Directed Energy within 5G

Nov 09, 2023

“Without a sound, a smell or any warning, a new non-lethal weapon developed by the US military can repel crowds using an invisibile electromagnetic beam that delivers a blast of intolerable heat up to a kilometer away. After years in development, the Active Denial System was recently demonstrated to media by the US army. The effect of the sudden heat is so repellant, the immediate instinct is to flee -- and quickly, as experienced by AFP at the presentation.”

Duration: 01:33

Beam Sweep Technologies within 5g

Beam Acquisition and Tracking

“the high pathloss of mmWave bands requires high beamforming gain to have a reasonable SNR and decent user experience. These beams need to be aligned between the cell site and UE at all times to maintain the communication link, as shown in Fig. 6.12.

Such beam alignment is a challenge in changing mobile environments where blockage is always a possibility, as discussed in Chapter 4.1. The human body, brick walls, and glass are all obstacles that may cause blockage as the user moves through space. This severe loss cannot be compensated by increasing transmission power or beamforming gain. Instead, the mmWave transmitter needs to find alternative paths or spatial channels.

Fig. 6.12. Beam tracking at the base station to maintain the communication link between base station and car.

With APA and HPA beamforming solutions, the direction of the beams is adjusted by periodically sweeping the channel according to the movement and rotation of the mobile station. However, frequent beam sweeping increases overhead and reduces throughput.

FDA solutions can transmit and receive signals in all directions at once since its antenna elements are omnidirectional, and FDA can virtually form directional and narrow beams covering the whole space at the same time. FDA transmitters and receivers can dynamically identify the new beam direction and find the best beamforming vector without increasing the latency. At the receiver, FDA can use blind beam tracking, which constantly monitors the best beam directions from data symbols without requiring pilots while data path is communicating with the current data beam. One of the challenges of mmWave systems is beam acquisition for mutual beam detection at both the base station and the user.

The 5G NR standard supports periodic transmission of synchronization signals with directional transmission and directional receiver beam sweeping. Assuming both transmit and receive nodes are directional with and beams, respectively, the exhaustive search over possible beam combinations leaves us with total possibilities.

Therefore, the latency of the initial access is sec for APA/HPA, where is beam sweeping period. However, for FDA with wide beamwidth antenna patterns, a receiving device can find the best beam direction in one shot. All possible receive directions are examined, and the best beam can be virtually determined in zero-time (ignoring the processing latency), when processing the digitally stored signal.

Therefore, an FDA system initial access latency is reduced to only sec. As a performance comparison, let’s assume the typical time duration to sweep every beam direction is . Assuming = 64 and = 16, and an exhaustive beam search, the total time to continuously search for the best beam pair is around 5s for an APA or HPA device. For an FDA device, the acquisition time is limited to 320ms, regardless of number of beams at the fully digital receiving device. In other words, the acquisition time drops by a factor of 16. 5G Americas |”

Military grade Directed Energy Possibilities

Obviously the large weapons and the crowd dispersion weapons have different objectives.

High Power Microwave Weapons have the potential to effect Crowd Control and disperse a protest, march or other event.

This engineer’s video is the most informative on the use of Crowd dispersal weapons on individuals and how to guard against them. MUST WATCH.

Defending against a 5g, Mimo microwave, or LONG RANGE AREA DENIAL in battle conceivable would be used against lightly armed or non-armed individuals. In the video he acknowledges that it is disturbing to conceive that governments would use these against own citizens (for crowd control).

Have any of you attended a protest and felt skin burning pain. I have and I can tell you I tried to ignore it and it was so sharp I could not. The pain was at my neck and created an inability to move my head for the better part of a week. I used infrared wrap and castor oil. I had to wrap my neck in a scarf again for a week or 10 days.

It was a mystery to me what that was until I prepared this blog. I may have experienced a crowd dispersal microwave. Or it’s a mystery. Have you experienced this? The ingenious defence of these weapons in the above video is quite empowering.

We are at an inflection point, where all science that can be developed is developed and without pause. Whether directed beam 5G (microwave) which has the ability to track the individual, or crowd dispersal microwave weapons, or AI, or monitoring. 5 G however is not invulnerable to attack by hackers. This means that all our information exchanged on 5G is likewise hackable. Certainly this is persuasive argument against digital ID and currency.

There are many papers reviewing the vulnerability of 5G

“Abstract:

The fifth generation of mobile telecommunications (5G) is considered a very interesting solution for military applications. However characteristics of this technology (open interfaces, cloud-based nature) create additional security threats and generate very broad threat landscape for the 5G deployments. In the article we describe main security threats related to the Radio Access Network (RAN), taking into account the open version of its implementation – O-RAN. We emphasise also possible adversarial attacks which can have significant impact when machine learning algorithms are used e.g. in the RAN Intelligent Controller. Another important thereat vector which is valid for every 5G deployment is supply chain attack. The article summarizes the basic good security practices in ensuring security in military 5G private networks and the initial thoughts on how to counteract the attack vectors presented above.”

Erickson reviews the PR reasons for safeguarding 5G. It is more open to attack AND society is placing increasingly private information on these networks between the government intrusion and the IOT. So having society believe in the impermeability of these networks are important. Instead they are quite permeable. So place CBDC and digital ID pair it with 5G?

“Safeguarding 5G networks

As the value and volume of personal, business sensitive and public service information increases with continued digitization, security and privacy laws and regulations have been expanding. This is a reaction to decreasing risk tolerance and the deteriorating cyber security environment.

Regulators know the importance of 5G and see safeguarding these networks as vital. The threat landscape for 5G is more complex than with previous generations due to the convergence with traditional IT, enabling IT threat actors to attack telecom networks in a similar way. In addition, networks often have new functionalities, such as network slicing for service separation and isolation, along with an increased use of AI/ML for automation. While AI is widely explored for its potential in addressing security concerns in networks, it is also important to consider the security and transparency of AI. Edge computing places cloud resources closer to the access, bringing new challenges whilst enabling mission-critical, low-latency applications.

Attacks on telecom networks are rising

Threat actors are increasingly skilled and pervasive, and attacks are becoming more frequent. Research from CrowdStrike, a US cyber security company, shows which industry verticals are most frequently impacted by targeted intrusions.¹ The data showed that, between July 2020 and June 2021, the telecom industry was the most targeted, attracting 40 percent of attacks compared to 10 percent for the next-highest industry vertical. It should be noted that the data does not distinguish between the telecom enterprise and the telecom network intrusions for the industry.

Threat actors: The motives, opportunities and capabilities

The well-known motivation, opportunity and capability model is a useful way of examining threat actor behavior. A threat actor must have all these factors to pose a risk.

Let’s look at a real example: Last year, a threat activity cluster named LightBasin was publicly identified, having undertaken targeted intrusions towards service providers since at least 2016. The group has gained attention due to its presence being detected by multiple service providers, although their origin is still unconfirmed.

Evolving security landscape

Critical infrastructure and increased business risks Constantly evolving security threats Increasing regulatory requirements (such as GDPR) New deployment scenarios and use cases Billions of new devices 5G-specific challenges

What motivates threat actors?

The main motivations to target telecom networks are surveillance/espionage, financial gain and disruption/sabotage.

In recent years, the most common type of attack in the cybersecurity landscape has been the deployment of financial gain ransomware. To achieve bigger payoffs, ransomware operators have shifted their targeting to high-profile organizations in industries such as manufacturing. Threat actors know this industry sector has a low tolerance towards downtime and is more inclined to pay out as a result. With increased use of 5G within different industry verticals’ networks, the motivation to attack 5G networks should be looked at from the perspective of the related industry sector.

Personal data is also always of high interest. One objective of espionage is to obtain call metadata, especially call detail records (CDRs). This means customer billing and customer care systems are primary targets. LightBasin was observed targeting business support systems to obtain CDRs.

Disruption is the least typical of these motivations for targeting telecom networks. These attacks often have their roots in ideology, driven by personal, group or nation-state agendas. During the first quarter of 2022, a number of these attacks occurred on European networks, including targeted attacks to prevent local gamers from participating in a tournament and network-wide disruptive cyberattacks, putting critical services at risk.

Due to a shift in the tactics used by cybercrime and nation-state threat actors, and the increasing use of common IT platforms in telecoms, the likelihood of attacks has increased.

Cybersecurity and Infrastructure Security Agency, US

”[5G] will empower a vast array of new and enhanced critical services, from autonomous vehicles and telemedicine to automated manufacturing and advances to traditional critical infrastructure such as smart grid electricity distribution. Given 5G’s scope, the stakes for safeguarding these vital networks could not be higher.”

The opportunities for threat actors

New features within 5G networks bring many advantages, enabling new use cases. However, the technical complexities can create new opportunities for threat actors.

The ongoing transformation to cloud native introduces new concepts, new deployment methods and more complex partnership structures. With this trend, deployments are becoming more complex. This requires new types of competence and skill sets, from both vendors and service providers. Consequently, the risk for misconfigurations, which expose weaknesses, is increased. Vulnerabilities in virtualization, cloud services, or network slicing can have a considerable impact, as they may enable access to unauthorized resources.

5G will connect billions of devices, and not all these devices have sufficient security protection. Devices used for Industrial IoT are often optimized for a specific task, with design driven by cost efficiency. Vulnerabilities in these devices can be used to target the 5G network, or the industry vertical. This requires protection of devices to be provided from the network side. In general, any exposed interface provides an initial entry point for a threat actor. LightBasin accessed target networks via incorrectly exposed interfaces on the GPRS roaming exchange (GRX), a closed inter-service provider network.

Threat actors are increasingly using valid credentials for accessing targets. In addition to the traditional social engineering techniques for obtaining human identities, threat actors are looking for weaknesses presented by the surge of machine identities that are needed in cloud-native deployments. Strong multi-factor authentication, with management and monitoring of privileged accounts, is essential to prevent and detect account misuse. It will also limit the impact of credential theft and the exploitation of vulnerabilities.

Figure 29: Threat actor motivations

What are the capabilities of threat actors?

Threat actors have shown the capability to build targeted and context-specific malware. Nation state threat actors routinely exhibit good operational security and use various defense evasion techniques to hide their activities, making it possible for them to move laterally in the target organization before being noticed. For instance, LightBasin carefully deleted traces in log files after their activities.

Threat actors try to blend their communication into normal traffic and use legitimate protocols, such as ICMP and HTTP. In addition to these, LightBasin used telecom-specific protocols to bypass firewalls and stay under the radar.

As the industry moves away from proprietary protocols and dedicated infrastructure, intrusion of telecom networks does not necessarily depend on extensive knowledge of these networks and their protocols. Threat actors targeting telecommunications networks will increasingly resort to routine vulnerability exploitation, supported by public availability of exploit code.

Even though 5G interconnects are more secure, older network generations will be used for several years, and attacks via interconnected interfaces will continue and will be more complex and difficult to detect as threat actors increasingly focus on defense evasion.

Trust in mobile networks is paramount

Trust in mobile networks, especially 5G, is the foundation for digitalization. To enhance trust, the GSMA Network Equipment Security Assurance Scheme (NESAS), jointly defined by 3GPP and GSMA, provides an industry-wide security assurance framework to facilitate improvements in security levels. NESAS defines security requirements and an assessment framework for secure product development and product lifecycle processes, and uses 3GPP-defined security test cases for the security evaluation of network equipment. NESAS is intended to be used alongside other mechanisms to ensure a network is secure and, in particular, to ensure an appropriate set of security policies covering the entire lifecycle of a network is in place.

3GPP standardization made major improvements in terms of security and privacy compared to 4G. 5G has been designed with new functionality that is intended to make it more resilient towards various existing frauds, subscriber privacy and eavesdropping issues, than earlier generations.

For instance, the industry is putting considerable effort into protecting the interconnect networks between the service providers, encrypting, and otherwise hiding subscriber identifiers, and preventing the modification of the user data sent between user equipment and radio base stations. 5G also provides a standardized and well-defined way to deploy zero-trust functions like authentication and authorization of API usage, and protected communication between and to the 5G network functions.

It’s time for the active defense of telecom networks

With networks being used in new contexts, connecting a greater variety of mission-critical processes, it is no longer enough to rely solely on standardized and regulatory-based security controls. Now the active defense of telecom networks is also required.

The entire industry is currently accelerating the journey from passive defense to active defense strategies. The embedded security inside network products is critical but still not enough. The telecom networks of today are built to evolve, and security must do the same.

Securing 5G networks

Telecom networks’ availability and performance are more valuable than ever, which makes them attractive targets for malicious actors. Powerful security monitoring and automation, identity management, effective incident response handling and solid business continuity planning are critical to securing networks. Building a secure 5G network requires a holistic approach, rather than a focus on individual technical parts in isolation, to protect end users. Network operations is one of four key layers enabling the holistic approach, alongside standards, product development processes and network deployments.

Figure 30: Protecting 5G end-users requires a holistic approach including the four key layers”

These test subjects reveal the pain they felt at their neck before they had to jump out of the way. Oddly my experience as well.

There is an increasing amount of technology aimed at citizens with all kinds of ramifications.

Concentration Microwaves caused Havana syndrome?

Please share any knowledge or experience and whether you use a 3g, 4g phone.

LawyerLisa’s Substack

Discussion about this post