In the 17 December 2009 issue of the Wall Street Journal, the front page article discusses how Shiite insurgents in Iraq have used commercial-off-the-shelf software to intercept and utilize sensitive reconnaissance videos to coordinate their movements and assess the threat of US forces in their strongholds.
This article asks the primary question we should all ask of those executing war strategy and tactics in Iraq: “How were such critical information assets fielded without encryption?” However, there are larger and even more far-reaching questions about the incident that were not asked in this article. This response intends to ask those questions and share them with our systems integrator and Government customers, as these are some of the same questions CPU Tech asked ourselves in developing our secure and anti-tamper processor devices for sensitive data operations.
Question 1: How are such military capabilities like this fielded without data protection?
There is a very rigorous process to ensure data protection in intelligence and military systems, executed and overseen by the Department of Defense (DoD) and the National Security Agency (NSA). This process occurs with all new systems, and system upgrades.
However, occasionally a new capability or technology is so advanced and ‘game-changing’ that military leaders scramble to rush this capability to the field through the acquisition of commercial-off-the-shelf equipment. This process is sometimes called ‘Fast-Tracked’ or ‘Rapid Acquisition’ authority. This has been the story of unmanned aerial vehicles over the last decade and a half – the capability to get instant, on-demand overhead camera and video intelligence has been too tempting in recent conflicts in Iraq and Bosnia. Field commanders generated so much demand for UAV assets that several waivers, bypasses, and work-arounds were created for the standard weapon development process. Developments and technologies from digital camera companies, satellite and digital television broadcast, and small aerial vehicle developers were drafted wholly untouched for use by the military. In many cases, security and data protection have been largely unconsidered or ignored.
Question 2: Now that we know our enemies are actively trying to tap into our data networks, how do we prevent this in the future?
This article points out that the US military has long been aware of these intercepted data feeds both in Bosnia and in Iraq. There is very little sophistication in the methodology – the military allowed this data to be broadcast without encryption, so insurgents simply scanned the airwaves looking for ‘free’ US intelligence.
The simplest answer to preventing the current exploitation threat is to add encryption capabilities to the reconnaissance drones through upgrades in hardware or software.
However, Iranian intelligence service support was suspected in making Shiite insurgents aware of the unprotected data, as well as the software needed to exploit it. Presumably, tapping into the US military intelligence network is valuable enough to these adversaries to take even greater steps to ‘hack’ into even when encryption layers are added. This might include analyzing and attempting to crack the encryption, spoofing or jamming the data feeds to trigger uncautious US work-arounds, or capturing and reverse-engineering the UAV’s electronics to enable full decrypt capabilities.
Question 3: This threat was from an unsophisticated enemy. What threats to our intelligence flow will we face in the future?
The United States is well aware of our current reliance upon technical superiority in the battlefield, and there has been a great deal of rising awareness of the risk of losing that technical superiority through loss of data and equipment. Once encryption is designed into our reconnaissance drones and other sensor technologies, the next vector of attack from our adversaries will be to capture our equipment and reverse-engineer it. This is especially true of UAV’s, which often operate remotely over unfriendly territory, and are susceptible to weapons fire and equipment malfunctions due to their low altitude and long mission life.
Question 4: Can protections against enemy intercept and intrusion be built into our systems?
The answer to this question is yes – protection from both intercept and equipment reverse-engineering can be designed into systems and is even mandated by the Department of Defense. However, not all of these mandates are being followed or enforced.
Communication link protection is a very established and documented process carried out by various groups and agencies, typically led by the National Security Agency. This process is usually very involved and time-consuming, typically lasting at least half of the generational life of the electronics used in communications. In order to address the need for robust protection for expendable assets like UAV’s, but limit the long certification cycles of the link encryption, the NSA has launched an initiative to define a ‘Suite B’ class of encryption link protection. This is intended to be a well-defined set of electronic processes with limited certification requirements so that assets like the Predator drone can have strong, reliable, low cost encryption.
There are also a set of mandates for reconnaissance equipment like the Predator drone to be built in such a way that the critical sensitive operating code and data resident on the vehicle is identified. It is then segregated into electronic components that are highly resistant to tampering and reverse engineering in case of capture. This mandate is most visible in a Department of Defense Instruction 5200.39: “Critical Program Information Protection within the Department of Defense”. This both promotes and mandates the use of ‘anti-tamper technologies’ in new and sensitive weapon systems. It is designed to protect US technical superiority in wartime.
CPU Tech has recognized the technology gap that occurs in the electronics marketplace in allowing military systems designers to meet both of these requirements. The DoD mandates generate new demands and design constraints, but are not prescriptive enough in helping engineers identify solutions.
This is where the Acalis Secure Processor attempts to fill in the requirement gaps for systems like the Predator UAV. It is a full-scale PowerPC-based general purpose processor with built-in algorithmic support for NSA ‘Suite-B’ based encrypted communications, as well as powerful anti-tamper features designed to protect against the next anticipated threats to US intelligence data networks.
While there are many potential short-term encryption solutions to the existing problem discussed by the Wall Street Journal, only the integrated Acalis Secure Processor addresses the next level of threat to data link protection for critical military assets.
UPDATE (24 Dec 09): I’d like to include a link here to a Bruce Schneier editorial on the unencrypted drone video feeds. In this, he defends the military decision to keep the broadcasts unencrypted, but highlights the need for an NSA-approved secondary encryption standard (Suite B).