Am going to give the correct account of what happened with the supposedly 'hacking' of the Predator UAVs to give truly objective readers the background information so they can make a more informed decision about this latest event.
By the time the Predator UAVs became active duty, commercial-off-the-shelf (COTS) technologies for the overall UAV program were aggressively pursued to 'enhance' the deployment of UAVs for all branches of the US military in the shortest time possible. But because these technologies were primarily geared for civilian usage, INFOSEC was at best partially relevant and seldom structurally part of the philosophy of any system. INFOSEC matter only at the component level and at the user's discretion, in other words, data are usually transmitted in unencrypted format and its security mattered only upon reception and usage by the receiver. If this receiver needs to transmit this data again, he cannot be certain that the other recipients can decrypt into a usable format, so he decrypt his data then transmit, relying upon the perception that it is too much effort for most people to expend to intercept these tranmissions. It is this kind of built-in vulnerabilities that the US military literally bought from these COTS manufacturers for the UAV program.
For each military UAV, there are two data links that must be available for usage. The generic 'data links' phrasing contains two types of data: video (V) feeds and command-control (C2). For this discussion, they will be referenced as Vf and C2 for brevity's sake.
The C2 signal type is far less common in the COTS technologies for adoption and when the need is for aviation, as in flying an aircraft via remote, the security aspect became prominent, resulting in the additional installation of encryption to protect its integrity.
The Vf signal type is far more common, as in commercial satellite television, in the COTS technologies for adoption.
For example with Hughes...
Defense.gov News Transcript: Transcript : DoD News Briefing : Dr. Paul Kaminski, USD (Acquisition and Technology)
DoD News Briefing : Dr. Paul Kaminski, USD (Acquisition and Technology)
This broadcast satellite has the ability to see the entire theater. We have the potential now, for example, to put a Predator UAV flying over Bosnia, downlink that information to a satellite station, uplink it back into the broadcast location, and put it out to multiple locations on the battlefield.
<snipped>
Q: You talked about a large bandwidth. What kind of bandwidth are you talking about here?
A: We tend to think of bandwidth in terms of megahertz or megabytes. The direct broadcast satellite is capable of providing 30 megahertz of bandwidth. We're initially going to use 23 of that, until we know that we can get the signals and noise and the performance out of the transponders that we need.
There's a second satellite transponder involved in this. We call it VSAT. It's like a business satellite. That transponder has 150 megahertz worth of bandwidth -- or the ability to support at least 12 fully internetted major command and control centers -- as well as the links required to support the Predator and other reconnaissance systems in the theater.
It's hard to compare that in terms of number of normal telephones, if you think of a normal voice telephone using something like 10 kilohertz of bandwidth, we're really talking about the ability to handle the better part of a million phone conversations. So this is orders of magnitude and capability beyond typically what we deploy with our forces forward. So it gives us the foundation for this information revolution.
Q: Can you tell us how much you'll save by using commercial technology?
Kaminski: I can't tell you how much we'll save. What I would say is that there isn't a path to do this, relying on developing something from scratch at a defense base. What we're doing is relying on the commercial-developed base because it's a quick base as well.
Q: Who are the commercial providers?
A: Hughes is the primary provider of direct broadcast TV that you can buy in the United States, and that's the technology we're leveraging off of -- that type of technology.
This was not a DARPA project. The Predator Vf links system was taken directly from the civilian developed technology and with that quick adoption is the built-in vulnerabilities because the disseminator of the data has to assume the lowest common denominator of receivers: No encryption/decryption capability. That is how television transmission/reception works.
In both situations, the C2 signals, be it where the UAV pilot is local or in the US, are completely secured. In both situations, the Vf signals that are for local reception are vulnerable for
INTERCEPTION, which is the same thing as reception, and that interception is unauthorized. There is a great difference in 'authorized interception' and 'unauthorized interception', but either way, the essence of 'interception' is the interruption of a travel and 'reception' is 'interception'.
This was the early days of controlled UAVs in a war. The justification for encrypting only the C2 signals and leaving the Vf signals unencrypted is that there is only one pilot per UAV but the range of receivers -- or interceptors -- wanting to see real-time videos of the current location or battle can be anywhere from one to one hundred. In the event that there are multiple UAVs in the area, encrypting only the C2 signals is logical because the encryption would protect all of them from conflicting pilot commands, which are interactive. Video feeds are passive. Behind that reception bridge is the Joint Broadcast System (JBS)...
RQ-1 Predator Medium Altitude Endurance (MAE) UAV
Sensor imagery is disseminated from the Predator ground control station via the Trojan Spirit II SATCOM system using the Joint Deployable Intelligence Support System (JDISS) and the Joint Worldwide Intelligence Communications System (JWICS). Live video is disseminated through the Joint Broadcast System (JBS).
...And once the Vf signals entered the secured network, they are immuned from unathorized interception. But before this bridge is where Iraqi insurgents managed to
INTERCEPT the Vf signals. There were no 'hacking' involved. The antennas for these Vf transmissions do not have receiver components behind them, whereas the C2 signals must have those receiver components to accept the remote pilots' and sensor operators' commands. The worst that could happen with these unsecured Vf signals is that of 'data insertion', meaning false data will replace the original Vf signals and make it to the ground receivers.
Drones Are U.S. Weapons of Choice in Fighting Qaeda - NYTimes.com
The urgent need for more drones has meant bypassing usual procedures. Some of the 70 Predator crashes, for example, stemmed from decisions to deploy the planes before they had completed testing and to hold off replacing control stations to avoid interrupting the supply of intelligence.
The context was to do just the absolute minimum needed to sustain the fight now, and accept the risks, while making fixes as you go along, Colonel Mathewson said.
It is easier, of course, for the military to take more risks with unmanned planes.
No one from US ever said the system was perfect then and neither is it perfect now. But just as the NY Times article pointed out, the lower the risks for our people, the more we are willing to have a lower
IMPERFECTION THRESHOLD with unmanned drones. No one understand this cold and often time cruel calculus than ground troops and if a drone is 75% effective and if it can save a few fellow soldiers, they will accept that drone as one of their own. The reality is that these drones that you people laughed at have done more than 75% despite their imperfections.
P. W. Singer, a defense analyst at the Brookings Institution, said the Predators have already had an incredible effect, though the remote control raised obvious questions about whether the military could become more cavalier about using force.
Still, he said, these systems today are very much Model T Fords. These things will only get more advanced.
So how does it feel to know that the flight control computers (FLCC) of these 'Model Ts' have more flight hours than all your pilots and that these drones also have more combat experience than your entire air forces?
So for this latest event involving an American drone, is it possible for Iran to 'hack' a triple-DES encrypted real-time two-way airborne C2 link? Intellectual honesty would compel us to leave the 'possibility' option on the table, however, we are under no obligations to accept the 'probability' option. Same for the 'virus' option. There is no logical tie between what happened a few months ago with undisciplined usage of computers in the UAV program and an Iranian source 'virus'. Possible? Yes. Probable? No. That leave the best option for Iran: The human agency aka 'spies' or 'traitors'.
