Cyber Security: Watch Out for Wireless Network Attacks

Consumer electronic devices are opening up a new front in cyber security wars

By Jeff Melrose, Yokogawa Corp.

1 of 3 < 1 | 2 | 3 View on one page

During a night bombing raid in the summer of 1940, a German Luftwaffe Junker Ju88 bomber seeks its way to a target over a blacked-out British landscape. The navigator doesn’t rely on the stars to guide the plane but instead follows a radio beam transmitted from occupied France. When the plane reaches its target, he will hear another signal from a second beam transmitted on a different vector. The point of intersection is where the bombs are released. The navigator doesn’t realize it but the second signal he receives is a hack coming from a British transmitter. He releases the bomb load too early; the payload falls harmlessly in the countryside.

Any student of World War II history knows the Battle of Britain was a months-long air engagement. A less-well-known element was the “Battle of the Beams,” where British intelligence sought to disrupt the radio navigational systems used to guide German bombers. Throughout the campaign, the sophistication on both sides ratcheted up as improvements in guidance systems were matched with new countermeasures. Radio was a very effective way to lead aircraft to targets but could be jammed or spoofed, deliberately sending navigators on a bogus course or simply rendering radio systems useless. Electronic warfare quickly became its own front in the larger conflict of World War II.

This “History Channel” moment has lessons for us today. The situation is not as dramatic but a similar war is being waged now. Wireless networks deployed in chemical manufacturing facilities are growing in size and sophistication. Most plants now have Wi-Fi networks, either set up specifically to cover the plant or spilling over from office locations. Networks for wireless field devices are user friendly and can extend sensing into difficult applications with lower costs.

These networks all offer security mechanisms using encryption and protected access management. When applied well, such safeguards are very effective, with the most sophisticated versions virtually impossible to break. Their potential downfall is dependence on an inherently insecure medium: radio.

Electronic Weaponry

Some of the most spectacular incidents disrupting wireless communication involved military-grade equipment. Consider these examples:

San Diego, 2007 — In January of that year, global positioning system (GPS) and other wireless services were significantly disrupted throughout San Diego harbor (Figure 1). Naval Medical Center emergency pagers stopped working, the harbor traffic-management system used for guiding ships failed, and airport traffic control had to switch to backup systems to maintain air traffic flow. Even cell phones users found they had no signal, and bank customers couldn’t withdraw cash from automated teller machines. It took three days but investigators finally found an explanation for this mysterious event: two Navy ships in the harbor had been conducting a training exercise where technicians jammed radio signals. Unwittingly, they also blocked GPS signals and much of the wireless communication across a broad swath of the city.

San Diego, 1999 — A U.S. Navy radar test in the harbor created electromagnetic interference that affected 928.5-MHz wireless communication from supervisory control and data acquisition (SCADA) systems of the San Diego Water Authority and San Diego Gas and Electric. The companies lost the ability to control valves connected to the system.

Den Helder, The Netherlands, late 1980s — A 36-in. valve in a gas-pipeline control system, located near a naval base, opened and closed at the same frequency as the scanning of an L-band radar system in the harbor; shock waves induced by the rapid valve movements caused the pipeline to rupture.

These problems were unintentional and involved high-powered systems. They also disrupted wide geographical areas by projecting problems over significant distances. For a criminal with more modest intentions, other approaches are far less expensive and much easier to implement.

Consumer Electronics Downside

An individual or group wanting to engage in cyber crime has a wide variety of weapons available within the huge world of consumer electronics. Technologies once reserved for the military now are easy to purchase and inexpensive. Some can be used to attack wireless networks. If the objective is disrupting a single plant, a weapon with the power of a naval radar system isn’t necessary. Consider this example:

Newark, N.J., 2013 — The U.S. Federal Communications Commission (FCC) fined a Readington, N.J., man nearly $32,000 after it traced a problem with Newark Liberty International Airport’s satellite-based tracking system to his truck. The man had purchased an illegal GPS jamming device for about $100 and installed it in his company-owned pickup truck so his boss couldn’t monitor his movements. Unfortunately, he was working near the airport and the device disrupted the ground-based augmentation system (GBAS) that uses GPS signals to monitor the locations of aircraft in and near the airport. The Federal Aviation Administration enlisted help from the FCC; investigators traced the jamming signals to the truck. When the device was turned off, the problem stopped.

1 of 3 < 1 | 2 | 3 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

  • I believe that we should REGULATE THE DRONE INDUSTRY and we should have REGULATIONS AND RULES in place that control and monitor their OWNERSHIP and OPERATIONS and at least we should have a REGISTRY FOR THE DRONES.

    Reply

RSS feed for comments on this page | RSS feed for all comments