U.S. Air Force Study Reports Vulnerabilities in Drone C2 Systems

US Air Force Scientific Advisory Board graphic
Interesting timing. At some point after Iran captured a sophisticated RQ-170 RPA (Remotely Piloted Aircraft - UAV is a misnomer), the Public Intelligence website received an FOUO report entitled "Operating Next-Generation Remotely Piloted Aircraft for Irregular Warfare" published in April 2011 by the U.S. Air Force Scientific Advisory Board. One of the many issues that the panel was asked to investigate was electronic threats. Its related finding - "Limited communications systems result in communications latency, link vulnerabilities, and lost-link events."

Section 2.4.3 "Threat to Communication Links" expands on the state of vulnerabilities present for RPAs:

  1. Jamming of commercial satellite communications (SATCOM) links is a widely available technology. It can provide an effective tool for adversaries against data links or as a way for command and control (C2) denial.
  2. Operational needs may require the use of unencrypted data links to provide broadcast services to ground troops without security clearances. Eavesdropping on these links is a known exploit that is available to adversaries for extremely low cost.
  3. Spoofing or hijacking links can lead to damaging missions, or even to platform loss.

Section 2.4.4 "Threat to Position, Navigation, and Guidance":

  1. Small, simple GPS noise jammers can be easily constructed and employed by an unsophisticated adversary and would be effective over a limited RPA operating area.
  2. GPS repeaters are also available for corrupting navigation capabilities of RPAs.
  3. Cyber threats represent a major challenge for future RPA operations. Cyber attacks can affect both on-board and ground systems, and exploits may range from asymmetric CNO attacks to highly sophisticated electronic systems and software attacks.
These are just a few of the key findings that impact the mission of RPAs. With this report as background, the capture of the RQ-170 by Iranian forces needs to be evaluated fairly and not dismissed as some kind of Iranian scam for reasons that have more to do with embarrassment than a rational assessment of the facts. Remotely Piloted Aircraft are the future of Air combat, not just for the U.S. but for every military force in the world. Theft of this technology via cyber attacks against the companies doing R&D and manufacture of the aircraft is ongoing. Whether or not the Iranians got lucky or have acquired the ability to attack the C2 of the drone in question, there's obviously some serious errors in judgment being made at very high levels and secrecy about it is only serving the ones guilty of making those bad decisions.

UPDATE (1453 PST 14DEC11): I just confirmed with the Public Intelligence website that the Air Force document was provided to their site about one week ago which would make it the day after the news on the downed RQ-170 was announced. Clearly someone with FOUO access wanted this information to be made public to inform the controversy surrounding the incident.

Loss of the RQ-170. What Happens Next?
Open Source Analysis of the RQ-170 Stealth Sentinel Loss to Iran
How Iran May Have Captured an RQ-170 Stealth Drone
Was Iran's Downing of the RQ-170 Related to the Malware Infection at Creech AFB?