The Russian invasion of Ukraine and cyber and RFI threats in Europe

Europe shares thousands of kilometres of borders and seaways with Russia and Belarus, and is facing threats of invasion. Billions of Euros in trade rely on secure land, sea, and air navigation. Some Eastern European states, with western allies, support Ukraine financially and with weapons, imposing sanctions and flight restrictions (European Commission, 2022). North, east, and southeast Europe, along with the Arctic, frequently experience Russian jamming and spoofing (US Department of Transportation Maritime Administration, 2022).

In response to Russian EW actions in Ukraine, Europe's aviation authority warns of GNSS issues affecting GPS and Galileo users (European Union Aviation Safety Agency [EASA], 2022a, p. 2). Russian RFI, spanning from Varanger to Kaliningrad and the Kola Peninsula, has disrupted aviation systems and airports, leading to cancelled flights (Nilsen, 2022b). These incidents are becoming more frequent and prolonged (Nilsen, 2022a) and even affectair ambulance services.

RFI has various criminal and military uses, including Russia supplying non-state actors in Ukraine (Patrick, 2015, 2016; Westbrook, 2019b, p. 6). Homemade jamming systems, including legacy Soviet technology, water pumps, copper pipes, and electromagnetic emitters, pose aviation risks (The Associated Press, 2011, p. 3). Off-the-shelf jamming and spoofing devices are accessible and concealable, from miniaturised versions to backpack-sized equipment (Westbrook 2019b, p. 9).

States may use ‘cyber mercenaries’ covertly for offensive or defensive purposes, targeting emergency responders, port operators, and airliners (Westbrook, 2023b). Patriot -hackers and cyber mercenaries, often limited to civilian systems, are much less sophisticated than state militaries (Westbrook, 2023a, p. 86). Russian EW units possess advanced EW -technologies and trade with other countries (Iran, possibly China).Coordination among aviation authorities is emerging to tackle the growing RFI problem, despite the challenges posed by diverse attack methods and attackers (Westbrook, 2023b).

What is Europe doing?

As a result of interference from civilian and military users, in recent years there has been a stronger international urge for action from the likes of the International Air Transport Association (IATA) and the U.N.’s International Civil Aviation Organisation (ICAO), among others (Goward, 2023). In terms of restrictions on trade, the European Union (EU) and United Kingdom have adopted a number of bans of exports on goods, technology, and technical assistance targeting the Russian aviation sector (EASA, 2022c; UK Government, 2023). Following a number of serious aviation incidents after Russia’s annexation of Crimea in 2014, the EU, for example, has developed common rules in reporting civil aviation safety hazards (although this was planned before the invasion happened; European Parliament, Council of the European Union, 2014). As a result of increase in interference since 2022, the EASA (2022b), using data from network of analysts and open sources, has issued information about affected regions and a European information sharing and cooperation platform on conflict zones. The aim of the platform is to enable domestic operators to carry out risk assessments based on events experienced by other operators. Safety information bulletin warnings communicating increased probability of issues with GNSS interference are shared. Unlike the equivalent US reporting systems (Aviation Safety Reporting System (ASRS), 2023), the reporting mechanism is not open access to independent observers, but only to commercial air operators within the EASA. The information is not distributed in real time based on current events, and has little context about the motivations for why RFI might be used.

The reporting mechanism also assumes that RFI is a static problem confined to geographical locations. This may lead to interference being shrugged off as blips in the areas considered safe. Indeed, it assumes a level of predictability in problem areas which may lead to lack of vigilance in non-problem areas. Due to the new “normality” of frequent and prolonged RFI, interference may be treated with less due diligence as “passive alarms” that are not serious enough to warrant more action. RFI can come from the ground, from other aircraft, people onboard aircraft, or from devices within or attached to aircraft. Finally, the inadequate sharing of data to other interested parties gives observers a narrow picture that produces conjecture and redundancy, rather than objective and evidence-based analysis and response to the full risk situation.

Why is RFI Specifically Dangerous for Aviation?

Many aircraft, including manned and unmanned aerial vehicles, rely on the position, timing, and navigation information provided by the GNSS and other navigations aids. While all aircraft are vulnerable to RFI, smaller aviation users are at the highest risk, because many of these aircraft use consumer-grade GPS receivers (Goward, 2023), and do not have the additional navigation aids that large commercial aircraft typically have.

There are many different navigation aids built into various aircraft, and many studies have demonstrated that a number of aviation systems are vulnerable to attacks (Sathaye et al., 2019). The Automatic Dependent Surveillance–Broadcast (ADS-B), for example, enables pilots and other observers to identify where (most) other aircraft are at any given time. In some cases, ADS-B is used as a sole means of position information and surveillance of other aircraft when the level of service is low. In the current literature exploring technical vulnerabilities of navigation systems in aircraft and supporting infrastructure (e.g. Costin and Francillon, 2012; Kožović and Đurđević, 2019, 2021; Sathaye et al., 2019; Khan et al., 2021), there have been numerous problems identified with ADS-B. This includes injecting non-existing aircraft by spoofing ADS-B messages, and modifying the route of an aircraft by jamming and replacing the ADS-B signals. ADS-B has been criticised for lacking the minimal and necessary mechanisms, including entity authentication, message encryption, and vulnerability to tampering (Costin and Francillon, 2012, p. 1), among other things (Alohali, 2019).

For landing purposes, aircraft may use the Instrument Landing System (ILS) to navigate a plane’s position in relation to the runway. It has been identified that ILS is vulnerable to so-called overshadow attacks, which is where an attacker can transmit signals that overpower the ILS signals (Sathaye et al., 2019, p. 361). Other types of attacks, such as those against signal generation, can “cause deflections in the course deviation indicator needle” (Sathaye et al., 2019, p. 359). The seriousness of the problem can depend on the location, the duration, the phase of the flight, and environmental conditions. If such systems are affected, pilots usually resort to other navigational cues and detection systems, but when such alternatives are not available, or degraded, it could lead to serious hazards.

Some instances of accidental military jamming gives us an idea of the potential harm it can do to civilian systems if/when used in an indiscriminatory manner (Harris, 2021), and the impacts are not just felt by aviation systems. Numerous hazards have been reported from anonymous pilots in the United States, ranging from airspace violations and near collisions to landing at the wrong airport as a result of jamming and spoofing (National Aeronautics and Space Administration [NASA], 2022). The Institute of Electrical and Electronics Engineers (IEEE) spectrum has also documented “173 instances of lost or intermittent GPS during a six-month period of 2017 and another 60 over two months in early 2018” because of accidental military jamming. The data they found show aircraft flying off-course, accidentally entering military airspace, being unable to manoeuvre, and losing their ability to navigate when close to other aircraft. Many pilots required the assistance of air traffic control to continue their flights. The affected aircrafts included a pet rescue shuttle, a hot-air balloon, multiple medical flights, and many private planes and passenger jets (Harris, 2021).

Flight deviations and airspace violations as a result of suspected GPS jamming and spoofing have been reported frequently from anonymous pilots, some of which have been tied to military training activities (NASA, 2022). Reports from 2022 alone indicate altitude deviations, track heading deviations, the GPS going into dead reckoning mode without the pilot noticing, and very near airspace violations due to incorrect GPS readings (NASA, 2022). Some reports indicate how GPS interference distracts pilots, some already fatigued after long flights, and leads them to inadvertently violating airspace. In 2019, a commercial passenger aircraft, having relied on GPS through the mountainous approach in the Sun Valley in Idaho, deviated off course due to low-level inference. The aircraft was reportedly saved by an attentive radar controller, saving the lives of all on board (Goward, 2023).

In extreme circumstances, distractions and deviations could mean relying on limited fuel reserves, and for sleep-deprived pilots on long-haul flights with limited resting periods, it could lead to more serious mistakes. Deviations into countries experiencing conflict, such as Russia, Belarus, and Ukraine, could result in the plane being misidentified, as indicated by the EASA (2022b).

There has been a speculation about spoofing, leading to the tragic Malaysia Airlines Flight MH370 disaster in 2014 (Wise, 2019; Rietjens, 2019) which probably deviated from its North-East flight path from Kuala Lumpur to Beijing and was last picked up by military radar heading North-West towards the Indian Ocean. It has been suggested by some national authorities that the flight path could have been altered by an employee, but there has been no conclusive evidence.

All in all, these examples demonstrate how indiscriminate or targeted attacks against aircraft are worthy of specific analysis in political sciences. Hereafter, drawing on various related and unrelated incidents, the tactical and politically motivated attacks are arranged into hypothetical categories.

RFI to complement political narratives of Western aggression

One main concern about RFI is the potential that actors could spoof aircraft into Russian airspace in real terms but also via pilot’s and observer’s digital interfaces. Russia has consistently used alternative media narratives to justify its unprovoked invasion of Ukraine. These narratives are targeted towards its own population and populations of sympathetic states. Where spoofing of aircraft could aid such narratives, in the taxonomy of RFI tactics (Westbrook, 2023b, p. 73), one such strategy of decoy spoofing could fit into such motives. Used primarily to trick other users into an action desirable to the attacker, the same strategy could be used to give the impression that NATO aircraft have been intruding into Russian or Belarussian airspace.

Concerns about the vulnerability of ADS-B bare similar risks in terms of “digital intrusions” into territories. Following 9/11, it was found that hackers could easily introduce as many as 50 false targets onto controllers’ radar screens (McCallie, 2011, p. 17). Two researchers spoofed “faked aircraft into the simulated busy airspace over San Francisco.” They found that “[s]poofing a target into the real ADS-B system would be a simple matter of transmitting the signal on the ADS-B frequencies (978 and 1090 MHz)” (Thurber, 2012). While such studies indicate a more maligned and destructive motivation, similar strategies could be used to give the impression of airspace violation, or inadvertently influence a pilot to enter airspace to avoid falsified, impending collisions.

While spoofing can be used to demonstrate western aggression in the digital domain, it can, and has been, used to justify the shooting down of aircraft. In proxy conflicts, such interference is intended for the purpose of testing military systems while not instigating a direct military confrontation. While there are no known instances of military actors targeting civilian aircraft for such purposes, it is worth considering military systems as being ample targets for such political tactics. In the taxonomy, the strategy of correcting or -following crooked paths (Westbrook, 2023b, pp. 72–73) could provide both explanations for why two US drones were misdirected into Iranian skies. Dana Goward, a commentator on RFI events, noted that the flight was on a routine trip from two different ports off the coast of Saudi Arabia in international airspace. “Somehow [the drone] ended up way to the left, where the Iranian navy just happened to be waiting for them. All of a sudden it’s taking a right-hand turn toward Iran, and getting shot down while it was in their territorial airspace” (Adde, 2021). In 2019, then President Donald Trump reportedly “came close to calling for an airstrike against Iran in retaliation” (Adde, 2021). Former US Vice President Dick Cheney similarly stated that he supported the option of targeting a captured US unmanned aerial vehicle (UAV) that Iran claimed to have captured (expanded later) (Westbrook, 2019b, p. 9).

While correcting or following crooked path attacks could inadvertently lead to military confrontations, indiscriminate jamming and spoofing attacks, such as these, could likewise lead to civilians being accidentally targeted due to incorrect or degraded navigation information. During the Cold War era, passenger flights, such as the London to Tel Aviv El Al Flight 402, strayed into and was subsequently shot down in Bulgarian airspace. The Libyan Arab Airlines Tripoli to Cairo flight LN 114 experienced equipment failure and got lost in the disputed Sinai Peninsular in bad weather. It was shot down. And two Korean Airlines passenger aircraft in 1978 (KAL 902) and 1983 (KAL 007) strayed into Soviet airspace and were shot down. Ironically, such examples were prior to accurate GNSS was a utility available to commercial airliners, but even with GNSS ubiquity, incidents of misidentification occur. In January 2020, Ukraine International Airlines flight PS752 was tragically shot down in Tehran because it was misidentified as a US missile during heightened tensions between the two countries, according to Iran’s armed forces (which previously blamed it as a technical fault; Gritten, 2023).

Indeed, we do not need to look hard for an example of high-grade military equipment being used by non-state actors where a catastrophic incident happened. Although not related to RFI, a notable example includes the downing of Malaysia Airlines Flight 17 in 2014 by pro-Russian separatists in Ukraine using a Russian-supplied Buk surface-to-air missile, resulting in 298 deaths. The aircraft was misinterpreted as a military aircraft. Russia and its media changed their narrative many times but initially insisted that a NATO plane was shot down, then insisting a Ukrainian jet shot at the aircraft. Russian nationals Igor Girkin, Sergey Dubinsky, and Oleg Pulatov, and Ukrainian national Leonid Kharchenko were tried in absentia. Girkin, Dubinsky, and Kharchenko were sentenced to life imprisonment (Netherlands Prosecution Service, 2021).

Denial of service (DoS) for intimidation, harassment, economic loss, and to portray a dominant Russian cyber influence

Denial of service is intended to degrade and deny confident use of GPS and other navigation beacons, and potentially destroy the victim’s receivers with strong overpowering signals (Westbrook, 2023b, p. 74). Recent papers have focused on the political motives of DoS attacks on the radio spectrum and the state level (Westbrook, 2019a, 2023b) and DoS has been linked to the potential indirect loss of life as a result of degrading the ability of emergency services to operate safely (Harris, 2021). Some events have been attributed to civilian users using cheap jammers to avert toll payments in Norway and elsewhere (Gangeskar and Laagstein, 2022; Westbrook, 2019a). It has also been linked to causing economic damage to airports, particularly for civilian users (Woodrow, 2017). In all likelihood, there are possibly thousands of such incidents each year worldwide that are not reported openly. Thus, if this can all happen accidentally or unintentionally, what can be done intentionally?

Russian military DoS has recently been described as “smart jamming” by some commentators (Center for Advanced Defense Studies (C4ADS), 2019, p. 9; Milner, 2020 citing Todd Humphreys), specifying that such jamming can morph into spoofing, giving the pilot hazardously misleading information, instead of direct loss of position information. This smart jamming could mislead a GPS user or system using GPS or ground-based navigation beacons to correct or follow a false velocity reading or direction, thus making them go in the wrong direction because of crooked path attacks (Westbrook, 2023b, p. 72). A test undertaken by the University of Texas at Austin found, for example, that inducing a false trajectory reading into a drone could make it try to correct its position, and potentially crash as a result (Kerns et al., 2014).

Similar issues have been identified when spoofing the Instrument Landing System (ILS) used for landing planes. Evidently, the RFI at the landing stage could be imposed by (suspected) cell phone towers, or other electromagnetic interference, as was considered in cases in South Korea, the Philippines, Indonesia, and Thailand (International Civil Aviation Organization, 2018). In South Korea, of the hundreds of aircraft affected, four missed their approach due to a GPS warning (International Civil Aviation Organization, 2012). Such attacks could easily be imposed by low-sophisticated political actors, such as patriot hackers, and thus also potentially by indiscriminate military-grade spoofing.

It is certainly important to consider the possibility of attacks on the ILS based on other previous operational failures of the system, including the Singapore Airlines flight SQ327 (143 passengers and 15 crew) in 2011, which “unexpectedly banked to the left […] about 30 feet above a runway,” and then “veered to the right, crossed the centreline” at Munich airport in Germany (Goodwin, 2019; German Federal Bureau of Aircraft Accident Investigation status report, no date). According to an incident report, “the jet missed its intended touch down point by about 1,600 feet. Investigators said one contributor to the accident was localiser signals that had been distorted by a departing aircraft” (Goodwin, 2019). Goodwin (2019) also notes other “near-catastrophic accidents involving ILS failures”, including “Air New Zealand flight NZ 60 in 2000 and a Ryanair flight FR3531 in 2013 (Dutch Safety Board, 2014). DoS smart jamming could hypothetically replicate what was found with a low-cost spoofing device. Spoofing ILS could “generate what is sometimes called a ‘fly down’ signal that instructs the pilot to steepen the angle of descent, possibly causing the aircraft to touch the ground before reaching the start of the runway.” A pilot could “react by guiding the plane to the right and inadvertently steer over the centreline” (Goodwin, 2019; see also Sathaye et al., 2019).

The seriousness of such scenarios is heightened in bad weather conditions, in darkness, and at airports where there are high volumes of entering and departing aircraft. For example, the augmented depictions of the vertical path (the glide path) that a plane follows cannot always be visually verified in poor weather. In summary, smart jamming used intentionally to target the ILS could lead to serious hazards in drone operations and for aircraft landings.

RFI to enable hostage diplomacy via the seizure of people and assets

Prolonged and intermittent jamming of civilian areas may bring governments to the negotiation table if the jamming is affecting a nation’s society and the economy, as in the case of North Korea targeting South Korea for an extended number of days in 2012 and thereafter (Westbrook, 2019b, p. 5). Jamming could be so severe that commercial aircraft users are forced to land. Such events alone demonstrate how jamming could coerce opposing governments to negotiate matters and enable seizure of assets. Sophisticated and tactical use of GNSS spoofing, particularly crooked path attacks, can also be used as a hybrid warfare tactic by mixing fake news, plausible deniability, and “hostage diplomacy” via the seizure of people and assets.

Iran has been known to coerce merchant shipping into its territorial waters to justify seizures for hostage diplomacy strategies (Bockmann, 2019; Dudley, 2021; Hughes and Selby, 2019; Westbrook, 2023a). With incorrect position and velocity readings, a plane could unknowingly stray a few miles between invisible borders, from one airspace, which is peaceful, to one at war or which is hostile. Provided that there are very limited physical navigation aids to cross-check, or a well-caffeinated co-pilot to check every other instrument on board, even slow and subtle increase in speed and changes in direction over relatively long periods could create eye-watering slip-ups. Researchers have found that they can purposely deviate the speeds of aircraft targeting onboard FLARM transceiver devices by implementing faked target positions and reported positions of other aircraft (Jansen et al., 2018, p. 1021). This could also inadvertently influence a pilot to intrude into airspace.

No open-source account exists of these methods of attacks happening to manned aircraft. The lengths at which governments and non-state actors will go to leverage concessions, however, leave the question of worse-case scenarios open to conjecture. The Belarussian government deliberately falsified a bomb threat on an Athens to Vilnius Ryanair flight (4978) to arrest 27-year-old journalist Roman Protasevich during its brutal crackdown on dissidents in the country (Eccles and Sheftalovich, 2022). The United Kingdom and EU, among other states, banned flights from using Belarussian airspace.

Spoofing-enabled hijacking or stealing can also be done to obtain intellectual property. Indeed, in 2012, it was speculated that Iran’s military spoofed an American RQ-170 spy drone operating on the Afghan–Iran border. Having boasted of successfully spoofing the drone to land, and showcasing the drone to international media, the Iranians subsequently reverse-engineered the machine in design, material (which was “stealth-coated”), and possibly components (including flight controls, communications, video equipment, and self-destruct holding pattern or return-to-base mechanisms). There has been concern expressed by the US intelligence officials that the design has been shared with Chinese and Russian scientists, perhaps to assist in reverse-engineering the machine (Kelley and Cenciotti, 2012). Five years after capture, the Iranian Revolutionary Guard Corps aerospace division revealed a new “attack drone” called Saegheh (or “Thunderbolt” in English), which looked markedly similar to the RQ-170 (Cenciotti, 2016). While there are no known instances of civilian aircraft having been targeted, it is worth considering military systems as being ample targets for such political tactics. The Russian government has reportedly shared western technologies found on the battlefield with its allies in exchange for material assistance (Haynes, 2022).