Tag Archives: drones

Securing the Swarm: New Dogs, Old Tricks

As the tide of automated warfare rises, optimists are already attempting to ride the wave.  I do so in Proceedings, suggesting possible paths of development for autonomous platforms, and at the Disruptive Thinkers blog Ben Kohlman and I imagine future scenarios in which automated platforms might be used. Admittedly, we often ignore the many ways our concepts can wipe out: particularly signals hijacking and spoofing of navigational systems. As illustrated by eavesdropping on Predator communications and the recent forced crash of a drone in Texas, determined enemies can steal information or cause mayhem if they break the code on combat robot (ComBot) operations. Ideas for securing these advanced automated armadas can be found in some of the oldest methods in the book.

Paleo-Wireless: Communicating in the Swarm
In 2002, LtGen Paul Van Riper became famous for sinking the American fleet in a day during the Millennium Challenge exercise; he did so by veiling his intentions in a variety of wireless communications. We assume wireless to mean the transfer of data through the air via radio signals, but lights, hand signals, motorcycle couriers, and the like are all equally wireless.  These paleo-wireless technologies are just what ComBots need for signal security.

ComBot vulnerabilities to wireless hacks are of particular concern for planners. Data connections to operators or potential connections between ComBots serve as a way for enemies to detect, destroy, or even hijack our assets.  While autonomy is the first step in solving the vulnerability of operator connections, ComBots in the future will work as communicating teams. Fewer opportunities will be provided for subversion by cutting the long link back to the operator  while maintaining the versatility of a small internally-communicating team. However, data communication between ComBots would still be vulnerable. Therefore, ComBots must learn from LtGen Van Riper and move to the wireless communications of the past. Just as ships at sea communicate by flags and lights when running silent or soldiers might whisper or motion to one another before breaching a doorway, ComBots can communicate via light, movement, or sound.

Unlike a tired Junior Officer of the Deck with a NATO code-book propped open, computers can almost instantly process simple data. If given the capability, a series of blinking lights, sounds, or even informative light data-transmissions  could allow ComBots of the future to coordinate their actions in the battlefield without significantly revealing their position. ComBots would be able to detect and recognize the originator of signals, duly ignoring signals not coming from the ComBot group. With the speed and variation of their communications, compressed as allowed by their processing power, ComBots can move through the streets and skies with little more disruption than a cricket, lightening bug, or light breeze. High- and low-pitch sounds and infrared light would allow for communications undetectable to the average soldier.

LtGen Van Riper melded a deadly combo of new weaponry with old communications to build a force capable of, with the greatest surprise, wiping out a force armed with the greatest technology in every category. Utility, not technology, is what gives us the edge in the battlefield. Sometimes it is a combination of the old and new that allows for the potency. Perhaps, one day, ComBots will be set loose into the battlefield where they will operate more as a pack driven by sight and sound than a military formation managed over a data link.

GPS: How About a Map?

The Texas incident has broken open the doors on a previously low-key vulnerability for ComBot systems, navigation. While speculation is rife as to how the CIA lost a drone in Iran, it is quite clear that the researchers in Texas were able to spoof a ComBot into destroying itself. Spoofing of externally-based navigational systems is a potential way to turn aerial ComBots in particular into weapons against us.  It is often forgotten that systems that are “autonomous” still rely on outside guidance references that can be manipulated. While civilian GPS is less secure than military-grade GPS, the potential for GPS spoofing to lay-low a combat force is a chilling one. However, the solution can be found by augmenting legacy techniques with modern processing.

Terrain Contour Matching (TERCOM) and Digital Scene Mapping Correlation (DSMAC) are non-GPS methods of navigation that specifically use internal recognition of local terrain and urban landmarks to maneuver Tomahawk missiles. This is another way of, “looking around and reading a map.” Processing power advances since the system was first introduced during the Cold War mean greater amounts of recognition data can be processed in shorter amounts of time by smaller platforms. ComBots deployed to specific areas can upload local data to allow localization based on terrain from high altitude or Google-maps-style scene matching from rooftops or even street-by-street. With adaptive software, ComBots could even “guess” their location if the battlefield changes due to combat destruction, noting changes in their environment as damage is done.  While GPS can be spoofed, unless the enemy has been watching too much Blazing Saddles, DSMAC and TERCOM will be nigh impregnable navigational systems.

This defense for ComBot operations can also act as a navigational redoubt for a fighting force. The downing of GPS satellites or the spoofing of signals effects everyone using electronic navigation systems. Aerial ComBots outfitted with TERCOM and DSMAC could act as a secondary GPS system in an area with a GPS outage. If signals are jammed or satellites taken out, warfighters or other navigationally lesser-developed ComBots could triangulate their positions based on the system of ComBots with locations determined by TERCOM and DSMAC. By adding these recognition systems to autonomous drones, commanders will defend ComBots from hijackers and combatants from the choking fog of war.

Riding the Wave

The key to the safe and effective use of ComBots is to avoid the extremes of optimists and luddites. Optimists will look far into the realm of capability before necessarily researching vulnerabilities, abandoning the old for every shiny new development. Luddites will make certification and security processes long and complicated, cowering from the strange light new technology brings; ComBots would run on Windows 95 and take 30 minutes to log on to themselves. It is best to advance fearlessly, but take our hard-learned lessons with us. Non-digital communications, aka speech and signals, and localized navigational systems, aka carrying maps, offer ComBot developers a shield against interlocutors.  Our new dogs will be best defended by some of the oldest tricks.

This article appeared in its original form at Small Wars Journal.

Matt Hipple is a surface warfare officer in the U.S. Navy. The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy. 

Nextics: Flak is Back

Two should cut it, right? We’ve all got guns and the Germans are just rolling around in glorified trucks!

The tanks of the French 3rd Republic have become an unfortunate mascot of doctrinal stagnation. While the lessons of the Blitzkrieg are well taken, few note the incredible amount of time, the 25 years between the invention of the tank and WWII, during which tacticians could have developed new tactics. The real crime wasn’t ignoring the border with Belgium, it was ignoring technological developments for so long. By 1939, the Blitzkrieg concept should have been understood, countered, and re-developed by all sides. Tacticians must strive to provide their weapons with new tactics. Nextics, a combination of “next” and “tactics” is the development beyond that cutting edge: the weapons of tomorrow countered by the tactics of the day after. Drone swarms are a technology that, with a potential to be a near-term reality, we should prepare to counter as well as use.

The U.S. does not have a monopoly on the use of autonomous drone groups; a technology like drones using primarily open-source commercial and academic sources will soon be available to our competitors. Our technological advantage, experience, and know-how can keep us on the cutting edge, but we should be prepared to counter our own innovation before it is even brought into the field.

Traditional countermeasures will not work against drone swarms. Kinetic interceptors such as missiles and 20mm CIWS are designed to intercept single targets and groups of limited size. Drone swarms, numbering from dozens to hundreds of individual units, would overwhelm any kinetic system when attacking ships and aircraft. Typical chaff and electronic countermeasures will have difficulty countering drones using optical or infrared systems that recognize platform shapes, and chaff would not linger long enough to out-last a large drone cloud. The best countermeasure for a large formation of small, agile units is a weapon we have long left behind.

Same swarm, same problem, but processors instead of pilots.

Flak cannons and other aerial saturation systems are the day after’s countermeasures against the weapons of tomorrow. In the 1990s, Oerlikon designed the Millennium Gun, a close-in weapon system designed to intercept missiles with a shotgun-style area-effect blast. Such a system is a model for future drone-swarm countermeasure systems. Larger aircraft with the ball-turret style weapons of old could be deployed to protect high value units, or even drone swarms themselves from their opponent swarms. On land, soldiers could use a modified Trophy system to defend themselves from drones designed to combat men and vehicles. “Going stupid” saves on vital space that would be required for higher-level processors and detectors designed to combat individual miniature drones.

The urge to fight fire with fire is a strong one. Newer and better technologies are available to help us over-think problems. The coming age of automated warfare has us obsessed with hacking, spoofing, and otherwise electronic befuddlement. However, Gordian’s technological Knot does not always require complicated detection systems, guided weapons, or coded backdoors. On occasion, a really big Mossberg 500 will do.

Matt Hipple is a surface warfare officer in the U.S. Navy. The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy. 

“Was it Over When the Drones Bombed Pearl Harbor?”

"It's not delivery, it's deceptive."
“It’s not delivery, it’s deception.”

After months of patient progress the drones reached their targets. Over the span of a few weeks they silently arrived at their pre-assigned loiter boxes (lobos) in the many harbors of Orangelandia. Having been launched from inconspicuous commercial vessels in major shipping lanes, the transit time was shortened by a good month. Yet for the few who knew of the operation, the anxious waiting was plenty long enough. The policy makers monitored the gliders’ headway via secure satellite datalinks and assured themselves that the operation, sold as a precautionary measure, was warranted in light of heightened tensions with Orangelandia.

As the weeks passed tensions only increase. Orangelandia declared its claimed EEZ closed to all foreign military vessels and threatened to sink any violators. After making good on its promise in a naval skirmish against a neighbor with rival claims to an island chain, Orangelandia was given an ultimatum by the U.N. Security Council* to stand down. With no sign of the occurring, the policy makers decide it’s time to act.


Darkness falls in Orangelandia. Satellites command the gliders forward. They drift further into the harbors, their targets are naval vessels they’ve monitored for days. The sailors on watch see and hear nothing more than what they attribute to the usual debris floating by on a moonless night. The gliders release their payloads – smaller drones that specialize in climbing the hulls of ships. After clamoring aboard the weatherdecks, the small machines avoid the sealed doors of the ships’ airlocks and feel out the superstructures, their goals the exhaust stacks for the ships’ engines and generators.

On a few ships at anchor the drones encounter humming engines and generators, beckoning the heat-seeking drones. Burrowing past the louvers the drones drop down through ducts and move towards the ships’ mechanical hearts. As the heat of the exhaust on the active vessels melts the drones’ exterior sheathing, thermal-triggered explosives carried in the drone cores detonate, delivering mission kills and rendering the ships immobile for weeks-to-months of critical repair. On the inactive ships it takes longer for the drones’ schematics-recognition features to determine the stacks’ location but the outcome is more devastating. The drones are able to move further into the exhaust system’s interior, detonating once progress is blocked, and increasing the likelihood of destroying the engines or generators themselves. Within the span of a night the majority of Orangelandia’s in-port fleet is crippled.

My other drone is a Reaper
My other drone is a Reaper

The above passage is of course a piece of fiction, and not very good fiction at that. But it doesn’t have to be. The technology to enable the scenario exists and will become more sophisticated and cheaper in the coming years. This is also far from the only way to imagine a “Drone Pearl Harbor,” as slightly different capabilities hold the potential to impact the way an attack could play out.

Decision points

In developing a concept of operations for a stealth drone attack the ability to give the execute order is a sticking point. The technologically easiest course of action would be to simultaneously make both the decisions to set up for and to execute the strike at the beginning of the decision cycle, launching the drone operation as a “fire and forget” (or rather “fire and wait patiently”) strike. Yet few policy makers will want to make an irreversible decision far in advance of the impact of the effects. The decision to attack Orangelandia may be correct in the context of the 7th of the month, but not the 21st. One needs only remember the desperate attempts to recall the nuclear-armed bombers of Dr. Strangelove to grasp the concept.

However, any attempt to move the “execute” decision point later than the “set up” order, as I did in my example, faces technical hurdles. A direct transmission signal requirement would make the drones vulnerable to detection and possible hijacking or jamming. Using broadcast signals to transmit orders and obscure their location means leaving the drones even more susceptible to hijacking and jamming as Orangelandia could constantly emit signals to that end. Similar vulnerabilities exist when the drones are given reporting requirements, so an informed balancing of the need for one- or two-way communication and concerns over the exposures those needs create is necessary.

Variations on a Theme

The above scenario was played out against a generic surface ship. Other types of naval vessels have more accessible points of entry; and the job of penetration is made easier at less-stringent damage control settings that leave hatches and air locks open. Additionally the ways, means, and follow-on considerations of a drone sneak attack are also variable, but can be roughly broken down into fouling attacks, as in the scenario above; direct attacks; and cyber-attacks.

In a fouling attack, the drone payload would be used to achieve a mission kill against a critical piece of shipboard equipment. The drone would need the ability to locate that piece of equipment through some type of sensor – visual, thermal, chemical, etc. External targets, such as a ship’s propellers, would be the easiest to target. The benefit of a fouling attack is that the payload could be a small explosive, limiting drone’s size, likelihood of detection, and propulsion requirements for a trans-oceanic voyage. It could even be the drone itself, outfitted with special equipment or configuration options to inflict the maximum damage on the piece of critical gear. As an example imagine a piece of corrosive wire wrapping itself around the same hypothetical propeller. Again, the execute order in this type of attack could be withheld until very late in the decision-making process while the glider drones do “circles of death” in their lobos.

In a direct attack the glider drone would carry a weapon payload designed to inflict maximum kinetic damage. Such an attack would require less sophisticated targeting internal to the drone and could be used to attempt to disable a large portion of the ship’s crew and/or sink the ship. As with fouling attacks, direct attacks would be easier to conduct once the glider was on station and could incur the same delayed-decision benefits, the increased explosives requirement would increase the drone’s size and detectability.

We're gonna need a bigger fly-swatter.
We’re gonna need a bigger fly-swatter.

In the last type of attack, a payload drone would find a way to penetrate the ship and access the ship’s industrial control systems (ICS), which operate things such as the ship’s main engines, to introduce a Stuxnet-like virus. Such drone would need to be small enough to fit through minuscule spaces or blend in during the process of crew traffic opening and shutting airlocks. The drone would also have to be the most advanced to successfully navigate around the ship unseen and interface with ICS through diagnostic, patching, or external monitoring ports. Such a drone could delay the policy-maker’s execute order until well after infection, potentially expanding the decision timeline until well after the drone has achieved its mission and the vessel has gotten underway. This delay would come at the cost of the very difficult task of being able to transmit the final execute order to the newly infected ICS, so the decision to infect the systems would more realistically have to be paired with the decision to execute virus’s programming. On the plus side, a cyber/drone sneak attack could potentially disguise the source of the attack, or even that an attack has occurred, unlike the other two types of attack, providing policy makers with further options than simply a kinetic attack.

That these courses of action are possible says nothing of whether executing any of them would be wise. The risk and potential repercussions of each course of action is as varied as the ways in which such an attack may occur. This is one reason I have attempted to draw out the effects different technologies have on moving the decision points. But possible they are, so it would be wise to both think of ways to take advantage of the options as new tools for policy makers, and think of ways to defend against them that don’t rely on weary roving deck watches. A few defensive options that come to mind include more stringent damage control settings in port, a thorough examination of the vulnerability of vessels and shipboard access points to drone penetrations, detection systems for drone penetrations, drone SIGINT detection and jamming, and possible external hardening of berths. But this is probably a good jumping off point for another post and your thoughts.

Scott Cheney-Peters is a surface warfare officer in the U.S. Navy Reserve and the former editor of Surface Warfare magazine. He is the founding director of the Center for International Maritime Security and holds a master’s degree in National Security and Strategic Studies from the U.S. Naval War College.

The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.

*So no, Orangelandia is clearly not China, a veto-wielding member.

ComBot: A Rose by Any Other Name

After his brush with stardom, he’s really let go.

Our present-day pilotless platforms have been branded “drones” to their detriment. The word communicates a lack of adaptability or agency. For an increasingly automated fleet of machines, it denotes monotony and mindlessness: the droning of engines as a Predator lazily loops above the mountains, observing friend and foe alike. “Drone” is inappropriate for an ever-expanding suite of devices with greater close-in roles in combat. An AlphaDog, an EOD bomb-disposal bot, the DARPA Crusher, and the Battlefield Extraction Assistance Robot (BEAR) are not “drones.” To better describe our new combat compatriots and better comprehend their multitudinous uses and designs, let us properly christen our autonomous allies.

ComBot is the accurate alternative to “drone.” An obvious combination of Combat and Robot, it describes our soon-to-be automated assault associates in an easy-to-digest term. The name has a practicality lacking in most military monikers. It is not a shoe-horned acronym such as Close-In Weapons System (CIWS) pronounced “see-wiz” rather than “ki-wis” or “cue-z”. What layman would ever think of a high-tech Gatling-gun when they hear “CIWS”, or a pilotless aircraft when they hear “UAV”? However, the wordplay of ComBot makes the backing concept immediately recognizable. A rose by any other name may be just as sweet, but people abandoned the term horseless carriage for a reason; let’s update our language to match the concept.

Matt Hipple is a surface warfare officer in the U.S. Navy. The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.