How vulnerable are C3I networks?
The Western intelligence community was bewildered to learn from East German secret services sources recently that West German PTT telephone and data traffic microwave links had been "tapped" regularly. The West also discovered that, weather permitting, virtually all radio communications in the Federal Republic could be intercepted from East Germany.
So far, the Western world, which has had the technical capability of intercepting East Bloc radio traffic for some time, assumed that the East did not have the know-how required for such operations. Export restrictions on "sensitive" goods to COCOM nations were not only aimed at preventing them from playing this game, but also at ensuring that the West would be the only players, hence the United States' objections to the export of fiber-optic systems, for example (data transmitted by fiber optics being almost 100 percent immune to interception without a direct physical attack on the cable).
From the military standpoint, the preference for jamming or interception has altered with time, technological progress and circumstances. In the past it was considered more rewarding to intercept and decypher the enemy's communications than to disrupt or jam his sources. With the advent of frequency-hopping, encryption and burst transmissions in the form of digital data streams, the chances of decrypting his communications diminished considerably and became possible only with bulky, sophisticated, computerized equipment, ill-suited for use in the combat zone. In those circumstances, the only solution is to disable the oponent's [c.sup.3]I network. At first sight, this may seem to be a simple matter. All that are required are several high-powered jamming transmitter operating continuously on all commonly used military bands. However, this leaves out of account the large number of enemy units which operate independently with wire networks e.g. missile batteries linked by cable to their command post. Granted, early warning messages from other sources would not reach them, but they could fight all air threats within their range. The same applies to smaller infantry units. Armored units and artillery, which depend on radio communications, would also be in trouble. However, total jamming would also greatly impair own communications and possibly even blank them out in places, so it is a two-edged weapon of doubtful value.
Blanket jamming is useful only during the first hours of a surprise attack, so as to prevent the enemy from organising his defenses - an initial advantage for the attacker which should not be underestimated. It does, however, mean that for a laid-down period of time, coinciding with the jamming, the attacking forces must follow their orders to the letter to prevent tangling with each other. Fighting blind is a dangerous gamble.
Selective jamming, combined if possible with physical attacks on identified command centers, is currently considered as the most practical means of impairing an opponent's [C.sup.3]I capability. The jamming or deception of radars on the other hand must be left to the platform being illuminated. In other words, all naval vessels and combat aircraft have to carry their own ECM equipment to deal with radar threats.
There is a world of difference between the jamming of radars and communications network. In a radar set transmitter and receiver are usually in the same place. The radar beam is reflected from the target and received by the same antenna, thereby opening an electromagnetic channel from target to receiver through which deception messages or jamming signals can be sent. On the other hand selective jamming or deception of a communications system is vastly more difficult, since unlike the transmitter, the receivers cannot be localized easily. Even if both locations are eventually identified, modern encryption techniques will make the insertion of deception material into a [C.sup.3]I network very difficult. The solution to the problem is not unlike that adopted for radar ECM: if the transmitter cannot be fooled, it has to be jammed.
Electronic Warfare is subdivided into ESM, ECM and ECCM. ESM consists in detecting all activities in the electromagnetic spectrum on a round-the-clock basis. Its tasks are to establish the signal characteristics and exact location of each intercepted emission and by analysis to establish its purpose in the opponent's C3 net so that the appropriate counter-measures can be taken. The options range from intercepting and decyphering the messages (Comint), inserting fake messages in the traffic (deception), selective jamming or even calling down artillery fire to destroy selected transmitters.
These ESM tasks seem simple: in fact they border on the impossible. The confusion when listening into a short-wave band on one's wireless set is nothing compared to what occurs in the high-density electronic environment of the battlefield. Both sides will use every band from VLF to UHF, possibly even the millimeter and infrared spectra. The task of detecting and classifying signals, localizing transmitters and extracting meaningful intelligence from the intercepts is monumental. The job can only be done by computers and sophisticated software, operating with a vast data-base containing thousands of characteristics typical of friendly, hostile and neutral transmitters. This implies, of course, that the "signatures" of all equipment capable of transmitting in war has to be registered in peacetime.
For effective countermeasures against transmitter the more important factors to be considered are: transmitter location, operating frequencies, spread-spectrum and frequency-hopping procedures used, transmitting power, antenna pattern and modulation methods, data format and above all, general weather conditions (which greatly influence interception). The next thing to establish is what function the transmitter serves: this may make it possible to come to a rough conclusion about the network's layout. One has to probe where are the network's weak points and how they can be selectively jammed or exploited for interception or deception. Spread-spectrum and burst transmission greatly reduce the options.
Clearly, an effective ESM equipment suite is not only highly complex but calls for highly trained operators.
A typical ESM equipment is the Rohde & Schwarz ESP receiver which scans the frequency spectrum from 10 KHz to 1 300 MHz at the rate of more than 1 000 channels per second. The ESP is the core of an ESM system consisting of special antennae, direction-finders, monitoring receivers, computer print-out facilities and other peripheral equipment. From the same company is the ESM-500 VHF/UHF receiver, which can be driven by a computer running a software specifically designed for this purpose. Close relatives are the ESM-508K, ESM-571 K and ESM-540K hand-off receivers which permit the monitoring of a large number of single frequencies in selected bands. They can operate in a network of up to 120 receivers linked by a computer-controlled IEC bus. Without appropriate direction-finding (DF) equipment the analysis of receivers remains incomplete. In some modern EW equipment the DF and receiver/analysing functions are integrated in a single box. An example is the Rohde & Schwarz Tacloc PA 1100 designed for operation in the VHF/UHF bands. The receiver section weighs only 7.5 kg. the antenna 6 kg. The equipment is therefore man-portable and can be used as a peripheral for extended ESM networks.
For airborne use there is the Magnavox ARR-81 digital Comint system. Its three receivers cover the frequency range of 1 kHz to 2 000 MHz, maximum tuning time being only 5 microseconds.
The AEG EP1650 modular Comint system consists of three or more direction-finding stations and a central mobile station. It uses a computer-controlled scanning receiver suite providing rapid detection and analysis of radio communications. It scans the selected bands rapidly, automatically adding the characteristics and location of any new transmitters to a computer library.
In Racal's modular System 3000, the basic unit consists of two receivers, a display unit and recorders, antennae and antenna selectors, processor and audio switching units, plus peripheral equipment. Several units joined together can form an ESM center to which a direction-finder network can be attached. A single unit can be housed in a transportable shelter or in an armored vehicle.
Thomson-CSF, another leader in this field, produces a series of Comint receivers and associated peripherals. Best known are the TRC-298 and TRC-243 family of receivers which operate with the TRC-195 and other suitable direction-finders. Fully automatic and modular, the systems enable other capabilities to be added for specific operational requirements.
A very comprehensive stationary Sigint/Comint suite is Hollandse Signaal's Spectra for use by signals and cypher analysts. The Spectra can be used to compile the transmitter libraries so essential to tactical ESM. Designed to cover the HF bands from 100 kHz to 30 MHz, it can be extended by modules to cover the lower MF and higher VHF/UHF bands. Of modular design, Spectra stations can be included in an electronic warfare system comprising an Elint subsystem.
Siemens offers a new modular, stationary or mobile receiver - yet unnamed - for radio and radio relay emission intercepts in the VHF/UHF bands. The system can automatically or manually detect and analyze all analog and digital, single- or multi-channel transmitter between 20 and 1 000 MHz. It can thus intercept combat net radio transmissions in VHF as well as radio-to-relay link, multi-channel systems, satellite and scatter links in the upper UHF bands. Among its unusual features it can receive and demodulate AM, FM, CW, SSB, PPM and PKS transmissions. The processing is performed at 16 kbit/sec to 4 Mbit/sec and it can de-multiplex multi-channel systems. The system is suitable for the intercept of tactically vital UHF radio links used for transmitting digital data streams.
Since it is well-known that communications security is threatened by modern ECM, protective measures have been devised, such as spread spectrum methods, frequency-hopping, burst transmissions and special encryption procedures. Largely ignored is an interesting counter-measure for protecting the security of data-links between higher headquarters. As highly directional antennae are used for such links and relays, the side lobe signal is usually very weak. For added protection strong transmitters are used which operate on the same frequency as the link but with their antenna's beam directed towards the suspected listening posts of the opponent. In most cases this blanks out the side lobe signal, thus providing a high level of security.
To be effective, ESM must be conducted on a 24-hour basis, both in peace and war. However, the data derived are subject to constant changes which have to be carefully "mapped" for maintaining an up-to-date picture of enemy communications procedures, tactics and equipment. Once a reasonably clear picture has been formed and the location of primary transmitters is known, ECM can be applied in an intelligent way. This, of course, excludes blanket jamming of the complete electromagnetic spectrum as this will hurt own forces as much as the enemy's. Thus, jamming has to be "intelligent" i.e. taking out the enemy's frontline radio where an attack is to be launched, at just the right time.
Eliminating selected transmitters is easier said than done. In anticipation, the enemy has probably established a fake network (which may include large sections of the real net) for transmitting pre-recorded fake messages and data on several channels. Friendly intercept stations will have great difficulty in determining which part of the intercepted message flow is genuine: this takes considerable skill and tactical training. Once phony signals are detected any near real-time exploitation of intercepted data can be forgotten.
As for ESM equipment, intelligent jamming requires a large computerized library of up to a couple of thousand hostile and friendly transmitter signatures to enable the jamming system to compose the correct countermeasure. With modern computer technology this library can be extended almost at will. Of great value is the identification of a specific signature for each transmitter encountered, instead of listing only the signatures of specific types of transmitters. Most of those located at the command and relay nodes of a C3 network will probably be powered by engine-driven generators. This creates a low frequency hum in the transmission signal which can be listed as a typical signature for each generator. (The hum can be isolated by the ESM receiver, enabling the movement of individual transmitters to be mapped.) This diminishes, but does not eliminate, the problem caused by phony C3 networks, since their transmitters would remain for the most part stationary. Numerous other problems have to be solved before intelligent jamming or interception of single transmitters is possible. It is doubtful whether this will ever be practicable since as soon as a new electronic warfare threat becomes known, a counter-defense is developed, leading to ever more advanced-and costly-state-of-the-art high-tech.
Almost all modern Comint systems are either integrated or interfaced with appropriate jamming transmitters. GTE Sylvania produces the MLQ-34 Tacjam VHF jammer. This operates with the passive TSQ-112 Tacelis Sigint equipment consisting of the ULK-17 intercept receiver and a UYK-19 computer. It uses psychoacoustic deceptive techniques in its jamming modulation and features a look-through-jam facility permitting the continued operation of the TSQ-112. The Tacjam, with a power output of 4 kW, is being introduced as standard equipment in the US Army.
For naval use Electronica SpA produces the very sophisticated C-News Comint system featuring interfaces with appropriate jamming transmitters. A modular system, its basic configuration can be expanded with equipment such as analysis and monitoring receivers, audio and digital recorders and jammers. Originally designed for the VHF/UHF range, modules can be added to cover the HF bands.
The British Army has lately introduced a Racal electronic warfare suite consisting of the RS3153 intercept receiver, the D-F type RTS1470 and the RJS3100 jammer. The equipment is air-transportable.
Built for high-power stand-off jamming in the HF bands is the Italian Telettra Rhino equipment. It has been designed to operate as part of a sophisticated ESM/ECM system but has adequate ESM facilities to work as an autonomous unit. The shelterized system can conduct search and intercept operations, automatic or manually steered jamming and can be used as an HF communications station.
Though the above examples of high-powered jamming equipment are transportable they cannot be called lightweight. Excellent mobility is offered, however, by the Israeli Elisra AT-4910 combat jamming and communications support system. Mounted on a jeep-type vehicle, it is operated by one man and is fully self-supporting. Frequency coverage ranges normally from 20 to 400 MHz but can be extended to include further bands. The system operates in three modes: communications jamming, high-power radio, with a 400 W output that can "burn through" enemy jamming, and two-way communications relay. Also included is a 20 to 500 MHz panoramic receiver for filling basic Comint functions. ESM can be continued during jamming.
A most unusual but highly practical and extremely lightweight jammer is Racal's Jamcat. The size of a telephone book, it can be connected between a combat radio's handset and the transceiver and acts as an ECM unit capable of generating a wide variety of jamming signals. Internally generated white noise, single tones, rapidly changing multiple tones, etc. can be used to modulate most transmitters regardless of power output, transforming normal communications equipment into a jammer.
An unusual ESM/ECM system is the ALQ-149 suite designed by ITT and Sanders for airborne use in the US Navy Grumman EA-6B. It combines radar and communication countermeasures equipment. The receivers are fitted inside the aircraft while the jamming transmitters are carried in underwing pods. The receiver subsystem incorporates separate communications and radar intercept and processing elements. These are coordinated with the analysis subsystem which is fed the intercepted signals and defines the appropriate jamming responses. The threat library is an integral part of the central processor, an AYK-14 computer. This high-speed device passes the appropriate jamming information to the transmitters. The largely automated system requires only supervisory functions from its two operators.
The US Air Force operates two different aircraft for the two jamming functions - the General Dynamics EF-111A for radar and the Lockheed EC-130E Hercules for communications. In the latter, the Compass Call system is said to be able to jam communications in virtually all bands from MF to EHF.
Among the expendable communications jammers, Racal produces the low-power RJS3140 barrage communications jammer for remote and unattended deployment against transmitters in the 20 to 90 MHz range. Powered by a small battery and triggered by a timer, it radiates a 10 W wideband signal for more than two hours. The jammer receives its operating parameters from a programming unit which remains with the signals unit. It is used by special forces to jam hostile transmitters on a purely local level over short periods. When placed close to the enemy transmitter, the lightweight and easily concealed RJS3140 is effective against frequency-hoppers.
Another unattended communications jammer from Fairchild Wesson Systems for use in UAVs can be triggered by timer or remote command. To obtain maximum effect in the temporary disruption of widely scattereds C3 networks, the UAVs can be launched in swarms.
Even tactical satellite-to-ground communications are prone to interception. Marconi Defense Systems has been working jointly with the Royal Signals and Radar Establishment on the development of optimum anti-jam techniques for satellite communications to increase Low Probability of Exploitation (LPE). (This is a new term which joins the older LP1 [Low Probability of Intercept] in electronic warfare jargon.)
"Exploitation" means taking advantage of the weaknesses in the enemy network. C3 networks - in fact all modern communications systems - depend for their faultless operation on digital computers, for which a vast amount of software is required (among the Western powers, the ADA language is standard).
Beware of the Virus
ADA's structure is no secret and it is no problem to write a lethal virus program for insertion into an ADA-based C3 network (see ARMADA No. 5/89).
Insertion of the virus poses no problem to a technically well-versed enemy. For example the virus can be added by the enemy to a standard position message forwarded into the opponent's C3 net via a recently captured artillery computer. The virus will then circulate with each message sent and spread the infection. Another way is to hide a virus in a deception signal beamed at a hostile radar. Initially it will only infect its extractor software but eventually it is bound to spread via data-link into the air defence network. Theoretically it is also possible to direct a message containing the virus to a defense communication satellite, thereby guaranteeing even faster dissemination. In essence there is no 100% protection against a virus (or several) entering and infecting a C3 network. Isolating a complicated virus would take days a it would almost certainly be a sophisticated type, unlike those used by hackers. In the critical opening days of a war this could be fatal.
When the Electronic Battlefield concepts based on [C.sup.3]I were formulated in the USA during the late 1960s, nobody could then imagine that [C.sup.3]I equipment would eventually become vulnerable to enemy action. There is now growing evidence that the infatuation with centralised [C.sup.3]I is waning - not only because of its vulnerability, (which could be overcome by spending more money on R & D) but also because it deprives local commanders of a certain latitude at tactically opportune moments which might escape headquarters' attention. There is no doubt that [C.sup.3]I will continue to exist as an essential communication facility, but the all-embracing Electronic Battlefield concept has been overtaken by the EW techniques now available.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||command, control, communication and intelligence|
|Date:||Jun 1, 1990|
|Previous Article:||A survey of the modern mortar.|
|Next Article:||Personal infantry weapons: old weapons or new hardware in the coming decades?|