TECHNOLOGY FOR CHANGE

Security Experts Warn Hackers Could Threaten More Drones Soon

Dennis McCafferty | Date: 01-06-10 | Comments

As details of insurgents in Iraq using off-the-shelf software to intercept live video feeds from U.S. Predator drones emerge, the question being asked is: Are the trade-offs worth better security?

A story reported last month in the Wall Street Journal seemed plucked from a Hollywood screenwriter's imagination: Insurgents in Iraq are using cheap, off-the-shelf software to intercept live video feeds from U.S. Predator drones. Backed by Iran, the militants intercepted the feeds via an unprotected communications link in some of the remotely flown planes' systems, the newspaper reported.

The reaction of the average reader was, "How could something like this happen?" But analysts who command expert-level knowledge of these systems aren't surprised at all. Drone-based communications technology requires fast, high bandwidth and must be conducted at an intense level over a broad geographical territory. To provide "lock down" security levels for such operations is unrealistic.

"There is always a trade-off between availability and security," says Mark Rasch, a former federal computer crime and espionage prosecutor. "For these kinds of communications, you can have fast, lossless�meaning no loss of data transmission�or secure. But it's very difficult to have all three at the same time. You need to know that what you see on the screen is what's really happening, that you're zooming in on a target that's truly an insurgent base and not a wedding party. To do this, you give up a little bit of security."

A completely secure system would require a considerable effort that may or may not be worth it. "You'd need data encryption technologies that scramble the data either before it is sent, or through the 'pipeline' over which it is sent," says Rasch, who is now principal at Secure IT Experts, a Ladera Ranch, Calif.-based security/business consultancy. "To send it over that way, you usually lose data volume, since your message has to carry both the message itself and the encryption parameters."

Time is precious too. If you take just one second to encrypt/decrypt the video feed, a drone will have traveled 150 feet further, says Jon Heimerl, a director for Solutionary, an Omaha, Neb.-based managed security services company.

Also, it may not even be logistically feasible for an effective encryption system to co-exist with complex drone video technologies. "Do you use an encryption device or software?" Heimerl asks, rhetorically. "If it is a device, is there actually physical room on the drone for the device? How will it be powered and what will the added weight do to aerodynamics? If the encryption is done with software, does the drone have a processor capable of running the software?"

Solutions could involve more evasive flight paths, Heimerl says. But the reality of war is that two opposing parties will always find a way to intercept communications. Indeed, the drone communications systems are so readily available, it's questionable to say that any insurgent hacking happened here at all. "Technically, this is not a hack," Heimerl says. "Think of it more like putting up a rabbit-ear antenna and getting NBC over the airwaves instead of paying for cable."