A military radar operator at a forward combat post scans the display of a mobile radar post to ensure aircraft and drone patrols are on track and safe from the attentions of enemy patrols. Within a single revolution, a manned patrol aircraft blinks off the screen and a dozen unidentified signals occupy the airspace.
Has the enemy launched a completely unanticipated attack with a previously undetected fleet and brought the patrol down? Just before a response is scrambled, the pilot radios in – he and the crew are fine and there are no enemy in the surrounding airspace. In this case the threat only existed on the radar, a result of enemy hacking.
The most commonly reported cyber attacks against the military involve stealing information on systems or operations, denial of access, or disrupting communications, but any system dependent on electronic communication can be vulnerable, including radar.
Cyber attacks can potentially penetrate radar networks, giving false signals, or disguising or hiding real ones, causing air response to scramble unnecessarily, or enable enemy aircraft to penetrate protected airspace.
ThalesRaytheonSystems (TRS) has developed CybAIR RadBox as a portable solution to defend against these sorts of attacks on the move, or to be incorporated as part of a complete command and control (C2) solution. In common with other hardware for tactical environments, CybAIR RadBox comes in the form of ruggedised transit cases, from which the keyboard and colour screens which constitute the Human Machine Interface (HMI) can be unfolded.
According to TRS, CybAIR RadBox enhances traditional cyber security by providing multilevel supervision of the systems, detecting any abnormal operational behaviours at the radar equipment level (radars) or at the C2 centre level and raising an alarm to operators.
How CybAIR keeps air traffic safe
The screen displays what looks like a standard radar operator’s display but with coloured segments according to the number of aircraft in a sector, and a panel on the right hand side to detail any alerts. It records the radar tracks and compares plots on each sector in one rotation to the next. Any variance in data triggers an alert by the CybAIR agent, such as if a sector had no plots on one rotation and suddenly has a lot.
It includes forensics and post-analysis features and is provided with a set of tools and services for radar operators. It can operate either in probe mode or protection mode: in probe mode, CybAIR Radbox acts as a sniffer, analysing the radar data flow, and in protection mode it also provides firewall and network intrusion detection system (NIDS) protection to the local network.
CybAIR RadBox can also identify syntax errors. Messages received by a radar system have a defined structure, and CybAIR identifies variations, for example if a hacker introduces false tracks with an incorrect format. In a second scenario, the Identification Friend or Foe (IFF) data broadcast by an aircraft could be changed to look like a different friendly aircraft. Air traffic control (ATC) would be unable to identify which is real, and attempt to re-route the aircraft.
But could the CybAIR itself be hacked? TRS has thought of that and it is self-protected against intrusions and other cyber threats though implementing stringent IT Security guidelines.
Human Factors Engineer Cecelia Aguero, who works on developing the system, explains: "CybAIR uses algorithm which have knowledge of normal air traffic, for example if there’s suddenly a lot more than usual. It also rules out non-hacking causes, such as radar technology failure or weather conditions."
Real life radar hacking
The types of attacks CybAIR sets out to defend against may have already taken place. In 2007, analysts speculated that Israeli planes were able to sneak past Syrian defences to bomb a military target by hacking into defence systems to manipulate sensors so enemy aircraft were invisible.
During air strikes against the Gadaffi regime in Libya in 2011, officials in the Obama administration were said to have considered hacking into Libyan early-warning radars to hide the approach of strike aircraft. Despite confidence the attack code could have been contained, the method was considered a course of last resort and wasn’t employed in this instance. However, should circumstances dictate, there are no doubt specialists in the US Cyber Command ready to step up.
As well as hacking to create false signals, CybAIR RadBox can help combat viruses or worms introduced to disrupt or blind radar systems. Towards the end of 2010, multiple reports suggested that during an Iranian military exercise, six unidentified signals appeared on the aircraft and fighter jets were scrambled to engage what was presumed to be enemy aircraft.
However, once airborne all they encountered was empty airspace. Speculation has it that the same Stuxnet virus that had affected Iran’s nuclear industry and military systems had infiltrated its military radar.
Inclusive radar solutions
CybAIR RadBox is currently a standalone technology, but TRS plans to incorporate its cyber defence capabilities into its radar solutions, such as the mobile vehicle-mounted Groundmaster, although the stand-alone solution is compatible with non-Thales radar systems with some tailoring.
As well as its technical achievements, TRS is proud of the system’s usability. "Human factor engineering is the new domain," explains Aguero. "This system was designed alongside French Air Traffic Control to be user-centric."
However advanced a radar system, it can only be as reliable as the data it interprets and displays.
But like any other networked technology, radar can be vulnerable to cyber attacks, either disabling the response altogether or manipulating the signal, and its data needs to be kept as secure as any other military source.
Over the years BAE Systems has produced many of the most iconic and game changing defence technologies but not all have made it past the drawing board.
Floating like a butterfly and able to sting like a bee, DARPA’s request for insect-sized UAVs capable of tracking high-profile targets in densely populated areas finally looks like it is taking off.