18 December 2009
The other day, the Wall Street Journal broke the story that Iraqi insurgents were intercepting video downloads from U.S. Predator drones. Wired's Danger Room Blog reports that it's not just drones' transmissions that are at risk, it's most U.S. warplanes. CBS News says that the Pentagon has known about the problem for at least 10 years. This is a shocking breach of security. What happened? From the outside, it appears to be a combination of factors. I suspect it was a combination of three factors: the difficulty of doing video encryption when the platform was designed; key management; and cost.
The Predator has been around for about 15 years. Video rate encryptors weren't very common in 1995; it's quite possible that adding one would have added significantly to the cost and weight of the aircraft; that in turn would translate to significantly increased cost. Was it worth it?
In 1995, the U.S. did not perceive itself as facing major enemies. The U.S.S.R. was no more; Russia was still perceived as friendly, though that relationship was strained by the Balkan campaign. Besides, its military was in disarray. China wasn't seen to be rising as fast as it is now. Who was left as a military foe? Just a bunch of 3rd world countries and rag-tag insurgents, right? Surely they couldn't intercept U.S. military communications...
That may or may not have been true back then. But lots of ground stations were built to that spec, creating a huge installed base of inherently insecure gear. And times changed.
As we all know, sophisticated electronics are a lot more common now, as is the expertise to develop them. Even if the Iranians — the party blamed for developing the interception technology — couldn't do it in 1995, perhaps they can today. Certainly, there's plenty of evidence of advanced Iranian electronic warfare capability, as well as their willingness to export it to their friends. The ability to intercept, then, is now commonplace; the ability to upgrade quickly is gone.
Another possible problem is key management. Suppose the signals were encrypted. How do you distribute the decryption keys? The video downlink is broadcast; it's not just a matter of two peers exchanging keys. There are a number of ways to do the key management, but the simple ones are vulnerable to a single ground station being compromised and the complex ones are, well, complex. Depending on how it's done, there may also be an operational problem: do the soldiers in the field have the training to load the received keys into the units, while properly protecting them from capture? If that task is hard enough (and I of course have no knowledge of how NSA would design the gear, or even if it would be external), the tradeoff might be very simple: how many lives would be lost because of key management flaws versus lives lost because of intercepted traffic? Of course, the answer to that question depends critically on the ease of interception, and that has changed over the years.
There seems to be some disagreement about whether the drones' signals are being picked up directly or via a satellite link. Danger Room speaks of line-of-sight transmission; CBS says that the Predators can switch to satellite uplinks and that it was satellite downlinks that were intercepted because the military is buying time on commercial satellites.
I'm not impressed by the argument that there's no problem if low power, line-of-sight signals are used. If the Predators are flying at 1500 meters, line of sight — in flat terrain — covers a radius of just under 140 km. And a good antenna can compensate for low transmission power.
In any event, there's a problem now. Saying, as the Air Force has, that "As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security" isn't helpful.