As part of the continuing war in Afghanistan, the United States has made extensive use of unmanned Predator drones to carry out reconnaissance as well as armed strikes. On Monday The New York Times reported that a U.S. drone killed three militants in North Waziristan, and on Friday CNN reported that a Haqqani network commander was killed in a drone strike. The use of unmanned aircraft is likely to continue expanding: The Washington Post reports that the U.S. Army Space and Missile Defense Command continues to search for a dedicated unmanned intelligence-gathering airship. Although drones can ensure mission capability while avoiding casualties, they are not perfect.
Drones raise unique security issues as their data streams, and possibly control streams, must be secured. Unlike a manned airplane controlled from a cockpit and generally involving a closed system of control, a drone is often remote-controlled through a two-way data stream carried over sometimes thousands of miles. Such data streams can be vulnerable to hacking, like any computer network. According to the Wall Street Journal, in December 2009, militants in Iraq were able to hack a drone’s video feed using low cost off-the-shelf software. While there was no evidence that the militants were able to take control of the drone, they were able to download and see the drone’s video feed, perhaps allowing them to evade U.S. operations.
The stark difference between resource requirements between the militant hackers and the U.S. military is telling. While Reaper drones like the one hacked can cost over $10 million, the militants used a computer program that cost around $25. The low cost of the program allows militants to proliferate the software and thereby increase the danger that drones can be hacked and their video feeds watched by enemy forces.
The ability of militants in Iraq to hack drone video feeds should be cause for concern, especially as far more advanced military forces such as Russia and China have extensive cyber-warfare capabilities. While Iraqi militants relied on cheap software to capture a video feed, other states’ capabilities could conceivably allow a foreign force to hijack a drone, either to alter the mission or crash the drone before the mission can be completed. Increased reliance on drone warfare will also increase the opportunities for enemy cyber-warfare units to hack or hijack the unmanned vehicles.
U.S. drone vulnerability stems from the fact that once a drone is far from its base, satellite uplinks are necessary to link the drone to the base. Such uplinks are vulnerable to hacking, unless the data stream is encrypted. But the drones’ data stream is unencrypted, and unless significant expenditures are made to add encryption to the proprietary satellite technology, the vulnerability will remain. The unencrypted data stream vulnerability carries over to other U.S. satellite traffic, as a 2005 CIA report describes. While the control data stream of drones is encrypted, the ability of enemies to access U.S. drone intelligence seriously undermines the ability of the United States to use that intelligence for mission purposes.
U.S. drone vulnerabilities have been known to the U.S. military since at least the 1999 Yugoslav war. Whether it was bureaucratic indifference or inertia, the problem was not addressed. Most worrying, U.S. commanders may have seriously underestimated the ingenuity and technical proficiency of militants. If this is so, it must be hoped that the same commanders will not continue to underestimate the threat to drone data-gathering and control posed by a lack of data stream security. Only by addressing this security hole can the ever-growing drone force be considered a fully functional weapon of war, useful in all possible conflicts and with a varied mission profile.
Image courtesy of Defense Tech