Suter - How does one defend against it?

[Stuart]

I expect it'd be harder to do once quantum encryption takes off and if a system is so well connected and run that they can cross-reference any friendly or hostile contacts with a central database, so if you want to fool the air defence guys, you have to also fool the computers detailing what flights are active in that area. Anyone picking up a civvie 737 where no airliner should be and where no military craft are will smell a rat.

There's pretty good links between civil air traffic control and military air defense systems anyway, if we think about it we can see why. However, its important to remember that what we see on the status displays of an IADS isn't data - its a synthetic picture that's made up by the system from the raw data. A lot of times, operators forget that and they assume that what they are seeing is raw video (AEGIS is prone to that; the nature of the display generated is determined by the rules input. When the watch changes, often a key rule or two gets overlooked and left in the system. That's one reason why the Iranian Airbus got splashed). Now, the interface rules between the raw data and the synthetic display is a good area to attack; it might well be possible to insert a rule that says "thus and so data is to be filtered out" so that there is nothing to check against other databases. Unless somebody steps outside, looks up and asks "why aren't those four F-15s showing up on our radar screens"

Being able to remotely alter actual electronic signals in hardware at a fundamental level would be the ultimate in ECM/ECCM, but alas, science fiction for now. You could end a war without firing a single shot, just by telling all hardware to shut down or turn over control to friendlies

I wouldn't be too sure its science fiction in the sense that we might be (stress the ****might be**** - I'm guessing and extrapolating from experience that's a quarter of a century out of date) much closer to getting that sort of capability up than thought. After all, the basic idea was considered possible in the 1970s using 1970s computers. With modern stuff, we can do a whole load more.

I suppose a microwave based EMP weapon would be similar in results, albeit, not as useful.

Most military systems - and quite a few civilian ones - are hardened against EMP, its pretty much a non-problem. To give you some idea, proofing an electronic system against EMP adds around 5 - 10 percent to the cost of that system. Oddly, less expensive systems have a proportionally higher anti-EMP cost component.

[Raj Ahten]

Thanks for all the information. This is a very interesting topic. (Hate to say it like that, sounds like i'm just parroting everyone else!) I must confess I had forgotten that aircraft and ground systems are always sending IFF signals back and forth

This field seems like one where the US has a massive advantage (given the amount of cash and expertese required), as I doubt many others have even thrown that much money at it. A big deal has been made about how much the Chinese are investing in electronic warfare of all types, but I have doubts on how effective their systems coud be given how far behind they are in radar and other systems.

[Admiral Valdemar]

There's pretty good links between civil air traffic control and military air defense systems anyway, if we think about it we can see why. However, its important to remember that what we see on the status displays of an IADS isn't data - its a synthetic picture that's made up by the system from the raw data. A lot of times, operators forget that and they assume that what they are seeing is raw video (AEGIS is prone to that; the nature of the display generated is determined by the rules input. When the watch changes, often a key rule or two gets overlooked and left in the system. That's one reason why the Iranian Airbus got splashed). Now, the interface rules between the raw data and the synthetic display is a good area to attack; it might well be possible to insert a rule that says "thus and so data is to be filtered out" so that there is nothing to check against other databases. Unless somebody steps outside, looks up and asks "why aren't those four F-15s showing up on our radar screens"

In that case, let the games proceed.

I wouldn't be too sure its science fiction in the sense that we might be (stress the ****might be**** - I'm guessing and extrapolating from experience that's a quarter of a century out of date) much closer to getting that sort of capability up than thought. After all, the basic idea was considered possible in the 1970s using 1970s computers. With modern stuff, we can do a whole load more.

I'm unaware of any technological way of achieving what I'm thinking of, which is really the Culture's effectors from the Iain M. Banks novels. They're the ultimate evolution of electronic warfare, whereby any charge based system can seemingly be manipulated, from weapons suites to biological nerve impulses.

Now that would be a weapon to fear. I hear fMRI systems in the pipeline can potentially affect brain functions if configured such a way. Not that this helps us control a nation's military (yet...).

Most military systems - and quite a few civilian ones - are hardened against EMP, its pretty much a non-problem. To give you some idea, proofing an electronic system against EMP adds around 5 - 10 percent to the cost of that system. Oddly, less expensive systems have a proportionally higher anti-EMP cost component.

I was thinking the microwave beam be employed on the transceivers of comms units and radar arrays, rather than kill the electronics which has been pretty much impossible since the EMP tests of the '40s, you can have a directional jamming system. I prefer the idea of simply hijacking the network remotely, though. Once you control them, you don't need a craft flying about being vulnerable while it blinds or toys with the enemy.

[Sea Skimmer]

If the Israelis had some awesome way to hijack or spoof the entire Syrian air defense network, they wouldn’t throw that kind of advantage away just to hit one building that was most likely full of guns and rockets for Hezbollah. This all reminds me of the old stories about the US supposedly having shut down the Iraqi air defense system with a computer virus in 1991, when clearly the US had no need to do such a thing since stealth worked and allowed us to turn the computers into rubble.

[Juubi Karakuchi]

Thanks to all for responding.

Just a little background info. Syria has recently been shelling out for air-defence upgrades, particularly the SA-3 upgrade, and is rumoured to have acquired the S-300 in small numbers (though there is little or nothing to substantiate this latter claim). The SA-3 upgrade is listed as including telecode and optronic communications, which apparently make it more resistent to ECM. Considering what Raj Ahten wrote about the necessity of familiarity with the system, this upgrade could complicate matters with regard to Suter-style electronic tampering.
On the other hand, I haven't been able to find out anything about the process, particularly how many SA-3's are being upgraded and how many have been returned and deployed. If the answer to either question is 'not very many', then the IAF could simply have exploited a gap.

[Admiral Valdemar]

If they use line-of-sight communications rather than radio, they're limiting themselves all the same, so unless in the flats of the desert, it could prove to make the network less hardy.

That doesn't change that you can still tinker with the radar antenna itself, since not having that working means they may as well not be there anyway.

[Phantasee]

COMINT could easily work the same way. To decrypt a message it gets fed into a computer (modern computer-based decrypts are very good, they can even break conventional one-time pads).

I thought one-time pads are unbreakable unless you have a copy of one of the pads? How do you crack one of them?

[Sea Skimmer]

If a one time pad is truly random and the pad is kept completely secure and never reused then its unbreakable; but many one time pads are not in fact truly random and some kind of cipher or seed is used to create them that a computer might work out.

[MKSheppard]

I've been doing some thinking while walking around DC today.

SUTER most likely is a codeword for the software that takes advantage of the capabilities of modern AESA arrays as installed on the F-18E/F and F-22; plus the loads of computing power now available, tying together the capabilities now available such as:

1.) Being able to precisely focus a very high powered radar beam via AESA and burn out enemy radars/electronics at a distance.

2.) Being able to reprogram your AESA array to jam enemy radars by sending garbage to them via sending false echoes, or just blanking them with sheer power.

3.) Being able to reprogram your AESA array to "fake" an enemy radar. Lets say you changed your IFF array to say that you are Iran Air Flight 534. Sounds all good right? Normally, you would have to keep your radar off to avoid giving the game away -- why is that Airbus emitting EXACTLY like an APG-65? But with AESA and today's computing power, you can switch to a radar mode which "fakes" the commercial weather avoidance radar found on Airbuses, maintaining the deception.

4.) Using your radar as a datalink -- Aviation Leak had some interesting articles on how tests with F-22s and F-18E/Fs showed they were able to use their radars as high speed, broadband datalinks.

And I think I know how the "screw up enemy radars and networks remotely" works.

Ironically enough, I got the idea while thinking of how "no cd" cracks are made.

Basically, no CD cracks work on the basis of the machine code in your executable. The cracker finds the hexadecimal interrupt in the EXE file which is the "IF FAIL THIS, GOTO END PROGRAM" and modifies the hexadecimal to bypass it.

Now, imagine your enemy radar opening up and analyzing the enemy radar's signal, and buried in the radar signal are all the goto offset machine code commands for all the CPU architectures available; x86, etc.

I'm sure that simply entering a random number for the offset will cause bad things to happen, like the system locking, or shutting down.

[phongn]

If a one time pad is truly random and the pad is kept completely secure and never reused then its unbreakable; but many one time pads are not in fact truly random and some kind of cipher or seed is used to create them that a computer might work out.

Right - if someone using a psuedorandom number generator and figures out the generator, the seed and when it has been sampled, you can break the pad. There are true RNGs (for example, sampling radioactive sources) but those are unwieldy.

Ironically enough, I got the idea while thinking of how "no cd" cracks are made.

Basically, no CD cracks work on the basis of the machine code in your executable. The cracker finds the hexadecimal interrupt in the EXE file which is the "IF FAIL THIS, GOTO END PROGRAM" and modifies the hexadecimal to bypass it.

Well to improve the analogy - more like a game trainer, which invades the program's process space and rewrites commands without modifying the original file (a no-CD crack traditionally modifies the executable file).

EDIT: Actually, the best thing I can think of - awhile back there was a flaw in the way Windows parsed a certain type of image format (WMF). Just by displaying the image a system could be compromised. /END-EDIT

This is an interesting artifact of most computer architectures where "data" and "program" are not distinguished from each other - the Von Neumann architecture. That said, in recent years, even low-end commercial systems are able to recognize that some regions of memory are purely data and will not be executed, defending against such an attack.

I'm sure that simply entering a random number for the offset will cause bad things to happen, like the system locking, or shutting down.

You'd also have to know where to point to as well, etc. However, given that many military systems are probably not field-upgradeable once you have a copy and you know what you're doing, you can wreak havoc.

[Admiral Valdemar]

So it would be possible, in theory, to hijack the computer systems within the SAM site by sending a coded signal that works at a fundamental, almost machine code level through a radar return beam?

[phongn]

So it would be possible, in theory, to hijack the computer systems within the SAM site by sending a coded signal that works at a fundamental, almost machine code level through a radar return beam?

In theory, yes. In practice, the difficulties of doing so give me a headache if you have to attack a general-purpose machine of unknown configuration.

[Admiral Valdemar]

The limiting factor is the architecture of the operating systems then, not the technology itself and method of attack. I'd assume that BAE Systems and the USAF have looked at such equipment in use and drawn up basic ways of attacking them via this route, if it is what Suter is meant to do.

Not foolproof, but for well known and less bleeding edge weaponry, it will be sufficient to limit chances of being intercepted. Could have EW aircraft leading wild weasels to take out such installations before the main force moves in, since I doubt a non-stealth aircraft will have its RCS picked up if the EW leader is manipulating the radar signals and taking over the host machinery.