COMSEC Key Distribution Takes 72 Hours and One Lost Fill Device Compromises an Entire Network

Military encrypted communications require cryptographic keys loaded onto radios via fill devices like the AN/PYQ-10 Simple Key Loader (SKL). Distributing new keys across a brigade combat team of 4,000+ soldiers requires physical transport of fill devices to every radio operator at every echelon, a process that takes 48-72 hours under ideal conditions. In contested environments where courier movement is restricted, key distribution can take a week or more. The immediate pain is that key rollovers, which doctrine says should happen regularly to maintain security, are operationally so disruptive that units delay them as long as possible. Many units in garrison operate on the same COMSEC keys for 30-60 days instead of the prescribed shorter periods. In deployment, key changes are timed to operational pauses because the unit essentially goes communications-dark during the transition as radios are taken offline to load new keys. The catastrophic risk is that a single lost or captured SKL compromises every key stored on it, which can include keys for an entire battalion or brigade. When a fill device goes missing, every radio net that used those keys must be considered compromised, requiring an emergency rekey of potentially thousands of radios. The 2017 theft of an SKL from a vehicle in Germany triggered a multi-week emergency rekey across an entire division, consuming over 10,000 person-hours and degrading operational readiness during a critical NATO exercise. This persists because the military's key management infrastructure was designed in the 1980s and assumes physical distribution via trusted couriers. Over-the-air rekeying (OTAR) exists but is not universally fielded, works unreliably in contested electromagnetic environments, and itself requires an initial key exchange that circles back to physical distribution. The NSA controls COMSEC key generation and distribution timelines, and their processes are optimized for security compliance rather than operational speed. Structurally, the tension between information security and operational agility has no institutional resolution mechanism. The NSA's equities prioritize zero compromise, which means physical control of keying material. Operational commanders' equities prioritize speed and flexibility. There is no authority that can balance these competing demands and mandate an over-the-air or network-based key distribution system that is both secure enough for NSA and fast enough for combat operations.