In the last months I have had the opportunity many times to read about the possible use, in cyber warfare context, of electromagnetic waves to interfere with defense systems of the adversaries. I wrote about a project dubbed CHAMP (Counter-electronics High-powered Microwave Advanced Missile Project) related to the use of microwaves to permanently knock out computers in a specific area. The project is born in US military environment, specifically developed by Air Force Research Laboratory, and it explores the possibility to design a directed-energy weapon capable of destroying and interfering with adversary’s electronic systems such as radar systems, telecommunication systems, computer systems and power distribution systems. While the project is started in military and is led by Boeing the technology comes from a small company called Ktech, acquired by Raytheon bought last year, specialized in the providing of microwave generators to generate EMP able to knock out electronics equipment.

Recently a report published by Defense Newsrevealed that the Intelligence and Information Warfare Directorate (I2WD) of the US Army is studying the use of electromagnetic waves to infiltrate sealed networks. The report illustrates that the US army is running the Tactical Electromagnetic Cyber Warfare Demonstrator program with the dual objective of sniffing data and injecting data into sealed cable networks. The intent is clear, a cyber army adopting electromagnetic waves could be able to spy on network or interfering with transmission altering the content of transmission for example introducing a malware into it. The research on the use electromagnetic waves is not new, NSA has been carrying out research in the topic for a long time, and project TEMPEST is the demonstration.

The technology could be used by a government with an unmanned aircraft flying over the location where target networks are located, let’s think for example a critical infrastructure and its control systems that could be infected despite they are isolated from internet. The approach is totally equivalent to the physical access to a network, the use of electromagnetic waves allows to the attackers to access directly to the target network. The Stuxnet case demonstrated that accessing to the network of critical infrastructure is possible to cause serious damages, but the vector for the attack was used an infected USB flash drive containing the Stuxnet virus able to exploit zero-day vulnerabilities of the host.

What is the evolution? Attack the target network without physically access to it eluding the defense systems adopted to mitigate cyber threats.

Despite the fact that this technology is available and tests have been conducted and demonstrated its efficacy, the use of electromagnetic waves is still immature due significant range and bandwidth limitations; this means that the source of waves in fact has to be very close to the target network and transmission of complex data is time consuming.

Another interesting project, Suter, a military computer program was developed by BAE Systems that has the purpose the attacking computer networks and communications. The program has been managed by Big Safari, a secret unit of the United States Air Force, and Suter was integrated into US unmanned aircraft. The program has been tested with different aircrafs and used in Iraq and Afghanistan since 2006, and according military experts, a technology similar to Suter was used by the Israeli Air Force to attack Syrian radars in the Operation Orchardon on September 6th, 2007. The use of electromagnetic waves to interfere with defense networks and systems is a so successful that many governments are working on projects using this technology.

http://securityaffairs.co/wordpress/