• Kyser Clark

Why do we need OPSEC for the Test Range?



RF Transmissions are Inherently Insecure

Sifers-Grayson relies heavily on Radio Frequency (RF) transmissions at the test range to conduct daily operations. Chris Risley from Security Magazine says: "[RF protocols] may have security protocols, but they don’t have the battle-hardening to properly identify and mitigate radio-borne threats. Traditional security products ignore RF protocols in the air and wait for issues to show up as symptoms on the wired network."


Listening in isn't discouraged

RF transmissions used in publicly usable ranges can be intercepted and "heard" from anyone in listening distance. Furthermore, the Federal Communications Commission (FCC) lists "Mere interception of radio communications, such as overhearing your neighbor’s conversation over a cordless telephone" and "divulgence of transmissions by amateur radio or citizen band radio operators" as legal.


Hacking Industrial Controllers is Easy

“An attacker can just be within the range of a construction site, pretend to be a bystander, hide a battery-powered, coin-sized device (with an inexpensive radio transceiver at that), and use it remotely to craft arbitrary packets to control an industrial machine or persistently simulate a malfunction" (CBR Staff Writer, 2019). This is a considerable risk since the Sifers-Grayson can't stop people who are outside company property. A person on the ground with a two-way radio can transmit around 4 to 6 miles away (Intercom System and Wireless Intercom Experts, 2020).


Summary

All data that is transmitted through the air should be treated as compromised. Act as if the world is listening when your data is flying through the open air. Because of the inherent insecurity of RF, lack of legal discouragement, and the ability to easily compromise devices at long range, they very much could be! Since an attacker can piece together business operations one by one and use them to unleash the gambit of attacks, OPSEC is important. Never forget, loose lips sink ships.


References

CBR Staff Writer. (2019, January 15). Hacking Industrial Controllers is Child’s Play, Can be Done by Drone. Tech Monitor. https://techmonitor.ai/techonology/cybersecurity/hacking-industrial-radio-frequencies


Federal Communications Commission. (2021, January 13). Interception and divulgence of radio communications. https://www.fcc.gov/consumers/guides/interception-and-divulgence-radio-communications


Intercom System and Wireless Intercom Experts. (2020, August 13). 2-Way radio range: How far can two-way radios communicate. https://www.intercomsonline.com/2-way-radio-range-how-far-can-two-way-radios-communicate


Risley, C. (2020, July 6). Radio frequency: An airborne threat to corporate and government networks. Security Magazine. https://www.securitymagazine.com/articles/92729-radio-frequency-an-airbone-threat-to-corporate-and-government-networks


Image Source: ClearanceJobs

27 views