[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Military Hackers Turn To Commercial Electronic Attack Tools
By David A. Fulghum and Robert Wall
Aviation Week & Space Technology
Jan 20, 2008
Chinas integrated air defensesbased on cheap, sometimes stolen digital
technologyare now considered potentially more threatening to the U.S.
than Russias. The wholesale use of commercial products has made Chinese
networks flexible, easy to upgrade and tough to exploit.
That opinion, rapidly taking hold in the U.S. electronic warfare
community, is part of the tsunami of air defense analysis following
Israels demonstration of its ability to shut down Syrias Russian-built
air defenses long enough to conduct a bombing raidand then allowed the
radars to come back on in time to see the Israeli aircraft disappearing
over the border (AW&ST Nov. 26, 2007, p. 28).
Chinas air defense expenditures are calculated by aerospace officials as
only one-tenth of whats invested by the U.S. The Chinese systems are
affordable, in part, because of the regular use of stolen U.S.
technology - described as "Cisco in Chinese", by one specialist. The
telecom companies that conduct and exploit the thefts are run by former
Peoples Liberation Army generals. The low cost allows rapid updating and
proliferation of these defenses, which is one of the best ways to
confound attack planners.
The Chinese, like many countries without billions to spend on defense,
are figuring out how to leverage all that commercial technology into
their military capabilities, says Rance Walleston, BAE Systems director
of information operations initiative and information warfare. Weve spent
a lot of time looking at Chinese technologies. Theyre not building many
unique devices. Their integrated air defense system [IADS] uses
commercial standards, such as GSM and voice over Internet protocols
The Syrian raidwhich involved air-to-ground and network-to-network
electronic invasion of a Russian-built IADSis convincing some that
custom-built, highly specialized and expensive air defenses with long
development times are decreasing in deterrent value. In fact, they have
become victims of their own uniqueness. Because they were hard to
develop and field, they arent often modified. That gives electronic
warriors the time to conduct analysis and build countermeasures.
But last years events havent changed U.S. government views of the
A lot of the threat models used to evaluate whether new programs work
are outdated, says a participant in electronic warfare and network
attack since the 1992-95 conflict in Bosnia. They are Soviet-era models.
Where are the people who are thinking about what the Chinese IADS really
look like? The Israelis are already running up against different
defenses now that theyve highlighted some of the weaknesses in Syrias
But some senior U.S. Air Force officials disagree.
The Chinese have been spending significant amounts for years on their
IADS, and while they do exploit commercial technologies, they also buy
and co-develop advanced missiles and radars with the Russians and
others, says a former top USAF acquisition official. Network attack has
been an integral part of taking down an IADS for years and is integral
to all of the major modeling activities.
U.S. intelligence analysts point out that in air defense, like other
areas, China is pursuing multiple paths that include embracing purchased
systems as well as developing their own high- and low-end solutions. The
same is the case in air defense, they note, where the Chinese are buying
Russian systems and also developing their own versions based on what
they learn from the acquired systems.
That inability to change quickly also is reflected in U.S. defense
acquisition practices. For example, the U.S. still insists on building a
lot of unique radios when they could use the commercial infrastructure
and then build their own gear to encrypt it for the last mile [of
wireless communications in combat], the EW specialist says.
Why spend billions on [joint tactical radios and future combat systems]
that they cant make as well the commercial companies? Why build
high-power, aerial standoff jammers when there are cheaper and more
sophisticated ways to do that mission with finesse [using lower-power
data streams packed with algorithms to disrupt, mislead or take over
enemy systems]? If you believe the trend in insurgent or terrorist
command and control is toward low-power communications, what is a
B-52-based jammer going to do? If I stand off 100 mi., theres no way Im
going to have any impact on these threats.
Again, the Air Force official objects.
Commercial standards have been an integral part of military systems for
years, he says. The major standards coming out of the [Network-Centric
Operations Industry Consortium] are all commercially rooted. The U.S.
government builds unique radios for reliability and ruggedness, just as
they buy unique computers that are commercial-based but rugggedized.
Major programs like the Future Combat System are strongly network-based
and fully exploit commercial technologies and standards.
There also are some intrinsic benefits to using commercial technology
for military networks.
The Chinese are using VOIP, which causes big problems for the U.S.
because theres no wireless signal transmitted that can be easily
intercepted, say U.S. intelligence officials. Hezbollah has adopted the
same system for communications in southern Lebanon so that they cant be
intercepted by Lebanese or Israeli analysts. The command-and-control
network is then invisible in the RF spectrum. The move was necessary
because the Israel Defense Forces have become adept at tracking cellular
European officials are watching the shift with interest, too, although
with a broader concern about network vulnerabilities than specific VOIP
issues. Military planners in Europe note that they may need to follow
the U.S. Air Force lead in focusing resources on protecting against
network attacks, particularly in the wake of last years efforts from
Russia to shut down Estonias Internet connectivity over a political
But at some point, any tactical communication system has to go wireless.
Therefore, another technology being pursued by the Chinese for military
use is the High-Powered Cordless Phone. The country doesnt regulate
power output of the microwave-frequency phone. One benefit is that it
can be used to communicate between buildings with just the cordless
handset without bothering with a base station. That allows the devices
to create private networks by using just the intercom mode. Because they
can communicate over several miles, chains can be set up over long
But there also are problems. The technology is being eyed as part of the
target set for U.S. intelligence collecting. Moreover, the high-power
microwaves can inflict long-term physical damage to the user.
Network warfare has been done for some time, says the intelligence
official. The difference now is that its being integrated as part of an
overall combined operation. The Israelis raid on Syria wasnt just about
shutting down the radars and blowing up the building. There were a lot
of integrated operations that had to happen to make the raid successful.
Cyberwarfare information operations was one component of what went on
The U.S. Marines, both aviation and radio battalions, have been quick to
realize the value of being able to call up an electronic attack (EA) and
create a cone of silence even at the squad level.
The Marines are being very progressive, says Walleston. Now that they
have all the experience fighting the asymmetric threat, they understand
what theyre really up against. If you talk to the EW guys, theyre
convinced that this is a commercial technology war because the
[militants] command and control could be any of a number of commercial
technologies from cell and satellite phones and even cheap Motorola FRS
[family radio service] hand-held two-way radios.
Regarding the theme of going wireless for communications across the last
mile of a battlefield, that jump opens up a vulnerability for anyone
using a laptop or other wireless standards to connect with the Internet.
Those are the threats the Marines are talking about, says Walleston.
When they went into Falluja, they were up against a wide collection of
commercial computer and telecommunications standardsa bunch of guys with
PDAs [and] Blackberries that can communicate with multiple computer
networks via some standard link such as WiMax.
The wireless device transmits an RF signal, finds a connection and takes
the user into the Internet. Thats called [crossing] an air gap. In the
past, signals intelligence units were looking for tactical radios. Now
theyre looking for commercial wireless devices that the enemy uses for
command and control.
The Marines figured out this local command-and-control approach very
early, says Walleston. Now theyre trying to create electronic attack
capabilities that can be used like digital munitions. But they refuse to
deal in typically classified capabilities and are employing an open
architecture concept allowing full integration of air and ground forces.
When we discuss capabilities we might have in the cyber-warfare domain,
they say we only want to know about things we can use on the
One result is a joint concept technology demonstration called the
Collaborative Online Reconnaissance Provider/Operationally Responsive
Attack Link (Corporal). Northrop Grumman provides the network and BAE
Systems handles the electronic attack piece. The system deals with a new
domain called network-enabled electronic attack (AW&ST Sept. 3, 2007, p.
60; Apr. 9, 2007, p. 46).
It connects nontraditional ISR systems with tactical-level EA capability
and brings it to the point on the battlefield where its needed, says
Walleston. Instead of having an electronic standoff weapon that only a
few people understand and only sometimes gets used, they are giving the
capability directly to the guy that kicks down the door. The platoon
leader has a tactical PDA that gives him two-way comms and situation
awareness from UAVs flying overhead.
When the Marine with the PDA requests digital fires, he wants a cone of
silence to be created over the immediate area that disables enemy
communications, say U.S. Marine Corps officials. The network then would
do asset synchronization to determine what ISR and EA assets are in the
area. If there are none, it would redirect one, perhaps a UAV, to fly in
and turn on the requested support. The capability to take on a wide
range of telecommunication threats would be pre-loaded in the UAV. A
number are already being used for experimentation, including the Shadow
200 and Predator.
The goal is to develop payloads for all the platforms that can perform
all the required network ISR and electronic attack missions. As they
come into the area of operations, they are logged on automatically to
the network through a common antenna set thats patched on the exterior
of the airframe.
A network server keeps track of everybody, where they are and what
capabilities they have. It might tell an F-15 to turn on its EA system
as it flies by. Its then replaced by an EA-6B, a helicopter or a UAV,
each carrying the same small, multifunction payloads.
There will be a demonstration of network-enabled electronic attack for
the Corporal JCTD within two years. An interim version, demonstrating
PDA-controlled attack from a UAV, will be tested with the Marine Corps
Wolfpack platoon in August.
AVIATION WEEK Copyright 2008, The McGraw-Hill Companies, Inc. All Rights
Subscribe to InfoSec News