Connect with us

Defense

The Programmable Diplomatic Kill Switch

Published

on

If indeed “War is a mere continuation of policy with other means” [1] the metaphoric kill switches that have made their way into strategic weapons by arms manufacturers give Clausewitz’s nearly two-hundred-year-old observation new meaning. The ability of states that manufacture complex strategic networked weapons systems to simply turn off or at least partially disable such systems, on demand, is not really new.

This capability is not simply to ensure such weapons cannot be turned and used against states that manufacture them. It can and will be used when it is in the interest of third-party states to modulate a conflict. International relations could be steered down a path that was once traveled down by surrogates of superpowers.

Surely, a kill switch is not a marketing feature, nor will one have its tutorial in the training manuals of the U.S. FA-18 Hornet’s Target Acquisition System, Israel’s Hermes and Heron UAVs (Unmanned Aerial Vehicles, or drones), or in Russia’s Iskander guided ballistic missile, among other systems. Such compromised access is made through backdoors, allowing unauthorized remote access to the computer control hardware. These backdoors are not hacked into but rather are designed into the system, analogous to the Trojan Horse tale of subterfuge.

We are not talking about the future. When the U.S. sold FA-18 jets to Australia three decades ago, they would not supply the system codes necessary to acquire enemy targets the Australians wanted them to. These jets would only lock on targets the U.S. would allow [2]. Subsequently, the Australian military developed their own Electronic Warfare Self Protection, a Radar Warning Receiver known as ALR-2002 [3]. It has been also claimed that Australian programmers discovered the codes the U.S. would not provide them [4], but both of these indigenous efforts might be the same although announced and interpreted differently. The Australian Defense Minister at the time noted “The radar of our Hornet could not identify most of the aircraft in this region as hostile … so our frontline fighter could not shoot down people who might be the enemies in this region” [5]. By 2006 Australia’s ALR-2002 project was being phased out in favor of Raytheon’s ALR-67 (V3) as this unit provided necessary access to radar signatures the Australians required, and it was fully operational whereas the ALR-2002 was still in its qualification stage. For fifteen years, the U.S. arbitrarily denied an ally access to full system capabilities.

There have been reports [6] that during a specific politically contentious period between Turkey and Israel, 2014 or before, Israel sent a strong message to the Turks through a surrogate, Azerbaijan, when some of Azerbaijan’s Israeli-manufactured UAVs were unexpectedly unable to launch. This would not be surprising as Israel’s Elbit weapons manufacturer and other IAI (Israel Aerospace Industries) have tended to use unified UAV control and data centers, robustly connected via networks and satellites [7].

On September 6, 2007, when the Israeli Air Force destroyed a purported Syrian nuclear research facility, Syrian early warning radar wasn’t just jammed but it appears their entire network was disabled to such an extent that the Syrians never saw the Israeli jets violate Syrian air space. As with the Azerbaijani incident, no official mission report was made public. Much of the Syrian military only knew of the events after the facility deep inside Syria was destroyed. It seems that a combination of techniques was used, including speculation that the Israelis were able to incapacitate key pieces of computer technology using Syria’s own command and control infrastructure, including algorithm injection and infecting systems that may have actively compromised CPU (Central Processing Unit or microprocessor) function. The latter is conjecture in this case, although not without precedent. The French manufactured CPUs with the ability to be shut down remotely when used in military equipment they export [8]. Spiegel [9] wrote that a Syrian official, during a trip to England in late 2006, frivolously provided access to his laptop, allowing Israeli agents to place a Trojan Horse malware on the laptop, eventually revealing the inner workings of the purported nuclear facility. Some details can be found in the November 26, 2007, Aviation Week and Space Technology article [10] and any role the U.S. technology may have played.

Some argue that it is costly and even a security risk to incorporate kill switches in high-tech weaponry [11]. However, such an argument loses its price-performance claims as the systems move from anti-tank weapons and shoulder-launched surface-to-air missiles (such as Stingers) to strategic drones and ballistic missiles. Besides, it is well-known that the U.S. and other major nuclear powers install safeguards not only on their nuclear arsenal (known as Permissive Action Link) but also on items such as jets and strategic bombers. For example, upon receiving a series of codes embedded in part of its target acquisition system, an F-16 will shut off its weaponry if part of its return signal information includes codes determined to be coming from a targeted U.S. asset. Its radar may send a coded pulse and listen for a specific response. This is nothing new and is used to prevent such aircraft from attacking a real U.S. piloted aircraft or other military facilities. This capability extends to other large weapons manufacturing states.

The following is taken verbatim from The Economist’s Technology Quarterly, November 30, 2013 [12]:

“Kill switches” or “backdoors”, as these features are sometimes known, have so far been associated with expensive weapon systems that must send and receive data to operate. David Kay, America’s most senior arms inspector in post-Saddam Iraq, has noted that one of the reasons why Russia’s best air-defence systems have not been installed in Iran is probably because the Iranians fear that Russia might be capable of countermanding missile launches against certain countries’ aircraft. Now similar “override” systems are being applied to small arms, too.”

Major strategic weapons manufacturers would be remiss if they did not add such a capability to control the use of their weapons.

It has been suggested that military-class GPS navigation or a time limiter be added to tactical weaponry, allowing their use in a limited geographic area and only for certain time periods, or both. A satellite overhead could reset the weapon’s timer with a stroke of a remote keyboard. If this is within the realm of possibility, the same mechanism easily becomes a kill switch, thus turning on or off the ability to exercise the weapon effectively. Worse, such a capability could permanently disable on-board computer circuitry. Even certain cell phones turn into bricks if lost or stolen. A 2011 Brookings study [13] notes how UAVs are basically networked flying computers and “on-board computer systems on drones can be equipped with kill switches that could be tripped remotely if the drones go missing” and, thus, can easily be turned into inoperable bricks by remote fiat.

Claims of disabling or altering CPU function do come with empirical evidence. A state-of-the-art Intel- or AMD-powered Windows computer comes with the ability to update its microcode. The microcode is used to translate, internally within the CPU, the individual instruction in the running software into actual operations within the CPU. Such operations could be arithmetic, logical, and/or other. This means there is access to core internals of these microprocessors, regardless of “guaranteed” safeguards. In addition, most integrated circuits over the past 25 years or so can be tested as a functional unit using JTAG (Joint Test Action Group) pins. Further, these and similar JTAG lines are available on motherboards. JTAG offers access to the internals of integrated circuits, since its function is to test subsections of finished products. Unless these JTAG lines are physically disconnected from the user, they provide sources of backdoor access.

A very convenient integrated circuit known as an FPGA (Field Programmable Gate Array) is specifically designed to power-up without any real operational capability; it simply awaits initialization, programming, and loading of other operational procedures into the FPGA upon boot-up. In military systems, every effort is made to verify and securely feed proper instructions into the FPGA, but many of these FPGAs have been subcontracted to entities outside the borders of weapons manufacturing states, which is asking for trouble. A case in point is the American-designed, but Chinese-manufactured, ProASIC3 FPGA (also known as PA3) by Actel (now Microsemi) used in products spanning automotive to aerospace to U.S. military applications, which was purported to have a deliberate backdoor. This was demonstrated by researchers at the University of Cambridge and Quo Vadis Labs in England [14]. Some dispute a deliberate intent claiming that no evidence has been brought forth that it was an intentional design-in [15]. Others claim backdoors are everywhere waiting to be exploited [16].

Former U.S. counter-terrorism czar, Richard Clarke, stated in the Smithsonian Magazine [17] that “logic bombs” and “trap doors” exist in the U.S. supply chain of chips, routers and hardware imported from China. Clarke also stated in the same interview, “Every major company in the United States has already been penetrated by China.” This may be an extreme view, but he also suggested in memos to national security advisor Condoleezza Rice on January 25, 2001 and September 4, 2001 that something on the scale of 9/11 may be in the planning [18].

In any case, since claims of backdoors, malware, and CPU accesses peaked in 2012, U.S. government agencies have intensified the search for and programs to detect such traps, backdoors, kill switches, etc. Such activity began even as early as 2005 and 2007 [19]. By mid-2013, it was reported in Security Affairs that “spy agencies reportedly have a long-standing ban on Lenovo PCs due to backdoor vulnerabilities”, stating “the research allegedly documented the presence of hardware and firmware backdoor vulnerabilities in Lenovo chips” [20].

It turns out that Intel, the maker of the most popular series of microprocessors in the world, the x86, has added a second tiny processor to its latest chipsets [21]. The prevailing explanation for the function of this added processor, which cannot be seen by the main CPU or the operating system, is to aid in remote management. This is an enhancement to an older subsystem called Intelligent Platform Management Interface (IPMI). However, Intel’s Management Engine (ME), a 32-bit ARC processor, in conjunction with Intel’s Active Management Technology (AMT), runs in the background even when the system is powered down, has the ability to monitor network traffic with its own dedicated network stack, runs its own firmware secured with 2048-bit RSA encryption, and has access to system RAM [22]. While probably not designed to be a backdoor, it can be used as one [23].

The diplomatic nature of this metaphorical kill switch could determine the outcomes of conflicts. Of course, such manipulation of military hardware has its limits. Military secrets are most fleeting and, as such, kill switches must be used in a manner that would make their effects appear somewhat innocuous. As demonstrated by the effort put forth by the Australians on their F-18s, it will only be a matter of time before the capabilities of kill switches are overcome. In response, the controlling “diplomats” may simply increase the errors in the trajectory of projectiles, slow down the sampling rate of sensors, etc., lest the military-industrial complexes of the world lose their markets to indigenous development.


[1] “Der Krieg isteinebloßeFortsetzung der PolitikmitanderenMitteln” Everything You Know About Clausewitz Is Wrong

[2] Beazley tells of U.S. code crack

[3] Economics of War and Peace: Economic, Legal, and Political Perspectives, Ben Goldsmith, JurgenBrauer, Emerald Group Publishing, 2010. Chapter 4: Arms Export Controls and the Proliferation of Weapons Technology, pages 59-66

[4] Australia ‘cracked top-secret U.S. jet fighter codes’

[5] See ref #3, Economics of War and Peace, page 63

[6] No hard documented empirical evidence has been presented to this author to conclude causation. However, the correlation between the near absence of Israeli-manufactured Azerbaijani drone sorties with the peak in political tension encountered by Israel (in at least one specific case) is rather interesting.

[7]   Hermes™ Universal Ground Control Station (UGCS) and UAV command, control & communications

[8] High-tech weapons sow fears of chip sabotage and New Technique Detects Hardware Trojans, many others such as, The Hunt for the Kill Switch

[9] How Israel Destroyed Syria’s Al Kibar Nuclear Reactor

[10] Aviation Week and Space Technology

[11] The Case for Kill Switches in Military Weaponry

[12] Kill switches and safety catches

[13] Cyber-Physical Attacks and Drone Strikes: The Next Homeland Security Threat

[14] Breakthrough silicon scanning discoversbackdoor in military chip

[15] Experts dispute threat posed by backdoor found in Chinese chip

[16] Back Doors Are Everywhere

[17] Condo Lied: Declassified memo from Clarke

[18] Richard Clarke on Who Was Behind the Stuxnet Attack

[19] Defense Science Board Task Force on High Performance Microchip Supplyand DARPA “TRU.S.T in IC’s” Effort

[20] Spy agencies ban on Lenovo PCs due to backdoor vulnerabilities

[21] Intel x86s hide another CPU that can take over your machine (you can’t audit it)

[22] Intel ME Secrets; Hidden Code in your Chipset and How to Discover What Exactly it Does

[23] Is the Intel Management Engine a backdoor?

David Davidian is a Lecturer at the American University of Armenia. He has spent over a decade in technical intelligence analysis at major high technology firms.

Continue Reading
Comments

Defense

Negating Nuclear Bluff

Published

on

The war of words between India and Pakistan’s militaries prove that both South Asian nuclear states are intertwined in a traditional security competition. Indian Army Chief Gen. Bipin Rawat, while delivering the annual Army dinner, stated:”We will call the (nuclear) bluff of Pakistan. If we will have to really confront the Pakistanis, and a task is given to us, we are not going to say we cannot cross the border because they have nuclear weapons. We will have to call their nuclear bluff.” Such statements of calling the ‘nuclear bluff’, ‘increased cross- border firing by Indian forces, which coupled with the proclamation of surgical strikes can lead to crisis instability in the region.

Director General Inter-Services Public Relations (ISPR) Major General Asif Ghafoor responded to the Indian army chief’s ‘nuclear bluff’ assertion by saying that such statements are unbecoming from a person of a responsible stature. He further stated that “Well, it’s their choice. Should they wish to test our resolve they may try and see it for them..…Pakistan’s credible nuclear deterrence is the only thing stopping India from a war.” Such statements by the Indian military officials, and a quick calculated response from Pakistan, have raised the concerns of security analysts regarding the regional security and strategic dynamics.

It could be an appropriate tactic of General Bipin for securing finances for the modernization of the Army, but an absurd and destabilizing statement for the strategic stability in South Asia. According to the analysts, such statements by Indian military officials can lead to crisis instability and force the Pakistan to hasten its evolution towards war fighting nuclear doctrine. Another alarming reality is that General Bipin has failed to realize the repercussions of misreading Pakistan’s nuclear weapon capability and too much confidence in India’s Cold Start Doctrine. Hence, Pakistan’s successful test of the ‘submarine-launched cruise missile Babur (SLCM Babur)’ can be viewed as a befitting response to India.

According to Pakistan’s Inter Services Public Relations (ISPR), Babur is submarine-launched cruise missile with range of 450 km. It was fired “from an underwater dynamic platform” and “successfully engaged its target with precise accuracy; meeting all … flight parameters”. The development of Babur (SLCM) is a significant component of a “credible second-strike capability” and a step towards reinforcing Pakistan’s policy of Credible Minimum Deterrence through self-reliance and indigenization.

Previously, on January 9, 2017, Pakistan conducted its first successful test of indigenously developed submarine launched cruise missile Babur-III.  Babur-III is also advanced, mature and indigenously developed series of cruise missiles. The First test of Babur-III was considered by Pakistan’ security planners as a major milestone and a right step in right direction towards reliable second strike capability. After the successful test of  Babur-III, Prime Minister Muhammad Nawaz Sharif, while congratulating the nation and the military on the first successful test-fire of the Submarine Launched Cruise Missile stated: “The successful test of Babur-3 is a manifestation of Pakistan’s technological progress and self-reliance.” He added: “Pakistan always maintains policy of peaceful co-existence but this test is a step towards reinforcing policy of credible minimum deterrence.” Therefore successful test of Babur-III, submarine launched cruise missile finalized the triad of Pakistan’s nuclear forces and second test of Babar on March 9, 2018 has enhanced Pakistan’s deterrence based on Second Strike Capability.

Another significant factor which forced Pakistan to acquire Second Strike Capability is India’s doctrinal transformation as it is clearly transforming its Nuclear Doctrine. New trends are emerging in India’s nuclear strategy as it is moving towards a ‘first-use’ or even a ‘first-strike nuclear strategy’. India’s nuclear doctrine is based on the ‘strategic ambiguity’, therefore it has been anticipated that India is shifting its nuclear strategy towards ‘counterforce targets’ rather than ‘counter value targets’. The second emerging trend is that India is moving towards the strategy of “First Use” or “Preemptive strike” from the “No-First Use strategy”. The abandoning of no first-use, development of missiles defense shield, fake claims of surgical strikes and calling the nuclear bluff are developments that are perilous for the regional security. Indeed, such events have forced Pakistan to maintain deterrence through qualitative and quantitative developments in nuclear forces. In the strategic landscape of South Asia, the presence of Pakistan’s credible second-strike capability is imperative for the continuity of the strategic stability between/among strategic competitors: India and Pakistan.

Subsequently, harsh statements by Indian military, its shifting nuclear doctrines and maturing sea based/ballistic missile defense developments capabilities are threatening for Pakistan. Such developments by India have been countered by Pakistan by carrying out two tests of nuclear-capable missiles, ‘Babur-3’ submarine-launched cruise missile (SLCM) and ‘Babar’. Pakistan’s tests of SLCM has further reinforced the debate on South Asian maritime security, second-strike capability and missile defense technologies in the regional landscape. To conclude, it’s impossible for the Indians to alter the strategic equilibrium between India and Pakistan. Though Islamabad is not matching the Indian conventional military buildup, yet it is gradually advancing its nuclear arsenal. Hence, Pakistan’s successful test of indigenous Submarine Launched Cruise (SLC) Missile ‘Babur’ has negated India’s desire to call Pakistan’s ‘nuclear bluff’ and has augmented the credibility of Pakistan’s nuclear deterrence strategy. Addition of ‘Babur’ in Pakistan’s military inventory confirms that Pakistan armed forces are prepared to thwart any kind of Indian armed forces military adventurism.

Continue Reading

Defense

A Likely Path to Nuclear Annihilation

Eric Zuesse

Published

on

U.S. President Donald Trump asserted on the morning of April 12th, “Never said when an attack on Syria would take place. Could be very soon or not so soon at all!” This statement from him is interpreted here as constituting a public promise from him to start the overt phase of America’s invasion of sovereign Syrian territory, no longer just continue the prior phase, which has relied instead upon America’s proxy forces, which originally were the ones that were led by (U.S.-Saudi-Qatari-UAE supplied and armed) Al Qaeda in Syria, but increasingly now are Syria’s Kurds, which have taken control over a third of Syrian territory, in Syria’s northeast. This area includes the oil-producing region, from Deir Ezzor northward, and the conquest would cripple Syria’s economic future, so that U.S-Saudi control of the entire country would be only a matter of time.

On April 4th, Emily Burchfield, a program assistant at the Atlantic Council — NATO’s leading PR agency — headlined the following, in order to explain the U.S. military’s (i.e., NATO’s) objectives in Syria (and the whole headline-bloc is quoted here, because it succinctly states the article itself): Analysis: Washington Still Has Work to Do in Former ISIS Territories

Before the U.S. pulls out of Syria, Washington needs to address a governance gap left in some former ISIS territories. Otherwise, marginalized Arab communities will likely ally with the Syrian government or extremist forces, writes Emily Burchfield of the Atlantic Council.

The U.S. military, in other words, cannot accept that “marginalized Arab communities” will “ally with the Syrian government.” Analogous within the United States itself would be if some foreign power refused to accept that “marginalized White communities” will “ally with the U.S. government.” In other words: this is clearly a military demand (a demand that came to be expressed here by a paid employee of NATO’s top PR agency, the Atlantic Council) to break up the country.

Whereas the prior U.S. President, Barack Obama, had tried everything short of all-out direct military invasion — as contrasted to indirect invasion by U.S. proxy armies of jihadist mercenaries — in order to conquer or at least to break up Syria, the current U.S. President, Trump, is resorting now to the direct military invasion route: he’s taking the path that Obama had declined to take.

Syria’s allies are Iran and Russia. These allies have enabled Syria to survive this long, and they all would be capitulating to the U.S. if they accepted the U.S. military invasion of Syria. For them to do that, would be for them to display, to the entire world, that the United States is their master. The U.S. Empire would, in effect, be official, no longer merely aspirational.

In the case of Russia, since it is the other nuclear super-power, this would be not just a surrender to the other nuclear super-power, but also Russia’s doing that without even waging a conventional-forces war against the U.S. Empire. That is extremely unlikely.

Consequently, Russia is probably now (on April 12th) coordinating with Iran, and with its allies, such as Hezbollah in Lebanon, a conventional-forces war against the invaders.

If that conventional-forces war inflicts more damage to U.S.-and-allied forces than they inflict against Syria, that would, in military terms, constitute a “military defeat” for the U.S.

This would leave the U.S. only two options:

Either accept that Russia is another nuclear super-power (which the U.S. Deep State has refused to accept), and end the previously subterranian war to conquer it that was started by George Herbert Walker Bush on the night of 24 February 1990, or else blitz-attack Russia itself in order to eliminate enough of Russia’s retaliatory weapons so as to ‘win’ the nuclear war — i.e., inflict even more destruction upon Russia than Russia would still possess and control the surviving weaponry to inflict against America in response.

Continue Reading

Defense

Optical Missile Tracking Systems and Minimum Credible Deterrence

Published

on

There was a time in human history when nuclear technology was the “it” technology; no one could imagine anything beyond it. The destruction and wrath it brought was not only terrifying but mesmerizing. It was fascinating for ordinary people, leaders, scientists and states that the smallest particle of matter upon breaking can release energy which could burn down a whole city in seconds. Thus, invention of nuclear weapons changed the way of thinking of nations, states and leaders. Mastering the fission of radioactive atom to enable it to release energy is not a child’s play; states invest billions in currency to make nuclear weapons.

At the operational level, a nuclear weapon requires delivery systems. In this regard, strategic bombers, ships, submarines and missiles are commonly used delivery vehicles by the states. But, one of the most significant and reliable delivery systems is missiles, With missiles, states can launch nuclear pay load from their own territory or from any other place without risking its human resource, in case of sending bombers. Missile technology all around the world is growing by leaps and bounds. After nuclearization, both Indian and Pakistan pursued missile technologies including ballistic missiles, cruise missiles, ballistic missile defences, Multiple Independently re-entry targetable vehicles and inter-continental ballistic missiles as well. States invest in nuclear weapons because it helps them achieve deterrence which stops states from using nuclear option due to fear of unacceptable damages to one’s vital interests. However, to endorse credibility of nuclear weapons, states invest in military modernization.

The main objective behind nuclearization of Pakistan was to create deterrence against India but without indulging into arms race. Thus, policy of minimum credible deterrence was developed by Pakistan. Later on, after India’s attempt to exploit the levels beneath nuclear threshold, Pakistan resorted to the policy of full spectrum deterrence without going for arms race. So, to create credible but minimum deterrence at the start of year 2017, Pakistan tested multiple independently reentry targetable vehicle (MIRV), which can deliver multiple nuclear war heads in one go.

Development of MIRV by Pakistan is neither consequence of ambitious national objectives nor is it meant to initiate an arms race in the region. But, it is to make nuclear deterrence viable against India’s BMDs which can intercept incoming ballistic missiles through interceptors and destruct them in the air.

Pakistan, due to its economic restraints could not go for BMD in response to India; as it is an expensive technology that has yet to achieve 100% success rate. So, considering its options, MIRVs came out as the most rational choice. However, MIRVs are one of the most complex technologies in which missile can carry more than one warhead in a single launch and with the capability to hit multiple individual targets. They require technological sophistication in not only sending so many vehicles in one launch but also in yield and most importantly in accuracy. With enough yield and accuracy MIRVs provide states the capability to go for pre-emptive strikes. Thus, MIRV have the capability to overwhelm the BMD system and resultantly eliminate the false sense of security under which India could go for first strike.

To increase the accuracy of MIRV missiles, Pakistan bought highly sophisticated, large scale optical tracking and measurement system from China. According to national news agency, Pakistan has deployed this sophisticated technology in battlefield. Before Chinese system, Pakistan was utilizing indigenous systems. Nonetheless, it will help Pakistan record high-resolution images of a missile’s departure from its launcher, stage separation, tail flame and, after the missile re-enters atmosphere, the trajectory of the warheads it releases. These functions will be possible because the system bought by Pakistan comes with a pair of high-performance telescopes equipped with a laser ranger, high-speed camera, infrared detector and a centralised computer system that automatically captures and follows moving targets. However, what makes this system unique is its ability to detect missile up to range of several hundred kilometers through the help of its telescopes. The timing of these telescopes are precisely synchronized with the atomic clock. Thus, now Pakistan can track different warheads going in different directions simultaneously. Moreover, through visual imagery, the missile developers can improve the accuracy and design of missile in much better way.

So, with this technological uplift, Pakistan will soon add Ababeel (MIRV) into its operational missile inventory. But, these actions by Pakistan are not to give rise to arms race rather they are the reactions to the actions taken by India. BMDs by India never strengthened nuclear deterrence or stability rather they eliminated the deterrence by nulling the credibility of ballistic missiles. As a result, to maintain credibility of its deterrence though minimum means, Pakistan opted for MIRV, as missile tracking systems are essential in improving the accuracy and designs of missiles. If anything indicates arms race in the region, it is India’s ICBMs, naval nuclear fleets and space weaponization.

Continue Reading

Latest

Newsletter

Trending

Copyright © 2018 Modern Diplomacy