The world depends on radio waves
They are essential for the exchange of data and information, networking and communication. They form the basis of television and radio broadcasting, satellite transmissions and our daily communications. While used without fear by ordinary people, the radio waves of military organizations are well known to present vulnerabilities, with some adversaries having the means to manipulate the radio waves and compromise their confidentiality, integrity or availablity. But now, with the dizzying increase in the number of connected electronic devices (e.g. the “Internet of Things”), it is not just military forces that must be wary of interference and more subversive activity from electromagnetic attack.
The military has struggled with electromagnetic (EM) attacks for over a century. In a conflict, reducing the adversary’s access to information by denying their sensors and communications can mean the difference between victory and defeat. Modern military forces, including those of the superpowers, have mastered this discipline for a long time – with decades of experience using EM attack and defending against it. But things are changing.
There is a new threat, displayed by smaller states (i.e. “non-superpowers”) and smaller non-state actors who can now obtain EM attack capabilities at increasingly higher costs. down. And, as the number of devices employed by adversaries and our own forces continues to grow, the usefulness (and threat) of EM activity will continue to increase.
Take, for example, the growth of wireless communications. A fiber optic cable buried under a layer of soil and concrete is quite robust from an exploit point of view. However, this data can then pass through a point-to-point microwave link (link by radio waves), before returning underground. Needless to say, this microwave link is much easier to access and attack via eavesdropping or disruption (jamming) than the wired network it serves. By attacking the microwave link, hostile actors negate the physical security inherent in the underground wired network.
Defense is pursuing the “Military IoT” in many forms and with many different projects. The prospect of increasingly connected military capabilities offers many benefits, but comes up against the same EM-related drawbacks that threaten conventional IoT systems. A true military IoT would be very difficult to secure in an EM sense – and perhaps the best solution would be to disable this technology during a conflict scenario or operate assuming it would be denied.
How to solve the riddle of electromagnetic interference
Unfortunately for businesses, this is no longer a problem reserved for the military. The gray zone – an area in which hostile actors are able to attack political, economic and military instruments without provoking a conventional response – is expanding. As such, private companies are at risk of falling victim to malicious actors, especially if they are seen as a core part of a country’s infrastructure. And damaging them therefore hurts the nation they are in.
Electronic protective measures (EPM) are an option available to the military and businesses. An example of this is the addition of protective devices in receivers to protect them. However, lately there has been a trend away from protecting electronic systems, as these can limit system performance in terms of bandwidth or throughput. Electronic protection systems (for example, with the use of Faraday cages (shielding) or shielding) can be complex and expensive.
A resilience-based approach to EM attack is likely to offer a balance between no protection and “over-protection”. However, the cornerstone of effective resilience and rapid recovery is informed decision-making and therefore detection. The attribution of EM disturbance to EM interference or attack is critical to this process.
Solutions are now available to quickly indicate if an attack is in progress or if electromagnetic interference is present. These disturbances would otherwise have been untraceable. Such capabilities are particularly important because the human senses have no way of detecting radio waves, and it is very easy to misdiagnose a device malfunction or failure as a hardware or software fault. This further demonstrates why situational awareness of the EM environment (and EM spectrum) is so important.
The civilian world is increasingly using the EM spectrum, but perhaps without a full understanding of its vulnerabilities. What is certain is that as the number of devices using radio waves or wireless grows, incidents of EM interference will increase and, unfortunately, the opportunities for bad actors to use EM attack.
As our wireless connectivity, exemplified by the IoT, continues to grow, considerations that once only concerned military and security services are now relevant to civilian industries. Fortunately, the preparation remains the same. Organizations need to ensure that they have the situational awareness necessary to know where their vulnerabilities are and when those vulnerabilities are exposed. Failure to do so opens the door to both financial and reputational loss.
About the Author
Richard Hoad is a technical strategist at QinetiQ. We deploy our scientific and technological knowledge, our proven research capabilities and our unique, purpose-built facilities to provide both services and products that meet the needs of a wide range of global customers. We operate primarily in the defence, security and aerospace markets and our customers are primarily government organizations including ministries of defense as well as international customers in other targeted industries.
Featured Image: ©Pixel