If I Only Had a Brain …

December 17, 2009

Part of the running storyline about the involvement of the US in wars in Iraq and Afghanistan has been the use of various “smart”, hi-tech weapons.  In fact, this dates at least from the time of the first Gulf War; I was living and working in England at the time, and I can remember watching the war reports on the BBC, which frequently cited the use of “smart bombs” and other new weapons.

Today’s Wall Street Journal, in contrast,  has an article about a new type of hi-tech, extremely stupid, weapon. Readers have probably seen stories about the use of Unmanned Aerial Vehicles [UAVs] in Iraq and Afghanistan: pilotless drone aircraft that are used primarily for long-range or long-duration surveillance, but which can also carry weapons, such as air-to-surface missiles.   Because they don’t carry a human pilot, the risk involved if they are shot down is obviously less; moreover, the absence of a pilot means that many systems which are present in a manned aircraft just to support the pilot can be omitted, and the aircraft made smaller, saving weight and increasing the time the UAV can stay aloft and on station.

However, as the WSJ article reports, some of the tactical advantage that might be gained by having an unsleeping view of a particular area has been lost, because the video transmissions from the UAVs to their ground stations are not encrypted or otherwise secured in any way.   This has not been lost on our adversaries::

In the summer 2009 incident, the military found “days and days and hours and hours of proof” that the feeds were being intercepted and shared with multiple extremist groups, the person said. “It is part of their kit now.”

It seems more than a little ridiculous that Hollywood studios routinely go to considerably greater length to protect their “content” than does the US military.

What is most disturbing to me is one of the reasons offered for having things done this way. Apparently the US military has known for some time that this vulnerability existed:

The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.

Who would think that some people in an under-developed country (I mean, how smart can they be; they don’t even speak English!) could possibly understand a really complicated, cutting-edge technology like broadcast video? (And note that we are only talking, here, about the data reporting function of the UAVs.  Anyone want to make a large bet that the command-and-control functions are a lot more secure?)

Now the Defense Dept. is working on adding encryption to its existing fleet.  (Cue the “There’s Never Time to Do It Right, But There’s Always Time to Do It Over”  theme song.)    This is proving a bit difficult.  First, because retrofitting a capability to a system is almost always harder that building it in in the first place; and, second, because the data link apparently uses some proprietary communications protocols, so readily available, off-the-shelf encryption technology needs to be modified in order to work.

As Ars Technica points out in its article on this story, it is sort of amazing that your DVD recorder has more sophisticated security technology than these “cutting edge” weapon systems.


%d bloggers like this: