Transcript E-Bombs vs. Pervasive Infrastructure Vulnerability

E-Bombs vs. Pervasive Infrastructure Vulnerability
Pacific Theater Air, Sea, Land Battle Concept:
IO/EW/Cyber Operations International Conference
Information Operations Institute and the Association of Old Crows
Dr Carlo Kopp
Associate Fellow AIAA, Senior Member IEEE, PEng
Monash University / Air Power Australia
[email protected]
http://www.csse.monash.edu.au/~carlo/
www.infotech.monash.edu
Pervasive Digital Infrastructure == Vulnerability
Over the last two decades we have observed unprecedented
global expansion of the digital infrastructure:
–
–
–
–
Spanning the civil, military and “dual use” domains;
Spanning industry, commerce, administration, education;
Spanning fixed and wireless infrastructure domains;
Personal devices like cellphones, pads, notebooks pervasive.
• The digital infrastructure has become deeply embedded
across all facets of our social, economic and military
systems.
• Increasingly we observe integrated and distributed
applications, where the system comprises a large number of
globally distributed components, which are mutually
dependent on fixed and mobile components, and networks.
• The digital infrastructure is now a “single point of failure”.
www.infotech.monash.edu
2
Types of Attack vs. Digital Infrastructure
• There are numerous ways in which the digital infrastructure
can be subjected to attacks;
• Broadly attacks can be divided into “penetration attacks”
where the attacker gains access to exploit the infrastructure,
or do damage to transmitted or stored information, or “Denial
of Service” attacks, where the infrastructure is temporarily or
permanently damaged;
• While cyberwar DoS attacks can do permanent damage,
mostly such DoS attacks are transient with non-persistent
damage effects;
• Electromagnetic weapons are designed to produce either
transient or permanent damage effects, or both;
• Pervasive digital infrastructure makes the development of
electromagnetic weapons potentially very profitable.
www.infotech.monash.edu
3
The “Cascade Failure” Problem
• Digital infrastructure is highly interconnected and thus
interdependent;
• Common reliance on power grid, telecommunications cabled
and wireless connections, local and remote servers, single
and multiple site Clouds and Grids;
• A mass destruction effect in one geographical area can
cause cascading failures as interdependent systems fail;
N
• Lusser’s Product Law:
P[S]   Pi [S]
i1
• Damage effects are thus no longer localised in extent, e.g.
destroying a server or Cloud in Washington DC may crippled
dependent systems globally.

www.infotech.monash.edu
4
Types of Electromagnetic Weapons
• There are many possible taxonomical divisions for
electromagnetic weapons;
• Directed Energy Weapons vs. “one shot” E-Bombs;
• Nuclear (HEMP) E-Bombs vs. Non-nuclear E-Bombs;
• Narrowband Weapons vs. Wideband or UWB Weapons;
• High Power Microwave vs. “Low Band” weapons;
• Pulsed weapons vs. Continuous Wave (CW) weapons;
• Persistent Area Denial (AD) weapons vs. Non-Persistent
weapons;
• Explosively pumped vs. Electrically pumped weapons;
• There is enormous diversity in possible electromagnetic
weapon designs, for both large scale and highly focussed
attacks, both against civil and military targets.
www.infotech.monash.edu
5
The COTS “Military-Technological Revolution”
• Cold War era military equipment built to MilSpec design
standards, very frequently hardened against nuclear EMP;
• Equipment mostly built using low density digital hardware
and analogue hardware, usually well shielded and robust,
with MilSpec interfaces and interconnections;
• Contemporary military equipment mostly heavily dependent
on COTS processing hardware, COTS networking hardware,
and often COTS packaging and EMC provisions;
• COTS hardware is mostly “electromagnetically soft”
compared to typical Cold War era “electromagnetically hard”
designs, where HEMP, EMC and HERO were planned for;
• COTS hardware uses very high density CMOS technology
which requires much less energy to damage or wound;
• Wounded equipment fails intermittently, not immediately.
www.infotech.monash.edu
6
The Critical Coupling Problem
• The effectiveness of all EM weapons is constrained by the
physics of the coupling problem;
• Power generated by the weapon must be emitted, must
propagate through the environment, and couple into the target,
to access internal electrical components and do damage;
• Emitted weapon Power/EIRP determined by weapon design;
• Propagation determined by spectral content, propagation
losses and distance – Friis inverse square law equation;
• Coupling at target determined by spectral content, incident
power, and target design;
• Coupling modes: “front door” via antennas or other apertures;
“back door” by power supplies and other cables;
• As coupling behaviours vary strongly, prediction of EM
weapons effects is difficult and always “statistical” in nature.
www.infotech.monash.edu
7
Nuclear E-Bombs: Electro Magnetic Pulse Effect
• A nuclear weapon detonated at altitude ionises the upper
atmosphere -> HEMP (High altitude Electro Magnetic Pulse);
• EMP produces high voltage transients on cables, which
damage electronic equipment;
• Digital equipment mostly highly vulnerable due high content
of high density CMOS devices;
• Effect similar to lightning strikes, but faster and more
powerful;
• Nuclear MHD effect – ionospheric recovery generates slow
long line DC transients;
• Nuclear MHD effects can produce similar delayed damage
effects to electricity grids as geo-magnetic storms, but more
intensive and localised.
www.infotech.monash.edu
8
Non-Nuclear or “Conventional” E-Bombs
• Many feasible design strategies, technology is still evolving;
• Broadly divided by pump mechanisms – explosive or
electrical; and by spectral output – narrowband or wideband;
• Weapon footprint and coupling per available power depends
strongly on weapon design, HPM weapons can exploit
coupling opportunities other weapons cannot;
• Explosively Pumped Flux Compression Generators – used as
power sources for HPM weapons, or used directly as low
frequency weapons;
• HPM weapons used high power “one shot tubes” such as
Virtual Cathode Oscillators (Vircators); tens of GigaWatts for
100s of nanoseconds; High Power Spark Gaps also feasible
for wideband pulsed weapons;
• Small warheads – explosively pumped rare earth magnets.
www.infotech.monash.edu
9
General Arrangement – Helical FCG
Image: Los Alamos National Laboratory
www.infotech.monash.edu
10
Helical FCG Operation
Image: Los Alamos National Laboratory
www.infotech.monash.edu
11
Vircator Physics:
•
•
•
•
Relativistic electron beam punches through foil or mesh anode.
“Virtual” cathode formed by space charge bubble behind anode.
Peak power of up to tens of GigaWatts for 100s of nanoseconds.
Anode typically melts in about 1 μsec; Cheap and simple to
manufacture; Wide bandwidth allows chirping of oscillation – multiple
mode cavity resonances facilitate mode coupling.
www.infotech.monash.edu
12
HPM (Microwave) E-Bomb Layout
Po w e r
Di e l e c t r i c No s e c o n
B a l l a s t R i nM
g i c r o w a v e An t e n n a
Su p p l y
P u l s e S h a p i n g Ne t w o r k
Ba t t e r y
Co a x i a l
Vi r c a t o r
C a p a c i t oHr e lBiacnakl
M k. 84
900
F CG
kg
( SH
t e
a lg ie c a
1 l)
3. 84
m
( C )
x
F CG
2 0 0 2 ,
0. 46
m
Tube
( St a g e
1 9 9 6
di a
2
C a r
HI G H P O W E R M I CRO W AV E E - BO M B - G E NE RAL ARRANG M
W ARHE AD US I NG
V I RCAT O R AND 2 S T AG E F L UX CO M P RE S S I O
HPM
E- BO M B W ARHEAD ( G BU- 3 1 / M k . 8 4 FO RM
FACTO
www.infotech.monash.edu
13
Deployment Options: GPS Aided Guided Bombs
BASELI NE JDAM
( c )
2 0 0 1 ,
Ca r l o
JDAM - ER EXTENDED RANG E WI TH G LI DE WI NG
www.infotech.monash.edu
14
Deployment Options: Missiles (Regional)
Kh - 5 5 M
( AS - 1 5
HP M
Ke n t )
P HY S I CS
P ACKAG E
I
3M - 14E
Cl u b
I
N A T I
O
N
F O
O
T P R
( S S - N- 2 7 )
I
Kh - 3 1 A/ R
L L U M
M od. 2
( AS - 1 7
L L U M
I
N A T I
O
N
F O
Kr y p t o n )
www.infotech.monash.edu
15
O
T P R
Proliferation
• The technology used in conventional E-Bombs is within the
reach of any nation capable of designing nuclear weapons
and high power radars – e.g. China, Iran, DPRK, Russia;
• OSINT source material very scarce on E-Bomb technology
and designs, effort is usually well hidden from scrutiny;
• Potentially large area footprints of many square miles for
GigaWatt class weapons, with the usual lethality prediction
caveats – targets not tested may be unexpectedly resistant or
susceptible at specific weapon frequencies / polarisations;
• Terrorist attacks predicated on the availability of proven
designs or inventory E-Bomb munitions – emerging risk;
• The high payoff in using E-Bombs as disruptive or area
suppression weapons points to common use in future nation
state conflicts involving developed nations.
www.infotech.monash.edu
16
Risks / Conclusions
• Since the term E-Bomb was coined in 1992, the scale of
vulnerable infrastructure and systems has multiplied many
times over, yet there has been no systematic effort to harden
the infrastructure or military systems using COTS hardware;
• GRID Act (H.R. 5026) intended to introduce critical
infrastructure hardening passed by HR but killed by Senate;
• Widespread scepticism and disbelief concerning weapon
feasibility and infrastructure vulnerability, wholly a result of
technical illiteracy in electromagnetism;
• The notion that a technology which is available and profitable
to use in combat would not be used is wishful thinking;
• Legislation for electromagnetic hardening of infrastructure
and systems for military, dual use and critical civil
applications should be introduced urgently.
www.infotech.monash.edu
17
BACKUP SLIDES
www.infotech.monash.edu
18
NCIS-LA Ep 3.11 “Higher Power” – E-Bomb Prop
www.infotech.monash.edu
19
NCIS-LA E-Bomb Prop
•Original sketch used for prop fabrication in October, 2011;
•Based 1995 paper and LANL Flux Compression Generator;
•Intent to popularise risk issues to public and legislature;
•NCIS LA audience is > 35 million globally;
•Script by Joe Sachs (E.R. series) and Shane Brennan;
•Scientific advisor Dr Carlo Kopp, Monash University
www.infotech.monash.edu
20
www.infotech.monash.edu
21
www.infotech.monash.edu
22
HEMP Components
• Three components to any HEMP event;
• IEC 61000-2-9 designates these as E1, E2 and E3
components;
• E1 is a fast and short high field strength pulse from gamma
photons ionising gas molecules; ~50 kiloVolts/metre for
conventional boosted fission or fusion warheads.
• E2 is produced by the neutron flux generated by the warhead;
• E3 duration of up to hundreds of seconds, MHD-EMP
(Magneto-Hydro Dynamic EMP);
• E3 is similar to solar Geomagnetically Induced Current (GIC)
effects; The E3 component can often penetrate soils and
reach buried cables; mitigated by highly electrically
conductive soils, exacerbated by dry or highly resistive soils.
www.infotech.monash.edu
23
HEMP Footprint (A)
www.infotech.monash.edu
24
HEMP Footprint (B)
www.infotech.monash.edu
25
Hardtack I Teak
3.8 MT @ 252 kft August 1958
www.infotech.monash.edu
26
Hardtack I Orange
3.8 MT @ 141 kft August 1958
www.infotech.monash.edu
27
Fishbowl Starfish Prime
0.25 MT @ 400 km July 1962
www.infotech.monash.edu
28
Fishbowl Starfish Prime
0.25 MT @ 400 km July 1962
Maui station from 0 to 15 seconds
www.infotech.monash.edu
29
Fishbowl Starfish Prime
0.25 MT @ 400 km July 1962
Maui station from from 45 to 90 seconds
www.infotech.monash.edu
30
Fishbowl Bluegill Triple Prime
Sub-MT @ 48 km October 1962
www.infotech.monash.edu
31
Fishbowl Bluegill Triple Prime
Sub-MT @ 48 km October 1962
www.infotech.monash.edu
32
Vulnerability Reduction (Hardening):
•
•
•
•
•
•
convert computer rooms into Faraday cages.
use optical fibres for data.
isolate power feeds with transient arrestors.
use non-electrical power feed schemes.
use electromagnetic “air lock”.
shielding must be comprehensive.
www.infotech.monash.edu
33
System Level Susceptibility
M a i n s P o we r F e e d
"S p i k e s "
S ta n d i n g W a v e s
S ta n d i n g W a v e s
"S p i k e s "
Ne two rk
Di re c t Ap e rtu re Co u p l i n g
S ystem Level S usceptibility
www.infotech.monash.edu
34
Host Level Susceptibility
Lea ky
Shi e l di ng
Po w e r
Ca b l e s
Ne t w o r k
Po w e r
I nt er f ace
Su p p l y
M ouse
Ke y b o a r d
I / O
Ap e r t u r e s
Pe r i p h e r a l
Ap e r t u r e s
Pu s h b u t t o n
Ap e r t u r e s
I / O
Hos t Le vel
Sl o t
Ca b l e s
Susce pt i bi l i t y
www.infotech.monash.edu
35
I/O and Power Hardening
M a i ns
Po w e r
Fe ed
Ne t w o r k
O pt i cal
Ha r d e n e d
Po w e r
I/O
Fi br e
Su p p l i e s
and Pow er I nt e r f ac e Ha r deni ng
www.infotech.monash.edu
36
Comprehensive Hardening
Co m p r e h e n s i v e
Fer r i t e
O
pt i cal
Be a d s
Shi e l di ng
on
Fi br e
Ne t w
No n - El e c t r i c a l l y
O
pt i cal
O
pt i cal l y
er
or k
Co u p l e d
Ca b l e s
I nt er f ace
Pow
er
ouse
Co u p l e d
Sl ot
Ke y b o a r d
No
I / O
No
Pe r i phe r a l
Ap e r t u r e s
No
Pus hbut t on
Ap e r t u r e s
I / O
Co m p r e h e n s i v e Ho s t
M
Po w
Ap e r t u r e s
Ca b l e s
Ha r d e n i n g
www.infotech.monash.edu
37
Computer Room Hardening
C A L L Y
C O
E W
N D U C T I
E S H
L I
S H I
N I
E L D
N G
W
I
T H
E M
S E A L
A T I
O
N
P O
T R A P
W
E R
F E E D
E N C L O
S U R E
A I R
C O
R A D I
N D I T I O
N I N G
M
V E
=
E L E C T R I
V I
D E T A I L
P L A N
O
" A I
R L O
P T I
C A L
F I
B R E
C K "
(
D A T A
D O
O
R S
W
I
T H
E L E C T R O
M
A G
N E T I
C
F E E D
P O
W
E R
C
)
1
9
9
6
C
a
r
l
o
K
o
p
p
F E E D
S E A L S
www.infotech.monash.edu
38