Cyber warfare is fast becoming a valuable additional arrow in the air defence suppression quiver with the mission increasingly resting on the cyber and electronic/kinetic attack pillars.
Cyber, Electronic and Kinetic attack pillars
The electronic element of the CEK triumvirate relates to the use of electronic countermeasures, particularly jammers, to attack hostile ground-based air surveillance and fire control/ground controlled interception radars and the RF (Radio Frequency) communications which Integrated Air Defence Systems (IADS) and deployed Ground-Based Air Defences (GBAD) rely upon for Command and Control (C2) and Situational Awareness (SA).
The kinetic element is focused on the application of kinetic force to those radars usually, but not always, using anti-radar missiles, and against the communications relays, C2 centres and weaponry IADS and GBAD rely upon to engage hostile aircraft.
Several incidents since the start of the century illustrate that cyber warfare is establishing itself as part of the SEAD (Suppression of Enemy Air Defence) practitioner’s tool kit. Its importance is only likely to grow vis-à-vis air defence suppression in the coming years.
IADS and GBAD
The growing importance of cyber warfare is driven by an important factor: Modern IADS and GBAD systems are relying on IP data connections, giving opportunities to disrupt the C2 chain by attacking their network.
We make the following distinctions between IADS and GBAD:
- Integrated Air Defence Systems (IADS) are primarily used to protect national airspace with networks of radars, effectors in the form of Surface-to-Air Missiles (SAMs) and Anti-Aircraft Artillery (AAA), command centres used to coordinate and execute the response to hostile aircraft and the RF wireless and cable communications needed to connect these disparate elements.
- Ground-Based Air Defences (GBAD) for the purpose of this article refer to the high-altitude/long range, medium-altitude and short-range SAMs and AAA deployed in the field at the operational/theatre level down to the tactical level to protect deployed ground forces. These units may be networked in a similar fashion to their IADS counterparts.
The reliance IADS and GBAD place on IP data creates opportunities for the SEAD practitioner. They can exploit this dependence on IP data by using electronic attack as the vector by which malicious code can be injected into the networks holding the IADS or GBAD together. This could cause these to stop functioning as a whole, or in part, to steal relevant C2/SA information, or to plant misleading or false data.
Operation Outside the Box (Syria)
It is know that cyber warfare has been used on at least two occasions to assist air defence suppression.
The Israeli Air Force (IAF) is strongly suspected to have used a cyber attack to degrade the Syrian IADS shortly before and during Operation Outside the Box when IAF McDonnell Douglas F-15I Ra’am and General Dynamics/Lockheed Martin F-16I Sufa combat aircraft destroyed a Syrian nuclear reactor strongly suspected of being used to develop nuclear weapons located at Al Kibar in the Deir ez-Zor Governate in eastern Syria on 6 September 2007.
A cyber attack was delivered into the Syrian IADS which presented a false air picture to Syrian air defenders which masked the radar tracks of the incoming Israeli jets. This was performed in conjunction with a kinetic and electronic attack on a Syrian ground-based air surveillance radar located near Tell Abyad in northern Syria, close to the Syrian-Turkish border.
European intelligence sources have shared with Armada Analysis that they believe the cyber attack was physically loaded into the Syrian IADS possibly by Israeli agents, or Syrian double agents, working under deep cover in Syria. This attack illustrated the importance of fusing CEK effects when performing air defence suppression.
Cyber Tools (USCYBERCOM & Suter)
Cyber effects were used unilaterally during a more recent incident. On 20 June 2019 in the wake of the destruction of a US Navy Northrop Grumman RQ-4A Global Hawk high-altitude, long-endurance Unmanned Aerial Vehicle (UAV) by an Iranian Sayyad-2C/3 long-range/high-altitude SAM the US Cyber Command (USCYBERCOM) undertook a cyber attack against the Iranian IADS.
This was reportedly directed against computers controlling SAM batteries. While the precise nature of the attack was not revealed it could have temporarily made SAM C2 systems unusable, or deprived the IADS of the means to share target and track data between installations.
The attack may have represented the first use of Northrop Grumman’s Unified Platform defensive and offensive cyber operations system which equips USCYBERCOM.
Moreover the US Air Force has a cyber attack system developed by BAE Systems called Suter at its disposal. Available space is insufficient to describe the workings of Suter in detail, but it is thought to use malicious code which is transmitted into radars via electronic attack through their antennas. The programme may cause the radar to display false information regarding a target’s velocity, bearing or altitude.
Alternatively Suter may inject malware to neutralise the cyber security used by the radar or IADS, or allow the user to take control of all, or parts of the IADS. Another useful element of Suter is that it may allow the user to derive the inner workings of the IADS to determine detailed information on communications nodes, and radar and communications operating frequencies which can be later targeted using CEK effects.
NATO’s Joint Air Power Competence Centre (JAPCC)
NATO’s Joint Air Power Competence Centre (JAPCC) is a NATO-accredited centre of excellence which provides support to NATO, but is not part of the NATO command structure.
Speaking from an independent position the JAPCC told Armada Analysis via a written statement that, from the alliance’s perspective, cyber operations are focused on purely defensive tasks in line with NATO’s defensive posture.
However “this does not mean that a joint force commander is prevented from being able to exploit the effects of offensive action in, or through, cyberspace when provided voluntarily by allies.”
To this end, nine NATO members have indicated that they could contribute offensive cyber effects for NATO in the appropriate circumstances: “A framework mechanism for doing such is in the process of being developed and approved. SEAD could indeed be one of those scenarios.”
Cyber SEAD (Suppression of Enemy Air Defence)
The JAPCC statement continued that at the national level during air operations cyber activities should be embedded into the daily air tasking order, where appropriate, and cyber activity should be integrated with its “operational counterparts” such as “space, electronic warfare, and information operations,” to specify just three disciplines.
From a SEAD perspective “the key is understanding what the commander’s desired effects are for the mission. If those are clearly articulated and understood then experienced cyber operators can provide recommendations on the possible use of cyber capabilities to assist in the achievement of mission objectives.”
Employing cyber warfare whether to support SEAD or any other aspect of an air campaign has “the same considerations for employing any weapon,” the statement continued: “It depends first on the mission and operation, and ultimately on the desired effect.”
These effects could range from “monitor, exploit, disrupt, degrade, deny or destroy” with effects being temporary of permanent. There is also the consideration that “once you launch a cyber attack, you give away all the techniques you used to make the attack and potentially provide them to the adversary.”
Ultimately “economy of effort must be considered: The juice must be worth the squeeze.”
Legal imperatives must also be followed as “the fundamental principles of military necessity, humanity, proportionality and distinction apply equally to the cyberspace domain as to the other traditional domains.”
Cyber warfare is fast becoming a vital tool to support the SEAD mission. It will not be long before it is used routinely to support its electronic and kinetic attack counterparts in ensuring that IADS and GBAD threats can be adequately suppressed.