Crashed drone is a shot in ongoing cyberwar with Iran, not just a spy plane

Did high-end drone crash on its own, or come down after electronic countermeasure attack?

As usual when it comes to conflicts between Iran and the U.S., governments of the two countries have released vastly different, equally unprovable versions of the story behind the loss of a U.S. drone spy plane.

Iran claims to have downed an unmanned U.S. spy plane flying deep within its own territory, though it has yet to publish pictures or other evidence of the downed spy plane.

U.S. officials admitted a U.S. drone crashed in Iran and claim to have spotted it in satellite photos. Anonymous sources Told the Associated press the drone was on a mission to scout Western Afghanistan on behalf of the CIA, when its guidance, communications or other systems failed, causing it to lose contact with controllers, fly mistakenly into Iranian air space and ultimately crash.

The drone in question was an RQ-170 Sentinel built by Lockheed-Martin – a flying-wing design that looks like a Cessna-sized version of the batlike, stealthy B-1 Bomber.

The RQ-170 flies high – 30,000 to 50,000 feet – to avoid anti-aircraft fire from the ground, or interception by lower-flying fighter planes.

In Afghanistan – which has little anti-aircraft capability more sophisticated than low-altitude, shoulder-fired missiles with a range of only a few thousand feet – there is no reason to use such a high-flying stealth drone, Sky News points out.

Pakistan and Iran, both of which have comparatively sophisticated anti-aircraft detection and weapons systems, border on Afghanistan, making them U.S. bases in Afghanistan ideal launch points for reconnaissance missions over both countries – one overtly hostile, one a titular ally with many factions in the military and government that are hostile to the U.S.

U.S. forces have been very successful for several years using lower-altitude Predators to whittle away the ranks of No. 2 leaders of al Queda.

The RQ-170 does not carry weapons, but is widely credited for having collected live video of Osama bin Laden's compound before and during the raid by U.S. SEALS in which the al Queda leader was killed.

The RQ-170 was designed to fly covert spy missions over China and Korea, both much more heavily defended and sophisticated in their anti-aircraft capabilities than Iran, according to National Journal.

About 50 U.S. drones of various types have crashed during operation in Iraq and Afghanistan, according to the Christian Science Monitor.

U.S. officials have consistently denied flying spy missions into Iranian air space, though Iranian officials have said since 2005 that they have been monitoring U.S. spy plane missions in their air space.

Drone crashed conveniently close to nuke sites

If the RQ-170 did lose contact with controllers, it crashed a little too close to Iranian nuclear facilities to be a complete coincidence. Iranian radio news reported the drone crashed near the eastern Iranian town of Kashmar, about 140 miles from the border with Afghanistan.

The RQ-170s are based in the southwestern Afghan city of Kandahar and fly missions all across the western part of Afghanistan, but not farther West into Iran, according to a Pentagon spokesperson.

Other U.S. sources told National Journal and NBC News the drone had flown previous missions over Iran, however, using its stealth capability to remain undetected as it shot pictures of Iran's nuclear development sites. The location of the crash in Kashmar is far north of a straight-line course between Kandahar and the cluster of Iranian nuclear facilities near Tehran (BBC map), which is in the country's far north.

A Pentagon spokesperson said there was no indication the drone was brought down by hostile action and repeated that the drone was on a scouting mission over Western Afghanistan; it was not tasked with entry into Iran.

Other U.S. officials did confirm to NBC News that the drone had flown previous missions over Iran.

Did Russia send Iran a digital drone killer?

It's not clear whether Iran actually did bring the drone down, let alone whether it was downed by anti-aircraft missiles or guns, or if it was brought down with electronic countermeasures (ECM).

ECM systems are normally carried on fighter planes to scramble radar, GPS and other anti-aircraft gun or missile guidance systems. Used from the ground against drones, ECM can break the link with pilots flying with remote control or confuse the guidance systems within drones programmed to fly on their own using GPS or other internal guidance systems.

Iran claimed in July to have shot down an American drone, but admitted later the report was part of a defensive war-games exercise, not a real incident.

Six weeks ago Russia announced it sent Iran an electronic jamming system called "Avtobaza", which might have been able to interfere with the guidance systems and electronics on the RQ-170, according to sources quoted in Wired.

RQ-170s are programmed with two levels of safety systems; the first, which takes over if the drone loses radio-control contact with controllers, tells it to use onboard GPS and navigational equipment to fly back to the base from which it took off.

The second, though unconfirmed, safety system is a self-destruct system that would ruin the full-motion capture, encryption and radio-control systems that would give Iranian engineers – or more likely engineers from allies Russia or China – insight into operation and security of America's newest front-line drone, according to National Journal.

The drone carries full-motion video capture systems as well as sensors to detect airborne chemical signatures that might come from a nuclear-fuel development facility as well as cell-phone-network receptors that could allow it to eavesdrop on local wireless conversations, according to the LA Times.

Though the RQ-170s have been deployed for only two years, their sensors are already out of date, according to AviationWeek.

Newer versions of the video cams that are the RG-170s key asset can collect 65 times as much data, automated so it doesn't have to be monitored continually as current versions do.

The next generation – called the Argus –IS – will cover as much as 40 square kilometers in a single shot, with resolution equal to 15 centimeters of ground per pixel. That's enough to easily track individuals on foot as well as vehicles or buildings, according to Aviation Week.

Was drone part of cyberwar?

The question about the downed drone is not whether it was gathering intelligence on Iran's nuclear facilities –which have been a top U.S. intelligence-gathering priority for years.

The question is how this drone, on this mission, and the non-physical anti-aircraft-weapon damage that may have brought it down, plays into the ongoing cyber war between the U.S. and Iran, according to Patrick Clawson, of the Washington Institute for Near East Policy, as quoted in the U.K.'s Daily Mail.

Spy-plane flyovers are purely routine compared to the assassination of Iranian nuclear scientists, sabotage inflicted by the Stuxnet computer virus and mysterious explosions at several Iranian nuclear sites in recent weeks.

"It does appear that there is a campaign of assassinations and cyber war, as well as the semi-acknowledged campaign of sabotage," Clawson told the Daily Mail. "It looks like the 21st century form of war."

It is still not clear whether the U.S. and/or Israel were behind development and release of the Stuxnet virus that was coded specifically to attack software controlling fuel-purifying centrifuges at Iran's Bushehr nuclear-development facility.

Israel admits having tested Stuxnet in a secret lab and U.S. officials have hinted at their involvement.

Neither U.S. nor Israeli sources have gone on the record to confirm either country is involved in the virus, other forms of cyberattack about which Iran has complained, massively destructive explosions at Iranian nuclear facilities or the execution-style slayings of several Iranian nuclear scientists during the past several years.

On Nov. 12 an explosion destroyed much of the Revolutionary Guard base at Bid Kaneh, killing 17. Another explosion last week damaged a uranium-enrichment facility in Isfahan.

Nuclear expert Mark Hibbs at the Carnegie Endowment in Germany told the Daily Mail the covert war is too narrowly focused to indicate involvement of the U.S., which would pick larger targets than individual scientists.

Israel did reportedly target Iraqi nuclear engineers before a fighter/bomber attack that destroyed Iraq's Osirak reactor in 1981, Hibbs said.

Expanding America's second cyberwar, without acknowledging even the first one

The expansion into attacks and sabotage based on malware – Iran has also admitted an attack by reputed "Son of Stuxnet" virus Duqu – mark the effort to keep Iran out of the nuclear club as one that gives an early preview of what a mixed real-world/cyberwar would look like.

It also worries some nuclear power and security experts that "in going down this route we're unleashing forces we cannot control," Hibbs said.

Cyberwar is unquestionably a great platform for asynchronous warfare – fighting in which small forces are able to challenge or even defeat larger forces with more powerful weapons and detection systems.

A roomful of rote-trained hackers in China appear to have been taking data from U.S. military and government systems in a steady stream for the past decade, for example.

Given the level of cyber-attack, defense and reaction in the ongoing conflict with Iran – which responded to the Stuxnet attacks by expanding the cyberattack corps of its semi-official militia and promising retribution hacks of the U.S. – it is clear Iran is a test bed for more than smart, stealthy drones.

Direct attacks on computers in its military facilities, malware attacks on nuclear facilities, a second round of Stuxnet dressed up as Duqu and stealthy flyovers by remote-controlled drones have apparently taken the place of proxy wars, border conflicts, the funding of rival terrorist groups and other Cold-War-era dirty tricks.

That doesn't mean they're any less dirty, or lead to results any less lethal.

In February the Israeli deputy prime minister in charge of intelligence and cyberwarfare told attendees at a U.S. conference that cyberwar is less unpleasant than the real thing.

Cyberwar involved less killing, less disastrous damage to important facilities and neighboring areas that could be damaged by bombs, a far smaller number of 'warriors' in the fight and far less exposure that could confirm who is responsible for a particular attack and invite reprisals from the enemy, he said.

As the explosions at Iranian facilities during the past two weeks show, cyberwar is inextricably entwined with real war, hacking with killing, intrusions with infiltrations.

Drones reduce the risk for American pilots, malware reduces the need to make overt, direct hack attempts and, yes, fewer people die as a direct result of digital warfare.

Open cyberwar invites more than digital chaos, according to Richard Falkenrath, former deputy commissioner for counterterrorism for the New York Police Department and deputy homeland security adviser.

Open cyberwar will divide the global IT industry into antagonistic camps, encourage both software and hardware makers to build backdoors, bugs and other flaws into products being sold to the enemy, reducing everyone's ability to trust the technology on which they rely.

It also encourages law enforcement agencies to push farther into police-state territory by demanding more access to digital records than the Constitution allows to the old-fashioned kind, Falkenrath wrote.

The result could be a more civil variety of war – one in which systems are killed rather than siblings.

That doesn't mean it will be polite or nonviolent or limited in its damage only to selected enemies or that its result will not make the open Internet even more of a hostile, threatening place than it is now.

Real cyberwar will be pretty unpleasant for everyone involved, and fatal to many, Falkenrath writes.

Cyberwar is more ugly than we thought, more dicey for U.S. than we expected

The ongoing uncertainty about who's to blame for Stuxnet and mistaken assumptions from the investigation and reports theorizing Russian hackers had attacked an Illinois water utility last month– show that we may be technologically ready to integrate solidly damaging digital attacks with attacks using bombs or bullets.

More clearly they show that we don't know what to expect from cyberwar, even after years of being involved in at least two– one in which the U.S. has failed to stop the high-volume data thieves working for China's military, the other mixing murder, malware, bombings and sabotage in Iran.

The only thing obvious so far is that even when U.S. cyberwar capabilities vastly outmatch those of the opponent (Iran), victory is far from guaranteed.

The ongoing tussle with Iran shows we're even uncertain that full-out cyberwar would give any country the leverage to make an enemy change its behavior, or its stance on an important issue.

The ongoing scandal with Chinese data thieves and the mix-up with the Illinois water utility makes it clear the U.S. isn't even sure of its ability to keep its digital infrastructure from being invaded, or even know for sure when it has been.

It's not hard to believe we're on the cusp of a new era of cyberwar; it is hard to be confident that will be an improvement in either the destructiveness of real war or that the U.S. will be as strong in cyberspace as it is in the real world.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon