Cyber warfare: disruptive technology in air combat


The Norse data wall on the operations loor of the Hunter’s Den, provides real time worldwide cyber-attack sources and attack locations within North America. J M Eddins/US Air Force

THE US Air Force is concerned that the future may pass it by. Disruptive technologies may be efectively weaponized by others. Technologies that may lack the Air Force’s strength and capabilities but may be able to weaponize them quicker and at less cost. US Air Force Deputy Chief of Staf for Intelligence, Surveillance and Reconnaissance, Lieutenant General Veralinn Jamieson said at a brieing in Washington on August 2: “The changing character of war is based on disruptive technologies. Where will this take us?”

Improved ofensive and defensive cyber warfare capabilities will shape future airpower as much as improved missiles (especially hypersonic), artiicial intelligence, autonomous light capabilities and other disruptive technologies.

Former Deputy Secretary of Defense, Dr Robert Work said in Washington DC on June 26: “In 2014, I had the foreboding sense that, from a technological perspective, the United States was falling behind great power competitors, especially China.”

China is known to be investing heavily in disruptive technologies. Cyber weapons are not a new threat; in 2007 Israel used them in combat against Syria’s integrated air defence system in a strike that knocked out Syria’s nuclear weapons programme. The importance of cyber weapons in air combat has made them one capability in which the US Air Force is looking to increase investment.

Allied air arms share this concern. On June 26, NATO released its first-ever Joint Air Power (JAP) strategy document that identiied cyber threats, along with electronic warfare and modern air defence systems as some of the most pressing threats to its air operations.

Cyber enters air combat

Airpower historians may remember this year for the first combat use of cyber weapons against aircraft. A US Air Force Special Operation Command AC-130 gunship was the target of the attack, over Syria. It returned to base, though it was not revealed whether the target was the aircraft’s light control systems or other onboard systems. One of the advantages of using cyber weapons against combat aircraft is simply that they are diicult to attribute and provoke retaliation. While iring a surface-to-air missile at a US aircraft would likely have been countered by powerful airdelivered irepower, there is nothing suggesting that whoever attempted to make a cyber-attack on the AC- 130 – most likely Russian – was not able to safely modify their weapon so it can work better the next time.

While Russia is limited by the amount of resources it can allocate to its military – currently and nominally about 11% of US spending – it has been trying to compensate for this by using disruptive technology weapons in combat; the ones that concern General Jamieson.

Army Lieutenant General Robert Ashley, director of the Defense Intelligence Agency, said in Washington, on June 26 that the Russians have used Syria, like Ukraine, as a testing laboratory. He said: “It is an opportunity to see how these technologies are going through the research and development process, and how it can make them operational, it’s a great testbed for them.”

Real-time cyber-attacks, including information on the attack’s origin, type and target, as well as, the attacker’s IP address, geographic location and ports being utilized, displayed on the Norse attack map on the 275th Cyberspace Squadron’s operations loor, known as the Hunter’s Den. The squadron is one of four in the 175th Cyberspace Operations Group of the Maryland Air National Guard at Warield Air National Guard Base, Middle River, Maryland. J M Eddins/US Air Force

General Ashley sees Russia’s cyber operations, being used in conjunction with its information operations, “in such a way to drive towards a decision or outcome that you think is something you are deciding, but they seed the information environment to drive you towards that decision.”

A cyber cutting edge for electronic attack

For US airpower, ofensive cyber weapons appear to be part of the electronic attack domain. A cyber capability was designed to be an upgrade for the US Navy’s leet of EA-18G Growler electronic warfare aircraft. The baseline capability integrates the EA-18G’s passive sensors, which can identify and, by using multiple aircraft, locate threat emitters. The EA-18G’s active electronically scanned away radar can then be used to transmit a highly concentrated and focused pulse of energy to disrupt even a hardened radar system. The EA-18G will reportedly have the capability to transmit malware that will efectively shut down an air defence system, as the Israelis did in 2007. The US was said to be ahead of Israel back then, and since then US capabilities have further improved. Cyber weapons, ofensive and defensive, are now openly discussed as constituting their own domain of conlict, distinct from electronic warfare or information operations.

But these capabilities may become more vulnerable. The AESA radar, while adaptable to the electronic attack mission, gathers in all returns and relies on its filtering algorithms to remove clutter and surface returns. This allows detection of even stealthy air threats. A cyber weapon transmitting what appears to be a radar return but is actually a malware worm, is a potential threat.

Cyber targets

Cyber weapons, electronic intrusion and tampering are a real threat to both military and commercial aircraft. They are currently considered in investigations of peacetime aircraft losses, though there has, so far, been no conirmed destruction of aircraft attributed to cyber weapons. Speaking in Washington DC on August 30, 2017, US Navy Chief of Naval Operations, Admiral John Richardson said: “Any kind of investigation and inspection is going to have to take a look at the computer, the cyber, and the information aspects of our business.”

Sailors stand watch in the Fleet Operations Center at the headquarters of US Fleet Cyber Command, the US Navy’s component command to US Strategic Command and US Cyber Command. MC1 Samuel Souvannason/US Navy
The F-35 Lightning II has been designed from the outset to operate in the cyber domain, both ofensively and defensively. SSgt Jensen Stidham/US Air Force
A Royal Australian Air Force F-35A Lightning II at Luke Air Force Base, Arizona. SSgt Jensen Stidham/US Air Force

The biggest threat posed to airpower by cyber weapons may not be to combat aircraft. Most military aircraft systems are hardened, with limited points of entry for a cyber-attack.

Commercial aircraft are increasingly connected to the internet and may be more vulnerable. It is not just location and status that might be revealed by onboard systems when independently reporting their status to a centralized data repository while in-light, their electronic connections could constitute a vulnerability to cyber-attacks.

This is one of the reasons why the Lockheed Martin F-35 Lightning II, unlike an airliner, does not link to the Autonomic Logistics Information System (ALIS) in-light, but rather when a secure terminal is plugged in after landing. Similarly, the F-35’s critical control systems are designed to be triple-redundant, but a cyberattack, like electronic warfare, is more likely to aim for killing the mission rather than destruction of the aircraft. A cyber weapon that is able to switch on a spurious warning light or show false sensor inputs also has to be countered. All of this relects that the F-35 has been designed from the outset to operate in the cyber domain, both ofensively and defensively.

Appearing before the Senate Appropriations Committee on May 17, US Air Force Chief of Staf, David Goldfein said an F-35 pilot flying a mission will find information already fused into the cockpit and on to the displays about what was going on in the cyber domain, because the cyber campaign was a part of his overall mission that he had built”.

The F-35’s designed-in, upgradable electronic attack capability could enable it to use cyber weapons to ensure that even future integrated air defence systems will not drive it from the skies. But to survive, combat aircraft may well require self-defence cyber warning systems that can alert a pilot when under cyber-attack. These would serve alongside the radar homing and warning sets that have been widespread on combat aircraft for decades.

A cyber warfare operations oicer, watches members of the 175th Cyberspace Operations Group analyse log files as part of providing a cyber threat update utilizing a Kibana visualization on the large data wall in the Hunter’s Den. J M Eddins/US Air Force

However, the logistics and service support systems, without which combat aircraft cannot operate, may be the most vulnerable cyber targets: their nonclassiied communications links have multiple points of entry. It is likely to be easier for an adversary to drive hostile aircraft from the skies by interfering with their fuel resupply than by jamming each aircraft’s fly-by-wire light controls.

Responding to the cyber threat

All of the US armed services are aware of the threat – and potential – of cyber weapons in air combat. The US Air Force is aware of the increasing importance of both ofensive and defensive cyber weapons to its ability to conduct all of its many and varied mission sets.

As of July 17, the 24th Air Force, dubbed Air Forces Cyber, based at Joint Base San Antonio- Lackland, Texas is aligned under Air Combat Command and serves as the Air Force’s cyber operations specialist command. Air Forces Cyber’s oicial mission tasking is to establish, operate, maintain and defend Air Force networks to ensure warighters can maintain the information advantage as US forces prosecute military operations around the world.

Alignment under Air Combat Command enables its integration with combat operations, as well as the joint-service US Cyber Command. On behalf of US Cyber Command, the Air Force’s Uniied Platform program aims to enable an operational capability for ofensive and defensive cyber operations.

Speaking in Washington DC on June 26, Chief of the Oice of Naval Research, Rear Admiral David Hahn said the Navy is looking to “leverage pockets of expertise that already exist in the United States.”

Speaking at the same event, Assistant Secretary of the Navy for research and development, James Guerts stressed the need for speed in response: “Getting speed up and cost down will drive failure tolerance up. We can’t just use hustle to get after things; 24 hours’ software ‘compile to combat’ is possible but requires new ways of doing business, not just doing the old ways faster”.

In July, the US Army stood up its new Futures Command with responsibility for emerging technologies such as cyber warfare that cut across modernization portfolios, including aviation, which is currently dominated by the Future Vertical Lift programme.

An AC-130U Spooky gunship from the 4th Special Operations Squadron waits to taxi during live ire close air support operations during Exercise Emerald Warrior at Hurlburt Field, Florida. Earlier this year, an AC-130 was the target of the first combat use of a cyber weapons attack against an aircraft, over Syria. TSgt Gregory Brook/US Air Force