Monitor Your Spectrum for Signs of Threats

Advances in communications enable a safer world in many ways, ranging from health monitoring and diagnosis to reliable connectivity for critical defense systems. However, radio frequency (RF) signals may negatively affect health if exposure is too high, as in the case of errant RF emissions. Concerns also arise over threats to disable critical communications from an event such as an electromagnetic pulse (EMP). An EMP would halt the functioning of much of society by disabling electronics. Using RF signals to trigger attacks with drones or explosive devices is also an issue. Drones have the potential for illegal or threatening uses.

While spectrum monitoring cannot prevent these issues and attacks, it can detect signs beforehand and provide insight into mitigating threats. As a result, military, intelligence, and other agencies employ spectrum monitoring to watch communications patterns for suspicious activity.

General signal monitoring registers everything from “good” to “bad” signals. Depending on the behavior of the communications, different steps can be taken to get more detail — a process known as signal analysis. You must apply what is already known about the signal environment to register something that is out of the norm. Artificial intelligence (AI), machine learning, or comparisons to databases of known conditions help to flag anomalous signals.

Communications monitoring can be done in a slice of the spectrum or for a given location. A specific enterprise or agency location might monitor for situations like espionage. For example, in a secure facility, it is common to ensure that visitors do not carry a cellphone to avoid outgoing transmissions that breach security protocols. A continuous monitoring approach aids in establishing regular patterns in the spectrum.

With advances in software, such monitoring systems can search through the spectrum rapidly. The rapid detection of anomalies enables intervention in the case of an airborne drone; for example, tracking the movement of the individual controlling it. Typical ongoing communications provide a baseline from which agencies can form a picture of regular spectrum activity. Comparisons to that typical activity will alert agencies upon the detection of any anomalous communications activity, flagging it for closer monitoring.

Electromagnetic Pulses

Active signal monitoring could detect chatter foretelling of plans for disastrous threats such as an explosive or EMP attack. An EMP attack can occur via detonation of a nuclear weapon higher in the atmosphere. This type of attack avoids damaging life on Earth while disabling communications and electronic equipment over an extensive area. Generally, EMPs are momentary but the damage they cause to electronic devices is extensive.

While concerns increasingly focus on human-made EM pulses, they also occur naturally; for example, solar flares or sunspots affect communications. To mitigate any potential harm to spectrum monitoring equipment or issues with ongoing detection, you can monitor forecasts for solar events. Military and government organizations in particular should plan for the possibility of such outages.

Going forward, machine learning and AI will bring more intelligence to communication-channel analysis, helping to store and process information to identify anomalies sooner.

Drones

Drones are increasingly popular and pose threats in several different ways. You can use a drone to perform surveillance of a potential target; for example, to determine the layout of a building or the schedule of people entering and leaving. Drones equipped with guns, explosive devices, or a chemical are extremely dangerous. The simple presence of a drone can cause panic by appearing unexpectedly with unknown intentions, particularly in crowded areas or where drones are prohibited.

Multiple techniques exist for drone detection. Using an acoustic method, you can pick up the sound of the blades spinning. With radar, it is possible to detect something in the air at a specific location, yet you cannot necessarily distinguish a bird from a drone. With image processing, you might be able to identify a drone and tell that it is carrying something. But you cannot discern what the payload is unless you have a very-high-resolution camera. Given the location of a drone, it may be possible to use a CCTV camera to get a better view.

Finding the Controller

Many techniques detect the drone flying in the airwaves, providing varying levels of intel. Yet a drone is an unmanned aerial vehicle (UAV). It is the human controller who instructs it to carry out hostile activities. Distributed sensor-based RF (or spectrum) monitoring systems can successfully estimate the location of the remote control.

The ideal way to detect the person on the ground controlling the drone is with an RF fingerprint or search. Radar cannot perform such detection because of too much interference on the ground. Acoustic is not an option either, as the controller makes no noise. Someone with a camera might be able to pick up a controller but will not know where to point the camera and start looking, especially if the person is in a crowd or hidden from view. RF spectrum monitoring is the only practical method for identifying the controller.

This process involves establishing a perimeter of sensors and using a geolocation algorithm. You can then look for the pattern or signature made by the remote control in the spectrum. When you see it, you can trigger all the sensors to do a geolocation measurement on the pattern. This process is effective even if the controller is moving, as you can perform geolocations once every second or once every couple of seconds. You might not see a smooth movement if the person moves quickly but you can see the controller’s trajectory. At a walking pace, it is easy to detect the signal and follow the person’s path. A controller’s direction is determined by performing geolocation measurements every second and plotting them on a map.

This spectrum monitoring approach will not work if the controller does not stay in contact with the drone. For example, during the initial setup, it is possible to program a drone with a destination, a task to complete when it arrives, and what to do after it completes that task. In this scenario, you would have to pick up the location of the controller at that very instant when the operator communicates the mission details to the drone. The fallback option is the use of acoustic, radar, or other approaches to detect the drone’s location.

Airports

Whether criminal or innocent in intent, drone sightings at airports increasingly impact flight schedules. Not all airports employ drone detection systems. There is increasing concern over a collision between an airplane and a drone. You can use spectrum monitoring approaches to mitigate the threat of drones, detecting their presence and location before damage occurs.

Drone manufacturers are working to comply with airspace rules in more expensive models that have restricted airspaces programmed into them. In this case, the drone controller receives a message saying, “You are flying too close to restricted airspace,” and the drone will not fly into that space. To circumvent that programming, a user would have to hack the drone.

RF Emissions

The previous examples all share an intent to harm. RF signals can also cause unintentional damage. One common issue often discussed is RF emissions. Regulations for the communications industry exist to eliminate their potential health effects. In the cellular industry, for example, rules cover emissions from devices as well as network infrastructure. By employing spectrum monitoring systems, you can ensure that a cell tower is broadcasting a signal at the correct strength. This process relies on the government’s available tables and emission levels for various frequencies. By setting up limit lines in the monitoring system, you can match those specifications. If the RF energy at any site exceeds the levels, you can have the system set off an alarm or send a notification. Such solutions are usually employed in response to concern over a new tower or to test signal strength at a specific location.

Testing in Anechoic Chambers

Thorough testing of smaller devices and solutions benefits from the use of anechoic chambers. These chambers are completely sealed so that no outside RF energy can enter. After placing a product in an anechoic chamber, very sensitive antennas measure the radiation coming from the product. You can spin the product around, pointing the antenna at different angles — horizontal and vertical polarization — and measure the amount of RF energy radiating from the box. You can use this process to classify if a product is Class A or Class B (whether it is usable in an industrial setting or a home or small office). By sweeping across the wide area of the spectrum, you can measure the emissions coming from your products. If they do not meet a classification, you can determine how to provide better shielding, lower the noise level, or some other solution.

Drone manufacturers are working to comply with airspace rules.

You can also use anechoic chambers to test susceptibility by bombarding products with different types of outside RF energy. You can test the effects of various signals on product performance using this process. While RF emissions are important, the impact of signals transmitted into the product can significantly degrade performance. Shielding must be effective on both the transmit and receive ends.

Some RF emission regulations cite a specific procedure or piece of equipment to make measurements. As a result, manufacturers or engineers might not want to use an anechoic chamber because the work involves changing the equipment versus the documented recommendation. The opposite problem is also quite common, whereby lab equipment is not updated. If the only option is traditional swept technology, you will spend most of the time searching for the specific frequency. This approach also misses a considerable amount of spectrum events and details. By using a modern fast Fourier transform (FFT) analyzer instead, you get almost the whole spectrum in one snapshot instead of only a small portion as you sweep across.

Summary

In today’s world, RF signals can intentionally inflict damage, as seen in the examples of an EMP attack, drones, and explosive devices. At this point, the ability to foresee such attacks is mostly beyond our technical capabilities. Continuous spectrum monitoring identifies unusual behavior and chatter and requires investigation to determine if it is innocent or not. The key is to observe trends and patterns in user behavior across communications channels.

Going forward, machine learning and AI will bring more intelligence to this process, helping to store and process information to identify anomalies sooner. With more forewarning of significant issues or planned attacks, you can act to limit or eliminate damage much earlier.

This article was written by Nancy Friedrich, Aerospace Defense Industry Solutions Marketing, at Keysight Technologies, Santa Rosa, CA. For more information, visit here .