Fixes On The Way For Unsecured Links On U.S. UAVs

By michael hoffman, JOHN REED and JOE GOULD
Published: 18 Dec 2009 15:17

The U.S. Air Force has known for more than a decade that the live video feeds from its unmanned aerial vehicles can be intercepted by the enemy but opted not to do anything about it until this year. An official document puts a completion date to secure the feeds at 2014.

Defense officials confirmed Dec. 17 that Iraqi insurgents have been capturing the nonsecure, line-of-sight signals used by troops on the ground to view video feeds from MQ-1 Predators and MQ-9 Reapers since mid-2008.

The drones, built by General Atomics, also have two secure datalinks; one for the pilot controls and one to feed video to commanders.

The service has identified how to protect the feeds, according to an Air Force officer who asked not to be identified. The officer said the service is starting to encrypt the feeds with a software modification but refused to discuss when the fix will be completed. The Air Force's Unmanned Aircraft Systems Flight Plan puts the completion date at 2014.

"In today's information age, we realize these are not encrypted datalinks, but we have taken steps to rapidly upgrade our current and future [remotely piloted aircraft] fleet to protect those datalinks," the official said.

The Air Force isn't relying solely on encryption to protect the video.

An immediate solution is to narrow the area from which the video feeds can be received, making it more likely that an insurgent would be spotted trying to intercept them, a defense official said. Typically, militants would need to be within 100 yards of the airman or soldier receiving the signal.

A report published in the Dec. 17 edition of The Wall Street Journal detailed how defense officials earlier this year discovered laptops in Iraq loaded with a $26 Russian-made software program called SkyGrabber that hacked into video broadcast by Predator cameras, which show the location of insurgents being targeted by the drones.

Besides the SkyGrabber software, insurgents have used high-tech methods to capture the video feeds.

U.S. troops found advanced electronic warfare equipment in a 2008 raid on Shiite militia, according to an Air Force intelligence officer briefed on the raid.

Air Force officials refused to officially comment on the hacking; the Pentagon issued a general statement on the security of its intelligence gathering.

"The Department of Defense constantly evaluates and seeks to improve the performance and security of our various ISR systems and platforms. As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security. As a matter of policy, we don't comment on specific vulnerabilities or intelligence issues," the statement said.


An Iranian connection

One service official contends the insurgents' ability to watch drone feeds have adversely affected U.S. operations in the Middle East.

"We noticed a trend when going after these guys; that sometimes they seemed to have better early warning" of U.S. actions, said the officer briefed on the raid. "We went and did a raid on one of their safe houses and found all of this equipment that was highly technical, highly sophisticated. It was more sophisticated than any other equipment we'd seen Iraqi insurgents use."

The militia, known as Kata'ib Hezbollah and based out of Sadr City, Baghdad, has long been suspected of being a surrogate for Iran's Quds Force, the wing of the Iranian army responsible for conducting clandestine warfare outside of Iran via various insurgent groups.

The group had a "very long and well-documented history" of getting their training and equipment from Iran, the officer said.

"It was the technological know-how to make the antennas, computers and software go together and pick up the appropriate bands that was impressive. It is something that would take some very smart electrical engineers to put together. Iran had to choose the most loyal and capable surrogates that they could trust with equipment like that," the officer said.

Soon after the raid, top commanders in Iraq convened a task force to identify the extent of the threat and how best to deal with it, according to the officer. Initial findings showed the threat was isolated to Kata'ib Hezbollah.

"They knew that we were flying Predators over their heads 24/7, so it's easy to say 'yeah, I know that I'm going to do a signals analysis search for [the drone]' and take advantage of it," the officer said.


U.S. Army problem, too

Like the Air Force, the U.S. Army is aware of the vulnerabilities that its UAV datalinks have and are working to fix them. The laptops loaded with the SkyGrabber software had footage filmed by smaller Army UAVs as well as the Predators.

"We are well aware, and OSD [Office of the Secretary of Defense] is well aware, and we have a well-researched response set in motion," said Col. Robert Sova, the Army's capability manager for unmanned aerial systems. "This ability, this is not new information."

The military has not implemented encryption for drones for "various reasons," according to Sova.

"It's not just monetary, but technology readiness," he said. "We've taken certain risks and mitigated those risks with our tactics, techniques and procedures."

Still, Sova said, the ability to hack a drone's video feed is a "very low risk" since the insurgents haven't figured how to hack into the command and control systems of the drones.

"It's not like they're going to control the payload or move it off," Sova said. "They're able to see a specific interval, like a camera system in the mall."

Sova considers it unlikely that an insurgent could tap into a specific drone overhead.

"It's happenstance, if they were able to tap into that feed," Sova said. "Only in the best scenario, and only for a short period of time."

Within the last year, the Defense Department's Office of Acquisition, Technology and Logistics directed the services to beef up encryption, Sova said.

The Army plans to field or retrofit its drones with encryption technology over the next several years, according to Col. Gregory Gonzalez, the Army's project manager for unmanned aerial vehicles. By Jan. 1, the Army will field encrypted Ravens, micro-UAVs.

Air Force officers and defense analysts caution that video broadcasts from manned aircraft to U.S. ground troops are vulnerable to hacking as well because their technology is similar to that of UAVs.

"Anything that projects a video is going to have the same problem. If the encryption is not strong enough, the signal will be susceptible. The insurgents figured out how we were using line-of-sight signals," said Joel Harding, director of the Information Operations Institute for the Association of Old Crows.

Ground units get the Predator feeds through a Remotely Operated Video Enhanced Receiver, or ROVER - a mobile device that looks like a laptop that can either be carried by hand or mounted in a ground vehicle.

An encryption package can be added to the ROVER; however, not all troops have the encryption package. The latest ROVER model being tested by the Pentagon comes equipped with two advanced encryption packages.
http://www.defensenews.com/story.php?i=4426380&c=AIR&s=TOP