How a Drone Could Take Out a Power Plant
Radio transmitters mounted on drones could cripple wireless industrial control systems at industrial facilities, an expert warned.
LAS VEGAS — Unmanned aerial drones equipped with electronic-warfare devices could jam radio frequencies and knock out wireless communications at restricted-access industrial facilities such as power plants and refineries, a security expert said at the Black Hat 2016 security conference here last week.
Operators of factories, refineries, power plants and similar large facilities, which increasingly rely upon wireless sensors and communications, know how to defend against ground-based adversaries, said Jeff Melrose, a technology strategist with Yokogawa Electric, a Japanese maker of industrial sensors and controls. But these industrial facilities aren't ready for drone attacks.
"An attacker normally has to get close, and we have a two-mile fence around our plant," Melrose said. "But even hobbyist drones can travel three miles, can tailgate people and can maneuver inside buildings."
MORE: Best Drones
To illustrate the dangers of electronic jamming and powerful electronic signals, Melrose cited previous known incidents. In the late 1980s, powerful radar scanners at a Dutch naval base triggered a nearby gas pipeline to rupture; a large valve had been opening and shutting in sync with the radar's frequency.
In 1999, U.S. Navy radar tests disrupted water and gas distribution valves in the city of San Diego. Eight years later in 2007, the same city was subject to accidental electronic attack when a Navy radio-jamming exercise in the harbor made cellphones, pagers, GPS systems and even ATMs fail.
In 2013, the FCC fined a New Jersey truck driver who had unintentionally disrupted flight takeoffs and landings at Newark Airport for months. The driver didn't want his boss to know he was taking naps in his truck, and had used an illegal GPS jammer to disable his truck's tracker.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Except for the New Jersey one, all these involved powerful transmissions at significant distance. However, Melrose pointed out, a drone with a much weaker transmitter could achieve similar results at short range. He calculated that at about 25 feet, a pocket-sized jammer (illegal in the United States, but available overseas) could have the same effect on a wireless device as the 2007 naval test did upon the city of San Diego.
It's pretty hard for a person with a jammer to hop a fence and move about an industrial facility's grounds without being detected. But, Melrose said, the DJI Phantom 4 drone, released in March, can travel at 45 mph for up to 25 minutes and be controlled for up to three miles away. It would be difficult to stop one flying over the fence and moving rapidly toward a target on the grounds.
"For the people in my industry," Melrose said, "these things are just showing up, and they just don't know how to deal with them."
One drawback for the drone operator is that the jammer can knock out the drone's own GPS navigation and radio controls. But that's easily solved, Melrose said: just put the jammer on a tether that's long enough to dangle out of effective range below the drone. He showed video clips in which a drone dangling a tethered object hovered still above stationary objects on the ground, or tracked and followed moving vehicles and individuals.
Another scenario might be to fly a small drone over a facility, land it on a rooftop or someplace else on the grounds where it might be hard to spot, and only then turn on the jammer. If properly positioned, the jammer would be able to knock out transmissions from two or more transmitters until plant security was able to locate it.
"One weakness of drones is that they're loud and sound like drones," Melrose admitted. "But there's a problem with listening for them — people in plants are often wearing ear protection routinely."
To defend against possible electronic-jammer drone attack, Melrose recommended that plants put wireless devices on mesh networks rather than the traditional hub-and-spoke networks. Mesh networks, in which nearby devices communicate with each other instead of only with a central base station, are more robust and quicker to "heal."
He also recommended wireless repeaters to increase range, and even using reflective surfaces such as storage tanks to bounce signals around.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.