Navy Wants Cyber Weapons That Shoot Data Beams

ectotherm writes "By 2018, the US Navy hopes to equip its fighter jets with the ability to shoot data streams containing 'specialized waveforms and algorithms,' useful in an electronic attack or cyber-invasion. A few non-classified details here."

Re:Yet another DARPA idea straight out of sci-fi

[martin-boundary]

I'm not so sure.

The reason is if we extrapolate the trends in computing to 2020 say, and we assume that huge number of devices that nobody thinks of might have by then a tiny processor with an IP (v6) address (eg think lightbulbs, windows, clothes, vehicles, air conditioners, hand-held tools, watches, helmets etc, etc), then it becomes really very hard to properly secure most buildings and assets.

In a war situation, you'd have troops moving about literally in a sea of potentially deadly gizmos with consumer grade quality of processing power, but even in friendly territory, building a truly secure working military base could turn out to be a complicated problem and maybe not possible.

What if nobody remembers that the cement in building C is connected to the internet and the firmware hasn't been updated (far fetched? There might be tiny sensors mixed into the cement, to help maintenance crews monitor the building better...)

It's likely that in 10 or 20 years, viruses designed to create random damage would be really hard to protect against, because a 100% controlled environment would be really hard to keep, and even 1% vulnerability could be exploited in a war scenario.

Today computer security is a lot easier, because there are so *few* computer systems, mostly big boxes with a local admin who can secure them.

Re:What?

[drolli]

I cite from the article'

'"We will tell you that in the world of the exciter, the holy grail is to get a universal design that can generate all the waveforms that you could possibly imagine," says Falco.'

Its pretty clear what they mainly want: Inject any analog waveform in any band to confuse radar with arbitrary objects. If the enemy radar gets a software upgrade which detects you last attempt, you just change your software. Up to now planes tracked by radar (missiles?) could jam the radar by fixed waveforms or the plane ejects some objects (which dont act like planes) to irritate the radar. With the proposes a system you can make the opponent see hundreds of things on the radar which look like planes and fly like planes. Heck you can even fake the transponder message of their own plane you just shot down.

You can use such a capability for choosen plaintext attacks (e.g. what do their systems send when a plane is entering a perimeter around the base), to confuse the enemy during active combat. If somebody uses radio links, and your crytographers are good enough you can also directly inject messages into enemy communications. Lets not forget that in asymmetric conflict the opponents of the USA very often have only the rudest communication means; the capability to control e.g. GSM communication during a battle could help in some places. Last but not least, you could help a plain cyberwar by injecting information here and there.

Re:What?

[dummondwhu]

Great points. That's pretty much where my thoughts were going.

People seem to be thinking this thorough as a parallel to what we think of as cyber attacks in the internet world today where viruses and trojans take control of our PCs for nefarious purposes. And while that may be desirable to the Navy too, everything in warfare is moving toward digital communications these days. There are a number of types of tactical data links, communicating virtually everything that one battlefield entity might need to know from another and it's only going to get more widespread over time.

You don't need to "take over" an enemy radar when you can just tell it to report whatever you want to its operator via spoofed waveforms. Or, if a good guy plane could fool others into thinking it was an enemy plane (with a spoofed radar signature, IFF, etc.), the benefits are obvious.

The difficulties are defeating encryption and decoding messages/waveforms to be able to inject specific bits of data as seen fit. Though, a targeted DoS attack is probably not very difficult to achieve even now because if you flood a link with messages of the appropriate size, it still has to do some processing to decide that it can't do anything with them, possibly slowing or stopping legitimate messages.

Incidentally, I work in defense and I don't see my company listed in TFA so that sucks because this would be an interesting project. Though, it might be involved in some way that I just don't know about (because it's a huge company, not necessarily because of secrecy or anything).