Electromagnetic Attack: the invisible threat to our wireless world

The world is reliant on radio waves

They’re essential to data and information exchange, networking and communication. They form the basis of television and radio broadcasting, satellite transmissions and our day-to-day communications. Whilst used without fear by the average person, for military organisations radio waves are well known to have vulnerabilities, some adversaries having the means to manipulate radio waves and jeopardise their confidentiality, integrity or availability. But now, with the staggering rise in the number of connected electronic devices (for example, the ‘Internet of Things’), it is not just military forces who need to be wary of interference and the more subversive activity of Electromagnetic Attack. 

Intangible warfare 

The military has grappled with Electromagnetic (EM) Attack for well over a century. When in a conflict, reducing the adversary’s access to information by denying their sensors and communications can be the difference between victory and defeat. Modern military forces, including those of the Superpowers, have been masters in this discipline for a long time – with decades of experience in using EM Attack and defending from it.  But things are changing.  

There is a new threat, posted by smaller states (i.e. ‘non-super powers’) and smaller non-state actors who can now obtain EM attack capabilities at lower and lower costs. And, as the number of devices used by adversaries and our own forces continues to grow, the utility (and threat) of EM activity will continue to increase.  

Take, for example, the growth of wireless communications. A fibre optical cable buried under a layer of soil and concrete is pretty robust from an exploit point of view. However, that data may later pass via a point-to-point microwave link (Radio wave link), before moving back underground. Needless to say, that microwave link is a lot easier to access and attack via eavesdropping or disruption (jamming), than the cable network that it serves. By attacking the microwave link hostile actors negate the inherent physical security of the underground cable network. 

Defence is pursuing the ‘Military IoT’ in many forms and with many different projects. The prospect of increasingly networked military capabilities does offer many benefits, but faces the same EM-driven drawbacks that threaten conventional IoT systems. A true military IoT would be very hard to secure in the EM sense – and perhaps the best course would be to turn that technology off during a conflict scenario or operate under the assumption that it would be denied.  

How to solve the electromagnetic interference conundrum

Unfortunately for businesses, this is no longer an issue just for militaries. The grey zone – an area in which hostile actors are able to attack political, economic and military instruments without provoking a conventional response– is growing. As such private businesses are at risk of falling victims of bad actors, particularly if they are seen as a core part of a nation’s infrastructure. And damaging them therefore hurts the nation which they are in. 

One option available to both militaries and businesses is Electronic Protective Measures (EPM). An example of this is adding protection devices into receivers in order to protect them. As of late, however, the trend has been to move away from protecting electronic systems, as these can limit the performance of the system in terms of bandwidth or through-put. Electronically protecting systems (for example, with the use of Faraday cages (shielding) or screening) can be complex and expensive.  

A resilience-based approach to EM Attack is likely to offer a balance between no protection whatsoever and ‘over-protection’. However, the cornerstone of effective resilience and timely recovery is informed decision making and therefore detection. Attribution of EM disruption to EM Interference or Attack is vital to this process.  

Solutions are now available which promptly make clear if an attack is underway or EM interference is present. These disturbances would otherwise have been untraceable. Capabilities like these are especially important as human senses have no way to detect radio waves, and it is very easy to misdiagnose device upset or failure as a hardware or software fault. This further demonstrates why situational awareness of the EM environment (and the EM spectrum) is so important.  

The civilian world is making greater and greater use of the EM spectrum, but perhaps without a full understanding of its vulnerabilities. What is certain is that as the number of devices using radio waves or wireless increases, so will the incidents of EM interference and so will, sadly the opportunities for bad actors to use EM attack.  

Final thoughts

As our wireless connectivity, exemplified the IoT continues to grow, considerations which were once just of concern to the military and security services are now relevant to civilian industries. Fortunately, the preparation remains the same. Organisations need to ensure they have the necessary situational awareness to know where their vulnerabilities are, and when those vulnerabilities are being exposed. A failure to do so opens the door to both financial and reputational loss. 

About the Author

Richard Hoad is technical strategist at QinetiQ. We deploy our scientific and technological knowledge, proven research capabilities and unique, purpose-built facilities to provide both services and products that meet the needs of a wide range of global customers. We operate primarily in the defence, security and aerospace markets and our customers are predominantly government organisations, including defence departments, as well as international customers in other targeted sectors.

Featured image: ©Pixel