Pierluigi Paganini January 21, 2013

In the last months I had the opportunity many times to read about the possible use, in cyber warfare context,  of electromagnetic waves to interfere with defense systems of the adversaries. I wrote about a project dubbed CHAMP  (Counter-electronics High-powered Microwave Advanced Missile Project) related to the use of microwaves to permanently knock out computers in a specific area. The project is born in US military environment, specifically developed by Air Force Research Laboratory, and it explores the possibility to design a directed-energy weapon capable of destroying and interfering with adversary’s electronic systems such as radar systems, telecommunication systems, computer systems and power distribution systems. While the project is started in military and is led by Boeing the technology comes from a small company called Ktech, acquired by Raytheon bought last year, specialized in the providing of microwave generators to generate EMP able to knock out electronics equipment. Recently a report published by Defense News revealed that the Intelligence and Information Warfare Directorate (I2WD) of the US Army is studying the use of electromagnetic waves to infiltrate sealed networks. The report illustrates that the US army is running the Tactical Electromagnetic Cyber Warfare Demonstrator program with the dual objective of sniffing data and injecting data into sealed cable networks. The intent is clear, a cyber army adopting electromagnetic waves could be able to spy on network or interfering with transmission altering the content of transmission for example introducing a malware in it. The research on the use electromagnetic waves is not new, NSA has been carrying out research in the topic for a long time, project TEMPEST is the demonstration. The technology could be used by a government with an unmanned aircraft flying over the location where target networks are located, let’s think for example a critical infrastructure and its control systems that could be infected despite they are isolated from internet. The approach is totally equivalent to the physical access to a network, the use of  electromagnetic waves allows to the attackers to access directly to the target network. The Stuxnet case demonstrated that accessing to the network of critical infrastructure is possible to cause serious damages, for the attack was used an infected USB flash drive containing the popular Stuxnet virus able to exploit zero-day vulnerabilities of the host.

What is the evolution? Attack the target network without physically access to it eluding the defense systems adopted to mitigate cyber threats.

Despite the technology is available and tests conducted demonstrated its efficiency, the use of  electromagnetic waves is still immature due significant range and bandwidth limitations, the source of waves in fact has to be very close to the target network and transmission of complex data is considered time consuming for the scope. Going back in time it is possible to find another interesting project, Suter, a military computer program developed by BAE Systems that has with purpose the attack of computer networks and communications. The program has been managed by Big Safari, a secret unit of the United States Air Force, Suter was integrated into US unmanned aircraft. The program has been tested with different aircrafts and used in Iraq and Afghanistan since 2006, according military experts a technology similar to Suter was used by the Israeli Air Force to attack Syrian radars in the Operation Orchardon on September 6^th , 2007. No doubts the use of electromagnetic waves to interfere with defense systems is a winner choice that’s way many governments are working on projects on the this technology.

Pierluigi Paganini

(Security Affairs – Hacking)