Electromagnetic Warfare Is Here26/08/2014 20:10
Source: IEEE Spectrum
Electromagnetic (EM) attacks are not only possible—they are happening. One may be under way as you read this. Even so, you would probably never hear of it: These stories are typically hushed up, for the sake of security or the victims’ reputation. Occasionally, though, an incident comes to light.
In May 2012, for instance, the Korea Herald reported that over 500 aircraft flying in and out of South Korea’s Incheon and Gimpo airports reported GPS failures, as did hundreds of ships and fishing boats in the sea west of Incheon Airport. The source of the EM fields was traced to the North Korean city of Kaesong, about 50 kilometers north of Incheon. South Korean officials indicated that North Korea had imported truck-based jamming systems in 2010 that had the capability to jam GPS signals. These officials speculated that one purpose of the jamming was to interfere with South Korea’s highly digital society. Or perhaps the North Koreans were conducting an experiment, using South Korea as their beta tester.
In decades past, the few key electronic systems that existed worked at higher voltages than today’s machines and at lower frequencies, making them less sensitive to EM disruption. Today, though, any digitally controlled infrastructure presents a target: Power, telecommunications, finance, water, natural gas, and more are all coming under the ever-finer control of computers. Right now the power systems in developed areas of the world areinstalling smart power meters in homes and businesses, along with communications systems to transmit the data. The new wave of distributed renewable power systems requires additional sensors to determine their operating status, so that the grid can operate efficiently and avoid collapse. The increased need for information and the means to communicate it make all these systems vulnerable to anyone who may wish to create problems—and that means hackers, criminals, vandals, and terrorists.
And, unlike other means of attack, EM weapons can be used without much risk. A terrorist gang can be caught at the gates, and a hacker may raise alarms while attempting to slip through the firewalls, but an EM attacker can try and try again, and no one will notice until computer systems begin to fail (and even then the victims may still not know why).
Governments and professional organizations have been aware of the problem (called intentional electromagnetic interference, or IEMI) at least since the 1990s; in the wake of attacks like the one in South Korea, they began to take it seriously. For instance, in 2012 the European Union began funding three projects to deal with assessing EM attacks and protecting critical infrastructures from them. One project, known as Secret (Security of Railways against Electromagnetic Attacks), is meant to find ways to prevent the jamming of railroad equipment that uses the new GSM-Railway wireless communication standard. It’s not enough to patch holes that bad actors have discovered; we must also try to anticipate attacks that haven’t yet occurred. It may seem strange that we should find ourselves in need of defending against electromagnetic generators, a kind of weapon most people have still never heard of. The reason is obvious: Not only is it getting easier to make these generators, but we are also becoming more dependent on the data networks those generators threaten.
The recipe for frying a network is simple. Begin with a generator, fold in a battery, and garnish with either an antenna to propagate the output or a hardwired connection into the building you have targeted. Even a briefcase-size model could generate EM fields with peaks in the thousands of volts per meter, and those peaks would come fast and short, with a rise time of about 100 picoseconds and a pulse width of about 1 nanosecond. Such a pulse would contain frequencies between 100 megahertz and several gigahertz.
Whether the attacker transmits via an antenna or a hardwired connection depends on circumstances. The radiated field method gives attackers greater flexibility, but the power decreases rapidly the farther they are from the target. A hardwired approach lets attackers put the pulsed power where they want it without as much wastage, but it does require that they get close enough to the target to make the physical connection. Even this needn’t be very hard: Many commercial buildings have vulnerable communications cabinets and external power outlets, as Daniel Månsson, at the KTH Royal Institute of Technology, in Stockholm, has documented.