Statement by Victor Sheymov ComShield Corporation before the Joint Economic Committee United States Congress Wednesday, May 20, 1998 "The Low Energy Radio Frequency Weapons Threat to Critical Infrastructure" [------------------------------------------------------------] Mr. Chairman, members of the Committee, I thank you for your concern and attention to the problem of terrorism, to the potential exploit of latest technological achievements of this country by terrorists and other criminal groups. I also would like to thank you for this opportunity to bring attention to a potentially dangerous and costly impact of the possible use of radio frequency (RF) weapons by terrorists and criminals. Special uses of RF technology were a major part of my 27 years of involvement in intelligence, security, and technology matters, and I would like to share my knowledge and experience into this are which is often misunderstood and largely ignored. I have somewhat split responsibility in this open hearing: I want to shed some light on the problem but, at the same time, to avoid revealing crucial information to the terrorists who undoubtedly are tuned in. Within the wide ranging means of Information Warfare (IW), one of the prominent places belongs to IW attacks on computers and computer-based equipment. Leaving physical destruction of computers aside, the IW attacks on computers could be classified as attacks through legitimate gateways of the computer such as the modem and the keyboard (software attacks), and attacks through other than legitimate gateways (backdoor attacks). At the current technological level, backdoor attacks can be carried out mainly by utilizing radio frequency (RF) technology and thus can be classified as RF attacks. Vulnerability of computers to software attacks is widely recognized, and efforts with substantial funding are underway with the goal of developing protective technology to neutralize such attacks. The backdoor attacks, on the other hand, have little official recognition, and adequate efforts to develop adequate protective technology do not seem to have taken place. One premise underlies many special applications of RF technology and is based on a principal that any wire or electronic component is, in fact, an unintended antenna, both transmitting and receiving. Importantly, every such unintended antenna is particularly responsive to its specific resonance frequency, and to some extent, to several related frequencies. It is not responsive to all other frequencies under normal conditions. If an objective is to eavesdrop on the device, then the EM emanations coming from functioning components of the device are received by highly sensitive receiving equipment and processed in order to duplicate information handled by the device. If an objective is to influence the device's functioning, then appropriate RF signals are transmitted to the targeted device. That RF signal, being received by pertinent components of the device, would generate a corresponding signal within the device. Producing and transmitting a signal which would effectively control the targeted device through a "back door" attack is an extremely difficult task that requires technology and expertise available only in two or three countries is the world. At the same time, producing and transmitting a signal which would just disrupt the normal functioning of the target devise is a much simpler technological task. It can be classified as a jamming "back door" attack, or jamming RF attack. Conceivably, it can be done by a large number of parties. Jamming RF attacks can utilize either high energy radio frequency (HERF), or low energy radio frequency (LERF) technology. HERF is advanced technology, practical applications of which are still being developed. It is based on concentrating large amounts of RF EM energy in within a small space, narrow frequency range and a very short period of time. The result of such concentration is an overpowering RF EM impulse capable of causing substantial damage to electronic components. The HERF impulse is strong enough to damage electronics components irrespective of their specific resonance frequencies. LERF technology utilizes relatively low energy, which is spread over a wide frequency spectrum. It can, however, be no less effective in disrupting normal functioning of computers as the HERF due to high probability that its wide spectrum contains frequencies matching resonance frequencies of critical components. Generally, the LERF approach does not require time compression, nor does it utilize high-tech components. This technology is not new and well known, albeit to limited circles of experts in some exotic subjects, such as Tempest protection. LERF impact on computers and computer networks could be devastating. One of the dangerous aspects of a LERF attack on a computer is that an unprotected computer would go into a "random output mode". This simply means that it is impossible to predict what the computer would do. The malfunction could differ from a single easily correctable processing error to a total loss of its memory and operating system, to giving a destructive command given to controlled by computer equipment. Furthermore, differently from a simple computer failure, any level of redundancy cannot solve the problem. This point is rarely realized by computer users with the assumption that a back-up computer provides a comfortable level of safety. This is certainly not true in regard to a LERF attack. U.S. military puts high priority on minimizing collateral damage and applies high requirements to its weapons systems' accuracy. HERF weapons' accuracy is relatively high, but it is not yet quite up to the military requirements. But this certainly is not a deterrence for terrorists because collateral damage is what they are usually after in the first place. Considering known utilization of latest technology by terrorists and drug cartels around the world, it is likely that HERF technology can be obtained and used by these criminal enterprises in near time, possibly even before it finds its wide acceptance within the military. Differently from HERF, LERF weapons are notoriously inaccurate, virtually by definition. LERF weapons' impact on computers is devastating and highly indiscriminate. A very high percentage of computers within an effective range of a utilized LERF weapon will malfunction. This is very likely to make these weapons an attractive choice for terrorists. While HERF weapons were substantially covered during this Committee hearing on this subject in February of 1998, some details of LERF weapons seem to be worth discussing. Contrary to a popular belief, different kinds of LERF weapons have already been used over the years, primarily in Eastern Europe. For instance, during the Czechoslovakian invasion in 1968, the Soviet military received advanced notice that Czechoslovakian anti-Communist activists had been wary of relying on the telephone communications controlled by the government, and prepared to use radio transceivers to communicate between their groups for coordination of their resistance efforts. During the invasion Soviet military utilized RF jamming aircraft from the Soviet air force base in Stryi, Western Ukraine. The aircraft were flying over Czechoslovakia, jamming all the radio spectrum, with the exception of a few narrow pre-determined "windows" of RF spectrum utilized by the invading Soviet army. This measure was successful, effectively nullifying communications between the Czechoslovakian resistance groups. Another example of a LERF attack was the KGB's manipulation of the United States Embassy security system in Moscow in the mid-80s. This was done in the course of the KGB operation against the Embassy which targeted the U.S. marines there. The security system alarm was repeatedly falsely triggered by the KGB's induced RF interference several times during the night. This was an attempt to annoy and fatigue the marines and to cause the turning of the "malfunctioning" system off. Additional example of an RF attack was when the KGB used it to induce fire in one of the equipment rooms in the U.S. Embassy in Moscow in 1977. A malfunction was forced on a piece of equipment. It caught fire, which spread over a sensitive area of the Embassy. The KGB tried to infiltrate its bugging technicians into the sensitive area under the cover of the firefighters who arrived immediately after the fire started. A similar event occurred at the British embassy in Moscow several years earlier. These examples illustrate a much more advanced use of RF technology than a simple disruption of computers in a radius of several hundred yards from the unleashed "RF bomb". An example of such a device was designed and built by the KGB in late 70-s. The device was built for completely different purpose and was not used to disrupt computers. However, its potential as an "RF bomb" was clearly realized at the time. Its reference cost was within one hundred dollars, size of about a shoe box, and it could be easily assembled within two-three hours with general purpose tools and components readily available in an average electrical store. The only obstacle on the way of this technology to terrorists' arsenals is a know-how, fortunately limited to a small number of experts in a few countries. However, some of these experts are experiencing very difficult economic conditions in Russia. On the other hand, a sizable cash offer tempting to these experts could come from any of the well funded terrorist groups at any time. This situation seems to indicate that relying on these two potentially explosive components remaining separate from each other is less than wise. Being a technological leader of the world, the United States has been vulnerable to an RF attack more than any other country for some time. This vulnerability significantly increased during last fifteen years with wide utilization of computers in every aspect of this country's functioning. At this time it is very difficult to find an area which would not rely heavily on computers. In fact, this country is so dependent on computers that many even vital functions cannot be performed manually. At the same time, it is important to realize that all those computers performing important and vital services are not protected from an RF attack. Areas like air traffic control, commercial airliners, energy and water distribution systems, and disaster and emergency response services represent attractive targets for terrorists. At the same time these systems are totally open to an RF attack. By the nature of computers and computer networks, the failure of one sub-system would trigger a snow-balling effect with second, third, and following chain failures. The full effect of such an event is difficult even to predict, lest to neutralize, unless computers and computer networks are reliably protected against RF weapons. A serious RF attack on critical infrastructure would have an impact of national level with numerous losses of life and incalculable economic damage. Besides the show-balling effect of computer failures, there could be a crippling effect if RF weapons used in concert with any other type of terrorist attack. Most of the responses to other forms of terrorist attacks are designed with the assumption that the computers of the response service are working and such functions as traffic control are intact. With an additional RF attack, concerted with the primary one, this assumption is not valid. Communications and transportation of the response teams could be crippled with a tragic impact on rescue efforts. Even a single limited and attack could have serious consequences. For instance, an attack on computers of financial markets could have a world-wide implications with losses easily reaching multi-billion levels. In addition to intentional RF interference, current technological developments lead to a problem of unintentional RF interference. Indeed, with the speed of modern computers and their miniaturization advancing at a rapid pace, their working frequency and sensitivity to RF emanations is also increasing. This leads to unavoidable interference conflicts, some of which have already shown themselves and led to an intermediary solution of regulatory nature. For instance, even barely emanating electronic equipment such as lap-top computers and electronic games needs to be turned off during take-off and landing of commercial airliners. Another aspect of offensive RF technology is its traditional application in information intercept or eavesdropping. Traditionally, the Soviet Union and Russia have placed high priority on the development and use of this technology. Being one of the two "superpowers" in this area, Russia considers its spending on RF offensive operations a very wise and profitable investment. Changes of last decade in Russia impacted the KGB, which has been split into independent parts. The 8th and 16th Directorates, roughly representing Russian equivalent of the NSA, became an independent agency, the Federal Agency of Government Communications and Information (FAPSI, as a Russian acronym). FAPSI is directly subordinate to the President of Russia. In a wave of privatization, FAPSI was partially "privatized" as well. Some of the leading FAPSI experts left the agency and founded private security companies, taking best officers of all levels along. These companies cater mainly to Russian private financial institutions and provide a wide range of security services. They are fully capable of carrying out any defensive and offensive operations with equal level of confidence. The concentration of world-class experts on offensive electronic operations in these few companies by far surpasses any private entity in the world and exceeds capability of most governments. These experts can easily intercept and provide to their clients virtually any commercial information of any country. Commercially available means of electronic information security present no practical difficulties for them. Intercept of commercial and financial information could be extremely profitable and create the capability to manipulate international financial markets as well as to carry large scale international money-laundering operations with very limited operational risk. Financial success of these FAPSI private spin-off companies and high earnings of their employees make them very attractive "golden parachutes" for the remaining FAPSI officers. Combined with traditionally close ties, this leads to continuing effective technological and personnel cooperation between the FAPSI and these companies. At the same time, the end of the Cold War somewhat shifted goals, objectives, and some targets of the FAPSI toward a heavier emphasis on intercept of technological, commercial and financial information. In this regard, some of the targets are easier to attack from a position of a private company. This leads to a likely close operational cooperation between the FAPSI and its private spin-off companies. The private companies can provide the FAPSI with some of the products of their intercept, while FAPSI can also share some of its products, along with personnel and equipment, including its powerful and sophisticated facilities, such as the Lourdes in Cuba, for a very productive long-range intercept. This situation can easily put American private business in a highly unfavorable competitive position. All of the above seems to demonstrate an urgent necessity to develop technology for computer protection against both intentional and unintentional RF interference, as well as against illegal intercept of sensitive and proprietary information by foreign competitors. It can take a few days to build a LERF weapon. It takes a few weeks or a few months to establish a successful collection of information through RF intercept. However, it should be realized that developing adequate computer protective technology, even for limited applications, would take at least two years. There seems to be a certain disconnect between appropriate U.S. technical experts and political decision makers, who are ultimately responsible for strategic course of technological efforts of this country. This disconnect needs to be mended and coordinated efforts should take place for developing protection of computers against RF attacks. In conclusion, I would like to state that it seems that the question that we are facing is not whether we need to develop adequate RF protective technology or whether we can afford to protect our computers from possible RF attacks. The real question is whether we can afford to not protect at least critical infrastructure computers. The ultimate decision on this dilemma is a prerogative of the United States Congress. I would like to thank you again for your kind invitation to appear before this Committee and for this opportunity to comment on a very important matter.