Read on if you would you like to know more about the potential vulnerabilities and weaknesses of a Russian land forces tactical command and control system deployed to Ukraine.
Russian forces continue to oppose Ukraine’s liberation of its illegally seized territory by the government of President Vladimir Putin. Discovering and exploiting the vulnerabilities of Command and Control (C2) systems fielded in the theatre of operations by Russia’s land manoeuvre forces is an important part of Ukraine’s efforts. These vulnerabilities reveal how these C2 systems could be attacked using electronic and cyber effects.
Since the Russian government launched its ‘New Look’ defence reforms in 2008, the country’s militaries have strived to deploy digital communications and C2 systems. The reforms were launched in the wake of the Russo-Georgian War that same year. Alongside a wholesale reorganisation of the Russian armed forces, the reforms covered the overhaul of C2 capabilities according to a 2012 report by the Valdai Discussion Club. The club styles itself as a Russian foreign affairs thinktank. Angus Roxburgh, a British journalist and expert on Putin’s Russia, said Valdai is a key part of Russia’s propaganda in his 2013 book The Strongman: Vladimir Putin and the Struggle for Russia. What the Valdai Club says should be taken seriously as its words are almost certainly sanctioned by the executive. More recently, writing in his book Russia’s Path to the High-Tech Battlespace, Russian military expert Roger McDermott wrote that “Russia’s military modernisation programme increasingly focuses on providing the state with enhanced military capability rooted in the adoption of high-technology assets.” He continued that “these fit into a broader framework of a drive to modernise the conventional armed forces along command, control, communications, computers, intelligence, surveillance and reconnaissance lines.” The intention, McDermott summarises, is to equip Russian forces with the abilities to counter “peer adversaries in potential conflicts on the country’s periphery.” In short, Russia modernises her military not only to fight and prevail in conflicts in her ‘near abroad’ periphery, but can also direct these modernisation efforts against the North Atlantic Treaty Organisation (NATO).
Communication Problems
For Russia’s land manoeuvre forces consisting of the army, airborne forces and naval infantry, these modernisation efforts have crystalised with the introduction of new C2 and communications systems. These latter capabilities have been introduced alongside new kinetic and electronic weapons and capabilities. The introduction of new C2 systems and communications has not always been smooth. As Armada has chronicled over the past year, Russian land forces have experienced communications problems in Ukraine. Russian land manoeuvre forces appear to lack common, secure waveforms. This deficiency hampers the ability of legacy and new radios to communicate with one another. We have learned about these shortcomings from sources intimately familiar with the radios and their operation. The lack of secure ‘radio agnostic’ waveforms forces units to transmit en clair without encryption when communicating between disparate radio types. Shortcomings like these make the radios comparatively easy to jam and their traffic comparatively easy to intercept and exploit for intelligence.
Russia’s land forces are not only suffering shortcomings in secure, common waveforms. The antenna of the army’s newest handheld radio, the R-187P Azart family of 27 megahertz/MHz to 520MHz transceivers, performs badly. The radio’s predictable 50 hops-per-second frequency-hopping waveform is relatively easy to detect and locate. Once detected the waveform can be relatively easy to jam, Armada’s sources continued. With the radio’s location determined its position can be attacked kinetically by artillery, for example. Find a radio, and you probably find the soldier, vehicle or field headquarters using it.
The adoption of digital command and control systems has not been trouble-free. Back in 2000, the Russian government ordered the development of a new tactical C2 system. The system’s anglicised name is Yedinaya Sistema Upravleniya na Takticheskom Urovne/Unified Tactical Level Management System or YESU-TU. YESU-TZ was intended to provide an overarching C2 system from the high tactical/operational level down to the tactical edge. As McDermott noted, its birth has not been trouble-free. Significant software problems were experienced during development. The system began to be deployed in military exercises from 2010 and performed badly. To be fair, these problems were exacerbated by the difficulties the army experienced absorbing the new system into its doctrine, and tactics, techniques and procedures. It is noteworthy that the airborne force has been equipped with a separate C2 system known as Andromeda-D. Problems cited above regarding radio interoperability presumably heighten the challenge of absorbing these new C2 systems.
Despite the problems, YESU-TU system does seem to have been implemented in Russia’s land forces. A contract was signed with its manufacturer and the Russian Ministry of Defence (MoD) in October 2018. Russian news sources suggest that YESU-TU is now in service in the Ukraine theatre of operations. As of August 2022, four unnamed Russian Army brigades deployed to Ukraine are using the system.
Burdock Goes to Ukraine
Armada has learnt that an additional C2 system is now operating in Ukraine. Whereas YESU-TU covers the operational/tactical levels, the Burdock system seems primarily focused on supporting dismounted infantry. Thus, it appears that YESU-TZ may be primarily used to provide C2 for mechanised infantry, armour, artillery and combat support elements while Burdock maybe primarily used by dismounts. Interestingly, the Russian military already has a C2 system equipping its dismounted troops in the form of the Musketeer system. Musketeer forms part of the Ratnik infantry soldier system and includes a cellphone-sized personal computer presenting maps and other tactically relevant information. Commanders have an enhanced version of Musketeer running on a ruggedised laptop. Open sources say that Ratnik systems have been deployed to Ukraine although how many troops have them remains unknown. Is Burdock intended to provide similar capabilities to troops bereft of the overall Ratnik ensemble? If so, it means a mix of dismounted systems, both Musketeer and Ratnik, may now be deployed to Ukraine.
According to Russian documents seen by Armada, Burdock software can run on wireless devices using the Android operating system. Services offered by the software include access to terrain maps which are available in several formats. These maps can be rapidly annotated with appropriate symbols and information such as artillery fire corrections and target designations. Artillery calls-for-fires can be planned and made using Burdock. Route planning and blue force tracking can also be performed. The documents continue that Burdock’s software takes its cartographic information from the SAS Planet free online mapping service. These maps can be downloaded directly into Burdock from the internet. Alternatively, they can be added via a device’s Bluetooth connection or via a USB (Universal Serial Bus) stick. Alongside overlaying maps with tactical symbols, maps can be annotated with relevant video or photographs, voice or text files. A chat function lets users quickly share written information.
Burdock data can be shared using tactical communications systems like the R-187P radios discussed above. A soldier using an Android system could connect this to their radio. The radio, and its associated network, then becomes the link across which traffic destined for Burdock, and other C2 systems, moves. This capability is useful in areas where local cellphone coverage may be unavailable or compromised by eavesdropping. Similarly, civilian standard Baofeng and Motorola radios, which the Russian Army is known to use in the Ukraine theatre, can carry Burdock traffic as can standard cellphone networks.
Interestingly, Burdock can process ISR (Intelligence, Surveillance and Reconnaissance) gathered by Uninhabited Aerial Vehicles (UAVs). The use of UAVs by both sides is one of the enduring hallmarks of the Ukraine conflict. It is noteworthy that the documents shared with Armada state that Burdock can be easily used with civilian standard UAVs manufactured by DJI. For instance, the documents say that a UAV can be launched and controlled using Burdock with the UAV’s optronics also being controlled via the system. Imagery gathered by the UAV’s optronics is downlinked directly into Burdock. Once downloaded imagery can be exploited for potential targets. Once these targets are confirmed and their coordinates can be shared to facilitate engagement with kinetic effects.
In terms of the targeting cycle, target data is transmitted using the communications links described above. The documentation continues that gateways exist from Burdock into YESU-TZ and vice versa. The node between YESU-TZ and Burdock is provided using R-168UM/UV backpack/vehicular High Frequency (HF: three megahertz/MHz to 30MHz) and V/UHF (30MHz to three gigahertz/GHz) radios. Once a commander takes a decision on how a target will be engaged, the order is transmitted to the unit that will perform the engagement. This order will contain details regarding fire control, how the target will be designated and desired effects. Orders to this effect can be sent using Burdock to both artillery units and motorised rifle (mechanised infantry) units. Once the order is executed, subordinates can send their situation report back to their commander via Burdock.
Burdock data is encrypted with transport layer security and advanced encryption standards to enhance its protection. Cybersecurity provision includes protection against Level 4 and Level 7 Distributed Denial of Service (DDOS) attacks. User authentication is also employed alongside encryption keys. Moreover, Burdock can be used both offline and when networked. System updates are downloaded into the device hosting Burdock from a server. Updates can also be downloaded by Bluetooth, from a USB stick or via a cable connection.
Potential Vulnerabilities
As noted above, Burdock includes several security features. Level-4/7 DDOS cybersecurity is included as standard alongside user authentication and encryption keys. When moving across tactical radio networks, Burdock traffic may benefit from Transmission/Communications Security (COMSEC/TRANSEC) protocols provided therein. That said, the Russian Army’s apparent lack of secure interoperability waveforms in Ukraine could mean that any traffic traveling across radio networks en clair could be vulnerable. Such traffic may be relatively easy to intercept using standard Communications Intelligence (COMINT) systems. Burdock’s cybersecurity steps would still need to be broken. As a result, this might mitigate against obtaining near real-time decryption of the traffic.
Nonetheless, once Burdock gives up its secrets, this could leave the system potentially vulnerable to exploitation. Traffic moving across Burdock could also be manipulated or corrupted to hamper the tactical decision-making process. False or misleading traffic data could be inserted into the system to have a similar effect. Where Russian land forces tactical networks are transmitting en clair and carrying Burdock traffic, conventional electronic attack against these networks may be effective. Tactics like these could essentially prevent significant quantities of Burdock data moving around the network. Russian land forces’ reliance on civilian handheld radios for tactical communications also creates potential vulnerabilities. These radios, while having COMSEC/TRANSEC protocols, should be less onerous to intercept and jam with similar consequences.
Burdock’s ability to use HF networks does introduce some resilience. High frequency radio transmissions can be difficult to jam. Russian land forces place a high premium on using HF for trunk communications, often at the expense of satellite communications. However, HF is not a silver bullet. As radio amateurs in and around the Ukraine theatre of operations can attest, much Russian HF communication is done en clair. This lack of HF COMSEC/TRANSEC could provide an avenue by which Burdock data can be exploited. Another disadvantage of using HF to carry Burdock traffic is that these links tend to have less capacity than their V/UHF counterparts. This shortcoming may mean the richness of Burdock tactical data which can be shared across an HF network is reduced. HF waveband restrictions could hamper Burdock’s ability to share imagery, particularly video, for example.
The use of cellular networks also creates potential vulnerabilities for Burdock traffic. Open sources note that Ukraine’s cellular networks use frequencies of 800MHz to 2.6GHz. These frequencies can be vulnerable to conventional communications jamming within these wavebands. Likewise, cellular infrastructure can be vulnerable to kinetic attack. If such effects are used to destroy cellphone towers and other nodes in the network, service provision becomes seriously degraded across a relatively large area. Losses of local cellular coverage may force tactical traffic onto local tactical networks. Rerouting traffic, including Burdock data, could help overload these networks. Degrading cellular coverage also degrades the tactical network redundancy that local cellular services provide. Using kinetic and electronic effects against UAVs will also help to deprive Burdock of ISR data as and when those aircraft become neutralised.
The bad news is that Burdock is an advanced, sophisticated C2 system which no doubt helps Russian land forces occupying Ukraine to reduce their sensor-to-shooter time. Should the New Cold War involving the North Atlantic Treaty Organisation and Russia become hot, the alliance will have to contend with such systems. Nonetheless, the good news is that Burdock may have weaknesses. To summarise, the system has three potential areas of vulnerability: Kill a UAV and you kill a means by which Burdock gathers ISR data. Kill a network, and you kill the way Burdock shares this data. Kill Burdock’s software and you kill the system itself.
by Dr. Thomas Withington
