Newsletter Sponsors:

Is Ukraine’s Starlink SATCOM data immune to Russia’s high-end electronic warfare capabilities?

The Russian armed forces are doubling down on their efforts to disrupt Starlink SATCOM terminals used by Ukraine’s armed forces. This might be easier said than done.

SpaceX’s Starlink SATCOM terminals have been a thorn in the side of Russian forces in Ukraine since they arrived in the theatre of operations. The first were up and running by 28 February last year, five days after Russia’s full-scale invasion of the country.

Media reports say at least 23,000 of these terminals may now be in Ukrainian hands. They have been donated by SpaceX, governments and via private donations.

Starlink has clearly made a difference. A New York Times report said the terminals allowed the defenders of Mariupol, on Ukraine’s southeast coast, to remain in touch with their commanders during the city’s three-month siege.

Conlog is Finland's principal defence systems integrator, providing NATO and its allies with modern, integrated security solutions and comprehensive life cycle management.

The Russian armed forces tried to counter the terminals by hacking their software. Elon Musk, SpaceX’s founder and CEO, said the hacking was unsuccessful. In early autumn 2022 SpaceX introduced software fixes against potential vulnerabilities that might affect users.

Likewise, the terminals have been able to outflank jamming by Russian EW assets. In April 2022, Musk said that such attempts had been neutralised thanks to a software upgrade.

However, EW is a game of cat and mouse. The red force tries something to jam blue force SATCOM, and blue force comes up with a fix to neutralise the jamming. Red force then tries something else to neutralise the blue force fix, and on it goes.

Russian forces have struggled to jam Starlink using the EW systems they have deployed into the Ukrainian theatre. The first problem they have is frequencies. Like all SATCOM terminals Starlink uses radio signals beamed into space to reach the satellite constellation overhead and vice versa.

The Starlink network uses Ku-band frequencies of 12-18GHz, and Ka-band transmissions of 26-40GHz. Beyond Ka-band, Starlink can also use frequencies of 40-50GHz. Open sources suggest the Russian Army lacks any EW systems capable of detecting or jamming these frequencies in their entirety.

A trove of US intelligence leaked in April through the Discord messaging platform revealed the Russian Army has been trying to use its R-378A Tobol EW system to jam Starlink. Why remains a mystery.

Russian sources seen by the author say the R-378A can only detect and jam transmissions across a waveband of 1.5-30MHz. This is far below Starlink’s Ka-band and Ku-band frequencies.

Discover IHSE’s extension and switching solutions for protected computer access in high-security environments.

This means the R-378A would require substantial modification to enable it to jam the latter frequencies. It would also need a highly precise, directional antenna capable of detecting Starlink transmissions. Their frequencies make Starlink’s signals very discrete.

Also, why Russian EW engineers would use a capability primarily designed for detecting and engaging high-frequency communications remains unclear. The army has other EW systems detecting and jamming communications systems transmitting at higher frequencies. These would arguably be more suitable for enhancement to detect and jam Starlink.

Other reports say the army is using its RP-379 Tirada-2S EW system to attempt Starlink jamming. Russian sources say this can detect and jam threats across a waveband from 3-30GHz. This could indeed encompass the Ku-band signals Starlink uses, and some of the Ka-band.

Above: Claims have been made that the Russian Army’s RP-379 Tirada-2S EW system has been employed to jam Starlink. This may have only been partially successful due to the latter’s wavebands. Upgrading it to attack Starlink could prove difficult given international sanctions against Russia. (Photo: via author)

Attacking Ku-band transmissions might deprive recipients of data sent from the satellites to terminals on the ground. However, the RP-379’s waveband will not stop Starlink users transmitting data from their terminals up to the satellites. This is done using channels outside the Tirada-2S’s catchment area.

At best, the RP-379 can probably only partially degrade Starlink use. It is possible that Russian engineers are taking steps to augment the system’s capabilities to extend its detection and jamming capabilities up to 40GHz and beyond. This may be easier said than done.

Enhancing these platforms will require advanced microelectronics, which a report last year by London’s Royal United Services Institute said Russia has increasing difficulty obtaining because of sanctions. Likewise, developing the requisite precision of a jamming beam in frequencies of 30GHz and above most probably necessitates active electronically scanned array (AESA) technology.

AESA antennas can electronically steer their beams making them very precise. Nonetheless, they also depend on sophisticated microelectronics of the type that Russia has had difficulty producing domestically.

Furthermore, they need sophisticated materials such as gallium nitride (GaN). GaN lets the antennas handle high power levels, and the high temperatures, needed to transmit such jamming signals. Like the microelectronics, GaN is subject to international export controls.

Russian forces will no doubt continue their efforts to reduce Starlink’s effectiveness, but a combination of sanctions and Starlink’s specifications could make this quite a challenge.

Open for business – how OSINT from smartphones is changing the face of conflict

Smartphone-derived open-source intelligence is playing an important role in the Ukraine war, but its use is not without potential pitfalls.

Is Ukraine the first ‘smartphone war’? Perhaps. Social media is awash with video and photos from the theatre of operations, and it is almost possible to watch the conflict streamed in real time from cellphones carried by soldiers and civilians alike.

Everything from strikes by loitering munitions, to the more unpalatable activities of Russia’s Wagner Group, has been filmed with these devices.

Both sides have exploited imagery gathered by smartphones to provide intelligence. Open-Source Intelligence (OSINT) is nothing new. For as long as information has been available in the public domain, it has been exploited for military or political purposes.

Above: Damage to a school gymnasium allegedly caused by a Russian rocket attack perpetrated 30 minutes after a Ukrainian soldier posted his picture in the gym on social media. Fourteen troops were killed and 12 wounded. (Photo: via author)

The ubiquity of the camera-equipped smartphone simply offers a new way in which OSINT is gathered and shared. Ironically, social media posts can provide a trove of information which may help targeting.

‘Some Russian soldiers have been geotagging their location on public social media sites,’ said Tom Bullock, an analyst focusing on the use of OSINT. Geotags will reveal a location and may be added by the person posting the content. ‘This information has most likely been used by Ukrainian targetters to pinpoint the location of Russian units.’

Bullock added that OSINT is extensively mined by both sides prior to, or during, manoeuvre for any potentially useful intelligence. He noted that this creates an OPSEC imperative to ensure that troops do not reveal their location or useful intelligence on social media: ‘The Ukrainians are definitely better than the Russians at OPSEC,’ observed Bullock.

Using OSINT in this fashion is not without risks. ‘I think that there are a lot of pitfalls,’ said Bullock. Users need to question the intelligence for it to have any utility: ‘Assessing when a piece of media was captured is quite important. When was the picture taken? This is vital if you are using this information for targeting.’

Evaluating information sources is also important. For example, is the material trustworthy? Has it been placed on social media deliberately with the intention of spreading disinformation?

‘You are only seeking what you are seeing, you might not be able to corroborate this with other sources,’ noted Bullock, saying that targetters and analysts must be trained to approach any potential OSINT with caution. ‘

‘There is a risk that analysts prioritise OSINT over other sources, which may be downgraded at best or discarded at worst, particularly given the perceived significance and popularity of OSINT among non-intelligence seniors or decision-makers.’

Will militaries outside the Ukraine theatre adopt similar approaches to aid their own targeting? Bullock thinks this is unlikely.

He thinks that NATO and allied militaries already have robust procedures in place for their military intelligence cycles: ‘There is a place for OSINT, but in my mind either as a general situational awareness tool, or as a trigger for further intelligence action or collection. I don’t necessarily envisage a world where Western governments will be using four-day-old social media as part of their targeting process.’

Why the move to multi-domain operations is creating new cyber vulnerabilities

As NATO (members place multi-domain operations (MDO) front and centre of their military doctrines, so cybersecurity takes on ever more importance.

MDO is not just a philosophy for its own sake. It intends to improve the pace, quality and quantity of one’s own decision-making at the expense of one’s adversary.

Above: Cyber security for deployed command and control systems will be vital for multi-domain operations. (Photo: US DoD)

Concepts like the US DoD’s Joint All-Domain Command and Control system distils this MDO philosophy into a series of programmes aimed at realising these aspirations.  

The levels of connectivity heralded by MDO will trigger exponential growth in data moving around the networks forces will need to increase their strategic superiority.

As such, securing this data becomes paramount. IHSE, based in Oberteuringen, southern Germany, provides cybersecurity capabilities for military applications.

‘Our recent work has involved helping to secure C2 systems on warships and C2 systems used in deployed field headquarters,’ Dr Enno Littmann, IHSE’s CEO, told Shephard. 

The company’s Draco product line includes several KVM (keyboard, video and mouse) switches, extenders, integration products and accessories.

IHSE has ‘a proprietary protocol in a matrix system which allows the sharing of information but protects you from sharing information from one computer to another’.

This prevents an unauthorised device collecting information from another machine using IP-based, WiFi or Bluetooth connections. Hardware design and specific protocols embedded in IHSE’s Draco product line prevent this from happening, Littmann continued.  

At a deployed headquarters, such equipment could be used to connect computers located in a secure room or container with operator desks and situation rooms. Connections could use fibre-optic cables which are immune to electronic eavesdropping as they produce no radio frequency signals.  

IHSE is now launching a new member of the Draco family: ‘Up until now, our secured communications have only been available in a point-to-point configuration,’ noted Littmann. Before, users were granted access to a finite number of secure computers based on their level of authorisation.

‘This was a waste of resources,’ he continued. The new approach means any user can use any computer, depending on their authorisation, but their traffic can be routed securely regardless of which device they are using. ‘This is much more efficient and much more flexible.’

The technology is exportable to NATO and allied nations and several customers are already receiving these new products.

Don't want to miss out on future Decisive Edge content? Make sure you are signed up to our email newsletters.