September 1966, a total of228 fixed-wing combat and support aircraft had been lost during missions against North Vietnam. The question in Washington was, did the enemy have prior warning of U.S. raids against North Vietnam? … The answer was yes, they did.
Stephen J. Kelley in PURPLE DRAGON: The Origin and Development of the United States OPSEC Program
On Christmas Day 1969, a team of the First Infantry Division, on a sweep in Binh Duong Province near Saigon (part of Operation Touchdown), stumbled on an North Vietnamese Army (NVA) Communication Intelligence (COMINT) unit. They captured twelve of the eighteen people assigned along with some 2,000 documents and the unit’s intercept equipment. It was the COMINT “find” of the war. NSA sent in a TAREX team to evaluate what the soldiers had found. The result confirmed an earlier, and generally ignored, Agency assessment – that the NVA employed 4,000 to 5,000 COMINTers and that this was their chief source of intelligence. Their intercept effort was targeted at ARVN and American communications, from which they could do fairly sophisticated traffic analysis, DF, and even some cryptanalysis. Brevity codes were especially vulnerable. But their main target was unenciphered tactical voice, and the easiest pickings were from the U.S. Air Force. It was obvious from studying the Touchdown material that NVA COMINTers were a source, probably the source, of predictive information on SAC Arc Light (B-52) strikes. But the Defense Department knew that already.
The story had begun in 1965. NSA had uncovered a communications net supporting Chinese forces in Vietnam. [redacted] analysts noticed that some of the messages contained an unusual Morse character – a barred echo. They remembered that [redacted] used this character to flag uncommonly urgent messages. On a hunch, the division chief, [redacted] suggested that they might compare barred echo messages with\Rolling Thunder operations. The result was a direct hit. The barred echo message appeared almost every time a Rolling Thunder mission was flown over the northeast quadrant of North Vietnam. The PRC appeared to be obtaining predictive alerts on 80-90 percent of the missions in the northeast quadrant.
At about the same time, NSA found that ground control station [redacted] were alerting air defense force as much as twenty-four hours in advance of SAC photo drone missions, called (at the time) Blue Springs. As a result, approximately 70 percent of the drones were being lost to hostile fire. A check of existing traffic showed that [redacted] had been issuing alerts on SAC reconnaissance missions as early as mid-1965, and on Arc Light strikes, by late 1965.
NSA released its report in May 1966. The effect was immediate and dramatic. Within days, NSA analysts found themselves standing in the Pentagon briefing four-star generals. In August, after pulling together the full story (including indications of foreknowledge of SAC operations), General Marshall Carter briefed the JCS and, later in the month, the President’s Foreign Intelligence Advisory Board (PFIAB).
As a result, Defense Intelligence Agency (DIA) was tasked to find the problems and correct them. The director, General Carroll, named Rear Admiral Donald M. (Mac) Showers to head the effort. Showers put together an interagency committee which included NSA, the JCS staff, and the Service Cryptologic Agency (SCAs). The group was divided into two subcommittees, counterintelligence and communications security.
The counterintelligence group quickly concluded that the problem was enemy infiltration, but they could come up with no good way to stem the outflow of information. The Communications Security (COMSEC) committee concluded that communications were the problem and that they were probably closer to the truth. But in addition, the COMSEC group came up with a methodology for investigating the problem and plugging the holes.
The COMSEC committee adopted a multidisciplinary methodology for looking at the problem in which all facets, including communications, would be studied. NSA had been working on the methodology for several years, and the Navy had already tried it with some success in surveying maritime operations in the Gulf of Tonkin (called Market Time).
The committee also borrowed from a COMSEC study of Arc Light operations done in 1965, called the Guam Area Study. Although the Guam study looked at the communications of all three services, it concluded that most of the insecurities came from SAC communications. Traffic analysis of encrypted messages yielded much pre-operations information, including probable launch times. They also discovered voluminous plaintext voice by logistics people an hour before the launch. Finally, they found that prestrike weather flights twenty hours before launch were dead giveaways (as they had been in World War Il). In July 1966, Admiral Sharp (CINCPAC) ordered a broader COMSEC study of the problem, encompassing operations throughout the Pacific.
The PURPLE DRAGON Task Force
The CINCPAC and DIA studies joined in September. Sharp agreed to adopt the broader DIA multidisciplinary approach, and he named his J3 to head the effort. The new study, called PURPLE DRAGON, would encompass Rolling Thunder, Arc Light, and Blue Springs. Teams of experts would be dispatched throughout the theater. They would first interview all people involved in the three operations. They would then observe the operations, following that up with observations of support activities, including logistics and intelligence. They would build a database for their information and would build three profiles: operations, communications, and counterintelligence. An NSA person, Robert Fisher, served on the CINCPAC PURPLE DRAGON staff, and there was heavy infusion from the SCAs, primarily for COMSEC monitoring.
The first PURPLE DRAGON study concluded in April 1967. It had a big impact on operations in Southeast Asia, none more significant than Blue Springs. They discovered that the major leak was the encrypted single sideband messages from Bien Hoa to Da Nang prior to every mission. Using traffic analysis of that link alone, the team was able to predict eighteen of the twenty-four missions. As an almost direct result of introducing communications security on the link, drone recovery increased from 35 percent to 70 percent by November 1977.
Arc Light was much more complex and harder to solve. One of the main culprits proved to be the information fed to the Manila and Saigon air control centers. This information was released all over Southeast Asia as NOTAMs (Notice to Airmen) giving flight routes, altitude reservations, and the estimated time of arrival at Point Juliette, the aerial refueling spot, hours in advance of the mission. SAC tightened up by curtailing much of the information in the NOTAMs and by delaying that which was passed until a time closer to takeoff.
Military Advisory Assistance Group (MACV) had been passing warnings to villagers in the targeted area. This procedure was modified by simply declaring certain areas as free fire zones and discontinuing the advance notification program.
Of the three, Rolling Thunder was the most difficult to plug. PURPLE DRAGON investigators found that many of the enemy’s sources of warning consisted of tactical information obtained after the planes were launched. They determined that between 80 and 90 percent of the missions were being alerted, with an average warning time of thirty minutes for Navy missions off the carriers and forty-five minutes for Air Force missions from airfields in South Vietnam. EB-66s accompanied many of the missions (those expecting hostile fire in particular), and those aircraft used distinctive callsigns. Rolling Thunder frag (read “operations”) orders were distributed to 120 different organizations, and those in turn often issued information that could be tied to the takeoff of bombing missions. MACV cut down on the number of organizations getting gratuitous copies of the operations orders, and the Air Force changed callsigns for some of their operations.
Much of what needed to be done simply could not be because of outside factors. MACV never did alter stereotyped operations (such as takeoff times, refueling points, and ingress routes) sufficiently to confuse the North Vietnamese. Tanker operations remained highly stereotyped throughout the war and in fact represented the most vulnerable aspect of Rolling Thunder.
The Permanent Staff
Following the initial blush of success, Admiral Sharp made a permanent place on his staff for the PURPLE DRAGON operation. He placed it in the J3 (operations) directorate, and NSA assigned a permanent representative (once again, Robert Fisher).
There was obviously a need to educate people about the concept and about the methodology and specific information that PURPLE DRAGON uncovered. This generated the first worldwide OPSEC conference, hosted by DIA at Arlington Hall Station in May 1968. Following the conference, General Wheeler directed that all Unified and Specified commands establish OPSEC organizations. He also created an OPSEC organization on the Joint Staff. Meanwhile, OPSEC conferences continued annually and helped to focus activity for the U&S commands. Cryptology continued to be a major player, and in 1988 NSA was given the job of worldwide OPSEC training under the newly published NSDD (National Security Decision Directive) 298
The OPSEC concept in use in the defense department of the 1990s was largely an outgrowth of the PURPLE DRAGON study. It was a significant factor in prosecuting the air war in Vietnam, although neither it, nor anything else the United States tried in Vietnam, was a panacea. The CINCPAC OPSEC team would periodically resurvey operations in Southeast Asia, and they found that, as the U.S. tightened up procedures, the North Vietnamese would find another leak, and their warning time would float back up to where it had been. Like cryptology in general, OPSEC proved to be a constant struggle to stay ahead. Source: NSA/CSS
Station HYPO 
5 May 2026 at 08:29
I was assigned to the COMSEC division of the NSG DEPT at NCS Guam in 67-68. The soviets always had an AGI off the coast which alternated btwn Anderson A.F.B. and NCS. I have no doubt the AGI would intercept pre-launch B-52 preps including comm checks, etc. and inform the NVA and Moscow. The BUFFs would launch after dark and NCS was at the end of the Anderson runway. We would get up and watch the zoomies go to war. When a B-52 goes over the barracks at about 200ft altitude sleep is impossible!
LikeLike
5 May 2026 at 08:56
and now we text war plans and updates to reporters in the clear. But we were “clean on opsec”. Hey Mario where’s the MAGA master Chief you were plugging a couple months ago been?
LikeLike
5 May 2026 at 10:54
The Air Force obviously forgot the lessons learned from the mid-60’s as Fleet Cryptologists in the mid-80’s used some of the same NVA techniques to acquire advance B-52 flight information.
Some FLEETEX’s off SOCAL would employ BUFFS as “threat RECCE aircraft” as part of the exercise. While it was rare to detect ground pre-comm checks, detecting in-fight comm checks/chatter was quite common since the Air Force always used the same callsigns and freqs. NOTAMS and NOTAIRS were also monitored as they provided hints of flight activity.
When the BUFFS made their comm check-in’s with air traffic controllers in Nevada, Alert-15 CAP aircraft were being prepped and when comm checks by the B-52’s were made with California ATC’s, CAP aircarft were launched and the AAW grid was set.
The whole evolution ended up being excellent training for the Cryptologic teams in prepartion for WESTPAC deployments. There was a well known and well defined vast expanse of ocean where actual threat RECCE (BEAR) aircraft would cause the AAW grid to be set to meet them at 200NM from the carrier. With 24-36 hours of advance notification by Fleet Cryptologists, the BEARS were greeted by friendly F-14 TOMCATS nearly 100% of the time.
One additional, invaluable, and irreplaceable tool available to the Fleet was FOSIF support from Kamiseya and “tippers” from a variety of other sources.
LikeLike