Fixes On The Way For Unsecured Links On U.S. UAVs
The U.S. Air Force has known for more than a decade that the live video feeds from its unmanned aerial vehicles can be intercepted by the enemy but opted not to do anything about it until this year. An official document puts a completion date to secure the feeds at 2014.
Defense officials confirmed Dec. 17 that Iraqi insurgents have been capturing the nonsecure, line-of-sight signals used by troops on the ground to view video feeds from MQ-1 Predators and MQ-9 Reapers since mid-2008.
The drones, built by General Atomics, also have two secure datalinks; one for the pilot controls and one to feed video to commanders.
The service has identified how to protect the feeds, according to an Air Force officer who asked not to be identified. The officer said the service is starting to encrypt the feeds with a software modification but refused to discuss when the fix will be completed. The Air Force's Unmanned Aircraft Systems Flight Plan puts the completion date at 2014.
"In today's information age, we realize these are not encrypted datalinks, but we have taken steps to rapidly upgrade our current and future [remotely piloted aircraft] fleet to protect those datalinks," the official said.
The Air Force isn't relying solely on encryption to protect the video.
An immediate solution is to narrow the area from which the video feeds can be received, making it more likely that an insurgent would be spotted trying to intercept them, a defense official said. Typically, militants would need to be within 100 yards of the airman or soldier receiving the signal.
A report published in the Dec. 17 edition of The Wall Street Journal detailed how defense officials earlier this year discovered laptops in Iraq loaded with a $26 Russian-made software program called SkyGrabber that hacked into video broadcast by Predator cameras, which show the location of insurgents being targeted by the drones.
Besides the SkyGrabber software, insurgents have used high-tech methods to capture the video feeds.
U.S. troops found advanced electronic warfare equipment in a 2008 raid on Shiite militia, according to an Air Force intelligence officer briefed on the raid.
Air Force officials refused to officially comment on the hacking; the Pentagon issued a general statement on the security of its intelligence gathering.
"The Department of Defense constantly evaluates and seeks to improve the performance and security of our various ISR systems and platforms. As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security. As a matter of policy, we don't comment on specific vulnerabilities or intelligence issues," the statement said.
AN IRANIAN CONNECTION
One service official contends the insurgents' ability to watch drone feeds have adversely affected U.S. operations in the Middle East.
"We noticed a trend when going after these guys; that sometimes they seemed to have better early warning" of U.S. actions, said the officer briefed on the raid. "We went and did a raid on one of their safe houses and found all of this equipment that was highly technical, highly sophisticated. It was more sophisticated than any other equipment we'd seen Iraqi insurgents use."
The militia, known as Kata'ib Hezbollah and based out of Sadr City, Baghdad, has long been suspected of being a surrogate for Iran's Quds Force, the wing of the Iranian army responsible for conducting clandestine warfare outside of Iran via various insurgent groups.
The group had a "very long and well-documented history" of getting their training and equipment from Iran, the officer said.
"It was the technological know-how to make the antennas, computers and software go together and pick up the appropriate bands that was impressive. It is something that would take some very smart electrical engineers to put together. Iran had to choose the most loyal and capable surrogates that they could trust with equipment like that," the officer said.
Soon after the raid, top commanders in Iraq convened a task force to identify the extent of the threat and how best to deal with it, according to the officer. Initial findings showed the threat was isolated to Kata'ib Hezbollah.
"They knew that we were flying Predators over their heads 24/7, so it's easy to say 'yeah, I know that I'm going to do a signals analysis search for [the drone]' and take advantage of it," the officer said.
U.S. ARMY PROBLEM, TOO
Like the Air Force, the U.S. Army is aware of the vulnerabilities that its UAV datalinks have and are working to fix them. The laptops loaded with the SkyGrabber software had footage filmed by smaller Army UAVs as well as the Predators.
"We are well aware, and OSD [Office of the Secretary of Defense] is well aware, and we have a well-researched response set in motion," said Col. Robert Sova, the Army's capability manager for unmanned aerial systems. "This ability, this is not new information."
The military has not implemented encryption for drones for "various reasons," according to Sova.
"It's not just monetary, but technology readiness," he said. "We've taken certain risks and mitigated those risks with our tactics, techniques and procedures."
Still, Sova said, the ability to hack a drone's video feed is a "very low risk" since the insurgents haven't figured how to hack into the command and control systems of the drones.
"It's not like they're going to control the payload or move it off," Sova said. "They're able to see a specific interval, like a camera system in the mall."
Sova considers it unlikely that an insurgent could tap into a specific drone overhead.
"It's happenstance, if they were able to tap into that feed," Sova said. "Only in the best scenario, and only for a short period of time."
Within the last year, the Defense Department's Office of Acquisition, Technology and Logistics directed the services to beef up encryption, Sova said.
The Army plans to field or retrofit its drones with encryption technology over the next several years, according to Col. Gregory Gonzalez, the Army's project manager for unmanned aerial vehicles. By Jan. 1, the Army will field encrypted Ravens, micro-UAVs.
Air Force officers and defense analysts caution that video broadcasts from manned aircraft to U.S. ground troops are vulnerable to hacking as well because their technology is similar to that of UAVs.
"Anything that projects a video is going to have the same problem. If the encryption is not strong enough, the signal will be susceptible. The insurgents figured out how we were using line-of-sight signals," said Joel Harding, director of the Information Operations Institute for the Association of Old Crows.
Ground units get the Predator feeds through a Remotely Operated Video Enhanced Receiver, or ROVER - a mobile device that looks like a laptop that can either be carried by hand or mounted in a ground vehicle.
An encryption package can be added to the ROVER; however, not all troops have the encryption package. The latest ROVER model being tested by the Pentagon comes equipped with two advanced encryption packages.
THE BOSNIA CHANNEL
As far back as 1996, the military has known outsiders can see the video feeds. The Air Force first flew the RQ-1 Predator, the MQ-1's predecessor, in combat over Bosnia. In published reports, local residents with satellite television told of watching Predator video feeds on their televisions.
"I remember that some of the people there said it was harder to get the Disney channel than watch U.S. military operations," said defense analyst Peter Singer, author of "Wired for War: The Robotics Revolution and Conflict in the 21st Century."
Former Air Force Chief of Staff Gen. T. Michael Moseley was the 57th Wing commander at Nellis Air Force Base, Nev., when the 57th became the first Air Force unit to operate a Predator. Moseley said his worry was about the security of the aircraft's datalinks.
"My question from the beginning was … 'What is our confidence level that links are secure?' Not just the imaging that comes off, but also the command and flying links. The answer was 'We're working that' from the General Atomics folks," Moseley said.
Moseley's civilian counterpart, former Air Force Secretary Michael Wynne, said he knew about the insecure datalinks but considered the threat worth taking to deploy the UAVs faster.
Moseley and Wynne took part in meetings with the Office of the Secretary of Defense in 2004 and 2005 about concerns with the links, but the consensus from the meetings was to field the UAVs as quickly as possible.
"I would say people were aware of it [the vulnerability], but it wasn't disturbing," Wynne said. "It wasn't yet dangerous; it certainly didn't disrupt an operation, so why make a huge deal of it?"
Wynne said he thinks the security gap is in part the result of the UAVs being fielded before they were fully developed.
"I would say that the enemy can find a flaw in a 70 percent solution and they are going to exploit it," Wynne said. "On the other hand, before they did exploit it, you did get utility from it … in the case of the Predator, we've extracted tremendous utility out of them."
Moseley said he and Wynne pushed hard to ensure the services protected the datalinks and that he proposed the Air Force oversee UAV development but was rebuffed by the Pentagon.
"In failing to come to grips with standardizing all of this, if this is as big a problem as identified, than we have a serious problem," he said.
Wynne contends the Pentagon needed the jolt of being hacked to act on improving UAV encryption.
"It's like we were talking about this class of war, like somehow the bad guys will never get sophisticated," the former Air Force secretary said. "Now, the sophistication of the enemy might lead you to ask, just like we are with IEDs, 'OK, here's [the enemy's] capability now, where do we have to go?' "
Fixes On The Way For Unsecured Links On U.S. UAVs - Defense News