There was a lot of fanfare when the Wall Street Journal reported that insurgents were hacking video downloads from U.S. drones using $26 software. This sensationalized reporting was great for selling newspapers, but the media should have focused on the value of unencrypted video, why the lack of encryption might not be as egregious as it sounds and, most important, the technical steps that will be required to improve these systems without rendering them useless.

It is important to look first at how we got here.

The original video systems incorporated commercially available communications technologies to provide quick fielding of a valuable tactical and strategic resource. Unmanned aerial system (UAS) designers chose to use previous-generation analog satellite television transmission and reception technology for video downlinks. This allowed the aircraft to be rapidly and easily deployed, but it also resulted in unsecured video links. We need to remember the context of that decision. The video downlinks were only one piece of the UAS technical puzzle and not necessarily the biggest challenge to rapidly fielding the systems. One technical challenge needed to be taken off the table, and it was encryption of video.

In hindsight, it is easy to make the case that the video downlinks should have been encrypted. They should be eventually, but there was also a good rationale for not tying the introduction of the UAS platforms to a viable encryption mechanism. A closer examination of how UAS systems function shows why unsecured video downlinks are not as egregious as they sound.

There are typically two communication links on a UAS. One is a full duplex link used by UAS operators to view telemetry information and control the UAS. These links are secured and are not the issue. Nobody is able to hijack the control of a UAS with a $26 software package. The second data link is half duplex and is used to transmit UAS real-time video to the ground. This link is used not only by the UAS ground controllers to monitor the sensors on the platform, but also by the troops to view real-time video. This is the link that has been the subject of the media’s outrage.

It is important to point out that encryption is not the only way to prevent the enemy from receiving video. Downlinks can be turned on and off by the UAS operators if intelligence indicates a threat of enemy eavesdropping. Some systems employ directionality techniques to more easily pinpoint where the intended receivers of the UAS video are located. It is possible that a UAS could be right on top of a target and the enemy would not have the video downlink capable of receiving it at that location. An enemy who intercepted the feed would have to figure out which of his cohorts were being watched and then figure out how to alert them without being detected.

There also is a good case for delivering video even in cases where it is potentially being seen by an enemy. It is better than having no video at all. Notice there have been no reported cases in which U.S. troops have been harmed by the enemy exploiting unsecured video downlinks. To the contrary, there have been numerous reports of the benefit of this capability for the U.S. and its allies. Furthermore, it is possible that shining a light on the enemy especially when they know they are being watched is potentially better in some circumstances than shooting at them. It has been demonstrated in some urban high-crime areas that camera installations reduce crime even if they cannot always be used for real-time surveillance. The other useful application of these feeds is to allow tactical air controllers to perform real-time battle damage assessment. This purpose is not compromised by having an unencrypted video downlink.

That said, improving the security is a reasonable thing to do, although it will be challenging. The difficulty lies in the evolution, performance and scalability of the potential system improvements.

The military cannot instantaneously upgrade all of the video downlinks on the fielded UAS and the associated video receivers carried by U.S. troops. This is not practical given that there are thousands of pieces of equipment in active use. An evolutionary upgrade approach is needed. Aircraft will need to be equipped with dual-mode transmitters capable of sending encrypted and unencrypted feeds. This way, users with old receivers will still be able to view video.

Let’s look closer at what it would take to put this kind of technology migration in place.

The first step would be to change the analog video downlinks to a digital standard that has the potential to be encrypted. This needs to be done with an eye toward maintaining the performance of the current capability.

Encryption or performance?

Many of the current digital links that are supported in some UAS platforms, and could potentially be encrypted, are relatively poor performance. The current unencrypted analog feeds operate at greater range and degrade more gracefully than some of the digital alternatives that could be standardized. This leads back to the question of whether it is better to have a secure link with poor performance or an unencrypted link that works better. Unencrypted analog links are acceptable for many operations, and it does not seem wise to accept a poor-performance solution just so we can tell the media the videos are encrypted. To make this transition, we need digital links that perform as well or better than analog links.

There is an even bigger potential usability problem to solve. Introducing encryption leads us into a nasty encryption-key distribution problem that may be untenable in the field. Troops need to have the right alpha-numeric key for the aircraft broadcasting a feed at any given time. It is not likely that all of these video downlink keys are going to be distributed far and wide and still have a workable system. In operations, it is also not likely that the ground troops are going to know which specific aircraft will be pertinent to their operations and have the necessary key material loaded into their video terminals ready to decrypt the downlinks. This problem is likely to render the use of video on the battlefield useless without thinking through a more field-ready solution to the encryption-key distribution challenges. Given these challenges of performance and usability we need to think through what it will take to put a real system improvement in place.

A digital waveform is needed that has the performance necessary to distribute video with high link margins and spectral efficiency. Jamming margin is also a security concern, so this waveform will need frequency agility and potentially spread-spectrum characteristics, a technique for spreading the signal across many frequencies to make them harder to jam. This has the potential implications of much larger size, weight, power and cost than the current analog solution for both the UAS transmitters as well as ground terminal receivers. Using the latest highly integrated silicon has the potential to mediate these concerns on a new design, but care must be taken to stay within the footprint of the UAS payload restrictions.

Symmetric cryptography, in which all users would have to have the same alpha-numeric keys to communicate with each other, will not scale for this level of broadcast video dissemination. Video viewers need to be authenticated, and a session key needs to be generated to cover a given transmission. Use of asymmetric cryptographic systems rather than the currently proposed symmetric cryptography would allow the system to be easily scaled and widely distributed. This has the implication for terminals to be full duplex and to have an authentication mechanism similar to the subscriber identity module card that is resident in a cell phone to authenticate terminals and generate keys to secure the links using standard high grade public key exchange mechanisms.

Video coding

Low-bit-rate video-coding and -decoding software, called codecs, will also need to be employed to keep the design of the modem on the aircraft and on the ground from being too complicated or chewing up too much spectrum. If the video codecs are allowed to eat up too much spectrum, they could affect voice and data users in other portions of the spectrum. Low-rate codecs are critical to increasing the number of active feeds that are available with a given amount of spectrum. This also has the potential to make the improved capability larger in size, weight, power and cost than the current systems. Again, using the latest highly integrated silicon has the potential to mitigate these concerns on a new design, all while staying within the payload footprints.

In order to put these capabilities in place, flexibility and upgradeability are going to be extremely important. Software-defined radio (SDR) platforms offer this level of flexibility and upgradeability. An SDR module programmed with wideband spectrally efficient waveforms, coupled with certified Suite-B asymmetric cryptography, could be used to upgrade air platforms to simultaneously transmit sensor data in analog and digital encrypted forma. This is similar to the in-band on-channel approach that the commercial FM broadcast industry used when it was interested in providing digital HD radio programming while maintaining the analog FM stereo service in the same amount of allocated spectrum. This kind of approach to secure downlinks would allow air platforms to be rapidly updated while still maintaining a period for transition for the ground terminals to move from the analog to digital encrypted format. This would also provide the flexibility needed to use analog or secure digital feeds in the near term without entirely crippling the benefit of surveillance video in current operations. The use of software-defined transceivers in the UAS platforms and eventually in the ground terminals gives the military a mechanism to manage their transition to a viable secure video downlink solution without committing to what will be fielded all at once. Software-defined radios have proven very effective for a wide range of tactical communications platforms. Their use in this UAS downlink application could pave the way to realizing similar benefits.

Yes, security on video downlinks is a worthwhile enhancement to the current field of UAS, but adoption of a flexible and scalable approach to encryption is needed to avoid rendering the current capability useless. When we consider a system design that aims to improve performance while effectively scaling with the anticipated growth in full-motion video exploitation, we will be headed in the right direction.

Lloyd Palum is the intelligence, surveillance and reconnaissance business leader at Harris RF Communications Division.