DHS: Drug Traffickers Are Spoofing Border Drones

Lothar Eckardt, right, executive director of National Air Security Operations at U.S. Customs and Border Protection, speaks with a Customs and Border Patrol agent prior to a drone aircraft flight, Wednesday, Sept 24, 2014.

AP Photo/Matt York

AA Font size + Print

Lothar Eckardt, right, executive director of National Air Security Operations at U.S. Customs and Border Protection, speaks with a Customs and Border Patrol agent prior to a drone aircraft flight, Wednesday, Sept 24, 2014.

The homeland security agency, and local law enforcement as well, are looking to harden its drones against attack, but that comes at a price.

The drug cartels aren’t just buying golden Uzis anymore. As the U.S. Customs and Border Protection agency, or CBP, has upped its drone patrols along America’s Mexican border, narcotics traffickers have responded with expensive technology of their own.

“The bad guys on the border have lots of money and what they are putting money into is into spoofing and jamming GPS systems. We’re funding some advances so we can counter this,” said Timothy Bennett, a science-and-technology program manager at the Department of Homeland Security, which oversees CBP. Those bad guys aren’t ISIS, just traffickers, Bennett said on Dec. 16 at the Center for Strategic and International Studies “It’s more about trafficking drugs and people,” he told Defense One. “We know who’s over there. We can guess who’s doing it.”

Bennett said CBP has a rapid and growing need, especially for “small” unmanned aerial vehicles, or UAVs. But unlike larger drones designed to military specifications, many small UAVs are far more vulnerable to hacking and location spoofing. Consider how easily Chinese cybersecurity researchers Lin Huang and Qing Yang with Qihoo 360 were able to disrupt the geofence on a DJI Phantom drone by spoofing GPS, which is illegal in the United States.

“The manufactures know it’s an issue. They’re not going to advertise it as an issue. It becomes cost-prohibitive. They’re not going to, all of a sudden, put it in their aircraft because it does drive the price up,” Michael Buscher, CEO of Vanguard Defense Industries.

Vanguard makes a drone called the ShadowHawk, a popular purchase among local police forces near the border. Buscher couldn’t say how many CPB units or border law enforcement agencies do use the drones, citing non-disclosure agreements, but it was among the first UAVs to be approved for purchase with DHS grant funds, including in border areas.

The ShadowHawk uses military-grade encryption and changes GPS frequencies every half second, according to Buscher. Other drone makers looking to sell to DHS have approached him to ask about hardening their aircraft against attacks. “We’ve been contacted and they ask us what kind of military-grade encryption that we use. We tell them what the cost is and where we are purchasing it from and then it becomes cost-prohibitive for them,” he said.

“It’s the spoofing that’s bad. That we’ve got to look into. They can make you think you are someone else,” Bennett said. “For small [UAVs], it’s a bigger deal. They can’t do the secure GPS. There are a lot of anti-jamming systems right now that can detect it but they’re big and heavy. So you’ve got something that weighs 25 pounds, you add five pounds, and it affects its payload or it affects its duration. So the big thing now is getting that [detection] capability on these small ones in a way that doesn’t add weight to it.”

DHS was unable to say just how often smugglers tried to jam or spoof border-watching UAVs. But Bennett said the attacks are hindering law enforcement abilities to map drug routes. “You’re out there looking, trying to find out this path [they’re] going through with drugs, and we can’t get good coordinate systems on it because we’re getting spoofed. That screws up the whole thing. We got to fix that problem,” he said.

Debugging DHS Drones

Spoofing is far from the only problem facing Department of Homeland Security and the way it gets drones to the border. In addition to giving grants to law enforcement agencies to purchase UAVs, DHS also has many of its own. Last year, the department’s own inspector general declared that DHS drone purchasing program, which had spent $360 million since 2005 — $62 million in 2013 alone — was largely a failure.

For starters, DHS was vastly understating its costs.

DHS had taken delivery of 11 MQ-9 Reaper drones, unarmed but otherwise similar to the ones used by the military in Iraq and Afghanistan. DHS anticipated that the cost per flight hour would be $2,468, far lower than the actual $12,225. The agency was using accounting tricks to move the costs of pilots, equipment, and overhead off the books. Even the actual flights hours — 5,102 — were a fraction of the promised 23,296. As a result, large areas and portions of the border were left undefended. More damning, CBP had little to show for the big price tag. UAVs helped in just 2 percent of apprehensions on the southwest border. The audit came out just as DHS was asking Congress to give it $443 million for another 14 Reapers, also called Predator Bs, which the agency received.

CBP has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security. The $443 million CBP plans to spend on program expansion could be put to better use by investing in alternatives,” the audit concluded.

Buscher believes that DHS was persuaded to buy an overly elaborate military drone, the Reaper, designed to carry out dangerous strike missions on the other side of the world. A smaller, more portable, but still secure drone (like the one that his company manufactures) would be more suitable for the border job, he says.

“It’s a horrible solution,” he said of the Reaper purchase. “We worked diligently to prevent that purchase on the part of DHS.” It may be one reason why DHS is now emphasizing smaller drones. They’re cheaper and easier to use, but also, potentially, more vulnerable.

Today, the drone grants that DHS is awarding to law enforcement agencies, while smaller than the Reaper, aren’t large to enough to buy the sorts of UAVs that can withstand penetration and spoofing attempts. “We’ll have departments call us and say, ‘Hey, we got a DHS grant for a drone: $25,000.’ [But] our cost starts at $120,000 just for the cameras. The grants that [DHS] is providing, it’s setting them up for failure … what they can purchase with it is susceptible … limited in range and capability.”

Bennett didn’t discuss the report but did lay out a number of steps that DHS was undertaking to improve the way border guards use drones. The agency has launched a project called Robotic Aircraft for Public Safety II, or RAPS II, to get more small drones to border agents. (The first RAPS, launched in 2012, explored the use of small drones for first responders.) The initial RAPS II demonstration session is scheduled for Jan. 11 at Oklahoma’s Fort Sill, where more than a dozen companies will meet to test 20 small drones in day and night conditions.

DHS is also funding new research and development to improve its border monitoring drones. The agency wants UAVs that can detect motion, then decide whether to alert a sensor operator, potentially cutting down on operator costs.

“The big thing for air and marine CBP in general is detecting motion on the ground. We’re helping fund moving target indicator systems in the MQ-9 and others so that they will be able to see … a man on the ground, follow them,” Bennett said.

DHS is also interested in drones that can hover far longer than even the most advanced and fuel-efficient military UAVs. “Other next-generation unmanned systems will conduct a broad range of missions with application to the [Homeland Security Environment]. For example, significant experimentation is ongoing in high-altitude, long-endurance (HALE) aircraft that could remain in flight for weeks at a time,” reads a DHS report (written almost a year ago but released to the public on Dec. 16).

The report also says that privacy concerns may curtail the use of drones over U.S. soil. “Already we’ve seen companies selling persistent surveillance, wide area surveillance solutions,” Jay Stanley, a senior policy analyst from the American Civil Liberties Union, said at the CSIS event. “Mass surveillance by use of drones is both something very far away but also very near … The technology will move very quickly.”

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.