Opinion // Why aren't video transmissions from Predator drones being encrypted?

Revelations in the Wall Street Journal on December 17 that insurgents in Iraq and Afghanistan apparently have been hacking into video transmissions being sent from unmanned Predator drones to U.S. military commanders on the ground raise some important questions.

( 1 ) Have the hackers been intercepting communications between the drones in the air and the base stations on the ground in Iraq and Afghanistan? Or were the intercepted communications traveling between the base stations in Iraq and Afghanistan and their overseers back in the United States, via closed military networks or the public Internet? That's an important distinction because safeguarding wireless transmissions (from drones to the ground) requires a different set of protective measures than securing transmissions flowing over a wired network.

( 2 ) Why didn't the U.S. Combat Commands responsible for these drone operations – as well as their superiors back home in the Pentagon -- insist that these transmissions from unmanned aircraft comply with such long-standing government-wide directives as FIPS 140-1 and FIPS 140-2? FIPS is short for Federal Information Processing Standards. The original encryption standard, called Security Requirement in Cryptographic Modules, was released by the National Institute of Standards and Technology, or NIST, back in 1994. An updated, second version, was released in 2001. These standards require that unclassified government data transmitted to or from wireless devices be encrypted.

( 3 ) More specifically, why didn't military commanders insist that transmissions from Predator drones be encrypted, as required by Defense Department Directive 8100.2 – entitled Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG) -- which was issued in 2004? That directive requires that both unclassified and classified wireless DoD data be encrypted.

( 4 ) Of course, that raises another question. Are the video images being beamed back from Predators to U.S. ground stations, showing villages, mountains, open fields, rutted roads and highways – all potential targets -- considered to be classified or unclassified information? It is possible that the 'raw' streaming video is considered unclassified data, and that it only warrants classification once intelligence analysts have reviewed the images and added their specific insights and analyses.

( 5 ) Assuming the video transmissions should have been encrypted, but weren't, the next question is, 'Who should we blame?' DoD Directive 8100.2 disperses responsibility widely in this arena, and thus fingers could theoretically be pointed in several directions. The Assistant Secretary of Defense for Networks and Information Integration, as the DoD Chief Information Officer, is supposed to 'monitor and provide oversight and policy development of all DoD wireless activities.' The Director of the National Security Agency (NSA) is supposed to 'develop and disseminate threat information regarding the capabilities and intentions of adversaries to exploit wireless technologies used by the DoD Components.' And the Chairman of the Joint Chiefs of Staff is supposed to 'review, confirm and certify the security and sufficiency of wireless-related interoperability requirements for information systems using wireless capabilities supporting Joint operations.' You get the idea. Someone should step forward and accept responsibility.

( 6 ) Finally, we come to the ultimate question. What can be done to protect these drone transmissions going forward? Here, the situation becomes rather murky because we have not yet learned whether the communications technologies employed on the Predator are 'proprietary' to the drone's manufacturer, General Atomics, of San Diego, CA, or, perhaps, one of its subcontractors – in which case it might be tricky to layer on an encryption capability – or 'open,' in which case a retrofit with encryption modules might be easier. I spoke today with Janet Kumpu, president of Fortress Technologies, of Oldsmar, FL, which provides secure communications to the U.S. military on a wide variety of applications. Kumpu cautioned me not to leap to any conclusions about a supposed 'fix' to the Predator video vulnerability because so much depends on the distance, performance and through-put requirements established by the U.S. military on this particular program, about which she admitted to knowing very little. 'I would hope the military has been working fervently to address these issues,' she told me. 'And I would expect that they've been incredibly serious about this.'

'Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved,' reported the Wall Street Journal.